In Progress Get rid of the hit.gemius.pl PUP

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up

bbdra

PCHF Member
PCHF Member
May 9, 2019
54
2
29
Hello, malwarebytes spams me with these mesages, can anybody tell me what is it,
how did it get to my pc, and how to get rid of it please?
I have read on the Internet that it is some kind of traffic counter and it could also collect sensitive information like credit card numbers, passwords, depth of color, display resolution.
Is it true?
Thanks









4948
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,379
551
Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.


Unzip it to the Desktop!!


If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"

icon2.jpg


If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.

frst disclaimer.jpg

  1. Accept the default whitelist options,
  2. If the additions.txt options box is not checked please select it.
  3. Then select Scan
frst.jpg


Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

2016-08-12_152002.jpg


Please Copy and Paste the contents of these logs in your next post for review by our Security Team
 

bbdra

PCHF Member
PCHF Member
May 9, 2019
54
2
29
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 3-07-2019
Ran by Administrátor (administrator) on DESKTOP-V6VDE39 (09-07-2019 01:07:10)
Running from C:\Users\Administrátor\Desktop
Loaded Profiles: Administrátor (Available Profiles: Administrátor & Administrator)
Platform: Windows 10 Home Version 1803 17134.829 (X64) Language: Czech (Czech Republic)
Default browser: "C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" -- "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Comodo Security Solutions -> Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions -> Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions -> Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions -> Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions -> Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions -> Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions -> Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions -> Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions -> Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions -> Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions -> Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions -> Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions -> Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions -> Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions -> Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions -> Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo Security Solutions -> Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
(Curio Systems GmbH -> Curio Systems GmbH) C:\Program Files\Exterminate It!\ExterminateIt.exe
(Disc Soft Ltd -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Pandora TV Co., Ltd. -> ) C:\Program Files\KMPlayer 64X\KMPLoading.exe
(Pandora TV Co., Ltd. -> KMPlayer Team) C:\Program Files\KMPlayer 64X\KMPlayer64.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Power Software Limited -> Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(VIA Technologies Inc. -> VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074088 2015-09-03] (Heidi Computers Ltd -> The Eraser Project)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [456160 2018-11-22] (Power Software Limited -> Power Software Ltd)
HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-26] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19646312 2019-02-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] False
HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\...\MountPoints2: {aa2e3823-ad33-11e8-9346-00252281e08d} - "G:\setup.exe"
HKLM\...\Drivers32: [msacm.vorbis] => c:\windows\system32\vorbis.acm [1470976 2015-03-11] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [vidc.mjpg] => c:\windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => c:\windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => c:\windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.vorbis] => c:\windows\SysWOW64\vorbis.acm [1554944 2015-03-11] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-18] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05F42D32-9EC0-4F0E-B32E-66114E0F58D9} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {2CEF0869-1D33-4792-8B09-C3305C4D2542} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [14680792 2019-02-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3DF7C0CB-9E09-4E11-9E51-8B65EA1C5D71} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [72848 2019-06-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {4BBFDF0C-BAD3-4721-AE72-4D81A1A2A816} - System32\Tasks\CreateExplorerShellUnelevatedTask => c:\windows\explorer.exe /NOUACCHECK
Task: {805FCD48-5B6D-4A6E-A838-4FB241EBDD9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-18] (Google Inc -> Google Inc.)
Task: {810EDDAA-1D4C-48DC-8841-81C201FD9ABF} - System32\Tasks\ASUS Patch for VIA Audio => C:\Windows\system32\AsPatchViaAudio.exe [160448 2012-11-07] (ASUSTeK Computer Inc. -> ASUSTek Computer INC.)
Task: {9855F24C-596B-48C3-BC07-6D0163E87EFD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-12] (Adobe Inc. -> Adobe)
Task: {B6D53096-86AD-4A04-A373-8078902904A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {B7155950-E9D7-46BB-9E75-66715B371441} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BF5269B0-5CDF-4DE3-9654-F545D0FDD30C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-18] (Google Inc -> Google Inc.)
Task: {C1E4DC7E-B724-4494-B496-3BBAC9E6689C} - System32\Tasks\Uninstaller_SkipUac_Administrátor => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [5020944 2018-08-08] (IObit Information Technology -> IObit)
Task: {E0D2D6F9-DCB3-48BD-8B64-E286549AEC88} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3472240800-3569865723-1055443696-1001 => C:\Users\Administrátor\AppData\Local\MEGAsync\MEGAupdater.exe [760696 2018-01-15] (Mega Limited -> Mega Limited)
Task: {FBA557C2-0C46-4054-B48C-7C0A5E39F457} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_pepper.exe [1452600 2019-06-12] (Adobe Inc. -> Adobe)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrátor.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{8bc03728-6a4b-499c-9bc3-b24c4b66c9f6}: [DhcpNameServer] 192.168.0.1 192.168.0.1

Internet Explorer:
==================
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-07-19] (IObit Information Technology -> IObit)
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2019-04-15] (Kaspersky Lab -> AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-11-07] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-07] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\IEExt\ie_plugin.dll [2019-04-15] (Kaspersky Lab -> AO Kaspersky Lab)

Edge:
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.15.0_neutral__d55gg7py3s0m0 [2019-05-02]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-04-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Administrátor\AppData\Local\Google\Chrome\User Data\Default [2019-07-05]
CHR Extension: (Ochrana Kaspersky) - C:\Users\Administrátor\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2018-11-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Administrátor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-18]
CHR Extension: (Chrome Media Router) - C:\Users\Administrátor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-19]
CHR Profile: C:\Users\Administrátor\AppData\Local\Google\Chrome\User Data\System Profile [2019-06-19]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM-x32\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2307768 2016-05-11] (Comodo Security Solutions -> Comodo)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd -> Disc Soft Ltd)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [149776 2018-06-28] (IObit Information Technology -> IObit)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [21184 2015-11-20] (Microsoft Corporation -> Microsoft Corporation)
S3 klvssbridge64_19.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\vssbridge64.exe [414352 2018-11-29] (Kaspersky Lab -> AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [46736 2015-09-11] (VIA Technologies Inc. -> VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]
S2 NGIService; "C:\Program Files (x86)\Common Files\McAfee\NGI\Service\NGIService.exe" StartAsNGIService [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\Windows\System32\drivers\amdide64.sys [13848 2018-08-18] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices Inc.)
S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201240 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230344 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201768 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
S3 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346592 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59496 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [15360 2018-12-28] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239840 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46384 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163208 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111800 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87432 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028680 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469272 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [208472 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380464 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
R3 CMUACWO; C:\Windows\system32\DRIVERS\CMUACWO.sys [189952 2012-07-13] (C-MEDIA ELECTRONICS INC. -> C-Media Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243400 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2018-08-31] (Disc Soft Ltd -> Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R1 HWiNFO; C:\Windows\system32\drivers\HWiNFO64A.SYS [55960 2018-08-20] (Martin Malik - REALiX -> REALiX(tm))
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-08-18] (Martin Malik - REALiX -> REALiX(tm))
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37184 2018-05-12] (IObit Information Technology -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [43392 2018-05-15] (IObit Information Technology -> IObit)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [75600 2019-04-15] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [125568 2019-04-15] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [91472 2019-04-15] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29208 2017-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [236672 2019-06-03] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLHK; C:\Windows\System32\drivers\klhk.sys [1093248 2019-06-03] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP19.0.0\Bases\klids.sys [197464 2019-05-29] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1168000 2019-06-03] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [58704 2019-04-15] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [60536 2019-04-15] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [60784 2019-04-15] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50304 2019-04-15] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [46416 2019-04-15] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [245272 2019-04-29] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [99152 2019-03-23] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [302368 2019-04-29] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [116104 2019-04-29] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [198768 2019-04-29] (Kaspersky Lab -> AO Kaspersky Lab)
S4 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [104576 2019-04-15] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [184960 2019-04-15] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [218240 2019-04-15] (Kaspersky Lab -> AO Kaspersky Lab)
R0 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-07-08] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-07-08] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-07-08] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-07-08] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [116112 2019-07-08] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvlddmkm.sys [17544792 2018-03-25] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1139424 2018-08-18] (Realtek Semiconductor Corp. -> Realtek )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2019-06-29] (Adlice -> )
S3 VASDeviceDrm; C:\Windows\system32\drivers\vasdDev.sys [1995592 2018-07-16] (Suzhou Qingchen Information Technology Co Ltd. -> ShiningMorning Inc.)
S3 VIAHdAudAddService; C:\Windows\system32\drivers\viahduaa.sys [701136 2015-09-11] (VIA Technologies Inc. -> VIA Technologies, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-09 01:07 - 2019-07-09 01:08 - 000028171 _____ C:\Users\Administrátor\Desktop\FRST.txt
2019-07-09 01:06 - 2019-07-09 01:07 - 000000000 ____D C:\FRST
2019-07-09 01:06 - 2019-07-09 01:06 - 002420224 _____ (Farbar) C:\Users\Administrátor\Desktop\FRST64(1).exe
2019-07-09 01:06 - 2019-07-09 01:06 - 001908496 _____ C:\Users\Administrátor\Downloads\FRST64(1).zip
2019-07-09 01:06 - 2019-07-09 01:06 - 000000000 ____D C:\Users\Administrátor\Desktop\FRST-OlderVersion
2019-07-09 00:57 - 2019-07-09 00:57 - 000000927 _____ C:\Users\Public\Desktop\Exterminate It!.lnk
2019-07-09 00:57 - 2019-07-09 00:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
2019-07-09 00:55 - 2019-07-09 00:55 - 000002544 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrátor
2019-07-09 00:55 - 2019-07-09 00:55 - 000000326 _____ C:\Windows\Tasks\Uninstaller_SkipUac_Administrátor.job
2019-07-08 23:55 - 2019-07-08 23:58 - 993102812 _____ C:\Users\Administrátor\Downloads\Demolice 1996 nef tv cz.avi
2019-07-08 23:50 - 2019-07-08 23:50 - 240172523 _____ C:\Users\Administrátor\Downloads\House on Hooter Hill (2007).mp4.51fobg5.partial
2019-07-08 22:10 - 2019-07-08 22:10 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-07-08 22:10 - 2019-07-08 22:10 - 000116112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-07-08 22:10 - 2019-07-08 22:10 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-07-08 22:09 - 2019-07-08 22:09 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-07-08 21:58 - 2019-07-08 21:58 - 007025360 _____ (Malwarebytes) C:\Users\Administrátor\Desktop\adwcleaner_7.3.exe
2019-07-08 13:26 - 2019-07-08 13:26 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-07-08 13:26 - 2019-07-08 13:26 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-07-08 13:26 - 2019-07-08 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-07-08 13:26 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2019-07-08 13:26 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-07-07 22:41 - 2019-07-07 23:25 - 796084224 _____ C:\Users\Administrátor\Downloads\Vampire in Vegas-horor- 2009-CZdub od Aecek.avi
2019-07-07 21:33 - 2019-07-07 21:39 - 000000000 ____D C:\Users\Administrátor\Downloads\web
2019-07-06 23:43 - 2019-07-06 23:50 - 000000064 _____ C:\Users\Administrátor\Desktop\dnb new tracks.txt
2019-07-06 20:42 - 2019-07-06 20:42 - 063008316 _____ C:\Users\Administrátor\Downloads\Amoss - Rollpipe VIP [FREE TRACK] - labmaster1644.3.wav
2019-07-06 20:31 - 2019-07-06 20:31 - 078642396 _____ C:\Users\Administrátor\Downloads\Kyrist - Ill Skill VIP v4.1.wav
2019-07-06 20:25 - 2019-07-06 20:25 - 062022584 _____ C:\Users\Administrátor\Downloads\[FREE GIVE AWAY ALBUM BONUS TRACK]. Amoss - Fathoms - AT Master.wav
2019-07-06 14:05 - 2019-07-06 14:05 - 051880000 _____ C:\Users\Administrátor\Downloads\The Upbeats - SSxUB - Solitaire (Ulterior Motive Remix).wav
2019-07-06 13:19 - 2019-07-06 13:19 - 000000697 _____ C:\Users\Administrátor\Desktop\akiko(2).txt
2019-07-05 23:18 - 2019-07-05 23:21 - 1028672588 _____ C:\Users\Administrátor\Downloads\Frankenweenie.Domaci.mazlicek.(2012) CZ Dabing.avi
2019-07-05 23:15 - 2019-07-05 23:18 - 862280444 _____ C:\Users\Administrátor\Downloads\Aladin 2019 (CZ titulky kino).mkv
2019-07-05 16:04 - 2019-07-05 16:04 - 048112830 _____ C:\Users\Administrátor\Downloads\Mikal - Dub Machine - Mastered.wav
2019-07-05 15:50 - 2019-07-05 15:50 - 051258604 _____ C:\Users\Administrátor\Downloads\DNB France - SIGNS - Ketama.wav
2019-07-04 23:33 - 2019-07-04 23:33 - 021974406 _____ C:\Users\Administrátor\Downloads\NEST075.zip
2019-07-04 23:18 - 2019-07-04 23:19 - 000000078 _____ C:\Users\Administrátor\Desktop\techno.txt
2019-07-03 18:30 - 2019-07-03 18:35 - 1727907473 _____ C:\Users\Administrátor\Downloads\DNB France - FRENCH PLATES 2017.zip
2019-07-03 18:13 - 2019-07-03 18:13 - 072622210 _____ C:\Users\Administrátor\Downloads\YouKnowRight-1991.zip
2019-06-29 22:22 - 2019-06-29 22:24 - 827447534 _____ C:\Users\Administrátor\Downloads\Devítky 2007 Cz Dab.avi
2019-06-29 22:02 - 2019-06-29 22:03 - 300669399 _____ C:\Users\Administrátor\Downloads\Scrat_Spaced Out (2016).mkv
2019-06-29 09:59 - 2019-07-08 22:14 - 000000000 ____D C:\ProgramData\ProductData
2019-06-29 09:53 - 2019-06-29 09:53 - 000001490 _____ C:\Users\Administrátor\Desktop\JRT.txt
2019-06-28 20:18 - 2019-06-28 20:19 - 000000000 ____D C:\KRD2018_Data
2019-06-28 17:57 - 2019-06-28 17:57 - 000000000 ____D C:\Users\Administrátor\source
2019-06-28 17:56 - 2019-06-28 17:59 - 000000000 ____D C:\Users\Administrátor\Documents\Visual Studio 2019
2019-06-28 17:56 - 2019-06-28 17:56 - 000001499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019.lnk
2019-06-28 17:56 - 2019-06-28 17:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019
2019-06-28 17:51 - 2019-06-28 18:00 - 000000000 ____D C:\Users\Administrátor\AppData\Roaming\Visual Studio Setup
2019-06-28 17:51 - 2019-06-28 17:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2019-06-28 17:51 - 2019-06-28 17:51 - 000001359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2019-06-28 17:51 - 2019-06-28 17:51 - 000000000 ____D C:\Users\Administrátor\AppData\Roaming\vstelemetry
2019-06-28 17:51 - 2019-06-28 17:51 - 000000000 ____D C:\Users\Administrátor\AppData\Roaming\vs_installershell
2019-06-28 17:51 - 2019-06-28 17:51 - 000000000 ____D C:\Users\Administrátor\AppData\Local\ServiceHub
2019-06-28 17:50 - 2019-06-28 17:50 - 001339864 _____ (Microsoft Corporation) C:\Users\Administrátor\Downloads\vs_community__1429971524.1561737004.exe
2019-06-28 17:50 - 2019-06-28 17:50 - 000000000 ____D C:\ProgramData\Microsoft Visual Studio
2019-06-28 17:33 - 2019-06-28 17:33 - 001447178 _____ (Igor Pavlov) C:\Users\Administrátor\Downloads\7z1900-x64.exe
2019-06-28 17:33 - 2019-06-28 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-06-28 17:33 - 2019-06-28 17:33 - 000000000 ____D C:\Program Files\7-Zip
2019-06-28 17:22 - 2019-06-28 17:22 - 000000000 ____D C:\Users\Administrátor\Documents\Ashampoo Burning Studio FREE
2019-06-28 17:21 - 2019-06-28 17:21 - 000001380 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio FREE.lnk
2019-06-28 17:21 - 2019-06-28 17:21 - 000000000 ____D C:\Users\Administrátor\AppData\Roaming\Ashampoo
2019-06-28 17:21 - 2019-06-28 17:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2019-06-28 17:21 - 2019-06-28 17:21 - 000000000 ____D C:\ProgramData\Ashampoo
2019-06-28 17:21 - 2019-06-28 17:21 - 000000000 ____D C:\Program Files (x86)\Ashampoo
2019-06-28 17:19 - 2019-06-28 17:19 - 041877736 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Administrátor\Downloads\ashampoo_burning_studio_free_24045.exe
2019-06-28 17:09 - 2019-06-28 17:09 - 000000000 ____D C:\Temp
2019-06-28 17:08 - 2019-06-28 17:08 - 002284808 _____ C:\Users\Administrátor\Downloads\SH-222AB_SB01.exe
2019-06-28 16:07 - 2019-06-28 16:09 - 595562496 _____ C:\Users\Administrátor\Downloads\krd.iso
2019-06-28 00:33 - 2019-06-28 00:33 - 164432168 _____ (AO Kaspersky Lab) C:\Users\Administrátor\Desktop\KVRT.exe
2019-06-28 00:32 - 2019-06-28 00:33 - 164432168 _____ (AO Kaspersky Lab) C:\Users\Administrátor\Downloads\Unconfirmed 205204.crdownload
2019-06-26 14:16 - 2019-06-26 14:16 - 000087651 _____ C:\Users\Administrátor\Downloads\20190531_2111935377_BU.pdf
2019-06-26 14:16 - 2019-06-26 14:16 - 000085026 _____ C:\Users\Administrátor\Downloads\20190430_2111935377_BU.pdf
2019-06-26 14:13 - 2019-06-26 14:13 - 000147541 _____ C:\Users\Administrátor\Downloads\20190225_2111935377_VP.pdf
2019-06-26 14:13 - 2019-06-26 14:13 - 000086990 _____ C:\Users\Administrátor\Downloads\20190329_2111935377_BU.pdf
2019-06-26 14:13 - 2019-06-26 14:13 - 000085180 _____ C:\Users\Administrátor\Downloads\20190131_2111935377_BU.pdf
2019-06-26 14:13 - 2019-06-26 14:13 - 000084487 _____ C:\Users\Administrátor\Downloads\20190228_2111935377_BU.pdf
2019-06-23 21:20 - 2019-06-23 21:22 - 627688916 _____ C:\Users\Administrátor\Downloads\12-opic.avi
2019-06-23 18:08 - 2019-06-23 18:14 - 1992179280 _____ C:\Users\Administrátor\Downloads\Kráľ rybár CZ.avi
2019-06-23 15:08 - 2019-06-23 15:11 - 1027718630 _____ C:\Users\Administrátor\Downloads\Krajina Přílivu (2005) CZ Dabing.avi
2019-06-19 15:14 - 2019-06-19 15:14 - 000000000 ____D C:\Program Files\UNP
2019-06-19 14:54 - 2019-06-19 14:55 - 000004069 _____ C:\Users\Administrátor\Desktop\program.txt
2019-06-19 14:38 - 2019-06-19 16:34 - 2132492090 _____ C:\Users\Administrátor\Downloads\Muž, který zabil Dona Quijota ( 2018 ) CZ titulkyBRDrip.avi
2019-06-19 13:50 - 2019-06-19 13:50 - 000000000 ____D C:\Users\Administrátor\AppData\Roaming\OpenOffice
2019-06-18 18:40 - 2019-06-18 18:56 - 000000297 _____ C:\Users\Administrátor\Desktop\bazar.txt
2019-06-17 23:56 - 2019-06-17 23:56 - 000417183 _____ C:\Users\Administrátor\Downloads\openpuff-3-3-0-en-win.zip
2019-06-16 21:12 - 2019-06-16 21:17 - 1622584194 _____ C:\Users\Administrátor\Downloads\Nit z přízraků 2017, CZ Dabing.mkv
2019-06-15 14:22 - 2019-06-15 14:23 - 131527697 _____ C:\Users\Administrátor\Downloads\Security Online.mp4
2019-06-12 19:29 - 2019-06-07 13:04 - 021388752 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-06-12 19:29 - 2019-06-07 13:04 - 001633136 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2019-06-12 19:29 - 2019-06-07 12:48 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
2019-06-12 19:29 - 2019-06-07 12:47 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-06-12 19:29 - 2019-06-07 12:45 - 012756480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-06-12 19:29 - 2019-06-07 12:42 - 003613696 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-06-12 19:29 - 2019-06-07 12:41 - 004055552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-06-12 19:29 - 2019-06-07 12:40 - 001663488 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-06-12 19:29 - 2019-06-07 12:40 - 001364992 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2019-06-12 19:29 - 2019-06-07 12:23 - 001453920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2019-06-12 19:29 - 2019-06-07 12:19 - 020383832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-06-12 19:29 - 2019-06-07 12:10 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-06-12 19:29 - 2019-06-07 12:07 - 011942400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-06-12 19:29 - 2019-06-07 12:04 - 004056064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-06-12 19:29 - 2019-06-07 12:04 - 002881536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-06-12 19:29 - 2019-06-07 12:04 - 001471488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-06-12 19:29 - 2019-06-07 08:07 - 000707384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2019-06-12 19:29 - 2019-06-07 08:01 - 001035040 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-06-12 19:29 - 2019-06-07 07:58 - 001220112 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-06-12 19:29 - 2019-06-07 07:58 - 001027384 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-06-12 19:29 - 2019-06-07 07:58 - 000568320 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2019-06-12 19:29 - 2019-06-07 07:58 - 000422416 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2019-06-12 19:29 - 2019-06-07 07:58 - 000135176 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-06-12 19:29 - 2019-06-07 07:58 - 000076304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2019-06-12 19:29 - 2019-06-07 07:57 - 007519896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-06-12 19:29 - 2019-06-07 07:57 - 007436536 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2019-06-12 19:29 - 2019-06-07 07:57 - 002811192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-06-12 19:29 - 2019-06-07 07:57 - 002719032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-06-12 19:29 - 2019-06-07 07:57 - 001934808 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-06-12 19:29 - 2019-06-07 07:57 - 001209696 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-06-12 19:29 - 2019-06-07 07:57 - 000792888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2019-06-12 19:29 - 2019-06-07 07:57 - 000709728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2019-06-12 19:29 - 2019-06-07 07:57 - 000594024 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-06-12 19:29 - 2019-06-07 07:57 - 000494304 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2019-06-12 19:29 - 2019-06-07 07:57 - 000435000 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-06-12 19:29 - 2019-06-07 07:57 - 000413720 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-06-12 19:29 - 2019-06-07 07:57 - 000412984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2019-06-12 19:29 - 2019-06-07 07:57 - 000383504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2019-06-12 19:29 - 2019-06-07 07:57 - 000170296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-06-12 19:29 - 2019-06-07 07:57 - 000148280 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2019-06-12 19:29 - 2019-06-07 07:57 - 000137448 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-06-12 19:29 - 2019-06-07 07:56 - 009084216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-06-12 19:29 - 2019-06-07 07:56 - 000713272 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2019-06-12 19:29 - 2019-06-07 07:47 - 000380432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-06-12 19:29 - 2019-06-07 07:47 - 000097272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-06-12 19:29 - 2019-06-07 07:46 - 006569344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-06-12 19:29 - 2019-06-07 07:46 - 006043496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-06-12 19:29 - 2019-06-07 07:46 - 001805656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-06-12 19:29 - 2019-06-07 07:46 - 001011872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-06-12 19:29 - 2019-06-07 07:46 - 000581048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2019-06-12 19:29 - 2019-06-07 07:46 - 000357072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2019-06-12 19:29 - 2019-06-07 07:46 - 000128792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2019-06-12 19:29 - 2019-06-07 07:38 - 025857536 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-06-12 19:29 - 2019-06-07 07:37 - 022019584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-06-12 19:29 - 2019-06-07 07:31 - 019372544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-06-12 19:29 - 2019-06-07 07:27 - 022718976 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-06-12 19:29 - 2019-06-07 07:24 - 005784064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-06-12 19:29 - 2019-06-07 07:24 - 003400704 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-06-12 19:29 - 2019-06-07 07:24 - 001361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSPhotography.dll
2019-06-12 19:29 - 2019-06-07 07:23 - 000608768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-06-12 19:29 - 2019-06-07 07:23 - 000561152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-06-12 19:29 - 2019-06-07 07:23 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\AppXApplicabilityBlob.dll
2019-06-12 19:29 - 2019-06-07 07:22 - 005307392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2019-06-12 19:29 - 2019-06-07 07:22 - 003710976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-06-12 19:29 - 2019-06-07 07:22 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-06-12 19:29 - 2019-06-07 07:22 - 000233984 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2019-06-12 19:29 - 2019-06-07 07:22 - 000216064 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-06-12 19:29 - 2019-06-07 07:21 - 007588864 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-06-12 19:29 - 2019-06-07 07:21 - 004866048 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-06-12 19:29 - 2019-06-07 07:21 - 001778688 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-06-12 19:29 - 2019-06-07 07:21 - 000808448 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-06-12 19:29 - 2019-06-07 07:21 - 000473600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-06-12 19:29 - 2019-06-07 07:21 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2019-06-12 19:29 - 2019-06-07 07:20 - 002610688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-06-12 19:29 - 2019-06-07 07:20 - 001708544 _____ (Microsoft Corporation) C:\Windows\system32\MSPhotography.dll
2019-06-12 19:29 - 2019-06-07 07:20 - 000894464 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-06-12 19:29 - 2019-06-07 07:20 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-06-12 19:29 - 2019-06-07 07:19 - 003212288 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-06-12 19:29 - 2019-06-07 07:19 - 002175488 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-06-12 19:29 - 2019-06-07 07:19 - 001560576 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-06-12 19:29 - 2019-06-07 07:19 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-06-12 19:29 - 2019-06-07 07:19 - 000778240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-06-12 19:29 - 2019-06-07 07:19 - 000369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2019-06-12 19:29 - 2019-06-07 07:18 - 002166784 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2019-06-12 19:29 - 2019-06-07 07:18 - 000686592 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2019-06-12 19:29 - 2019-06-07 07:18 - 000531968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-06-12 19:29 - 2019-06-07 07:17 - 001920000 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2019-06-12 19:29 - 2019-06-07 07:17 - 000961024 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2019-06-12 19:29 - 2019-06-07 07:17 - 000889344 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2019-06-12 19:29 - 2019-06-07 07:16 - 000900096 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-06-12 19:29 - 2019-06-07 07:16 - 000544768 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-06-12 19:29 - 2019-06-07 07:16 - 000478720 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2019-06-12 19:29 - 2019-06-07 06:00 - 000001308 _____ C:\Windows\system32\tcbres.wim
2019-06-12 19:29 - 2019-05-19 00:12 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-06-12 19:29 - 2019-05-19 00:12 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-06-12 19:29 - 2019-05-19 00:12 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-06-12 19:29 - 2019-05-19 00:12 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-06-12 19:29 - 2019-05-17 14:44 - 000348160 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe
2019-06-12 19:29 - 2019-05-17 14:40 - 002394960 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2019-06-12 19:29 - 2019-05-17 14:40 - 000280888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2019-06-12 19:29 - 2019-05-17 14:27 - 006586880 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2019-06-12 19:29 - 2019-05-17 14:26 - 004393984 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2019-06-12 19:29 - 2019-05-17 14:25 - 004718080 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2019-06-12 19:29 - 2019-05-17 14:25 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\WindowsUpdateElevatedInstaller.exe
2019-06-12 19:29 - 2019-05-17 14:24 - 000122368 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2019-06-12 19:29 - 2019-05-17 14:23 - 000110080 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2019-06-12 19:29 - 2019-05-17 14:22 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-06-12 19:29 - 2019-05-17 14:22 - 000182784 _____ (Microsoft Corporation) C:\Windows\system32\LanguageComponentsInstaller.dll
2019-06-12 19:29 - 2019-05-17 14:21 - 001180672 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2019-06-12 19:29 - 2019-05-17 14:21 - 001121792 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2019-06-12 19:29 - 2019-05-17 14:21 - 000878592 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2019-06-12 19:29 - 2019-05-17 14:21 - 000274944 _____ (Microsoft Corporation) C:\Windows\system32\dot3gpui.dll
2019-06-12 19:29 - 2019-05-17 14:21 - 000221184 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-06-12 19:29 - 2019-05-17 14:20 - 002084864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-06-12 19:29 - 2019-05-17 14:19 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-06-12 19:29 - 2019-05-17 14:07 - 002206424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVCORE.DLL
2019-06-12 19:29 - 2019-05-17 14:00 - 005658112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2019-06-12 19:29 - 2019-05-17 13:56 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-06-12 19:29 - 2019-05-17 13:56 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3gpui.dll
2019-06-12 19:29 - 2019-05-17 13:55 - 000704000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2019-06-12 19:29 - 2019-05-17 13:55 - 000668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-06-12 19:29 - 2019-05-17 13:55 - 000470528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcSpecfc.dll
2019-06-12 19:29 - 2019-05-17 13:54 - 002016768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-06-12 19:29 - 2019-05-17 13:54 - 000908288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2019-06-12 19:29 - 2019-05-17 11:33 - 001008640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MixedRealityCapture.dll
2019-06-12 19:29 - 2019-05-17 10:52 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-06-12 19:29 - 2019-05-17 09:07 - 000105272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2019-06-12 19:29 - 2019-05-17 08:44 - 000829960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2019-06-12 19:29 - 2019-05-17 08:44 - 000550520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2019-06-12 19:29 - 2019-05-17 08:43 - 000297688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtapi.dll
2019-06-12 19:29 - 2019-05-17 08:42 - 005625160 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2019-06-12 19:29 - 2019-05-17 08:42 - 004789944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2019-06-12 19:29 - 2019-05-17 08:42 - 002256560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-06-12 19:29 - 2019-05-17 08:42 - 001989552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2019-06-12 19:29 - 2019-05-17 08:42 - 001980256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-06-12 19:29 - 2019-05-17 08:42 - 001620264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-06-12 19:29 - 2019-05-17 08:42 - 001380096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2019-06-12 19:29 - 2019-05-17 08:42 - 001130568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2019-06-12 19:29 - 2019-05-17 08:42 - 000129088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2019-06-12 19:29 - 2019-05-17 08:42 - 000125504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KerbClientShared.dll
2019-06-12 19:29 - 2019-05-17 08:30 - 013878784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2019-06-12 19:29 - 2019-05-17 08:26 - 002969600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2019-06-12 19:29 - 2019-05-17 08:23 - 000074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dtdump.exe
2019-06-12 19:29 - 2019-05-17 08:23 - 000068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
2019-06-12 19:29 - 2019-05-17 08:23 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2019-06-12 19:29 - 2019-05-17 08:22 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallServiceTasks.dll
2019-06-12 19:29 - 2019-05-17 08:22 - 000031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2019-06-12 19:29 - 2019-05-17 08:21 - 000333824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2019-06-12 19:29 - 2019-05-17 08:21 - 000326144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esentutl.exe
2019-06-12 19:29 - 2019-05-17 08:21 - 000224768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credprovhost.dll
2019-06-12 19:29 - 2019-05-17 08:20 - 000366080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2019-06-12 19:29 - 2019-05-17 08:20 - 000118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2019-06-12 19:29 - 2019-05-17 08:19 - 004515840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-06-12 19:29 - 2019-05-17 08:19 - 001630720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-06-12 19:29 - 2019-05-17 08:19 - 001110528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2019-06-12 19:29 - 2019-05-17 08:19 - 001073664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2019-06-12 19:29 - 2019-05-17 08:19 - 000873472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2019-06-12 19:29 - 2019-05-17 08:19 - 000835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2019-06-12 19:29 - 2019-05-17 08:18 - 002796032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2019-06-12 19:29 - 2019-05-17 08:18 - 001006592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2019-06-12 19:29 - 2019-05-17 08:18 - 000251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2019-06-12 19:29 - 2019-05-17 08:08 - 001063224 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2019-06-12 19:29 - 2019-05-17 08:08 - 000723432 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-06-12 19:29 - 2019-05-17 08:08 - 000491200 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-06-12 19:29 - 2019-05-17 08:08 - 000401328 _____ (Microsoft Corporation) C:\Windows\system32\wevtapi.dll
2019-06-12 19:29 - 2019-05-17 08:07 - 004404720 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2019-06-12 19:29 - 2019-05-17 08:07 - 002768960 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-06-12 19:29 - 2019-05-17 08:07 - 002571640 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-06-12 19:29 - 2019-05-17 08:07 - 002467320 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2019-06-12 19:29 - 2019-05-17 08:07 - 001459120 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-06-12 19:29 - 2019-05-17 08:07 - 001288712 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2019-06-12 19:29 - 2019-05-17 08:07 - 001260272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-06-12 19:29 - 2019-05-17 08:07 - 000930616 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2019-06-12 19:29 - 2019-05-17 08:07 - 000275768 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2019-06-12 19:29 - 2019-05-17 08:07 - 000260800 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-06-12 19:29 - 2019-05-17 08:06 - 001943136 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-06-12 19:29 - 2019-05-17 08:06 - 001784696 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2019-06-12 19:29 - 2019-05-17 08:06 - 001307648 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2019-06-12 19:29 - 2019-05-17 08:06 - 001140992 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-06-12 19:29 - 2019-05-17 08:06 - 001098056 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2019-06-12 19:29 - 2019-05-17 08:06 - 000983424 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-06-12 19:29 - 2019-05-17 08:06 - 000151888 _____ (Microsoft Corporation) C:\Windows\system32\KerbClientShared.dll
2019-06-12 19:29 - 2019-05-17 08:04 - 001826816 _____ (Microsoft Corporation) C:\Windows\system32\Windows.CloudStore.dll
2019-06-12 19:29 - 2019-05-17 08:00 - 001295360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2019-06-12 19:29 - 2019-05-17 07:44 - 016597504 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2019-06-12 19:29 - 2019-05-17 07:38 - 004709376 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2019-06-12 19:29 - 2019-05-17 07:37 - 004385280 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2019-06-12 19:29 - 2019-05-17 07:37 - 000185344 _____ (Microsoft Corporation) C:\Windows\system32\InstallServiceTasks.dll
2019-06-12 19:29 - 2019-05-17 07:37 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\DuCsps.dll
2019-06-12 19:29 - 2019-05-17 07:36 - 000228864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winnat.sys
2019-06-12 19:29 - 2019-05-17 07:36 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\updatecsp.dll
2019-06-12 19:29 - 2019-05-17 07:36 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\usoapi.dll
2019-06-12 19:29 - 2019-05-17 07:36 - 000067584 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2019-06-12 19:29 - 2019-05-17 07:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\UsoClient.exe
2019-06-12 19:29 - 2019-05-17 07:36 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2019-06-12 19:29 - 2019-05-17 07:36 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-06-12 19:29 - 2019-05-17 07:35 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2019-06-12 19:29 - 2019-05-17 07:35 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\esentutl.exe
2019-06-12 19:29 - 2019-05-17 07:35 - 000322560 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2019-06-12 19:29 - 2019-05-17 07:34 - 001804288 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2019-06-12 19:29 - 2019-05-17 07:34 - 000916480 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2019-06-12 19:29 - 2019-05-17 07:34 - 000671744 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2019-06-12 19:29 - 2019-05-17 07:34 - 000275456 _____ (Microsoft Corporation) C:\Windows\system32\SIHClient.exe
2019-06-12 19:29 - 2019-05-17 07:34 - 000270336 _____ (Microsoft Corporation) C:\Windows\system32\credprovhost.dll
2019-06-12 19:29 - 2019-05-17 07:34 - 000175104 _____ (Microsoft Corporation) C:\Windows\system32\wuuhosdeployment.dll
2019-06-12 19:29 - 2019-05-17 07:34 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2019-06-12 19:29 - 2019-05-17 07:34 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-06-12 19:29 - 2019-05-17 07:33 - 003091456 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2019-06-12 19:29 - 2019-05-17 07:33 - 002912256 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-06-12 19:29 - 2019-05-17 07:33 - 002370560 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2019-06-12 19:29 - 2019-05-17 07:33 - 001487360 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2019-06-12 19:29 - 2019-05-17 07:33 - 001214464 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2019-06-12 19:29 - 2019-05-17 07:33 - 000787968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2019-06-12 19:29 - 2019-05-17 07:33 - 000270336 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2019-06-12 19:29 - 2019-05-17 07:32 - 001070080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2019-06-12 19:29 - 2019-05-17 07:32 - 000815104 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2019-06-12 19:29 - 2019-05-17 07:31 - 004937216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-06-12 19:29 - 2019-05-17 07:31 - 003376640 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2019-06-12 19:29 - 2019-05-17 07:31 - 003293184 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2019-06-12 19:29 - 2019-05-17 07:31 - 001854976 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2019-06-12 19:29 - 2019-05-17 07:31 - 001805312 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-06-12 19:29 - 2019-05-17 07:31 - 001383424 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2019-06-12 19:29 - 2019-05-17 07:31 - 001215488 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll
2019-06-12 19:29 - 2019-05-17 07:31 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2019-06-12 19:29 - 2019-05-17 07:31 - 001027584 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2019-06-12 19:29 - 2019-05-17 07:31 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2019-06-12 19:29 - 2019-05-17 07:31 - 000466432 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2019-06-12 19:29 - 2019-05-17 07:30 - 000917504 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2019-06-12 19:29 - 2019-05-17 07:30 - 000507392 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2019-06-12 19:29 - 2019-05-17 07:30 - 000276992 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-09 00:58 - 2018-09-11 22:44 - 000000000 ____D C:\Program Files\Exterminate It!
2019-07-09 00:56 - 2018-09-11 22:27 - 000000000 ____D C:\Users\Administrátor\Desktop\utils
2019-07-09 00:39 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-09 00:37 - 2018-08-17 21:53 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-07-08 23:17 - 2018-08-17 21:46 - 000000000 ___HD C:\Users\Administrátor\MicrosoftEdgeBackups
2019-07-08 22:14 - 2018-08-17 21:44 - 001689050 _____ C:\Windows\system32\PerfStringBackup.INI
2019-07-08 22:14 - 2018-04-12 17:50 - 000715034 _____ C:\Windows\system32\perfh005.dat
2019-07-08 22:14 - 2018-04-12 17:50 - 000144328 _____ C:\Windows\system32\perfc005.dat
2019-07-08 22:14 - 2018-04-12 01:36 - 000000000 ____D C:\Windows\INF
2019-07-08 22:09 - 2018-11-11 15:40 - 000000000 ____D C:\ProgramData\NVIDIA
2019-07-08 22:09 - 2018-08-17 21:36 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-07-08 22:08 - 2018-04-11 23:04 - 000524288 _____ C:\Windows\system32\config\BBI
2019-07-08 22:06 - 2018-09-08 11:31 - 000000000 ____D C:\Users\Administrátor\AppData\Roaming\vlc
2019-07-08 21:58 - 2018-04-12 01:30 - 000000000 ____D C:\Windows\CbsTemp
2019-07-08 21:49 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\AppReadiness
2019-07-08 20:50 - 2018-08-17 21:36 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-07-08 13:26 - 2018-04-12 01:38 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-07-06 23:50 - 2018-11-20 22:32 - 000000000 ____D C:\Users\Administrátor\Documents\VirtualDJ
2019-07-06 22:25 - 2018-09-12 12:44 - 000000000 ____D C:\Users\Administrátor\AppData\Local\CrashDumps
2019-07-06 17:07 - 2019-05-15 23:17 - 000006635 _____ C:\Users\Administrátor\Desktop\yt.txt
2019-07-05 22:59 - 2018-04-11 23:04 - 000032768 _____ C:\Windows\system32\config\ELAM
2019-06-30 11:58 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-29 09:18 - 2019-03-03 23:33 - 000004210 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-06-29 09:14 - 2018-09-11 23:04 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2019-06-28 18:09 - 2019-04-19 19:23 - 000000000 ____D C:\Users\Administrátor\AppData\Roaming\Notepad++
2019-06-28 17:57 - 2018-08-17 21:43 - 000000000 ____D C:\Users\Administrátor
2019-06-28 17:56 - 2018-10-03 14:53 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-06-28 16:18 - 2018-09-30 12:57 - 000000000 ____D C:\Users\Administrátor\AppData\Local\ElevatedDiagnostics
2019-06-28 16:16 - 2018-10-01 02:11 - 000002355 _____ C:\Users\Public\Desktop\Driver Booster 5.lnk
2019-06-28 00:31 - 2018-12-19 02:32 - 016551279 _____ C:\Users\Administrátor\Downloads\Wireless_XP_071011 (2).zip
2019-06-24 22:34 - 2018-08-17 21:46 - 000000000 ____D C:\Users\Administrátor\AppData\Local\VirtualStore
2019-06-22 03:02 - 2018-11-16 20:05 - 000000000 ____D C:\Program Files\rempl
2019-06-21 02:59 - 2019-04-20 17:56 - 000091892 _____ C:\Users\Administrátor\Downloads\Interop Unlock.zip
2019-06-18 18:25 - 2018-10-03 21:10 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-06-18 18:25 - 2018-08-18 01:12 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-16 17:15 - 2018-08-17 21:48 - 000003396 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3472240800-3569865723-1055443696-1001
2019-06-16 17:15 - 2018-08-17 21:48 - 000000000 ___RD C:\Users\Administrátor\OneDrive
2019-06-16 17:15 - 2018-08-17 21:43 - 000002391 _____ C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-06-15 21:23 - 2019-05-28 17:29 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-06-12 21:44 - 2018-08-17 21:46 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-06-12 21:44 - 2018-08-17 21:46 - 000000000 ___RD C:\Users\Administrátor\3D Objects
2019-06-12 21:44 - 2018-08-17 21:35 - 000265064 _____ C:\Windows\system32\FNTCACHE.DAT
2019-06-12 21:43 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\TextInput
2019-06-12 21:43 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\ShellExperiences
2019-06-12 21:43 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\Provisioning
2019-06-12 21:43 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\bcastdvr
2019-06-12 19:51 - 2018-11-30 15:08 - 000000079 _____ C:\Users\Administrátor\Desktop\soundcloud.txt
2019-06-12 19:50 - 2019-02-22 21:26 - 000000289 _____ C:\Users\Administrátor\Desktop\prispevek.txt
2019-06-12 19:29 - 2018-08-18 00:37 - 000000000 ____D C:\Windows\system32\MRT
2019-06-12 19:26 - 2018-08-19 19:52 - 000004682 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-06-12 19:26 - 2018-08-18 00:37 - 135349160 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-06-12 19:26 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-06-12 19:26 - 2018-04-12 01:38 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories ================

2019-06-06 01:54 - 2019-06-06 01:54 - 000003584 _____ () C:\Users\Administrátor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-03-04 01:52 - 2019-03-04 01:52 - 000000218 _____ () C:\Users\Administrátor\AppData\Local\recently-used.xbel

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
 

bbdra

PCHF Member
PCHF Member
May 9, 2019
54
2
29
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 3-07-2019
Ran by Administrátor (09-07-2019 01:09:02)
Running from C:\Users\Administrátor\Desktop
Windows 10 Home Version 1803 17134.829 (X64) (2018-08-17 19:38:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3472240800-3569865723-1055443696-500 - Administrator - Disabled) => C:\Users\Administrator
Administrátor (S-1-5-21-3472240800-3569865723-1055443696-1001 - Administrator - Enabled) => C:\Users\Administrátor
DefaultAccount (S-1-5-21-3472240800-3569865723-1055443696-503 - Limited - Disabled)
Guest (S-1-5-21-3472240800-3569865723-1055443696-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3472240800-3569865723-1055443696-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Kaspersky Free (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Free (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.207 - Adobe)
Ashampoo Burning Studio FREE (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.20.2 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Balíček ovladače systému Windows - Microsoft USBDevice (02/19/2016 1.0.0.0) (HKLM\...\01D4AA89568B59E5941907D403E3B682EE413AB7) (Version: 02/19/2016 1.0.0.0 - Microsoft)
Bandicam (HKLM-x32\...\Bandicam) (Version: 4.1.7.1424 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
Camel Audio CamelCrusher (HKLM-x32\...\Camel Audio CamelCrusher) (Version: 1.01.0 - Camel Audio)
Camel Audio CamelCrusher64 (HKLM-x32\...\Camel Audio CamelCrusher64) (Version: 1.01.0 - Camel Audio)
CCleaner (HKLM\...\CCleaner) (Version: 5.53 - Piriform)
Chromodo (HKLM-x32\...\Chromodo) (Version: 49.13.20.402 - Comodo)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.1.0 - IObit)
Dynasone VST 2.02 (HKLM-x32\...\Dynasone_VST_2.02) (Version: - )
Emergency Download Driver (HKLM-x32\...\{3F0F5AB4-C9CE-4226-8393-E9CFF8369D9D}) (Version: 1.1.16.1526 - Microsoft)
Eraser 6.2.0.2970 (HKLM\...\{58F37E51-2A83-49F3-9117-6005C63CF399}) (Version: 6.2.2970 - The Eraser Project)
Exterminate It! (HKLM-x32\...\Exterminate It!) (Version: 2.21.0.24 - Curio Systems GmbH)
FFU Loader Driver 1.0.0 (HKLM-x32\...\{7209d085-ed88-4a08-beb2-c49db2b9e838}) (Version: 1.0.0 - Microsoft)
FFU Loader Driver 1.0.0 (HKLM-x32\...\{CA839C49-B3D1-4EA6-BB8A-21937B808771}) (Version: 1.0.0 - Microsoft) Hidden
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
HWiNFO64 Version 5.86 (HKLM\...\HWiNFO64_is1) (Version: 5.86 - Martin Malík - REALiX)
HxD Hex Editor 2.2.1 (HKLM\...\HxD_is1) (Version: 2.2.1 - Maël Hörz)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inkscape 0.92.3 (HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\...\Inkscape) (Version: 0.92.3 - Inkscape Project)
IObit Uninstaller 8 (HKLM-x32\...\IObitUninstall) (Version: 8.0.2.19 - IObit)
IrfanView 4.51 (64-bit) (HKLM\...\IrfanView64) (Version: 4.51 - Irfan Skiljan)
IsoBuster 4.2 (HKLM-x32\...\IsoBuster_is1) (Version: 4.2 - Smart Projects)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Kaspersky Free (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Free (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
KMPlayer 64X (HKLM\...\KMPlayer 64X) (Version: 1.0.0.2 - PandoraTV)
Lumia UEFI Blue Driver (HKLM-x32\...\{9D2A75FE-8CE1-4297-AEC1-A097D47BACE9}) (Version: 1.1.10.1526 - Microsoft)
Malwarebytes verze 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft .NET Framework 4.7.2 SDK (HKLM-x32\...\{58AF62C8-1D15-46D7-9B7F-243B93C5589E}) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 Targeting Pack (HKLM-x32\...\{1784A8CD-F7FE-47E2-A87D-1F31E7242D0D}) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\...\OneDriveSetup.exe) (Version: 19.086.0502.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{d6f233bd-3f8c-43f6-878b-07bd0568d595}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{cb7c3049-21de-415b-bd85-b65c14e547df}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.1.3129.607 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MTG Arena (HKLM-x32\...\{2C05A091-D2BF-4001-8CA1-3C3ABF03850F}) (Version: 0.1.1391.0 - Wizards of the Coast) Hidden
MTG Arena (HKLM-x32\...\MTG Arena 0.1.1391.0) (Version: 0.1.1391.0 - Wizards of the Coast)
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version: - )
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - )
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS (HKLM-x32\...\Native Instruments Massive v1.0.1.008 VSTi DXi RTAS) (Version: - )
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.6.6 - Notepad++ Team)
NVIDIA Ovladač 3D Vision 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OrangeVocoder VST 2.02 (HKLM-x32\...\OrangeVocoder_VST_2.02) (Version: - )
Ovládací panel NVIDIA 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.35 - NVIDIA Corporation) Hidden
PiWarp VST 2.02 (HKLM-x32\...\PiWarp_VST_2.02) (Version: - )
Planet Coaster version 1.3.6.45104 (HKLM\...\Planet Coaster_is1) (Version: 1.3.6.45104 - STEAMPUNKS)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.3 - Power Software Ltd)
Rain World (HKLM-x32\...\1541665964_is1) (Version: 1.015 - GOG.com)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Roomulator VST 2.02 (HKLM-x32\...\Roomulator_VST_2.02) (Version: - )
Shotcut (HKLM-x32\...\Shotcut) (Version: 18.09.15 - Meltytech, LLC)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.21a - Ghisler Software GmbH)
u-he Zebra2 (HKLM-x32\...\u-he Zebra2) (Version: 2.7.2.3898 - u-he)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
VIA Platforma Ovladače zařízení (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VirtualDJ PRO Full (HKLM-x32\...\{C515E2A3-4878-4C85-A519-52630C7AB08B}) (Version: 7.3 - Atomix Productions)
Visual Studio Community 2019 (HKLM-x32\...\dd689672) (Version: 16.1.29020.237 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
VoxCiter VST 2.02 (HKLM-x32\...\VoxCiter_VST_2.02) (Version: - )
Voxengo SPAN (HKLM\...\Voxengo SPAN_is1) (Version: 2.10 - Voxengo)
vs_filehandler_amd64 (HKLM-x32\...\{EF43D2AE-EE51-41C3-BCA0-C5E79023B217}) (Version: 16.1.28811 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{5AABBDCD-ED5D-4AFD-8432-847DD87F8E4C}) (Version: 16.1.28811 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{F08DA172-0777-40C6-A8BA-D0F314560BEE}) (Version: 16.0.28518 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{762B3E50-3B79-4D88-B115-97513CCE8CDB}) (Version: 16.1.28811 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{DA2B1838-3B2E-4220-8B2E-796F4624D463}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{EC04CD66-C03A-470D-B0D2-4BBC87F6382D}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows Device Recovery Tool 3.14.07501 (HKLM-x32\...\{a8ef6d85-8556-4ab8-9e84-f935f5582d43}) (Version: 3.14.7501 - Microsoft)
Windows IP Over USB (HKLM-x32\...\{FF0EA481-42DB-A8AE-8356-48C09F7D953D}) (Version: 10.1.10586.15 - Microsoft Corporation)
Windows Phone 8.0 Emulation Images (HKLM-x32\...\{7515082B-0B97-331C-9725-9D42EF0DE501}) (Version: 11.0.50727 - Microsoft Corporation)
Windows Phone 8.0 Managed SDK Profiler (ARM) (HKLM-x32\...\{D6DEA3AD-637E-368A-BD00-501D443F5E86}) (Version: 11.0.50727 - Microsoft Corporation)
Windows Phone 8.0 Managed SDK Profiler (X86) (HKLM-x32\...\{D21B5F75-8042-3B39-80A1-F1D56D6DB4AB}) (Version: 11.0.50727 - Microsoft Corporation)
Windows Phone IP Over USB (HKLM-x32\...\{E7C8E5D3-9EDC-4430-8AEF-FD590937F55F}) (Version: 10.0.10240.0 - Microsoft Corporation)
Windows Phone SDK 8.0 Assemblies (HKLM-x32\...\{C7EE26EC-477D-37D0-87B4-ED146C5A9CD2}) (Version: 11.0.50727 - Microsoft Corporation)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32\...\{9755918A-CDF8-4F1E-8453-6359CF1A330A}) (Version: 1.1.12.1526 - Microsoft)
WinUSB Compatible ID Drivers (HKLM-x32\...\{A4A0B236-6046-4CAB-8177-1EAF61112C75}) (Version: 1.1.11.1526 - Microsoft)
WinUSB Drivers ext (HKLM-x32\...\{29BAAF65-09E5-4F52-8D15-2FAF2E23A8DC}) (Version: 1.1.24.1544 - Microsoft)

Packages:
=========
Adblock Plus -> C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.15.0_neutral__d55gg7py3s0m0 [2019-05-02] (eyeo GmbH)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.520.0_x64__rz1tebttyb220 [2019-03-15] (Dolby Laboratories)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Trello -> C:\Program Files\WindowsApps\45273LiamForsyth.PawsforTrello_2.10.14.0_x64__7pb5ddty8z1pa [2019-06-25] (Trello, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3472240800-3569865723-1055443696-1001_Classes\CLSID\{C6900730-7919-4222-A0A1-1C469462F10B} -> [MEGA] => C:\Users\Administrátor\Documents\MEGA [2018-12-30 03:32]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Administrátor\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Administrátor\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Administrátor\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Administrátor\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Administrátor\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Administrátor\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2019-01-27] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-04-15] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Administrátor\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-11-22] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR57\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR57\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-04-15] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Administrátor\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Administrátor\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-04-15] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Administrátor\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] () [File not signed]
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-11-22] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2015-09-03] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2018-07-21] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-04-15] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2018-11-22] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR57\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR57\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com

==================== Loaded Modules (Whitelisted) ==============

2018-09-07 09:16 - 2018-09-07 09:16 - 006881792 _____ () [File not signed] C:\Program Files\KMPlayer 64X\UpLib.dll
2017-10-18 23:51 - 2017-10-18 23:51 - 000598528 _____ () [File not signed] C:\Users\Administrátor\AppData\Local\MEGAsync\ShellExtX64.dll
2019-06-28 17:33 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-07-07 00:11 - 2019-07-08 23:57 - 000170496 _____ (KMPlayer Team) [File not signed] C:\Users\Administrátor\AppData\Local\Temp\1029.tmp
2015-11-19 21:03 - 2015-11-19 21:03 - 000247808 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbPc.DLL
2018-11-11 15:40 - 2018-03-24 01:05 - 000880024 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2018-11-11 15:40 - 2018-03-24 01:05 - 000343728 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2019-04-09 22:38 - 2019-04-09 22:38 - 000662016 _____ (SQLite Development Team) [File not signed] C:\Program Files\Exterminate It!\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 01:38 - 2019-06-29 09:50 - 000000768 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> c:\program files (x86)\common files\oracle\java\javapath;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\windows\system32\windowspowershell\v1.0\;c:\windows\system32\openssh\;C:\Program Files (x86)\Smart Projects\IsoBuster
HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrátor\Downloads\orange-cubes-43825-1920x1200.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9C18D8F9-D5A9-4C72-9829-F42A1650D2B9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe (IObit Information Technology -> IObit)
FirewallRules: [{996EE3CA-2ACD-4C01-BD87-98A05E5FFC04}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe (IObit Information Technology -> IObit)
FirewallRules: [{EAB1722A-31CB-4226-95BD-CAC79A22B840}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [{CCE7BCCA-83ED-43A0-A116-E60A758289B0}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [{AD255F48-7E9E-4D5C-AEFB-E5B81DA9F955}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe (IObit Information Technology -> IObit)
FirewallRules: [{662FF1DF-B272-41A4-8604-DCC80C9AF020}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe (IObit Information Technology -> IObit)
FirewallRules: [TCP Query User{5A1A73A9-618E-494F-9BB5-317F78EDD4DF}C:\users\administrátor\desktop\dst\bin\dontstarve_steam.exe] => (Block) C:\users\administrátor\desktop\dst\bin\dontstarve_steam.exe No File
FirewallRules: [UDP Query User{A02A1629-2A09-4311-9DE3-D3B3987E2791}C:\users\administrátor\desktop\dst\bin\dontstarve_steam.exe] => (Block) C:\users\administrátor\desktop\dst\bin\dontstarve_steam.exe No File
FirewallRules: [TCP Query User{DB50EB91-D20D-42B8-B858-44C5BA5BD1DF}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files (x86)\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [UDP Query User{56F0B7D2-F691-4DEA-B0FA-8A276CD6004A}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files (x86)\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [{6B665249-BDFA-4116-9AEB-5C017D236C0C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:446.59 GB) (Free:155.22 GB) (35%)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2019 11:54:38 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-V6VDE39)
Description: httphttp-2147467263

Error: (07/08/2019 10:59:10 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-V6VDE39)
Description: httphttp-2147467263

Error: (07/06/2019 10:25:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17134.799, time stamp: 0x5cde47ca
Faulting module name: EdgeContent.dll, version: 11.0.17134.799, time stamp: 0x38675003
Exception code: 0xc0000409
Fault offset: 0x00000000000afe6a
Faulting process ID: 0x40d4
Faulting application start time: 0x01d53415bcb94ab2
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\Windows\SYSTEM32\EdgeContent.dll
Report ID: af9068e0-5cb1-49e4-8fdc-09a86b8dc7d8
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (07/06/2019 06:13:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17134.799, time stamp: 0x5cde47ca
Faulting module name: EdgeContent.dll, version: 11.0.17134.799, time stamp: 0x38675003
Exception code: 0xc0000409
Fault offset: 0x00000000000afe6a
Faulting process ID: 0x3fbc
Faulting application start time: 0x01d5340f14ae0c7e
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\Windows\SYSTEM32\EdgeContent.dll
Report ID: 75f96bd3-41e2-4d4a-8b3a-d5104dd4c6e8
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (07/06/2019 02:12:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program chromodo.exe verze 49.13.20.402 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 32c4

Čas spuštění: 01d531d6be259fd0

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe

ID hlášení: 4f28b51d-3a20-40dc-bb2b-29ccebac963c

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (07/06/2019 12:47:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program MicrosoftEdgeCP.exe verze 11.0.17134.799 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 7910

Čas spuštění: 01d533e6eb50c0ff

Čas ukončení: 22

Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

ID hlášení: 6e4e0b28-4972-4cab-940e-afac035d61c4

Úplný název balíčku s chybou: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe

ID aplikace související s balíčkem s chybou: ContentProcess

Error: (07/06/2019 12:34:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program MicrosoftEdgeCP.exe verze 11.0.17134.799 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 4b98

Čas spuštění: 01d531d7fe3a0b16

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

ID hlášení: 88becf91-1494-4f6c-8c8c-de9bceaeba8f

Úplný název balíčku s chybou: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe

ID aplikace související s balíčkem s chybou: ContentProcess

Error: (07/06/2019 12:29:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17134.799, time stamp: 0x5cde47ca
Faulting module name: edgehtml.dll, version: 11.0.17134.829, time stamp: 0x07ad0877
Exception code: 0xc0000005
Fault offset: 0x0000000000111055
Faulting process ID: 0x3ca0
Faulting application start time: 0x01d533e58232d669
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\Windows\SYSTEM32\edgehtml.dll
Report ID: 3109b732-cb50-4ccd-bf16-96289622ee35
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess


System errors:
=============
Error: (07/09/2019 12:55:43 AM) (Source: Disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk1\DR1 má chybný blok.

Error: (07/08/2019 10:16:27 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-V6VDE39)
Description: Server Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe!ContentProcess#{00031404-0001-0000-F1E4-000000000000} se v daném časovém limitu neregistroval u služby DCOM.

Error: (07/08/2019 10:09:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NGIService service failed to start due to the following error:
Systém nemůže nalézt uvedený soubor.

Error: (07/08/2019 10:09:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! Antivirus service failed to start due to the following error:
Systém nemůže nalézt uvedený soubor.

Error: (07/08/2019 10:09:34 PM) (Source: Disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk1\DR1 má chybný blok.

Error: (07/08/2019 10:09:34 PM) (Source: Disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk1\DR1 má chybný blok.

Error: (07/08/2019 10:09:34 PM) (Source: Disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk1\DR1 má chybný blok.

Error: (07/08/2019 10:09:34 PM) (Source: Disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk1\DR1 má chybný blok.


Windows Defender:
===================================
Date: 2019-06-29 09:59:40.574
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.263.48.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15700.9
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-06-29 09:59:40.574
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.263.48.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15700.9
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-06-29 09:59:40.574
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.263.48.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15700.9
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-06-29 09:59:40.434
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.263.48.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15700.9
Kód chyby: 0x80240438
Popis chyby :při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2019-05-05 23:25:45.666
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.263.48.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.15700.9
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

CodeIntegrity:
===================================

Date: 2018-12-27 16:30:23.549
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_aea4581\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-27 16:27:43.233
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_aea4581\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-23 17:35:08.422
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_aea4581\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-23 17:35:04.585
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_aea4581\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-23 15:33:04.427
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_aea4581\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-23 15:33:00.773
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_aea4581\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-23 13:31:15.577
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_aea4581\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-12-23 13:31:11.612
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Kaspersky Lab\AVP19.0.0\Data\updater\supd_aea4581\updater.kdl that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. P1.70 09/07/2010
Motherboard: ASRock M3A770DE
Processor: AMD Phenom(tm) II X4 965 Processor
Percentage of memory in use: 54%
Total physical RAM: 12287.3 MB
Available physical RAM: 5559.58 MB
Total Virtual: 32767.3 MB
Available Virtual: 25687.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.59 GB) (Free:155.22 GB) NTFS
Drive e: (Místní disk) (Fixed) (Total:1863.02 GB) (Free:1253.03 GB) NTFS
Drive f: (KRD10) (CDROM) (Total:0.26 GB) (Free:0 GB) CDFS

\\?\Volume{041feeed-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.54 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 041FEEED)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 70AAB22D)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,379
551
Looking the logs over now, should be about an hour to go over them.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,379
551
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system. Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

================================================================================================================================

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right Click on adwcleaner.exe and run as admin to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
 

Attachments

bbdra

PCHF Member
PCHF Member
May 9, 2019
54
2
29
A
fter fixing and restarting machine
problem has disappeared in Microsoft edge , but it came back when i start browsing with chromodo browser, it also came back in
Microsoft edge.

Fix result of Farbar Recovery Scan Tool (x64) Version: 3-07-2019
Ran by Administrátor (09-07-2019 12:55:57) Run:1
Running from C:\Users\Administrátor\Desktop
Loaded Profiles: Administrátor & Administrator (Available Profiles: Administrátor & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
Closeprocesses:
CreateRestorePoint:
Emptytemp:
VirusTotal: C:\Windows\system32\drivers\vasdDev.sys
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] False
HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\...\MountPoints2: {aa2e3823-ad33-11e8-9346-00252281e08d} - "G:\setup.exe"
GroupPolicy: Restriction ? <==== ATTENTION
CHR Extension: (Platby Internetov�ho obchodu Chrome) - C:\Users\Administr�tor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-18]
Task: {05F42D32-9EC0-4F0E-B32E-66114E0F58D9} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{8bc03728-6a4b-499c-9bc3-b24c4b66c9f6}: [DhcpNameServer] 192.168.0.1 192.168.0.1
CHR Extension: (Chrome Media Router) - C:\Users\Administr�tor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-19]
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]
S2 NGIService; "C:\Program Files (x86)\Common Files\McAfee\NGI\Service\NGIService.exe" StartAsNGIService [X]
S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [201240 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [230344 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201768 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
S3 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346592 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59496 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [15360 2018-12-28] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239840 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46384 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42288 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [163208 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111800 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [87432 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1028680 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [469272 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [208472 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [380464 2018-12-28] (AVAST Software s.r.o. -> AVAST Software)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2019-06-29] (Adlice -> )
U3 aswbdisk; no ImagePath
2019-06-06 01:54 - 2019-06-06 01:54 - 000003584 _____ () C:\Users\Administr�tor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-03-04 01:52 - 2019-03-04 01:52 - 000000218 _____ () C:\Users\Administr�tor\AppData\Local\recently-used.xbel
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> No File
HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
Shortcut: C:\Users\Administr�tor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\Administr�tor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administr�tor
C:\Windows\Tasks\Uninstaller_SkipUac_Administr�tor.job
C:\Windows\System32\drivers\aswVmm.sys
C:\Windows\System32\drivers\aswStm.sys
C:\Windows\System32\drivers\aswSP.sys
C:\Windows\System32\drivers\aswSnx.sys
C:\Windows\System32\drivers\aswRvrt.sys
C:\Windows\System32\drivers\aswRdr2.sys
C:\Windows\System32\drivers\aswMonFlt.sys
C:\Windows\System32\drivers\aswKbd.sys
C:\Windows\System32\drivers\aswHwid.sys
C:\Windows\System32\drivers\aswHdsKe.sys
C:\Windows\System32\drivers\aswElam.sys
C:\Windows\System32\drivers\aswbloga.sys
C:\Windows\System32\drivers\aswbidsha.sys
C:\Windows\System32\drivers\aswbidsdrivera.sys
C:\Program Files\AVAST Software
C:\Program Files\Common Files\AVAST Software
C:\Program Files (x86)\Common Files\McAfee
Folder: C:\Users\Administr�tor\source
VirusTotal: C:\Users\Administr�tor\Downloads\vs_community__1429971524.1561737004.exe
C:\WINDOWS\system32\drivers\etc\hosts
Hosts:
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
end
*****************
Processes closed successfully.
Error: (0) Failed to create a restore point.
VirusTotal: C:\Windows\system32\drivers\vasdDev.sys => https://www.virustotal.com/file/d8112d9898864137e7490040a1d59bed5b0d2cb485f940c224b5acff4644c6b2/analysis/1535185109/
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe" => could not remove
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks" => removed successfully
HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa2e3823-ad33-11e8-9346-00252281e08d} => removed successfully
HKLM\Software\Classes\CLSID\{aa2e3823-ad33-11e8-9346-00252281e08d} => not found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
CHR Extension: (Platby Internetov�ho obchodu Chrome) - C:\Users\Administr�tor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-18] => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{05F42D32-9EC0-4F0E-B32E-66114E0F58D9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05F42D32-9EC0-4F0E-B32E-66114E0F58D9}" => removed successfully
C:\Windows\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8bc03728-6a4b-499c-9bc3-b24c4b66c9f6}\\DhcpNameServer" => removed successfully
CHR Extension: (Chrome Media Router) - C:\Users\Administr�tor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-19] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\avast! Antivirus => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\NGIService => removed successfully
NGIService => service removed successfully
HKLM\System\CurrentControlSet\Services\aswArPot => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswbidsdriver => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswbidsh => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswblog => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswbuniv => could not remove, key could be protected
aswElam => Unable to stop service.
HKLM\System\CurrentControlSet\Services\aswElam => removed successfully
aswElam => service removed successfully
aswHdsKe => Unable to stop service.
HKLM\System\CurrentControlSet\Services\aswHdsKe => removed successfully
aswHdsKe => service removed successfully
HKLM\System\CurrentControlSet\Services\aswHwid => could not remove, key could be protected
aswKbd => Unable to stop service.
HKLM\System\CurrentControlSet\Services\aswKbd => could not remove, key could be protected
aswMonFlt => Unable to stop service.
HKLM\System\CurrentControlSet\Services\aswMonFlt => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswRdr => could not remove, key could be protected
aswRvrt => Unable to stop service.
HKLM\System\CurrentControlSet\Services\aswRvrt => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswSnx => could not remove, key could be protected
aswSP => Unable to stop service.
HKLM\System\CurrentControlSet\Services\aswSP => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswStm => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswVmm => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\TrueSight => removed successfully
TrueSight => service removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected
"C:\Users\Administr�tor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found
"C:\Users\Administr�tor\AppData\Local\recently-used.xbel" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Classes\regfile => removed successfully
"C:\Users\Administr�tor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk" => not found
"C:\Users\Administr�tor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk" => not found
"C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administr�tor" => not found
"C:\Windows\Tasks\Uninstaller_SkipUac_Administr�tor.job" => not found
Could not move "C:\Windows\System32\drivers\aswVmm.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\drivers\aswStm.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\drivers\aswSP.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\drivers\aswSnx.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\drivers\aswRvrt.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\drivers\aswRdr2.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\drivers\aswMonFlt.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\drivers\aswKbd.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\drivers\aswHwid.sys" => Scheduled to move on reboot.
C:\Windows\System32\drivers\aswHdsKe.sys => moved successfully
C:\Windows\System32\drivers\aswElam.sys => moved successfully
Could not move "C:\Windows\System32\drivers\aswbloga.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\drivers\aswbidsha.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\drivers\aswbidsdrivera.sys" => Scheduled to move on reboot.
"C:\Program Files\AVAST Software" folder move:
Could not move "C:\Program Files\AVAST Software" => Scheduled to move on reboot.
C:\Program Files\Common Files\AVAST Software => moved successfully
"C:\Program Files (x86)\Common Files\McAfee" => not found
========================= Folder: C:\Users\Administr�tor\source ========================
not found.
====== End of Folder: ======
"VirusTotal: C:\Users\Administr�tor\Downloads\vs_community__1429971524.1561737004.exe" => not found
C:\WINDOWS\system32\drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully

========= End of RemoveProxy: =========

========= netsh advfirewall reset =========
Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========
Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========

=========== EmptyTemp: ==========
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 390494910 B
Java, Flash, Steam htmlcache => 1110 B
Windows/system/drivers => 69582864 B
Edge => 37394426 B
Chrome => 23147028 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 79836 B
LocalService => 0 B
NetworkService => 68526 B
NetworkService => 0 B
Administrátor => 174779419 B
Administrator => 49477304 B
RecycleBin => 0 B
EmptyTemp: => 720.5 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 09-07-2019 12:58:15)
C:\Windows\System32\drivers\aswVmm.sys => Could not move
C:\Windows\System32\drivers\aswStm.sys => Could not move
C:\Windows\System32\drivers\aswSP.sys => Could not move
C:\Windows\System32\drivers\aswSnx.sys => Could not move
C:\Windows\System32\drivers\aswRvrt.sys => Could not move
C:\Windows\System32\drivers\aswRdr2.sys => Could not move
C:\Windows\System32\drivers\aswMonFlt.sys => Could not move
C:\Windows\System32\drivers\aswKbd.sys => Could not move
C:\Windows\System32\drivers\aswHwid.sys => Could not move
C:\Windows\System32\drivers\aswbloga.sys => Could not move
C:\Windows\System32\drivers\aswbidsha.sys => Could not move
C:\Windows\System32\drivers\aswbidsdrivera.sys => Could not move
C:\Program Files\AVAST Software => Is moved successfully
Result of scheduled keys to remove after reboot:
HKLM\System\CurrentControlSet\Services\avast! Antivirus => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswArPot => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswbidsdriver => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswbidsh => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswblog => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswbuniv => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswHwid => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswKbd => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswMonFlt => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswRdr => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswRvrt => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswSnx => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswSP => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswStm => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswVmm => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected
==== End of Fixlog 12:58:16 ====
 

bbdra

PCHF Member
PCHF Member
May 9, 2019
54
2
29
After 2nd restart Microsoft Edge was already infected.

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-06-28.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-09-2019
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 5
# Failed: 0

***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\IOBIT\Driver Booster
Deleted C:\ProgramData\IOBIT\Driver Booster
Deleted C:\Users\Administrátor\AppData\Roaming\IOBIT\Driver Booster
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\Software\Wow6432Node\IObit\Driver Booster
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.

*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1549 octets] - [11/09/2018 22:25:05]
AdwCleaner[C00].txt - [1677 octets] - [11/09/2018 22:25:48]
AdwCleaner[S01].txt - [1796 octets] - [03/10/2018 21:03:33]
AdwCleaner[C01].txt - [1886 octets] - [03/10/2018 21:04:00]
AdwCleaner[S02].txt - [1686 octets] - [29/06/2019 09:56:31]
AdwCleaner[C02].txt - [1814 octets] - [29/06/2019 09:56:45]
AdwCleaner[S03].txt - [1990 octets] - [08/07/2019 22:07:30]
AdwCleaner[S04].txt - [2051 octets] - [09/07/2019 13:56:59]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ##########
 

bbdra

PCHF Member
PCHF Member
May 9, 2019
54
2
29
Finally I've figured out how it approximately works.
I found that it works on Czech sites(www.seznam.cz,www.recepty.cz,www.csfd.cz,www.novinky.cz) and i must visit them through chromodo browser to activate the popup. After that it starts poping in Microsoft Edge too.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,379
551
You can block these types of intrusions with the most effective ad/tracker blocker out there.

Ublock Origin for Edge.


Ublock Origin for Chrome


=================================================================================================



Ok, seems that Avast is being stubborn and will not remove, you should not have two antivirus applications on one machine.

  1. Download avastclear.exe on your desktop
  2. Start Windows in Safe Mode
  3. Open (execute) the uninstall utility
  4. If you installed Avast in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
  5. Click REMOVE
  6. Restart your computer
==================================================================================================

Once you have done that please run this so I can make sure that nothing is lurking on your machine.

Quick Diag Scan.


Download Quick Diag to your desktop.
Very Important!! -- Make sure program is on your desktop.
Disable your Antivirus/Antispyware prior to scanning.
Right Click Run as Administrator.
Select the Quick Scan.




Post the log that is generated in your next post.

You should attach this file as it is rather large, you can click on attach files when you reply.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,379
551
You can also block this through a DNS server.

Using Adguards DNS server as mentioned at this site.


You can quickly change your DNS server with DNS Jumper.
Download DNS jumper by clicking here.
Unzip it to your desktop.
Double click the folder containing DNS Jumper
Right Click the program and run as Administrator.
Click and place a check in the Custom DNS box.
Copy these DNS servers ==== 176.103.130.130 ====== 176.103.130.131 and paste them into the highlighted boxes.
Click on Apply DNS


Capture.PNG
 
Last edited:

bbdra

PCHF Member
PCHF Member
May 9, 2019
54
2
29
I did avastclear in safe mode, but AvastUI.exe probably still in my pc... This path "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" doesnt exist or isnt visible for me, anyway i see AVLaunch startup in my Task manager.


4958
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,379
551
Ok, we will remove any traces of it with this tool. It needs to be removed because it will use a lot of system resources when two antivirus applications are installed.


Download Quick Diag to your desktop.
Very Important!! -- Make sure program is on your desktop.
Disable your Antivirus/Antispyware prior to scanning.
Right Click Run as Administrator.
Select the Quick Scan.







Post the log that is generated in your next post.
 

bbdra

PCHF Member
PCHF Member
May 9, 2019
54
2
29
--------------- QuickDiag | [email protected]@n | V5_27.02.19.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 09/07/2019 18:30:33

Updated 27/02/2019 | 11:10 (GMT) by [email protected]@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague
[Administrátor (Administrator)] - [DESKTOP-V6VDE39] (S-1-5-21-3472240800-3569865723-1055443696-1001)

System: Microsoft Windows 10 Home - - (10.0.17134) - BuildType: Multiprocessor Free - OSLanguage: 1029 (0405) -> (1803)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Home|C:\Windows|\Device\Harddisk0\Partition2
Boot : Normal boot
PC: To Be Filled By O.E.M. - To Be Filled By O.E.M. - IdNumber: To Be Filled By O.E.M. - UUID: 03000200-0400-0500-0006-000700080009
Processor : X64 - 3393 Mhz - AMD Phenom(tm) II X4 965 Processor
Default System BIOS - - American Megatrends Inc. - S/N: To Be Filled By O.E.M. - P1.70 - 090710 - 20100907
CoreTemp : ? Celsius

----------| Quick


---------- | SoundDevice

Zvukové zařízení High Definition Audio - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101&REV_1001\5&1827189B&0&0001
Zvukové zařízení High Definition Audio - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101&REV_1001\5&1827189B&0&0101
Zvukové zařízení High Definition Audio - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101&REV_1001\5&1827189B&0&0201
Zvukové zařízení High Definition Audio - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0012&SUBSYS_10DE0101&REV_1001\5&1827189B&0&0301
USB Audio Class 1.0 and 2.0 Device Driver With MS Effect - Status: OK - Manufacturer: C-MEDIA Inc. - PNPDeviceID: USB\VID_0D8C&PID_0319&MI_00\6&37873258&0&0000
Zvukové zařízení High Definition Audio - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_1106&DEV_0397&SUBSYS_18490397&REV_1000\4&61D13CD&0&0001

---------- | Video

NVIDIA GeForce GTX 460 - Resolution: 1280x1024 - Colors: 4294967296 - RefreshRate: 75 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvldumdx.dll,C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvldumdx.dll,C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvldumdx.dll,C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvldumdx.dll - PNPDeviceID: PCI\VEN_10DE&DEV_0E22&SUBSYS_34FC1458&REV_A1\4&1C1F7BC1&0&0010 - AdapterCompatibility: NVIDIA - RAM: 1073741824
Inegrated Video Chipset DeviceName: NVIDIA GeForce GTX 460 - DriverVersion: 23.21.13.9135 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\bdmpegv64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 75272 - Manufacturer: - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 86016 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\vorbis.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 1470976 - Manufacturer: HMS http://hp.vector.co.jp/authors/VA012897/ - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42480 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\bdmpega64.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 75784 - Manufacturer: - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39424 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36264 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\bdmjpeg64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 75248 - Manufacturer: - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34696 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25408 - Manufacturer: Microsoft Corporation - Status: OK

---------- | CPU

CPU #1 value:3 %
CPU #2 value:0 %
CPU #3 value:0 %
CPU #4 value:0 %
Total Overall CPU Usage value:0 %

---------- | Network


Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000
Realtek PCIe GbE Family Controller - Síť Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_81681849&REV_03\4&E057C7F&0&0050
WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT
WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT
WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT
WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT
WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT
WAN Miniport (IP) - Síť Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP
WAN Miniport (IPv6) - Síť Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6
WAN Miniport (Network Monitor) - Síť Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH

---------- | Memory

RAM = Total (MB) : 12582 | Free (MB) : 10699
Pagefile = Total (MB) : 33554 | Free (MB) : 31574
Virtual = Total (MB) : 4194 | Free (MB) : 3866

Physical Memory 0 : Capacity: 2147483648 - DIMM0 - Posit.: 0 - Manufacturer: Manufacturer0 - PartNumber: PartNum0 - S/N: SerNum0
Physical Memory 1 : Capacity: 2147483648 - DIMM1 - Posit.: 0 - Manufacturer: Manufacturer1 - PartNumber: PartNum1 - S/N: SerNum1
Physical Memory 2 : Capacity: 4294967296 - DIMM2 - Posit.: 0 - Manufacturer: Manufacturer2 - PartNumber: PartNum2 - S/N: SerNum2
Physical Memory 3 : Capacity: 4294967296 - DIMM3 - Posit.: 0 - Manufacturer: Manufacturer3 - PartNumber: PartNum3 - S/N: SerNum3

---------- | SID Users

Administrator : [S-1-5-21-3472240800-3569865723-1055443696-500]
Administrátor : [S-1-5-21-3472240800-3569865723-1055443696-1001]
DefaultAccount : [S-1-5-21-3472240800-3569865723-1055443696-503]
Guest : [S-1-5-21-3472240800-3569865723-1055443696-501]
WDAGUtilityAccount : [S-1-5-21-3472240800-3569865723-1055443696-504]
Administrators : [S-1-5-32-544]
Distributed COM Users : [S-1-5-32-562]
Event Log Readers : [S-1-5-32-573]
Guests : [S-1-5-32-546]
IIS_IUSRS : [S-1-5-32-568]
Performance Log Users : [S-1-5-32-559]
Performance Monitor Users : [S-1-5-32-558]
Remote Management Users : [S-1-5-32-580]
System Managed Accounts Group : [S-1-5-32-581]
Users : [S-1-5-32-545]
Vlastníci zařízení : [S-1-5-32-583]

---------- | SystemAccounts

Name: Everyone - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATOR OWNER - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: CREATOR GROUP - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: OWNER RIGHTS - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: DIALUP - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: NETWORK - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: BATCH - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIVE - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: PROXY - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SYSTEM - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Authenticated Users - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: TERMINAL SERVER USER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: LOCAL SERVICE - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: NETWORK SERVICE - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ -> [Fixed] | [] | Total : 446.59 Go | Free : 156.23 Go -> NTFS (SSD) [ATA]
E:\ -> [Fixed] | [Místní disk] | Total : 1863.02 Go | Free : 1253.03 Go -> NTFS [ATA]
F:\ -> [CDROM] | [KRD10] | Total : 0.26 Go | Free : 0 Go -> CDFS [ATAPI]

Disk Usage Information [2 total Physical Disks]

Physical Drive #0 [C:] : Read:0 bytes/sec, Written:3,899,173 bytes/sec Max Read:0 bytes/sec, Max Write:3,899,173 bytes/sec
Physical Drive #1 [E:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec

Overall - Read Maximum:0 bytes/sec, Write Maximum:3,899,173 bytes/sec

DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 2 Part. - PnPID : IDE\DISKKINGSTON_SA400S37480G___________________SBFK71E0\5&11EE6D0C&0&0.0.0
DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - IDE - Fixed hard disk media - 1 Part. - PnPID : IDE\DISKWDC_WD20EARS-00S8B1_____________________80.00A80\5&3ACF866E&0&1.1.0

---------- | Windows updates - Activation - License


W.A.T : :)

Test 1 : Windows Is Activated

Volume License


---------- | Browsers

IE : 11.0.17134.1 (© Microsoft Corporation.)
GC : 75.0.3770.100 (Copyright 2019 Google LLC.)

Default : "C:\Program Files\Internet Explorer\iexplore.exe"

---------- | FlashPlayer

FlashPlayer ActiveX : 32.0.0.207

---------- | Security

AS : Windows Defender Disabled
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Manual(3)] = stopped
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running



---------- | Running processes

528 | [Owner : SYSTEM | Parent : 4(System) | ?????] - (.Microsoft Corporation - Windows Session Manager.) - (10.0.17134.590) = C:\Windows\System32\smss.exe [12/02/2019 22:04:33] CPU Usage:0 %
708 | [Owner : SYSTEM | Parent : 688() | ?????] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 %
808 | [Owner : SYSTEM | Parent : 688() | ?????] - (.Microsoft Corporation - Windows Start-Up Application.) - (10.0.17134.1) = C:\Windows\System32\wininit.exe [12/04/2018 01:34:22] CPU Usage:0 %
816 | [Owner : SYSTEM | Parent : 788() | ?????] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 %
880 | [Owner : SYSTEM | Parent : 808(wininit.exe) | ?????] - (.Microsoft Corporation - Services and Controller app.) - (10.0.17134.191) = C:\Windows\System32\services.exe [18/08/2018 00:30:31] CPU Usage:0 %
892 | [Owner : SYSTEM | Parent : 808(wininit.exe) | 17.47 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.17134.376) = C:\Windows\System32\lsass.exe [07/11/2018 19:26:18] CPU Usage:0 %
968 | [Owner : SYSTEM | Parent : 788() | 11.64 Mo] - (.Microsoft Corporation - Windows Log-on Application.) - (10.0.17134.319) = C:\Windows\System32\winlogon.exe [01/10/2018 12:43:49] CPU Usage:0 %
540 | [Owner : SYSTEM | Parent : 880(services.exe) | 3.97 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
696 | [Owner : UMFD-0 | Parent : 808(wininit.exe) | 3.93 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.765) = C:\Windows\System32\fontdrvhost.exe [14/05/2019 23:19:36] CPU Usage:0 %
700 | [Owner : UMFD-1 | Parent : 968(winlogon.exe) | 16.6 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.765) = C:\Windows\System32\fontdrvhost.exe [14/05/2019 23:19:36] CPU Usage:0 %
944 | [Owner : SYSTEM | Parent : 880(services.exe) | 26.72 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1064 | [Owner : NETWORK SERVICE | Parent : 880(services.exe) | 14.33 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1108 | [Owner : SYSTEM | Parent : 880(services.exe) | 8.23 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1168 | [Owner : DWM-1 | Parent : 968(winlogon.exe) | 58.86 Mo] - (.Microsoft Corporation - Desktop Window Manager.) - (10.0.17134.1) = C:\Windows\System32\dwm.exe [12/04/2018 01:34:19] CPU Usage:0 %
1272 | [Owner : SYSTEM | Parent : 880(services.exe) | 9.64 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1328 | [Owner : SYSTEM | Parent : 880(services.exe) | 6.2 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1420 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 11.38 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1452 | [Owner : SYSTEM | Parent : 880(services.exe) | 10.6 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1508 | [Owner : SYSTEM | Parent : 880(services.exe) | 15.2 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1560 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 19.62 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1620 | [Owner : SYSTEM | Parent : 880(services.exe) | 9.19 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1656 | [Owner : SYSTEM | Parent : 880(services.exe) | 13.72 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [11/11/2018 15:40:18] CPU Usage:0 %
1680 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 8.94 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1708 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 7.72 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1788 | [Owner : SYSTEM | Parent : 880(services.exe) | 5.95 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1796 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 7.82 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1872 | [Owner : NETWORK SERVICE | Parent : 880(services.exe) | 10.78 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1912 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 18.15 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1940 | [Owner : SYSTEM | Parent : 880(services.exe) | 8.05 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1984 | [Owner : SYSTEM | Parent : 880(services.exe) | 8.27 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1992 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 7.62 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1408 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 8.73 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2192 | [Owner : SYSTEM | Parent : 1656(NVDisplay.Container.exe) | 41.8 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [11/11/2018 15:40:18] CPU Usage:0 %
2268 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 16.7 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2404 | [Owner : SYSTEM | Parent : 880(services.exe) | 13.28 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2460 | [Owner : NETWORK SERVICE | Parent : 880(services.exe) | 8.19 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2468 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 6.34 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2476 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 8.75 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2536 | [Owner : SYSTEM | Parent : 880(services.exe) | 11.65 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2616 | [Owner : SYSTEM | Parent : 880(services.exe) | 14.66 Mo] - (.Microsoft Corporation - Spooler SubSystem App.) - (10.0.17134.1) = C:\Windows\System32\spoolsv.exe [12/04/2018 01:34:41] CPU Usage:0 %
2680 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 7.39 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2724 | [Owner : NETWORK SERVICE | Parent : 880(services.exe) | 8.05 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2808 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 17.39 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2916 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 17.69 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2924 | [Owner : SYSTEM | Parent : 880(services.exe) | 7.7 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2932 | [Owner : SYSTEM | Parent : 880(services.exe) | 23.44 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2940 | [Owner : NETWORK SERVICE | Parent : 880(services.exe) | 12.17 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2948 | [Owner : SYSTEM | Parent : 880(services.exe) | 17.9 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2956 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 6.58 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
3028 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 8.01 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
3044 | [Owner : SYSTEM | Parent : 880(services.exe) | 5.85 Mo] - (.VIA Technologies, Inc. - Service binary.) - (0.1.0.0) = C:\Windows\System32\ViakaraokeSrv.exe [11/09/2015 05:06:52] CPU Usage:0 %
3052 | [Owner : SYSTEM | Parent : 880(services.exe) | 20.2 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
3060 | [Owner : SYSTEM | Parent : 880(services.exe) | 5.71 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2288 | [Owner : SYSTEM | Parent : 880(services.exe) | 6.74 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.31.1644) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [17/12/2018 04:29:48] CPU Usage:0 %
3096 | [Owner : SYSTEM | Parent : 880(services.exe) | 13.61 Mo] - (.Microsoft Corporation - Windows IP Over USB PC Service.) - (10.0.10586.15) = C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [20/11/2015 04:47:22] CPU Usage:0 %
3132 | [Owner : NETWORK SERVICE | Parent : 880(services.exe) | 12.37 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.10.2354.7482) = C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [11/11/2018 15:40:49] CPU Usage:0 %
3140 | [Owner : SYSTEM | Parent : 880(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.13.17134.191) = C:\Windows\System32\SecurityHealthService.exe [18/08/2018 00:30:41] CPU Usage:0 %
3200 | [Owner : SYSTEM | Parent : 880(services.exe) | 13.64 Mo] - (.Comodo - Chromodo.) - (1.0.0.1) = C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [11/05/2016 13:39:58] CPU Usage:0 %
3272 | [Owner : SYSTEM | Parent : 880(services.exe) | 8.79 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
3308 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 5.58 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
3448 | [Owner : SYSTEM | Parent : 880(services.exe) | 12.03 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
3540 | [Owner : SYSTEM | Parent : 880(services.exe) | 5.86 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
3572 | [Owner : SYSTEM | Parent : 880(services.exe) | 11.88 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
3960 | [Owner : SYSTEM | Parent : 880(services.exe) | 22.73 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
4188 | [Owner : LOCAL SERVICE | Parent : 2268(svchost.exe) | 13.12 Mo] - (.Microsoft Corporation - Windows Audio Device Graph Isolation.) - (10.0.17134.829) = C:\Windows\System32\audiodg.exe [12/06/2019 19:29:29] CPU Usage:0 %
4432 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 5.6 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2912 | [Owner : SYSTEM | Parent : 880(services.exe) | 14.57 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
5768 | [Owner : SYSTEM | Parent : 944(svchost.exe) | 17.85 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 01:34:40] CPU Usage:0 %
4976 | [Owner : Administrátor | Parent : 1620(svchost.exe) | 25.74 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.17134.1) = C:\Windows\System32\sihost.exe [12/04/2018 01:34:12] CPU Usage:0 %
4876 | [Owner : Administrátor | Parent : 880(services.exe) | 19.48 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
828 | [Owner : Administrátor | Parent : 880(services.exe) | 29.68 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
4596 | [Owner : Administrátor | Parent : 1508(svchost.exe) | 6.81 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (10.0.17134.619) = C:\Windows\System32\taskhostw.exe [15/03/2019 17:04:46] CPU Usage:0 %
1440 | [Owner : SYSTEM | Parent : 880(services.exe) | 7.8 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1632 | [Owner : Administrátor | Parent : 1440(svchost.exe) | 14.94 Mo] - (.Microsoft Corporation - CTF Loader.) - (10.0.17134.1) = C:\Windows\System32\ctfmon.exe [12/04/2018 01:34:37] CPU Usage:0 %
3040 | [Owner : Administrátor | Parent : 3244() | 118.78 Mo] - (.Microsoft Corporation - Windows Explorer.) - (10.0.17134.677) = C:\Windows\explorer.exe [09/04/2019 19:41:05] CPU Usage:0 %
3120 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 17.22 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1280 | [Owner : Administrátor | Parent : 944(svchost.exe) | 22.62 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.17134.1) = C:\Windows\System32\dllhost.exe [12/04/2018 01:34:22] CPU Usage:0 %
6568 | [Owner : Administrátor | Parent : 944(svchost.exe) | 81.62 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.17134.753) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [14/05/2019 23:19:45] CPU Usage:0 %
6784 | [Owner : Administrátor | Parent : 944(svchost.exe) | 162.11 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.17134.829) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [12/06/2019 19:29:49] CPU Usage:0 %
6840 | [Owner : Administrátor | Parent : 944(svchost.exe) | 22.29 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 %
7144 | [Owner : Administrátor | Parent : 944(svchost.exe) | 20.37 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 %
6044 | [Owner : Administrátor | Parent : 944(svchost.exe) | 124.26 Mo] - (.Microsoft Corporation - SkypeApp.) - (8.48.0.51) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeApp.exe [28/06/2019 16:07:44] CPU Usage:0 %
6520 | [Owner : Administrátor | Parent : 944(svchost.exe) | 11.99 Mo] - (.-.) - (8.48.0.51) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe [28/06/2019 16:07:44] CPU Usage:0 %
6564 | [Owner : Administrátor | Parent : 944(svchost.exe) | 20.59 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 %
7192 | [Owner : Administrátor | Parent : 944(svchost.exe) | 12.97 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.17134.753) = C:\Windows\System32\SettingSyncHost.exe [14/05/2019 23:19:39] CPU Usage:0 %
7744 | [Owner : Administrátor | Parent : 944(svchost.exe) | 26.21 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 %
7928 | [Owner : Administrátor | Parent : 944(svchost.exe) | 13.57 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.17134.1) = C:\Windows\System32\dllhost.exe [12/04/2018 01:34:22] CPU Usage:0 %
1308 | [Owner : SYSTEM | Parent : 880(services.exe) | 37.11 Mo] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.17134.677) = C:\Windows\System32\SearchIndexer.exe [09/04/2019 19:41:04] CPU Usage:0 %
8124 | [Owner : SYSTEM | Parent : 880(services.exe) | 12.06 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
8388 | [Owner : SYSTEM | Parent : 880(services.exe) | 9.61 Mo] - (.Disc Soft Ltd - Disc Soft Bus Service.) - (5.0.1.406) = C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [26/02/2015 11:15:54] CPU Usage:0 %
7524 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 7.31 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
9384 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 10 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
9924 | [Owner : Administrátor | Parent : 7744(RuntimeBroker.exe) | 48.81 Mo] - (.Microsoft Corporation - SkypeBridge.) - (8.48.0.51) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe [28/06/2019 16:07:44] CPU Usage:0 %
9948 | [Owner : SYSTEM | Parent : 880(services.exe) | 9.17 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
9372 | [Owner : NETWORK SERVICE | Parent : 880(services.exe) | 15.54 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
9064 | [Owner : Administrátor | Parent : 3084() | 27.65 Mo] - (.IObit - UninstallerMonitor.) - (8.0.2.1608) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe [18/08/2018 18:30:55] CPU Usage:0 %
7360 | [Owner : SYSTEM | Parent : 880(services.exe) | 9.71 Mo] - (.Microsoft Corporation - sedsvc.) - (10.0.17134.10066) = C:\Program Files\rempl\sedsvc.exe [11/06/2019 11:37:42] CPU Usage:0 %
6720 | [Owner : SYSTEM | Parent : 880(services.exe) | ?????] - (.Microsoft Corporation - Služba Zprostředkovatel monitorování Ochrany System Guard v režimu runtime.) - (10.0.17134.1) = C:\Windows\System32\SgrmBroker.exe [12/04/2018 01:34:04] CPU Usage:0 %
8020 | [Owner : SYSTEM | Parent : 880(services.exe) | 8.43 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1392 | [Owner : Administrátor | Parent : 880(services.exe) | 11.59 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
5840 | [Owner : Administrátor | Parent : 944(svchost.exe) | 23.62 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.17134.1) = C:\Windows\System32\ApplicationFrameHost.exe [12/04/2018 01:34:18] CPU Usage:0 %
7252 | [Owner : SYSTEM | Parent : 880(services.exe) | 8.1 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
4532 | [Owner : SYSTEM | Parent : 880(services.exe) | 6.7 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
8532 | [Owner : Administrátor | Parent : 944(svchost.exe) | 33.67 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.17134.677) = C:\Windows\System32\smartscreen.exe [09/04/2019 19:41:07] CPU Usage:0 %
9184 | [Owner : SYSTEM | Parent : 944(svchost.exe) | 9.34 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [12/04/2018 01:34:55] CPU Usage:0 %
7028 | [Owner : NETWORK SERVICE | Parent : 944(svchost.exe) | 9.15 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [12/04/2018 01:34:55] CPU Usage:0 %
8432 | [Owner : SYSTEM | Parent : 880(services.exe) | 7.3 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
1556 | [Owner : SYSTEM | Parent : 880(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
7204 | [Owner : SYSTEM | Parent : 880(services.exe) | 15.48 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
2200 | [Owner : SYSTEM | Parent : 880(services.exe) | 6.55 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
8040 | [Owner : LOCAL SERVICE | Parent : 880(services.exe) | 6.62 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
8572 | [Owner : SYSTEM | Parent : 880(services.exe) | 5.77 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [12/02/2019 22:04:35] CPU Usage:0 %
8304 | [Owner : Administrátor | Parent : 3040(explorer.exe) | 59.39 Mo] - (.SosVirus - QuickDiag.) - (27.2.19.1) = C:\Users\Administrátor\Desktop\quickdiag_V5_27.02.19.1.exe [09/07/2019 17:51:39] CPU Usage:0 %
3252 | [Owner : NETWORK SERVICE | Parent : 944(svchost.exe) | 9.39 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [12/04/2018 01:34:55] CPU Usage:0 %

---------- | Locked Applications


---------- | Explorer.exe Modules (Microsoft Files Whitelisted)

(..-..) - (0.0.0.0) -- C:\Windows\System32\InputHost.dll
(.NVIDIA Corporation.-.NVIDIA Driver Loader, Version 391.35.) - (23.21.13.9135) -- C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvldumdx.dll
(..-..) - (0.0.0.0) -- C:\Users\Administrátor\AppData\Local\MEGAsync\ShellExtX64.dll
(.NVIDIA Corporation.-.NVIDIA D3D10 Driver, Version 391.35.) - (23.21.13.9135) -- C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvwgf2umx_cfg.dll
(..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll
(..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll
(.Malwarebytes.-.Malwarebytes.) - (3.0.0.79) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
(.Alexander Roshal.-.WinRAR shell extension.) - (5.70.0.0) -- C:\Program Files\WinRAR57\rarext.dll
(.Power Software Ltd.-.PowerISOShell DLL.) - (7.3.0.0) -- C:\Program Files\PowerISO\PWRISOSH.DLL
(.AO Kaspersky Lab.-.Shell Extension.) - (19.0.0.1310) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll
(.AO Kaspersky Lab.-.Helper Library.) - (20.0.543.426) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\remote_eka_prague_loader.dll
(.AO Kaspersky Lab.-.PR_REMOTE.) - (20.0.543.426) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\prremote.dll
(.AO Kaspersky Lab.-.Kaspersky Product Info library.) - (19.0.0.1239) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\product_info.dll
(.AO Kaspersky Lab.-.Product Metainformation.) - (19.0.0.1377) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\product_metainfo.dll
(.AO Kaspersky Lab.-.Component service provider.) - (1.10.0.0) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\kl_service.dll
(.IObit.-.IUMenuRightExtension.) - (1.2.0.2) -- C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll
(.The Eraser Project.-.Eraser Shell Extension.) - (6.2.0.2970) -- C:\Program Files\Eraser\Eraser.Shell.dll
(..-.ShellHandler for Notepad++ (64 bit).) - (0.1.0.0) -- C:\Program Files (x86)\Notepad++\NppShell_06.dll
(.Igor Pavlov.-.7-Zip Shell Extension.) - (19.0.0.0) -- C:\Program Files\7-Zip\7-zip.dll
(.NVIDIA Corporation.-.NVIDIA Shell Extensions.) - (6.14.13.9135) -- C:\Windows\system32\nv3dappshext.dll
(.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 391.35.) - (23.21.13.9135) -- C:\Windows\system32\nvapi64.dll

---------- | Winlogon.exe Modules (Microsoft Files Whitelisted)


---------- | svchost.exe Modules (Microsoft Files Whitelisted)

(..-..) - (0.0.0.0) -- C:\Windows\System32\InputHost.dll
(.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.21.0.0) -- c:\windows\system32\winsqlite3.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: NT AUTHORITY\LOCAL SERVICE
OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: NT AUTHORITY\NETWORK SERVICE
OneDrive - ("C:\Users\Administrátor\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\...\Run]) - User: DESKTOP-V6VDE39\Administrátor
DAEMON Tools Lite - ("C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\...\Run]) - User: DESKTOP-V6VDE39\Administrátor
CCleaner Smart Cleaning - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\...\Run]) - User: DESKTOP-V6VDE39\Administrátor
SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public
HDAudDeck - (C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [HKLM\SOFTWARE\...\Run]) - User: Public
AvastUI.exe - ("C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\...\Run]) - User: Public
Eraser - ("C:\Program Files\Eraser\Eraser.exe" -atRestart [HKLM\SOFTWARE\...\Run]) - User: Public

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Administrátor\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"CCleaner Smart Cleaning"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"OneDrive"=0x03000000049808667536D401
"DAEMON Tools Lite"=0x020000000000000000000000
"CCleaner Smart Cleaning"=0x020000000000000000000000

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"Device"=Microsoft Print to PDF,winspool,Ne01:
"IsMRUEstablished"=0
"LegacyDefaultPrinterMode"=1

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=9
"DefaultColor"=0
"EnableExtensions"=1
"PathCompletionChar"=9

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
"Eraser"="C:\Program Files\Eraser\Eraser.exe" -atRestart

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"SecurityHealth"=0x070000007BD989607536D401
"HDAudDeck"=0x020000000000000000000000
"AvastUI.exe"=0x020000000000000000000000
"Eraser"=0x020000000000000000000000

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"SunJavaUpdateSched"=0x020000000000000000000000
"PWRISOVM.EXE"=0x020000000000000000000000

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc
"AppInit_DLLs"=
"DdeSendTimeout"=0
"DesktopHeapLogging"=1
"DeviceNotSelectedTimeout"=15
"DwmInputUsesIoCompletionPort"=1
"EnableDwmInputProcessing"=7
"GDIProcessHandleQuota"=10000
"IconServiceLib"=IconCodecService.dll
"LoadAppInit_DLLs"=0
"NaturalInputHandler"=Ninput.dll
"ShutdownWarningDialogTimeout"=4294967295
"Spooler"=yes
"ThreadUnresponsiveLogTimeout"=500
"TransmissionRetryTimeout"=90
"USERNestedWindowLimit"=50
"USERPostMessageLimit"=10000
"USERProcessHandleQuota"=10000
"Win32kLastWriteTime"=1D3D1ED98C0F7D8

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=9
"DefaultColor"=0
"EnableExtensions"=1
"PathCompletionChar"=9

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE -startup

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc
"AppInit_DLLs"=
"DdeSendTimeout"=0
"DesktopHeapLogging"=1
"DeviceNotSelectedTimeout"=15
"DwmInputUsesIoCompletionPort"=1
"EnableDwmInputProcessing"=7
"GDIProcessHandleQuota"=10000
"IconServiceLib"=IconCodecService.dll
"LoadAppInit_DLLs"=0
"NaturalInputHandler"=Ninput.dll
"ShutdownWarningDialogTimeout"=4294967295
"Spooler"=yes
"ThreadUnresponsiveLogTimeout"=500
"TransmissionRetryTimeout"=90
"USERNestedWindowLimit"=50
"USERPostMessageLimit"=10000
"USERProcessHandleQuota"=10000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}


---------- | Win.ini :



---------- | System.ini :



---------- | Tasks List

Adobe Acrobat Update Task
Adobe Flash Player PPAPI Notifier
Adobe Flash Player Updater
ASUS Patch for VIA Audio
CCleaner Update
CCleanerSkipUAC
CreateExplorerShellUnelevatedTask
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
OneDrive Standalone Update Task-S-1-5-21-3472240800-3569865723-1055443696-1001
OneDrive Standalone Update Task-S-1-5-21-3472240800-3569865723-1055443696-500
Uninstaller_SkipUac_Administrátor

---------- | Startings up registry ¦ Folder


---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server


[HKLM\System\CurrentControlSet\Control]
"BootDriverFlags"=28
"CurrentUser"=USERNAME
"EarlyStartServices"=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
AppIdSvc
"PreshutdownOrder"=UsoSvc
DeviceInstall
gpsvc
trustedinstaller
"SvcHostSplitThresholdInKB"=3670016
"WaitToKillServiceTimeout"=2000
"SystemStartOptions"= NOEXECUTE=OPTIN
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2)
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1)
"LastBootSucceeded"=1
"LastBootShutdown"=1
"DirtyShutdownCount"=11

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbasedirectories"=0
"auditbaseobjects"=0
"Bounds"=0x0030000000200000
"crashonauditfail"=0
"fullprivilegeauditing"=0x00
"LimitBlankPasswordUse"=1
"NoLmHash"=1
"Security Packages"="" [17/08/2018 21:43:31]
"Notification Packages"=scecli
"Authentication Packages"=msv1_0
"LsaPid"=892
"SecureBoot"=1
"ProductType"=3
"disabledomaincreds"=0
"everyoneincludesanonymous"=0
"forceguest"=0
"restrictanonymous"=0
"restrictanonymoussam"=1

[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll

[HKLM\System\CurrentControlSet\Control\Session Manager]
"AutoChkTimeout"=8
"BootExecute"=autocheck autochk *
"BootShell"=%SystemRoot%\system32\bootim.exe
"CriticalSectionTimeout"=2592000
"ExcludeFromKnownDlls"=
"GlobalFlag"=0
"HeapDeCommitFreeBlockThreshold"=0
"HeapDeCommitTotalFreeThreshold"=0
"HeapSegmentCommit"=0
"HeapSegmentReserve"=0
"InitConsoleFlags"=0
"NumberOfInitialSessions"=2
"ObjectDirectories"=\Windows
\RPC Control
"ProcessorControl"=2
"ProtectionMode"=1
"ResourceTimeoutCount"=150
"RunLevelExecute"=WinInit
ServiceControlManager
"RunLevelValidate"=ServiceControlManager
"SETUPEXECUTE"=
"AutoChkSkipSystemPartition"=0

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"AllowRemoteRPC"=0
"DelayConMgrTimeout"=0
"DeleteTempDirsOnExit"=1
"fDenyTSConnections"=1
"fSingleSessionPerUser"=1
"NotificationTimeOut"=0
"PerSessionTempDir"=0
"ProductVersion"=5.1
"RCDependentServices"=CertPropSvc
SessionEnv
"SnapshotMonitors"=1
"StartRCM"=0
"TSUserEnabled"=0
"InstanceID"=3291b438-f50f-495d-8ca5-5458651
"GlassSessionId"=1


---------- | .LNK with Arguments


---------- | AppCertDlls


---------- | Dnsapi.dll

C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Control Panel\Desktop]
"ActiveWndTrackTimeout"=0
"BlockSendInputResets"=0
"CaretTimeout"=5000
"CaretWidth"=1
"ClickLockTime"=1200
"CoolSwitchColumns"=7
"CoolSwitchRows"=3
"CursorBlinkRate"=530
"DockMoving"=1
"DragFromMaximize"=1
"DragFullWindows"=1
"DragHeight"=4
"DragWidth"=4
"FocusBorderHeight"=1
"FocusBorderWidth"=1
"FontSmoothing"=2
"FontSmoothingGamma"=0
"FontSmoothingOrientation"=1
"FontSmoothingType"=2
"ForegroundFlashCount"=7
"ForegroundLockTimeout"=200000
"LeftOverlapChars"=3
"MenuShowDelay"=400
"MouseWheelRouting"=2
"PaintDesktopVersion"=0
"Pattern"=0
"RightOverlapChars"=3
"ScreenSaveActive"=1
"SnapSizing"=1
"TileWallpaper"=0
"WallPaper"=C:\Users\Administrátor\Downloads\orange-cubes-43825-1920x1200.jpg [03/09/2018 18:37:30]
"WallpaperOriginX"=0
"WallpaperOriginY"=0
"WallpaperStyle"=10
"WheelScrollChars"=3
"WheelScrollLines"=3
"WindowArrangementActive"=0
"Win8DpiScaling"=0
"DpiScalingVer"=4096
"UserPreferencesMask"=0x9E1E078012000000
"MaxVirtualDesktopDimension"=3200
"MaxMonitorDimension"=1920
"TranscodedImageCount"=2
"LastUpdated"=4294967295
"TranscodedImageCache"=0x7AC30100D9260B0080070000B00400006A72D968A443D40143003A005C00550073006500720073005C00410064006D0069006E006900730074007200E10074006F0072005C0044006F0077006E006C006F006100640073005C006F00720061006E00670065002D00630075006200650073002D00340033003800320035002D003100390032003000780031003200300030002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
"LockScreenAutoLockActive"=0
"AutoColorization"=0
"ImageColor"=2940843252
"PreferredUILanguages"=en-GB
"WaitToKillAppTimeout"=2000
"HungAppTimeout"=2000

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{C6900730-7919-4222-A0A1-1C469462F10B}"=1
"{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ExplorerStartupTraceRecorded"=1
"ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000
"UserSignedIn"=1
"SlowContextMenuEntries"=0x5D54A9A2C2A0B4429708A0B2BADD77C8A42B00001A58CE57B60C66429CA019364C90A0B3800A00004E3AAA90BA1C3342B8BB535773D48449F11900000114020000000000C000000000000046A42B000060B81DB4E464D2119906E49FADC173CAC1140000
"SIDUpdatedOnLibraries"=1
"LocalKnownFoldersMigrated"=1
"TelemetrySalt"=5
"GlobalAssocChangedCounter"=1503
"FirstRunTelemetryComplete"=1
"EdgeDesktopShortcutCreated"=1
"AppReadinessLogonComplete"=1
"PostAppInstallTasksCompleted"=1
"link"=0x1A000000
"ShowRecent"=1
"ShowFrequent"=0
"Browse For Folder Width"=318
"Browse For Folder Height"=328

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2
"ServerAdminUI"=0
"Hidden"=1
"ShowCompColor"=1
"HideFileExt"=0
"DontPrettyPath"=0
"ShowInfoTip"=1
"HideIcons"=0
"MapNetDrvBtn"=0
"WebView"=1
"Filter"=0
"ShowSuperHidden"=1
"SeparateProcess"=0
"AutoCheckSelect"=0
"IconsOnly"=0
"ShowTypeOverlay"=1
"ShowStatusBar"=1
"StoreAppsOnTaskbar"=1
"ListviewAlphaSelect"=1
"ListviewShadow"=1
"TaskbarAnimations"=1
"StartMenuInit"=13
"TaskbarStateLastRun"=0x6E2C1D5D00000000
"ReindexedProfile"=1
"Start_TrackDocs"=0
"TaskbarSmallIcons"=0
"DisablePreviewDesktop"=1
"DontUsePowerShellOnWinX"=0
"TaskbarGlomLevel"=1
"MMTaskbarEnabled"=0
"MMTaskbarMode"=0
"LaunchTo"=1
"TaskbarSizeMove"=1
"Start_TrackProgs"=1
"TaskbarAutoHideInTabletMode"=0
"TypeAhead"=1

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery]
"MRUListEx"=0x47000000460000002F0000004500000044000000430000004000000041000000420000003F0000003E000000390000003D0000003C0000003B000000130000003A0000003800000037000000360000003500000034000000330000003200000031000000300000002E000000120000002D0000002C0000002B0000002A000000280000002900000025000000270000002600000024000000230000002200000021000000200000000D0000001F0000001E0000001C0000001D000000100000001B0000001A000000190000001700000018000000160000001500000014000000110000000F0000000E00000003000000090000000700000008000000040000000A0000000C0000000B0000000600000005000000020000000000000001000000FFFFFFFF
"1"=0x6500660066006500630074000000
"0"=0x76006F0063000000
"2"=0x640072006900760065007200200062006F006F000000
"5"=0x2A002E00620069006E000000
"6"=0x64006F0073006E0065000000
"11"=0x75007300620065000000
"12"=0x2A002E006500780065000000
"10"=0x5500530042002E0049004E005F000000
"4"=0x74007800740073006500740075000000
"8"=0x540058005400530045005400550050002E005300490046000000
"7"=0x5500530042000000
"9"=0x44004F0053004E00450054002E0049004E0046000000
"3"=0x6D0061006C000000
"14"=0x6D0061006C0077006100720065000000
"15"=0x64000000
"17"=0x730065000000
"20"=0x7100360061000000
"21"=0x720039000000
"22"=0x730037000000
"24"=0x6300740066000000
"23"=0x7400720064000000
"25"=0x75006C0078000000
"26"=0x7A00670072000000
"27"=0x70006F006B000000
"16"=0x74000000
"29"=0x2D000000
"28"=0x76006C0063000000
"30"=0x770069006E0072000000
"31"=0x69006F0062000000
"13"=0x69006F000000
"32"=0x7200650063007500760061000000
"33"=0x650072000000
"34"=0x63006D0064000000
"35"=0x72006500670065000000
"36"=0x7300790074007200750073002A002E007000640066000000
"38"=0x61006300650072000000
"39"=0x61006300650072002E000000
"37"=0x61006300650072002E0073006500720076006900630065002E006100630065007200730079007300740065006D0073006500720076006900630065002E00730070006B0067000000
"41"=0x6400650041007000700073000000
"40"=0x570065006200430061006300680065002A002E006400610074000000
"42"=0x680074007400700073003A002F002F0062006F006F006B0073002E0067006F006F0067006C0065002E0063000000
"43"=0x6D006F00620069006C000000
"44"=0x7400680065006C000000
"45"=0x6400650073006B0079002E007400780074000000
"18"=0x67000000
"46"=0x69006E000000
"48"=0x31003900390031000000
"49"=0x73006B0072000000
"50"=0x62006C0069000000
"51"=0x74007200650078000000
"52"=0x7700610072006E0069006E000000
"53"=0x610074000000
"54"=0x770061000000
"55"=0x67006F000000
"56"=0x73006300610072000000
"58"=0x73006F006C0069000000
"19"=0x61006B000000
"59"=0x7300740065000000
"60"=0x74006F000000
"61"=0x7300690072000000
"57"=0x73006900720065000000
"62"=0x76006F0069000000
"63"=0x6D006900740065000000
"66"=0x730075006D006D00650072000000
"65"=0x6C006F00760065000000
"64"=0x740061006C006B000000
"67"=0x73007400610079000000
"68"=0x6F006E006C0079000000
"69"=0x640066000000
"47"=0x670065000000
"70"=0x65007800740065000000
"71"=0x610076006100730074000000

[HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"authenticodeenabled"=0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableFullTrustStartupTasks"=2
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableUIADesktopToggle"=0
"EnableUwpStartupTasks"=2
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"NoRecentDocsHistory"=0
"NoDriveTypeAutoRun"=28

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1
"NoComponents"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1
"DefaultValue"=2
"HKeyRoot"=2147483649
"Id"=2
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"Text"[email protected],-30500
"Type"=radio
"ValueName"=Hidden

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0
"ActiveSetupTaskOverride"=1
"AsyncRunOnce"=1
"AsyncUpdatePCSettings"=1
"DisableAppInstallsOnFirstLogon"=1
"DisableResolveStoreCategories"=1
"DisableUpgradeCleanup"=1
"EarlyAppResolverStart"=1
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
"FSIASleepTimeInMs"=60000
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
"IconUnderline"=2
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
"MachineOobeUpdates"=1
"NoWaitOnRoamingPayloads"=1
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
"GlobalAssocChangedCounter"=25

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1
"TaskbarSizeMove"=0

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s

[HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"authenticodeenabled"=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableFullTrustStartupTasks"=2
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableUIADesktopToggle"=0
"EnableUwpStartupTasks"=2
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"NoRecentDocsHistory"=0
"NoDriveTypeAutoRun"=28

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1
"NoComponents"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1
"DefaultValue"=2
"HKeyRoot"=2147483649
"Id"=2
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"Text"[email protected],-30500
"Type"=radio
"ValueName"=Hidden

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0
"ActiveSetupTaskOverride"=1
"AsyncRunOnce"=1
"AsyncUpdatePCSettings"=1
"DisableAppInstallsOnFirstLogon"=1
"DisableResolveStoreCategories"=1
"DisableUpgradeCleanup"=1
"EarlyAppResolverStart"=1
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
"FSIASleepTimeInMs"=60000
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
"IconUnderline"=2
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
"MachineOobeUpdates"=1
"NoWaitOnRoamingPayloads"=1
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
"GlobalAssocChangedCounter"=57

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1
"TaskbarSizeMove"=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s


---------- | Winlogon

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"BuildNumber"=17134
"FirstLogon"=0
"PUUActive"=0x0EFB17D001000A001601D30677F34100921B6200921B6200D20000000200DC009CB9C49ECB296F01D9604501DACB1F0010661C009FB6090000000000513582000F4B03000B1E0000F9AE60297136D50177F34100000000000100000077F34100EE4200006214000013F1360100000000
"ParseAutoexec"=1
"DP"=0xD200E800D4020A00160100000EFB17D013F1360100000000F9AE60297136D50109603AB74136D5019F06E10000000000FD53410099BE04000000000000000000000000000000000000000000000000000000000000000000000000000000F03F80510100D1C70080300089047880891EAD5C008045080410452864143D0F0080001287080112872A6C4B01803523260C3D2B260C51460080A0620823A27248237EC70080090808640B280964E1E0000040C8200040D865011209018008C0A01028C1B032CF3C01400134AA134535AA33EE1B00800412104004161040AD3000C02202014026030140

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoRestartShell"=1
"Background"=0 0 0
"CachedLogonsCount"=10
"DebugServerCommand"=no
"DisableBackButton"=1
"EnableSIHostIntegration"=1
"ForceUnlockLogon"=0
"LegalNoticeCaption"=
"LegalNoticeText"=
"PasswordExpiryWarning"=5
"PowerdownAfterShutdown"=0
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}
"ReportBootOk"=1
"Shell"=explorer.exe
"ShellCritical"=0
"ShellInfrastructure"=sihost.exe
"SiHostCritical"=0
"SiHostReadyTimeOut"=0
"SiHostRestartCountLimit"=0
"SiHostRestartTimeGap"=0
"Userinit"=C:\Windows\system32\userinit.exe,
"VMApplet"=SystemPropertiesPerformance.exe /pagefile
"WinStationsDisabled"=0
"scremoveoption"=0
"DisableCAD"=1
"LastLogOffEndTimePerfCounter"=762818419
"ShutdownFlags"=2147483687
"DisableLockWorkstation"=0
"EnableFirstLogonAnimation"=1
"AutoLogonSID"=S-1-5-21-3472240800-3569865723-1055443696-1001
"LastUsedUsername"=Administrátor

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultDomainName"=
"DefaultUserName"=
"EnableSIHostIntegration"=1
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}
"Shell"=explorer.exe
"ShellCritical"=0
"SiHostCritical"=0
"SiHostReadyTimeOut"=0
"SiHostRestartCountLimit"=0
"SiHostRestartTimeGap"=0
"Userinit"=C:\Windows\system32\userinit.exe,


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile
"Content Type"=application/x-msdownload

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*
"IsolatedCommand"="%1" %*

[HKLM\Software\Classes\.com]
""=comfile

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.reg]
""=regfile

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"

[HKLM\Software\Classes\.scr]
""=scrfile

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S

[HKLM\Software\Classes\.bat]
""=batfile

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.cmd]
""=cmdfile

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.pif]
""=piffile

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.inf]
""=inffile

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\Classes\.url]
""=InternetShortcut

[HKLM\Software\Classes\.lnk]
""=lnkfile

[HKLM\Software\Classes\.hta]
""=htafile
"Content Type"=application/hta
"PerceivedType"=text

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

[HKLM\Software\Classes\InternetShortcut]
"EditFlags"=2
"FriendlyTypeName"[email protected]:\Windows\System32\ieframe.dll,-10046
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"IsShortcut"=
"NeverShowExt"=
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest
"BrowserFlags"=4096
"EditFlags"=4259840
"FriendlyTypeName"[email protected]:\Windows\System32\dfshim.dll,-200

[HKLM\Software\Classes\Application.Reference]
""=Application Reference
"EditFlags"=131072
"FriendlyTypeName"[email protected]:\Windows\System32\dfshim.dll,-201
"IsShortcut"=
"NeverShowExt"=

[HKLM\Software\Classes\Folder]
""=Folder
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay
"ContentViewModeLayoutPatternForBrowse"=delta
"ContentViewModeLayoutPatternForSearch"=alpha
"EditFlags"=0xD2030000
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus
"NoRecentDocs"=
"ThumbnailCutoff"=0
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile
"Content Type"=application/x-msdownload

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*
"IsolatedCommand"="%1" %*

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile

[HKLM\Software\WOW6432Node\Classes\.hta]
""=htafile
"Content Type"=application/hta
"PerceivedType"=text

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"EditFlags"=2
"FriendlyTypeName"[email protected]:\Windows\System32\ieframe.dll,-10046
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"IsShortcut"=
"NeverShowExt"=
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest
"BrowserFlags"=4096
"EditFlags"=4259840
"FriendlyTypeName"[email protected]:\Windows\System32\dfshim.dll,-200

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
""=Application Reference
"EditFlags"=131072
"FriendlyTypeName"[email protected]:\Windows\System32\dfshim.dll,-201
"IsShortcut"=
"NeverShowExt"=

[HKLM\Software\WOW6432Node\Classes\Folder]
""=Folder
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay
"ContentViewModeLayoutPatternForBrowse"=delta
"ContentViewModeLayoutPatternForSearch"=alpha
"EditFlags"=0xD2030000
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus
"NoRecentDocs"=
"ThumbnailCutoff"=0
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus

[HKLM\Software\Clients\StartMenuInternet\Chromodo\Shell\open\Command]
""="C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe"
[HKLM\Software\Clients\StartMenuInternet\Chromodo\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 17:50:42]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Chromodo\Shell\open\Command]
""="C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe"
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Chromodo\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 17:50:42]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall


---------- | AppcompatFlags

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\ADMINI~1\AppData\Local\Temp\pftA4D3~tmp\Setup.exe"=1
"C:\Users\ADMINI~1\AppData\Local\Temp\Rar$EXa10760.20857\VIA_XP64_XP(v660e)\SETUP.EXE"=1
"C:\Program Files (x86)\Common Files\InstallShield\Driver\7\Intel 32\IDriver.EXE"=33
"C:\Users\ADMINI~1\AppData\Local\Temp\Rar$EXa10216.18888\SETUP.EXE"=1
"C:\Users\ADMINI~1\AppData\Local\Temp\pftD71D~tmp\Setup.exe"=1
"C:\Program Files (x86)\InstallShield Installation Information\{20D4A895-748C-4D88-871C-FDB1695B0169}\SETUP.EXE"=1
"C:\Users\Administrátor\Desktop\driver\SETUP.EXE"=1
"C:\Users\ADMINI~1\AppData\Local\Temp\pft2621~tmp\Setup.exe"=1
"C:\Users\Administrátor\Desktop\VIAHDAud_v11_1100e_01282016\SETUP.EXE"=1
"C:\Users\ADMINI~1\AppData\Local\Temp\Rar$EXa7904.20218\v10_1200a\SETUP.EXE"=1

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\Administrátor\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000787C03003765040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Users\Administrátor\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000A0B09301B75E940101000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Users\Administrátor\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A80204003EA4040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\kts19.0.0.1088cs_14103 (1).exe"=0x5341435001000000000000000700000028000000385A2700B77E270001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000ACD5AF00000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\chromodosetup (1).exe"=0x534143500100000000000000070000002800000020D117034AA4180301000000000000000000000A00210000BFA2139DEDD1D3010000000000000000
"C:\Windows\Temp\chromodo_setup.exe"=0x5341435001000000000000000700000028000000A09F3703B2E4370301000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000B3B70100000000000200000002000000
"C:\Users\Administrátor\AppData\Local\Temp\Temp1_DRIVER BOOSTER 5.1 PRO KEY Full Version (Serial Key License) 2018 CZ.zip\DRIVER BOOSTER 5.1 PRO KEY Full Version (Serial Key License) 2018 CZ\driver-booster-5-1-0-488.exe"=0x5341435001000000000000000700000028000000580B250165A2250101000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009CD30000000000000100000001000000
"C:\Program Files\windows nt\accessories\wordpad.exe"=0x5341435001000000000000000700000028000000008E4400221F450001000000010000000000000A73220000BFA2139DEDD1D3010000000000000000
"C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe"=0x534143500100000000000000070000002800000020AB590043FE590001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000059060000000000000500000005000000
"C:\Program Files (x86)\IObit\Driver Booster\5.1.0\Backup.exe"=0x534143500100000000000000070000002800000020151100122A110001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000024C50000000000000700000007000000
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 19.0.0\avpui.exe"=0x534143500100000000000000070000002800000030290500D490050001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000
"C:\Program Files (x86)\Image-Line\FL Studio 12\FL64.exe"=0x5341435001000000000000000700000028000000402F06002459060001000000000000000000030600010000BFA2139DEDD1D30100000000000000000200000050000000000000000000000000000000000000000000000000000000088B0101000000001B00000017000000000000000000004000000000000000000000000000000000F1DE0100000000000100000000000000
"C:\Program Files\WinRAR\WinRAR.exe"=0x5341435001000000000000000700000028000000D8942200C4A3220001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000AAD2F404000000004601000046010000
"C:\Users\Administrátor\Desktop\prosoniq\Orange Vocoder\Setup.exe"=0x53414350010000000000000007000000280000009D0D21000000000001000000000000000000010571200000BFA2139DEDD1D30100000000000000000200000028000000000000000008004000000000000000000000000000000000A53D0000000000000100000001000000
"C:\Users\Administrátor\Desktop\prosoniq\Prosoniq.Ambisone.VST.v2.02-0xdBass\Setup.exe"=0x53414350010000000000000007000000280000001B360E000000000001000000000000000000010571200000BFA2139DEDD1D3010000000000000000020000002800000000000000000800400000000000000000000000000000000006190000000000000100000001000000
"C:\Users\Administrátor\Desktop\prosoniq\Prosoniq.Dynasone.VST.v2.02-0xdBass\Setup.exe"=0x5341435001000000000000000700000028000000F76711000000000001000000000000000000010571200000BFA2139DEDD1D301000000000000000002000000280000000000000000080040000000000000000000000000000000008E120000000000000100000001000000
"C:\Users\Administrátor\Desktop\prosoniq\Prosoniq.PiWarp.VST.v2.02-0xdBass\Setup.exe"=0x53414350010000000000000007000000280000003A9209000000000001000000000000000000010571200000BFA2139DEDD1D3010000000000000000020000002800000000000000000800400000000000000000000000000000000040120000000000000100000001000000
"C:\Users\Administrátor\Desktop\prosoniq\Prosoniq.Roomulator.VST.v2.02-0xdBass\Setup.exe"=0x5341435001000000000000000700000028000000EFAC15000000000001000000000000000000010571200000BFA2139DEDD1D3010000000000000000020000002800000000000000000800400000000000000000000000000000000094110000000000000100000001000000
"C:\Users\Administrátor\Desktop\prosoniq\Prosoniq.VoxCiter.VST.v2.02-0xdBass\Setup.exe"=0x5341435001000000000000000700000028000000B1A80F000000000001000000000000000000010571200000BFA2139DEDD1D301000000000000000002000000280000000000000000080040000000000000000000000000000000005B100000000000000100000001000000
"C:\Users\Administrátor\Desktop\iZotope Ozone 5 Advanced VST VST3 RTAS v5.01 x86 x64-ASSiGN\setup.exe"=0x5341435001000000000000000700000028000000ACB5C9070000000001000000000000000000010600210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000072710100000000000100000001000000
"C:\Users\Administrátor\Desktop\CamelPhat v3.30\Setup.exe"=0x5341435001000000000000000700000028000000E30F0F000000000001000000000000000000010571200000BFA2139DEDD1D30100000000000000000200000028000000000000000008004000000000000000000000000000000000801C0000000000000100000001000000
"C:\Program Files (x86)\Native Instruments\FM8\FM8.exe"=0x534143500100000000000000070000002800000000701F020000000001000000000000000000000671200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000014370200000000000100000001000000
"C:\Program Files (x86)\Native Instruments\Massive\UNWISE.EXE"=0x534143500100000000000000070000002800000000B203000000000001000000000000000000010571200000BFA2139DEDD1D3010000000000000000020000002800000000000000000800400000000000000000000000000000000039B14300000000000900000009000000
"C:\Program Files (x86)\Image-Line\FL Studio 12\FL.exe"=0x534143500100000000000000070000002800000040DD05000AC0060001000000000000000000030600010000BFA2139DEDD1D301000000000000000002000000500000000000000000000000000000000000000000000000000000000B97401200000000210000000900000000000000000000400000000000000000000000000000000019CFD601000000000100000000000000
"C:\Users\Administrátor\Desktop\VST\CamelPhat v3.30\Setup.exe"=0x5341435001000000000000000700000028000000E30F0F000000000001000000000000000000010571200000BFA2139DEDD1D3010000000000000000020000002800000000000000000800400000000000000000000000000000000028811000000000000100000001000000
"C:\Program Files (x86)\Native Instruments\FM8\UNWISE.EXE"=0x5341435001000000000000000700000028000000008602000000000001000000000000000000010571200000BFA2139DEDD1D301000000000000000002000000280000000000000000080040000000000000000000000000000000001DF10200000000000100000001000000
"C:\UNWISE.EXE"=0x534143500100000000000000070000002800000000B203000000000001000000000000000000010571200000BFA2139DEDD1D30100000000000000000200000028000000000000000008004000000000000000000000000000000000E4230000000000000300000003000000
"C:\Program Files (x86)\Native Instruments\Massive\UNWISE_IObitDel.EXE"=0x534143500100000000000000070000002800000000B203000000000001000000000000000000010571200000BFA2139DEDD1D301000000000000000002000000280000000000000000080040000000000000000000000000000000003F0D0000000000000100000001000000
"C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe"=0x5341435001000000000000000700000028000000109D4C002A964D0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000004F550100000000002800000028000000
"C:\Program Files (x86)\IObit\IObit Uninstaller\AUpdate.exe"=0x5341435001000000000000000700000028000000107502005031030001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000003C030000000000003C0000003C000000
"C:\Users\Administrátor\Desktop\Native Instruments Massive v1.0.1.008 VST uploaded By HHsamples.blogspot.com\setup.exe"=0x5341435001000000000000000700000028000000E17498020000000001000000000000000000010571200000BFA2139DEDD1D30100000000000000000200000050000000000002060008006000000000000000000000000000000000F66304000000000001000000010000000000000000080040000000000000000000000000000000004D260500000000000400000000000000
"C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe"=0x5341435001000000000000000700000028000000B81E11009101120001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000AE053C0D000000001800000018000000
"C:\Users\Administrátor\Desktop\ATF-Cleaner.exe"=0x534143500100000000000000070000002800000000C600000000000001000000000000000000000671020000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000C2D70000000000002B0000002B000000
"C:\Program Files (x86)\Native Instruments\Massive\Massive.exe"=0x534143500100000000000000070000002800000000400D030000000001000000000000000000000671200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C4930000000000000100000001000000
"E:\Program Files\Image-Line\FL Studio 123\FL123.exe"=0x534143500100000000000000070000002800000040DD05000AC0060001000000000000000000030600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000006EF20A00000000000200000002000000
"C:\Program Files\HWiNFO64\HWiNFO64.EXE"=0x534143500100000000000000070000002800000020F63F009B29400001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000B9D02F00000000000A0000000A000000
"E:\Program Files\HWiNFO32\HWiNFO32.EXE"=0x534143500100000000000000070000002800000070F23100F739320001000000000000000000000A00210000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000009F600D00000000000300000003000000
"C:\Users\Administrátor\Desktop\Hobo.Tough.Life.v0.23.018\HoboRPG.exe"=0x5341435001000000000000000700000028000000008A5C010000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D4D13703000000001200000012000000
"C:\Users\Administrátor\Downloads\daemon-tools-lite-5-0-1.exe"=0x534143500100000000000000070000002800000028C5C900E2FFC90001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000007677D500000000000100000001000000
"SIGN.MEDIA=3E4F1F0 autorun.exe"=0x534143500100000000000000070000002800000088B20200B219030001000000000000000000000671220000BFA2139DEDD1D301000000000000000002000000280000000000000080000000000000000000000000000000000000000CF14E00000000000700000007000000
"C:\Program Files\DAEMON Tools Lite\DTLite.exe"=0x534143500100000000000000070000002800000010315500DE12560001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000462B0000000000000800000008000000
"C:\Users\Administrátor\Desktop\Planet Coaster-3DM\PlanetCoaster.exe"=0x5341435001000000000000000700000028000000000629010000000001000000000000000000000A73200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000DAF44300000000000300000003000000
"C:\Users\Administrátor\Desktop\Planet Coaster\PlanetCoaster.exe"=0x5341435001000000000000000700000028000000006A9D040000000001000000000000000000000A73200000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000000F080000000000000200000002000000
"SIGN.MEDIA=6EBA95C8 stp-pc136.exe"=0x5341435001000000000000000700000028000000E531C3000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000A9700400000000000200000002000000
"C:\Program Files\Planet Coaster\PlanetCoaster.exe"=0x534143500100000000000000070000002800000000EC05090000000001000000000000000000000A73200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D459DF03000000000F0000000F000000
"C:\Program Files\Planet Coaster\unins000.exe"=0x5341435001000000000000000700000028000000A14917000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000DD240000000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\iview451_x64_setup (1).exe"=0x534143500100000000000000070000002800000088E2350048BD360001000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000008CAC0000000000000100000001000000
"C:\Program Files\IrfanView\i_view64.exe"=0x534143500100000000000000070000002800000088642200AB24230001000000000000000000000A73200000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002BDD240300000000B00A0000B00A0000
"C:\Users\Administrátor\Downloads\vlc-3.0.4-win64.exe"=0x5341435001000000000000000700000028000000400879026D56790201000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000AD9C0000000000000100000001000000
"C:\Program Files\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000C80A0F00A7180F0001000000000000000000000600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000007F2DC51E000000008E0100008E010000
"C:\Users\Administrátor\Desktop\adwcleaner_7.2.3.1.exe"=0x5341435001000000000000000700000028000000D0867300E857740001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000
"C:\Users\Administrátor\Downloads\ex\ExterminateItSetup.exe"=0x534143500100000000000000070000002800000038CA550152F6550101000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000085B00D00000000000100000001000000
"C:\Users\Administrátor\Desktop\utils\ATF-Cleaner.exe"=0x534143500100000000000000070000002800000000C600000000000001000000000000000000000671020000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000F25F0000000000000100000001000000
"C:\Users\Administrátor\Desktop\utils\adwcleaner_7.2.3.1.exe"=0x5341435001000000000000000700000028000000D0867300E857740001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000EA700000000000000100000001000000
"C:\Users\Administrátor\Desktop\RogueKiller_portable64.exe"=0x534143500100000000000000070000002800000038F89D011C2E9E0101000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000009B831300000000000100000001000000
"E:\Program Files\Exterminate It!\ExterminateIt.exe"=0x5341435001000000000000000700000028000000C04B40000000000001000000000000000000020661220000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000005D132000000000000100000001000000
"C:\Users\Administrátor\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.441-1.0.6769.exe"=0x534143500100000000000000070000002800000060E2C804F022C90401000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000DD5C0500000000000100000001000000
"C:\Windows\SysWOW64\Macromed\Temp\{066508B3-B332-493A-B479-0C74C2978EC3}\InstallFlashPlayer.exe"=0x534143500100000000000000070000002800000000A60F000AF90F0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000A6010000000000000100000001000000
"C:\Windows\SysWOW64\Macromed\Temp\{BC8DB06E-702C-4F77-9BAB-C1CB4701B57D}\InstallFlashPlayer.exe"=0x53414350010000000000000007000000280000000090AE001290AE0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000062070000000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Microsoft\OneDrive\18.151.0729.0006\FileSyncConfig.exe"=0x534143500100000000000000070000002800000020F80300EE6C040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\inkscape-0.92.3-x64 (1).exe"=0x53414350010000000000000007000000280000007E5D05040000000001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000016124400000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\startup_14460 (1).exe"=0x534143500100000000000000070000002800000080B326002800270001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000005A20500000000000100000001000000
"C:\totalcmd\TOTALCMD64.EXE"=0x534143500100000000000000070000002800000088608800E20C890001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002A8B0300000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Microsoft\OneDrive\18.151.0729.0012\FileSyncConfig.exe"=0x534143500100000000000000070000002800000020F30300A795040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\DriverToolkitInstaller (1).exe"=0x5341435001000000000000000700000028000000E05F25006CC2250001000000000000000000030600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000301F0000000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\0009-64bit_Win7_Win8_Win81_Win10_R282 (1).exe"=0x53414350010000000000000007000000280000004DCBC20F0000000001000000000000000000010571000000BFA2139DEDD1D3010000000000000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\0001-WDM_R274 (1).exe"=0x5341435001000000000000000700000028000000FC07E8010000000001000000000000000000010571000000BFA2139DEDD1D301000000000000000002000000280000000000000000080040000000000000000000000000000000001F490000000000000100000001000000
"C:\Users\Administrátor\Desktop\Nová složka\RtlUpd64.exe"=0x5341435001000000000000000700000028000000506D25002638260001000000000000000000000A00210000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000003F000000000000000200000002000000
"C:\Users\Administrátor\Desktop\Nová složka\RtkAudioService64.exe"=0x5341435001000000000000000700000028000000C8170400A525040001000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000007D000000000000000200000002000000
"C:\Users\Administrátor\Desktop\Nová složka\RtkNGUI64.exe"=0x5341435001000000000000000700000028000000C8978D0050118E0001000000000000000000030600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000400000000000000000000000000000020000000000000000300000003000000
"C:\Users\Administrátor\Desktop\Nová složka\RAVCpl64.exe"=0x5341435001000000000000000700000028000000C89B1801B0F8180101000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002F000000000000000200000002000000
"C:\Users\Administrátor\Desktop\Nová složka\RAVBg64.exe"=0x5341435001000000000000000700000028000000C8F91600E20B170001000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000001F000000000000000200000002000000
"C:\Users\Administrátor\Desktop\Nová složka\ICEsoundService64.exe"=0x5341435001000000000000000700000028000000A8330C008E670C0001000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000005E000000000000000200000002000000
"C:\Users\Administrátor\Desktop\Nová složka\EP64.exe"=0x5341435001000000000000000700000028000000C0573C0067913C0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000
"C:\Users\Administrátor\Desktop\Nová složka\DTSAudioService64.exe"=0x534143500100000000000000070000002800000030730300F233040001000000000000000000010673000000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000010000000000000000100000001000000
"C:\Users\Administrátor\Desktop\Nová složka\CreateRtkToastLnk.exe"=0x5341435001000000000000000700000028000000D8260100A427010001000000000000000000010671020000BFA2139DEDD1D3010000000000000000020000002800000000000000000000001010000000000000000000000000000008090000000000000100000001000000
"C:\Users\Administrátor\Desktop\Nová složka\ATKEX_cmd.exe"=0x5341435001000000000000000700000028000000382311003E15120001000000000000000000030671000000BFA2139DEDD1D30100000000000000000200000028000000000000000000000010000000000000000000000000000000550C0000000000000200000002000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\32bit_Win7_Win8_Win81_Win10_R278 (1).exe"=0x5341435001000000000000000700000028000000E239DC050000000001000000000000000000010571000000BFA2139DEDD1D301000000000000000002000000280000000000000000080040000000000000000000000000000000009F6D0000000000000100000001000000
"C:\Users\Administrátor\Downloads\0009-64bit_Win7_Win8_Win81_Win10_R282.exe"=0x53414350010000000000000007000000280000004DCBC20F0000000001000000000000000000010571000000BFA2139DEDD1D3010000000000000000
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe"=0x534143500100000000000000070000002800000000D28C0092328D0001000000000000000000030600010000BFA2139DEDD1D301000000000000000002000000500000000000000000000040040000000000000000000000000000001F0000000000000001000000010000000000000000000000040000000000000000000000000000002E00000000000000010000000000000006000000080000000400000000000000
"C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe"=0x534143500100000000000000070000002800000000961B00126C1C0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000004C9A0000000000000300000003000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\driver_booster_setup (1).exe"=0x534143500100000000000000070000002800000028463B01FFB53B0101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000140C1100000000000100000001000000
"C:\Program Files (x86)\IObit\Driver Booster\6.0.2\unins000.exe"=0x534143500100000000000000070000002800000020831200E095120001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000EC390000000000000100000001000000
"C:\Users\Administrátor\Desktop\Win7_Win8_Win81_Win10_R282\Setup.exe"=0x5341435001000000000000000700000028000000E03B12006E15130001000000000000000000030600010000BFA2139DEDD1D3010000000000000000
"C:\Users\Administrátor\Desktop\64bit_Vista_Win7_Win8_R269.exe"=0x53414350010000000000000007000000280000008B40B2030000000001000000000000000000010571000000BFA2139DEDD1D30100000000000000000200000028000000000000000008004000000000000000000000000000000000F8730000000000000100000001000000
"C:\Program Files (x86)\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe"=0x5341435001000000000000000700000028000000009009000000000001000000000000000000010571200000BFA2139DEDD1D3010000000000000000010000000400000001000000020000002800000000000000000800500000200000000000000020000000000063480000000000000300000003000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\KMP64_1.0.0.2 (1).exe"=0x534143500100000000000000070000002800000078EA1002BC03110201000000000000000000010600010000BFA2139DEDD1D3010000000000000000
"C:\Program Files\KMPlayer 64X\KMPlayer64.exe"=0x5341435001000000000000000700000028000000D8760B01A6B70B0101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F89B6105000000005E0000005E000000
"C:\Users\Administrátor\Desktop\utils\adwcleaner_7.2.4.0.exe"=0x5341435001000000000000000700000028000000D0D87300EEAB740001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ChromeSetup (1).exe"=0x53414350010000000000000007000000280000005841110043DD110001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D96B0000000000000100000001000000
"C:\ProgramData\Malwarebytes\MBAMService\instlrupdate\mb3-setup-consumer-3.6.1.2711-1.0.463-1.0.7123.exe"=0x53414350010000000000000007000000280000002086D0047C5FD10401000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000039980000000000000100000001000000
"E:\Dst\bin\dontstarve_steam.exe"=0x534143500100000000000000070000002800000000F43500DA3A360001000000000000000000030671020000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000EE1C0000000000000200000002000000
"C:\Users\Administrátor\Desktop\dst\bin\dontstarve_steam.exe"=0x534143500100000000000000070000002800000000F43500DA3A360001000000000000000000030671020000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000DDB4A101000000001800000018000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\driveridentifier_setup (1).exe"=0x5341435001000000000000000700000028000000245E41000000000001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000001C96AD00000000000100000001000000
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe"=0x534143500100000000000000070000002800000030290500D490050001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000
"C:\Users\Administrátor\Downloads\flashplayer31ppau_ha_install.exe"=0x5341435001000000000000000700000028000000F0691200D220130001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000080BB0000000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Microsoft\OneDrive\18.172.0826.0010\FileSyncConfig.exe"=0x53414350010000000000000007000000280000006010040082C7040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Program Files (x86)\Driver Identifier\DriverIdentifier.exe"=0x534143500100000000000000070000002800000000400E00B8ED0E0001000000000000000000000A71200000BFA2139DEDD1D3010000000000000000
"C:\Users\Administrátor\Desktop\dont_starve\bin\dontstarve_steam.exe"=0x534143500100000000000000070000002800000000BE2D00887D2E0001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000FB860602000000001600000016000000
"C:\Users\Administrátor\AppData\Local\Temp\jre-8u191-windows-au.exe"=0x534143500100000000000000070000002800000078E11C006A471D0001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000003D720100000000000100000001000000
"C:\Users\Administrátor\Desktop\driver\Setup.exe"=0x5341435001000000000000000700000028000000808A0300D850040001000000000000000000010671220000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000005E000000000000000100000001000000
"C:\Users\Administrátor\Desktop\driver\VIAHDAud\HDUpDrv64.exe"=0x5341435001000000000000000700000028000000780E0200E002030001000000000000000000010673000000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000002000000000000000000000000000066090000000000000100000001000000
"C:\Users\Administrátor\Desktop\driver\VIAHDAud\HDUpDrVista64.exe"=0x5341435001000000000000000700000028000000780A02001138020001000000000000000000010673000000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000020000000000000000000000000000730C0000000000000100000001000000
"C:\Users\Administrátor\Downloads\realtek%20audio%20Vista_R175.exe"=0x5341435001000000000000000700000028000000C61D19010000000001000000000000000000010571000000BFA2139DEDD1D3010000000000000000020000002800000000000000000800400000000000000000000000000000000033360000000000000100000001000000
"C:\Users\Administrátor\Downloads\realtek_32bit_Win7_Win8_Win81_R275.exe"=0x53414350010000000000000007000000280000003D5CA0060000000001000000000000000000010571000000BFA2139DEDD1D301000000000000000002000000280000000000000000080040000000000000000000000000000000004C440000000000000100000001000000
"C:\Users\Administrátor\Downloads\0009-64bit_Win7_Win8_Win81_Win10_R282 (1).exe"=0x53414350010000000000000007000000280000004DCBC20F0000000001000000000000000000010571000000BFA2139DEDD1D301000000000000000002000000280000000000000000080040000000000000000000000000000000001D310100000000000200000002000000
"C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe"=0x5341435001000000000000000700000028000000E03B12006E15130001000000000000000000030600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000D6B70000000000000100000001000000
"C:\Users\Administrátor\Downloads\64bit_Win7_Win8_Win81_Win10_R282.exe"=0x53414350010000000000000007000000280000004DCBC20F0000000001000000000000000000010571000000BFA2139DEDD1D3010000000000000000
"C:\Users\Administrátor\Downloads\398.82-desktop-win10-64bit-international-whql.exe"=0x534143500100000000000000070000002800000048CF9F1EA96CA01E01000000000000000000020600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000059970100000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\DriverEasy_Setup (1).exe"=0x5341435001000000000000000700000028000000D0CB3E000DAD3F0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000
"C:\Users\Administrátor\Downloads\0006-64bit_Win7_Win8_Win81_Win10_R279.exe"=0x5341435001000000000000000700000028000000D771D6070000000001000000000000000000010571000000BFA2139DEDD1D30100000000000000000200000028000000000000000008004000000000000000000000000000000000E3DC0000000000000100000001000000
"C:\Users\Administrátor\Desktop\VIAHDAud_v11_1100e_01282016\SETUP.EXE"=0x5341435001000000000000000700000028000000B06E03004AB9030001000000000000000000010571000000BFA2139DEDD1D3010000000000000000020000002800000000000000000800D000000000000000000000000000000000FF910000000000000100000001000000
"C:\Users\Administrátor\Desktop\VIAHDAud_v11_1100e_01282016\ViaKaraokeSrv.exe"=0x534143500100000000000000070000002800000090B60000987A010001000000000000000000010673000000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000005E000000000000000100000001000000
"C:\Users\Administrátor\Desktop\VIAHDAud_v11_1100e_01282016\viaaud.exe"=0x5341435001000000000000000700000028000000D0B42C002D042D0001000000000000000000030673020000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002F000000000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Stereo_Mix_Plus_Setup (1).exe"=0x5341435001000000000000000700000028000000F0B53A00C7A53B0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000
"C:\Program Files (x86)\ShiningMorning\VirtualAudioStreaming\SoundRecorderMP3.exe"=0x5341435001000000000000000700000028000000609D4D007E6F4E0001000000000000000000010671020000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000ECD00000000000000100000001000000
"C:\Program Files (x86)\ShiningMorning\VirtualAudioStreaming\unins000.exe"=0x5341435001000000000000000700000028000000035912000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000BA080000000000000100000001000000
"C:\Users\Administrátor\Desktop\VST\U-He Zebra v2.5 b7 VSTi VST (Portable).exe"=0x534143500100000000000000070000002800000052EEF9000000000001000000000000000000000671000000BFA2139DEDD1D3010000000000000000020000002800000000000000000000004000000000000000000000000000000085F60000000000000100000001000000
"C:\Program Files\VSTPlugins\U-He Zebra\.exe"=0x534143500100000000000000070000002800000025B6AA003713020001000000000000000000010600210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000080000000020000002800000000000000800000000000000000000000000000000000000067570000000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\dpclat (1).exe"=0x5341435001000000000000000700000028000000F0AE04005583050001000000000000000000030600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000C9C61400000000000100000001000000
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe"=0x534143500100000000000000070000002800000078BA3D00ECC73D0001000000000000000000010671020000BFA2139DEDD1D3010000000000000000010000000400000001000000020000005000000000000106000000200082000000000000008000000000000069060000000000000100000001000000000000000000000000820000000000000080000000000000ED24000000000000010000000000000006000000080000000082000000000000
"C:\Users\Administrátor\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060340400A607050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"E:\Program Files\Bandicam\bdcam.exe"=0x5341435001000000000000000700000028000000086E18009AA6180001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000030120000000000000100000001000000
"C:\Users\Administrátor\Downloads\bdcamsetup.exe"=0x534143500100000000000000070000002800000048080C01AAD20C0101000000000000000000000A00210000BFA2139DEDD1D3010000000000000000
"E:\Program Files\VirtualDJ_2\virtualdj_pro.exe"=0x534143500100000000000000070000002800000000B848002526E20001000000000000000000010671220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000020300000000000000000000000000F3090000000000000100000001000000
"E:\Program Files\VirtualDJ\virtualdj_pro.exe"=0x534143500100000000000000070000002800000000B848002526E20001000000000000000000010671220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000002030000000000000000000000000066090000000000000100000001000000
"C:\Program Files (x86)\VirtualDJ\virtualdj_pro.exe"=0x534143500100000000000000070000002800000000044D00D4524D0001000000000000000000020671220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000008286E101000000000800000008000000
"C:\Program Files (x86)\Bandicam\bdcam.exe"=0x5341435001000000000000000700000028000000A0035D00E27E5D0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000F95F4700000000000600000006000000
"C:\Users\Administrátor\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\FileSyncConfig.exe"=0x53414350010000000000000007000000280000002031040026BC040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Users\Administrátor\Downloads\flashplayer32ppau_ha_install.exe"=0x5341435001000000000000000700000028000000F06912004FC7120001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000C25B0200000000000100000001000000
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe"=0x5341435001000000000000000700000028000000005008000000000001000000000000000000000A73200000BFA2139DEDD1D30100000000000000000200000028000000000000000000001000000000000000000000000000000000802F0A2F000000001800000018000000
"C:\Program Files\WindowsApps\45273LiamForsyth.PawsforTrello_2.10.8.0_x64__7pb5ddty8z1pa\app\Trello.exe"=0x5341435001000000000000000700000028000000007406040000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000AFD0E32E000000000500000005000000
"E:\Program Files\CPUID\HWMonitor\HWMonitor.exe"=0x5341435001000000000000000700000028000000D86C1A00A0981A0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000015511900000000000400000004000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\WindowsDeviceRecoveryToolInstaller (1).exe"=0x5341435001000000000000000700000028000000F0102500256C250001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000AC064400000000000100000001000000
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe"=0x5341435001000000000000000700000028000000006208000000000001000000000000000000000A73200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000100000000000000000000000000000000038B74079000000004100000041000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\rufus-3.4 (1).exe"=0x534143500100000000000000070000002800000038C00F001043100001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000B96D0B00000000000100000001000000
"C:\Users\Administrátor\Desktop\rufus-3.4.exe"=0x534143500100000000000000070000002800000038C00F001043100001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000009BBFB400000000002E0000002E000000
"C:\Users\Administrátor\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\FileSyncConfig.exe"=0x534143500100000000000000070000002800000020570400F14C050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"SIGN.MEDIA=6D82058C windowsxp-kb936929-sp3-x86-csy_7af606916b887dba9dd38ae282505ce2c2b81b08.exe"=0x534143500100000000000000070000002800000028503913A44F3A1301000000000000000000010571000000BFA2139DEDD1D30100000000000000000200000028000000000000008001000000000200000000000000000000000000D1140000000000000100000001000000
"C:\Program Files (x86)\ProjectMyScreenApp\ProjectMyScreenApp.exe"=0x534143500100000000000000070000002800000000E007006681080001000000000000000000010671000000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000000AC80500000000000100000001000000
"C:\Users\Administrátor\Desktop\USBFormatToolSetup.exe"=0x5341435001000000000000000700000028000000169908000000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000003C20100000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\USBFormatToolSetup (3).exe"=0x5341435001000000000000000700000028000000169908000000000001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000008B440000000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\PowerISO7-x64 (1).exe"=0x5341435001000000000000000700000028000000B0614F00E0BE4F0001000000000000000000010600010000BFA2139DEDD1D3010000000000000000
"C:\Program Files\PowerISO\PowerISO.exe"=0x5341435001000000000000000700000028000000E0A74800F300490001000000000000000000000A73200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000010000000000000000000000000B4397302000000000200000002000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\PowerISO7-x64 (3).exe"=0x5341435001000000000000000700000028000000B0614F00E0BE4F0001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000008C2F0000000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\PowerISO7-x64 (5).exe"=0x5341435001000000000000000700000028000000B0614F00E0BE4F0001000000000000000000010600010000BFA2139DEDD1D3010000000000000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\SetupImgBurn_2.5.8.0 (1).exe"=0x53414350010000000000000007000000280000002FF234000000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000
"C:\Program Files (x86)\ImgBurn\ImgBurn.exe"=0x534143500100000000000000070000002800000000EC29000000000001000000000000000000020671220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000008000000000000000000000000581D3601000000000900000009000000
"SIGN.MEDIA=159EF29E AUTORUN.EXE"=0x534143500100000000000000070000002800000000580100F05F010001000000000000000000010571200000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000800000000000000080000000000230F0000000000000100000001000000010000000400000001000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\isobuster_install (1).exe"=0x5341435001000000000000000700000028000000E05D50006EF2500001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000
"C:\Users\Administrátor\Desktop\home\temp\cabsdk.exe"=0x5341435001000000000000000700000028000000509A0800C543090001000000000000000000010571000000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000004A3A0000000000000100000001000000
"C:\Program Files (x86)\Smart Projects\IsoBuster\IsoBuster.exe"=0x534143500100000000000000070000002800000070F37A00B2067B0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000910B0500000000000600000006000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\MEGAsyncSetup (1).exe"=0x5341435001000000000000000700000028000000F8F1BB0162B9BC0101000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000004F002400000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\OperaSetup (1).exe"=0x534143500100000000000000070000002800000068481E0081EB1E0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000
"C:\Users\Administrátor\AppData\Local\Programs\Opera\launcher.exe"=0x534143500100000000000000070000002800000058F815007065160001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000
"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubWin32.exe"=0x5341435001000000000000000700000028000000B0D41D0064EE1D0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000085380000000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\USBFormatToolSetup (1).exe"=0x5341435001000000000000000700000028000000169908000000000001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A00F0000000000000100000001000000
"C:\Users\Administrátor\Downloads\YUMI-2.0.6.1a.exe"=0x534143500100000000000000070000002800000072161C000000000001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000018F70200000000000100000001000000
"C:\Users\Administrátor\Desktop\kavremvr.exe"=0x534143500100000000000000070000002800000050E1E4009026E50001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000007B8D0000000000000100000001000000
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe"=0x5341435001000000000000000700000028000000008008000000000001000000000000000000000A73200000BFA2139DEDD1D301000000000000000002000000280000000000000000000010000000000000000000000000000000008194DA19000000000200000002000000
"C:\Users\Administrátor\AppData\Local\Microsoft\OneDrive\18.240.1202.0004\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000386B0400903D050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"E:\Program Files\PokerStars.NET\PokerStars.exe"=0x5341435001000000000000000700000028000000A80CFA00BB1BFA0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D38E8802000000000500000005000000
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe"=0x5341435001000000000000000700000028000000008008000000000001000000000000000000000A73200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000100000000000000000000000000000000058CCD52C000000000C0000000C000000
"C:\Users\Administrátor\Desktop\Harry Potter TM\System\HP.exe"=0x5341435001000000000000000700000028000000001004000000000001000000000000000000010571200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000040040000000000000000000000000024B2B00000000000100000001000000
"C:\Users\Administrátor\Desktop\Harry Potter a Tajemná komnata\system\Game.exe"=0x5341435001000000000000000700000028000000006005000000000001000000000000000000010571200000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000400400000000000000000000000007F050300000000000100000001000000
"C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000D0327E002F427E0001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000052F34000000000000100000001000000
"C:\ProgramData\Malwarebytes\MBAMService\instlrupdate\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9074.exe"=0x53414350010000000000000007000000280000004047D5031683D50301000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000045B00000000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Microsoft\OneDrive\19.002.0107.0008\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000308104006ACC040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Users\Administrátor\Desktop\Rain World\setup_rain_world_1.015_(11365).exe"=0x5341435001000000000000000700000028000000E0301400D363140001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D59A1F01000000000100000001000000
"C:\GOG Games\Rain World\RainWorld.exe"=0x5341435001000000000000000700000028000000004CB1000000000001000000000000000000000A71200000BFA2139DEDD1D3010000000000000000020000002800000000000000108000200000000000000000000000000000000010708802000000000800000008000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\kitd (1).exe"=0x534143500100000000000000070000002800000080DB320062CB330001000000000000000000010571000000BFA2139DEDD1D3010000000000000000020000002800000000000000000800400000000000000000000000000000000008300000000000000100000001000000
"C:\Users\Administrátor\Desktop\Asus_XP\WINDOWS\$NtServicePackUninstall$\cmd.exe"=0x534143500100000000000000070000002800000000EE05009424060001000000000000000000010571000000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000A4560500000000000100000001000000
"E:\Program Files\WinRAR\WinRAR.exe"=0x534143500100000000000000070000002800000090E316006B2B170001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000008B530400000000000100000001000000
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.39.222.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe"=0x5341435001000000000000000700000028000000008008000000000001000000000000000000000A73200000BFA2139DEDD1D30100000000000000000200000028000000000000000000001000000000000000000000000000000000CB000000000000000100000001000000
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe"=0x5341435001000000000000000700000028000000008008000000000001000000000000000000000A73200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000100000000000000000000000000000000094BFBB0F000000000500000005000000
"E:\Program Files\Advanced IP Scanner\advanced_ip_scanner.exe"=0x5341435001000000000000000700000028000000A06D1300C30A140001000000000000000000030600010000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000500000000000000000000000000000000000000000000000000000005BB84B0D0000000003000000010000000000000000000040000000000000000000000000000000005ABF9700000000000600000000000000
"E:\Documents and Settings\Adam2\Plocha\utils\ATF-Cleaner.exe"=0x534143500100000000000000070000002800000000C600000000000001000000000000000000000671020000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000FC0A0000000000000100000001000000
"C:\Users\Administrátor\Desktop\UserAssist\UserAssist\bin\x64\Release\UserAssist.exe"=0x5341435001000000000000000700000028000000307502000415030001000000000000000000010673220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000006B00000000000000100000001000000
"C:\Users\Administrátor\Desktop\UserAssist\LastActivityView.exe"=0x5341435001000000000000000700000028000000D0E8010091FF010001000000000000000000030600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E8AB5700000000000D0000000D000000
"C:\Users\Administrátor\Desktop\os\SD OS\originaal\I386\REGEDIT.EXE"=0x5341435001000000000000000700000028000000003C02006FBA020001000000000000000000010571200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000008000000000000000000000000F6180000000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Temp\Rar$EXa9280.42583\RegCmd.exe"=0x534143500100000000000000070000002800000000FA08000000000001000000000000000000000A41220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000469F4000000000000100000001000000
"C:\Users\Administrátor\Desktop\regcmd\RegCmd.exe"=0x534143500100000000000000070000002800000000FA08000000000001000000000000000000000A41220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000A5230000000000000100000001000000
"C:\Program Files\Inkscape\inkscape.exe"=0x5341435001000000000000000700000028000000000C06005F67060001000000000000000000000A63200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000099A20000000000000100000001000000
"C:\Users\Administrátor\Desktop\UserAssist\regcmd\RegCmd.exe"=0x534143500100000000000000070000002800000000FA08000000000001000000000000000000000A41220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000BFD00300000000000100000001000000
"C:\Users\Administrátor\Downloads\rcsetup153.exe"=0x534143500100000000000000070000002800000060E254009B9B550001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000001035DC07000000000100000001000000
"C:\Program Files\CCleaner\CCleaner64.exe"=0x534143500100000000000000070000002800000068C72B014BC92B0101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000EA000000000000000100000001000000
"C:\Program Files\Recuva\recuva64.exe"=0x5341435001000000000000000700000028000000D8A24B00213C4C0001000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000000682E104000000000800000008000000
"C:\Users\Administrátor\Downloads\Eraser_6.2.0.2970.exe"=0x5341435001000000000000000700000028000000D03B7F00955B7F0001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000011C30000000000000100000001000000
"C:\Program Files\Eraser\Eraser.exe"=0x5341435001000000000000000700000028000000A8631000845E110001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000200000000200000028000000000000002000006002000000000000000000000000000000C3C21807000000000100000001000000
"E:\Games\World_of_Tanks\WoTLauncher.exe"=0x534143500100000000000000070000002800000008557400A472740001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000000000000000000000000000000FC2C0000000000000100000001000000
"C:\Users\Administrátor\Downloads\winrar-x64-570.exe"=0x534143500100000000000000070000002800000080F22F00EB88300001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000F9150000000000000200000002000000
"C:\Program Files\WinRAR57\Rar.exe"=0x5341435001000000000000000700000028000000D8360900A947090001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000BB000000000000000100000001000000
"C:\Program Files\WinRAR57\WinRAR.exe"=0x5341435001000000000000000700000028000000D8BC2200844A230001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002D403D00000000000900000009000000
"E:\UserAssist soft\LastActivityView.exe"=0x5341435001000000000000000700000028000000D0E8010091FF010001000000000000000000030600010000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000035CD1904000000000F0000000F000000
"E:\UserAssist soft\recent files view\RecentFilesView.exe"=0x5341435001000000000000000700000028000000D0B800001C6D010001000000000000000000000A71200000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000000000000000000000000000000000000000FA910100000000000300000003000000000000000000004000000000000000000000000000000000B5620600000000000100000000000000
"C:\Users\Administrátor\AppData\Local\Microsoft\OneDrive\19.012.0121.0011\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000308D04008E97040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"E:\UserAssist soft\usbdeview-x64\USBDeview.exe"=0x5341435001000000000000000700000028000000D0CE0200E807030001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000004000000000000000000000000000000000CF380E00000000000100000001000000000000000000000000000000000000000000000000000000A3960000000000000100000000000000
"E:\UserAssist soft\usblogview\USBLogView.exe"=0x5341435001000000000000000700000028000000D05A080055C7080001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B06A0000000000000100000001000000
"E:\UserAssist soft\cleanafterme.exe"=0x5341435001000000000000000700000028000000009600000000000001000000000000000000010671020000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000D7DE0000000000000100000001000000
"E:\UserAssist soft\fileactivitywatch-x64\FileActivityWatch.exe"=0x5341435001000000000000000700000028000000D0FA01006B02020001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000BB430100000000000200000002000000
"E:\UserAssist soft\insideclipboard\InsideClipboard.exe"=0x5341435001000000000000000700000028000000D0B60000FC37010001000000000000000000000A71200000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000003D990100000000000100000001000000
"E:\UserAssist soft\keyboardstateview\KeyboardStateView.exe"=0x5341435001000000000000000700000028000000D06601001C5F020001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000009A10200000000000200000002000000
"E:\UserAssist soft\muicacheview\MUICacheView.exe"=0x5341435001000000000000000700000028000000007600000000000001000000000000000000010671200000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000004000000000000000000000000000000000164000000000000001000000010000000000000000000000000000000000000000000000000000002F350200000000000100000000000000
"E:\UserAssist soft\passwordscan\PasswordScan.exe"=0x5341435001000000000000000700000028000000D02A03004548030001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000DB630000000000000100000001000000
"E:\UserAssist soft\New folder\usbdeview-x64\USBDeview.exe"=0x5341435001000000000000000700000028000000D0CE0200E807030001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000004000000000000000000000000000000000CCDF01000000000001000000010000000000000000000000000000000000000000000000000000009D050000000000000100000000000000
"E:\UserAssist soft\shellbagsview\ShellBagsView.exe"=0x5341435001000000000000000700000028000000D0BA00009404010001000000000000000000030600010000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000500000000000000000000000000000000000000000000000000000005F1901000000000002000000020000000000000000000040000000000000000000000000000000006FB61700000000000400000000000000
"E:\UserAssist soft\uninstallview-x64\UninstallView.exe"=0x5341435001000000000000000700000028000000D0B602006939030001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000082220200000000000100000001000000
"E:\UserAssist soft\whatinstartup-x64\WhatInStartup.exe"=0x534143500100000000000000070000002800000060000200E4E5020001000000000000000000020673220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000B5660400000000000100000001000000
"E:\UserAssist soft\injecteddll\InjectedDLL.exe"=0x5341435001000000000000000700000028000000008200000000000001000000000000000000010571200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000060450100000000000100000001000000
"SIGN.MEDIA=64EE0 UserAssist soft\usbdeview\USBDeview.exe"=0x5341435001000000000000000700000028000000D00002001251020001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000025EC0000000000000100000001000000
"E:\UserAssist soft\usbdeview\USBDeview.exe"=0x5341435001000000000000000700000028000000D00002001251020001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000000000000000000000000000000000000000197E00000000000007000000070000000000000000000040000000000000000000000000000000000FB90000000000000400000000000000
"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe"=0x534143500100000000000000070000002800000048B600006317010001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E5350000000000000200000002000000
"C:\Program Files (x86)\Stellar Phoenix Photo Recovery\StellarPhoenixPhotoRecovery.exe"=0x53414350010000000000000007000000280000006866E300A4A3E30001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000002000006000000000000000000000000000000000FB6F0100000000000100000001000000
"C:\Program Files (x86)\Asoftech\Data Recovery\adr.exe"=0x5341435001000000000000000700000028000000F0142A00B10E2B0001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000004000000000000000000000000000000000D65C0000000000000200000002000000000000000000000000000000000000000000000000000000D8100000000000000100000000000000
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe"=0x5341435001000000000000000700000028000000007E08000000000001000000000000000000000A73200000BFA2139DEDD1D30100000000000000000200000028000000000000000000001000000000000000000000000000000000A9DA4316000000000400000004000000
"C:\Users\Administrátor\AppData\Local\Microsoft\OneDrive\19.033.0218.0011\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060AA0400777F050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Program Files\WindowsApps\45273LiamForsyth.PawsforTrello_2.10.12.0_x64__7pb5ddty8z1pa\app\Trello.exe"=0x5341435001000000000000000700000028000000009296050000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000FDB10600000000000400000004000000
"C:\Users\Administrátor\Downloads\ExterminateItSetup (1).exe"=0x534143500100000000000000070000002800000048664901355B4A0101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000DFBADA00000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Microsoft\OneDrive\19.043.0304.0007\FileSyncConfig.exe"=0x534143500100000000000000070000002800000030AF0400A4BA040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\npp.7.6.6.Installer (1).exe"=0x53414350010000000000000007000000280000006B7B36000000000001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000078470000000000000200000002000000
"C:\Program Files (x86)\Notepad++\notepad++.exe"=0x5341435001000000000000000700000028000000006C2B000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000001000000000000000000000000000000000D89A5900000000000B0000000B000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\winsdksetup (1).exe"=0x5341435001000000000000000700000028000000509E14009ADE140001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000004AFB0600000000000100000001000000
"C:\Users\Administrátor\Desktop\XAP Deployment\XapDeploy.exe"=0x534143500100000000000000070000002800000050F400002E6E010001000000000000000000020671220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000002000000000000000000000000000049350000000000000300000003000000
"C:\Users\Administrátor\Desktop\XAP Deployment\XapDeployCmd.exe"=0x5341435001000000000000000700000028000000607E00001CA6000001000000000000000000020671220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009C000000000000000100000001000000
"C:\Program Files (x86)\Microsoft SDKs\Windows Phone\v8.0\Tools\Phone Registration\PhoneReg.exe"=0x5341435001000000000000000700000028000000E0C3010088C8010001000000000000000000010671020000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000008B910800000000000100000001000000
"C:\Program Files (x86)\Microsoft SDKs\Windows Phone\v8.0\Tools\XAP Deployment\XapDeploy.exe"=0x5341435001000000000000000700000028000000F88B01002462020001000000000000000000010671020000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009F794803000000000300000003000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\WPDeviceManager (1).exe"=0x5341435001000000000000000700000028000000EBC59600576C120001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D8AF0000000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ZunePackage (1).exe"=0x5341435001000000000000000700000028000000F8FCE7104ADAE81001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000080010000000000000000000000000000000000006CCA0500000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\WPDeviceManager (3).exe"=0x5341435001000000000000000700000028000000EBC59600576C120001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000040460000000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\WPDeviceManager (5).exe"=0x5341435001000000000000000700000028000000EBC59600576C120001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B2D20000000000000100000001000000
"C:\Windows\WPDeviceManager\WPDeviceManager.exe"=0x5341435001000000000000000700000028000000006E21000000000001000000000000000000010671200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000002020000000000000000000000000007110000000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\vm_web2 (1).exe"=0x5341435001000000000000000700000028000000500936007B8A360001000000000000000000000671020000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000073480000000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\WPDeviceManager (7).exe"=0x5341435001000000000000000700000028000000EBC59600576C120001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009E390000000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\MTGAInstaller (1).exe"=0x5341435001000000000000000700000028000000C87C49003B90490001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000054450700000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\WindowsDeviceRecoveryToolInstaller (2).exe"=0x5341435001000000000000000700000028000000F0102500256C250001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D6340B00000000000100000001000000
"C:\Users\Administrátor\Desktop\123\APKDeployment.exe"=0x5341435001000000000000000700000028000000007000000000000001000000000000000000000A75220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000030767F00000000000200000002000000
"C:\Users\Administrátor\Desktop\123\vcredist_x86.exe"=0x5341435001000000000000000700000028000000303E6300BEF9630001000000000000000000030600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000047230000000000000100000001000000
"C:\Users\Administrátor\Downloads\APKToWin10M.exe"=0x5341435001000000000000000700000028000000A6D945013386140001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000428C0000000000000200000002000000
"C:\Users\Administrátor\AppData\Roaming\Antonio de la Iglesia\APKtoW10M\prerequisites\vcredist_x86.exe"=0x5341435001000000000000000700000028000000303E6300BEF9630001000000000000000000030600010000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000D80B0000000000000100000001000000
"C:\Users\Administrátor\AppData\Roaming\APKTOW10M\app\AppsAndroidEnW10Mobile.exe"=0x5341435001000000000000000700000028000000009A00000000000001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E4CB1200000000000100000001000000
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C02004C22030001000000010000000000000A61220000BFA2139DEDD1D3010000000000000000
"C:\Users\Administrátor\AppData\Local\Microsoft\OneDrive\19.062.0331.0006\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060BC0400AE33050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Users\Administrátor\AppData\Local\Microsoft\OneDrive\19.070.0410.0005\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060BC04002A69050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Program Files (x86)\Wizards of the Coast\MTGA\MtgaLauncher.exe"=0x534143500100000000000000070000002800000048380100091C020001000000000000000000000A75220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000004586B002000000001600000016000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\readerdc_uk_fb_crd_install (1).exe"=0x5341435001000000000000000700000028000000305A1200678C120001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000010521200000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Microsoft\OneDrive\19.070.0410.0007\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060BC0400100C050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Users\Administrátor\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"=0x534143500100000000000000070000002800000038C7F901DA35FA0101000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Users\Administrátor\AppData\Local\Microsoft\OneDrive\19.086.0502.0006\FileSyncConfig.exe"=0x534143500100000000000000070000002800000038C904002188050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"E:\Program Files\OpenOffice 4\program\scalc.exe"=0x534143500100000000000000070000002800000000960100CBD6010001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000095C70000000000000100000001000000
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000F0BD1700B2B1180001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000FA0D0000000000000100000001000000
"C:\Users\Administrátor\Desktop\Asus_XP\WINDOWS\system32\sndrec32.exe"=0x534143500100000000000000070000002800000000020200A6C7020001000000000000000000000671200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000200000000000000000000000000C5570000000000000100000001000000
"C:\Users\Administrátor\Desktop\KVRT.exe"=0x53414350010000000000000007000000280000002809CD09C4D4CD0901000000000000000000000A00210000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000002D7D6803000000000100000001000000
"C:\Users\Administrátor\Downloads\ashampoo_burning_studio_free_24045.exe"=0x5341435001000000000000000700000028000000E8007F02F0797F0201000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000AC010200000000000100000001000000
"C:\Program Files\HxD\HxD.exe"=0x534143500100000000000000070000002800000000FA68002405690001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000ACED0000000000000200000002000000
"C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE\devenv.exe"=0x534143500100000000000000070000002800000090740B0048140C0001000000000000000000000A00210000BFA2139DEDD1D301000000C0000000000200000028000000000000000000000000000000000000000000000000000000402D0200000000000100000001000000
"C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\VSLauncher.exe"=0x5341435001000000000000000700000028000000B0700400D919050001000000000000000000030600010000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000000000000000000000000000000000E5CC0000000000000200000002000000
"E:\Program Files\RogueKiller\RogueKiller.exe"=0x534143500100000000000000070000002800000048F84F013517500101000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000004A9D0000000000000100000001000000
"E:\Documents and Settings\Adam2\Plocha\RogueKiller_old32.exe"=0x5341435001000000000000000700000028000000486AB500B4A1B50001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000005D22100000000000100000001000000
"E:\Documents and Settings\Adam2\Plocha\utils\JRT.exe"=0x534143500100000000000000070000002800000048501B0027F11B0001000000000000000000010671020000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000067790300000000000100000001000000
"C:\ProgramData\Malwarebytes\MBAMService\instlrupdate\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11270.exe"=0x5341435001000000000000000700000028000000E8A7D5039381D60301000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000003BB0000000000000100000001000000
"C:\Users\Administrátor\Desktop\adwcleaner_7.3.exe"=0x5341435001000000000000000700000028000000D0326B00387A6B0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000051740100000000000100000001000000
"C:\Users\Administrátor\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ExterminateItSetup (1).exe"=0x534143500100000000000000070000002800000048664901355B4A0101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000224B0000000000000100000001000000
"C:\Program Files\Exterminate It!\ExterminateIt.exe"=0x5341435001000000000000000700000028000000D8E53700650E380001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000001A991900000000000100000001000000
"C:\Users\Administrátor\Desktop\FRST64(1).exe"=0x534143500100000000000000070000002800000000EE2400BE6D250001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000
"C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe"=0x534143500100000000000000070000002800000010390F0002F20F0001000000000000000000000A71220000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000007A030000000000000200000002000000
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe"=0x534143500100000000000000070000002800000000EA08000000000001000000000000000000000A73200000BFA2139DEDD1D3010000000000000000
"C:\Users\Administrátor\Desktop\quickdiag_V5_27.02.19.1.exe"=0x534143500100000000000000070000002800000098F74E00B9194F0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000


---------- | IFEO


---------- | Mountpoints2


---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"Beep"=#USR:Control Panel\Sound
"CoolSwitch"=USR:Control Panel\Desktop
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"DoubleClickHeight"=#USR:Control Panel\Mouse
"DoubleClickSpeed"=#USR:Control Panel\Mouse
"DoubleClickWidth"=#USR:Control Panel\Mouse
"DragFullWindows"=USR:Control Panel\Desktop
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard
"LowPowerActive"=#USR:Control Panel\Desktop
"LowPowerTimeOut"=#USR:Control Panel\Desktop
"MouseSpeed"=#USR:Control Panel\Mouse
"MouseThreshold1"=#USR:Control Panel\Mouse
"MouseThreshold2"=#USR:Control Panel\Mouse
"PowerOffActive"=#USR:Control Panel\Desktop
"PowerOffTimeOut"=#USR:Control Panel\Desktop
"ScreenSaveActive"=#USR:Control Panel\Desktop
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop
"SnapToDefaultButton"=#USR:Control Panel\Mouse
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"SwapMouseButtons"=#USR:Control Panel\Mouse
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
"ScreenSaverActive"=USR:Control Panel\Desktop
"ScreenSaverIsSecure"=USR:Control Panel\Desktop
"SCRNSAVE.EXE"=USR:Control Panel\Desktop
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"Beep"=#USR:Control Panel\Sound
"CoolSwitch"=USR:Control Panel\Desktop
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"DoubleClickHeight"=#USR:Control Panel\Mouse
"DoubleClickSpeed"=#USR:Control Panel\Mouse
"DoubleClickWidth"=#USR:Control Panel\Mouse
"DragFullWindows"=USR:Control Panel\Desktop
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard
"LowPowerActive"=#USR:Control Panel\Desktop
"LowPowerTimeOut"=#USR:Control Panel\Desktop
"MouseSpeed"=#USR:Control Panel\Mouse
"MouseThreshold1"=#USR:Control Panel\Mouse
"MouseThreshold2"=#USR:Control Panel\Mouse
"PowerOffActive"=#USR:Control Panel\Desktop
"PowerOffTimeOut"=#USR:Control Panel\Desktop
"ScreenSaveActive"=#USR:Control Panel\Desktop
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop
"SnapToDefaultButton"=#USR:Control Panel\Mouse
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"SwapMouseButtons"=#USR:Control Panel\Mouse
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
"ScreenSaverActive"=USR:Control Panel\Desktop
"ScreenSaverIsSecure"=USR:Control Panel\Desktop
"SCRNSAVE.EXE"=USR:Control Panel\Desktop
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=131790084045873249

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender
"ProductIcon"[email protected]%ProgramFiles%\Windows Defender\EppManifest.dll,-100
"ProductLocalizedName"[email protected]%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
"RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe
"ProductType"=2
"InstallTime"=0xC93DAF8C6136D401
"InstallLocation"=C:\Program Files\Windows Defender\
"OOBEInstallTime"=0x558E24256336D401
"DisableAntiSpyware"=1
"DisableAntiVirus"=1
"ProductStatus"=0
"LastEnabledTime"=0x4DE20397502ED501
"ManagedDefenderProductType"=0

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

---------- | Winsock (Whitelist)


---------- | Hosts

127.0.0.1 localhost

---------- | Ping

Pinging google.com [172.217.23.238] with 32 bytes of data:
Reply from 172.217.23.238: bytes=32 time=8ms TTL=54
Reply from 172.217.23.238: bytes=32 time=8ms TTL=54
Reply from 172.217.23.238: bytes=32 time=8ms TTL=54
Reply from 172.217.23.238: bytes=32 time=8ms TTL=54

Ping statistics for 172.217.23.238:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 8ms, Maximum = 8ms, Average = 8ms

---------- | @

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Internet Explorer\Main]
"Anchor Underline"=yes
"Cache_Update_Frequency"=yes
"Disable Script Debugger"=yes
"DisableScriptDebuggerIE"=yes
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=%11%\blank.htm
"Save_Session_History_On_Exit"=no
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"UseClearType"=no
"XMLHTTP"=1
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"ImageStoreRandomFolder"=nyt6un6
"OperationalData"=12
"CompatibilityFlags"=0
"SearchBandMigrationVersion"=1
"FullScreen"=no
"Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF240000002400000044030000A4020000

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"DisableCachingOfSSLPages"=0
"IE5_UA_Backup_Flag"=5.0
"PrivacyAdvanced"=1
"SecureProtocols"=2688
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"CertificateRevocation"=1
"ZonesSecurityUpgrade"=0x3E8077B36136D401
"WarnonZoneCrossing"=0
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0
"LockDatabase"=132000651263381263

[HKLM\Software\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\System32\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\SysWOW64\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1


---------- | Proxy


---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify


---------- | Execution FileExts









---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending)] - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} -- C:\Users\Administrátor\AppData\Local\MEGAsync\ShellExtX64.dll [18/10/2017 23:51:14]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced)] - {05B38830-F4E9-4329-978B-1DD28605D202} -- C:\Users\Administrátor\AppData\Local\MEGAsync\ShellExtX64.dll [18/10/2017 23:51:14]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing)] - {0596C850-7BDD-4C9D-AFDF-873BE6890637} -- C:\Users\Administrátor\AppData\Local\MEGAsync\ShellExtX64.dll [18/10/2017 23:51:14]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [12/04/2018 01:34:24]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending)] - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} -- C:\Users\Administrátor\AppData\Local\MEGAsync\ShellExtX32.dll [18/10/2017 23:58:24]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced)] - {05B38830-F4E9-4329-978B-1DD28605D202} -- C:\Users\Administrátor\AppData\Local\MEGAsync\ShellExtX32.dll [18/10/2017 23:58:24]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing)] - {0596C850-7BDD-4C9D-AFDF-873BE6890637} -- C:\Users\Administrátor\AppData\Local\MEGAsync\ShellExtX32.dll [18/10/2017 23:58:24]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} --

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=


---------- | Toolbar

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=1

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"ITBar7Layout"=0x1300000000000000000000002000000010000100330000000100000000070000AC01000006000000410100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000067C200C5BF631F4587974D720C9A2ED90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
"ITBar7Layout64"=0x13000000000000000000000004000000100001000000000001000000000000005E01000006000000410100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000067C200C5BF631F4587974D720C9A2ED90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
"ITBar7Height"=28

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C500C267-63BF-451F-8797-4D720C9A2ED9}"=

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}


---------- | Extensions


---------- | SearchScopes

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC :
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC :

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}] -> () :
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC1E29BB-F56A-45D8-B023-D3EF710FA0E0}] -> (Kaspersky Protection) : C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [17/09/2018 23:59:09]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [07/11/2018 15:04:50]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [07/11/2018 15:04:50]

---------- | Chrome

C:\Users\Administrátor\AppData\Local\Google\Chrome\User Data\Default\extensions\amkpcclbbgegoafihnpgomddadjhcadd = : __MSG_ExtensionDescription__ - __MSG_ExtensionName__ - permissions:[nativeMessagingmanagementcookieswebRequest\u003Call_urls>webRequestBlockingstorage] - https://clients2.google.com/service/update2/crx
C:\Users\Administrátor\AppData\Local\Google\Chrome\User Data\Default\extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm = : __MSG_extShortDesc__ - name: uBlock Origin - short_name: uBlock₀ - permissions:[contextMenusprivacystoragetabsunlimitedStoragewebNavigationwebRequestwebRequestBlocking\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\Administrátor\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Administrátor\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx

[HKLM\Software\Google\Chrome\Extensions\amkpcclbbgegoafihnpgomddadjhcadd]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\amkpcclbbgegoafihnpgomddadjhcadd]

---------- | Opera


---------- | Firefox


[HKLM\Software\mozilla\Firefox\Extensions]
"[email protected]"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
[HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions]
"[email protected]"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
[HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.4] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.191.2] - (Java™ Deployment Toolkit) : C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.191.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVision] - (NVIDIA stereo images plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] - (NVIDIA 3D Vision Streaming plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll



---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.0.1 192.168.0.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{8bc03728-6a4b-499c-9bc3-b24c4b66c9f6}]
"DhcpNameServer"=192.168.0.1 192.168.0.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8bc03728-6a4b-499c-9bc3-b24c4b66c9f6}]
"DhcpNameServer"=192.168.0.1 192.168.0.1

---------- | Applications

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Classes\Applications\ImgBurn.exe] : "C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE WRITE /SOURCE "%1"
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Classes\Applications\notepad++.exe] : "C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\Classes\Applications\WinRAR.exe] : "C:\Program Files\WinRAR\WinRAR.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\Classes\Applications\IsoBuster.exe] : "C:\Program Files (x86)\Smart Projects\IsoBuster\IsoBuster.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\i_view64.exe] : "C:\Program Files\IrfanView\i_view64.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen
[HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\Classes\Applications\VSLauncher.exe] : "C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\IsoBuster.exe] : "C:\Program Files (x86)\Smart Projects\IsoBuster\IsoBuster.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\i_view64.exe] : "C:\Program Files\IrfanView\i_view64.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\VSLauncher.exe] : "C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=Power
LSM
BrokerInfrastructure
PlugPlay
DcomLaunch
DeviceInstall
SystemEventsBroker
"rdxgroup"=RetailDemo
"wusvcs"=WaaSMedicSvc
"BthAppGroup"=BluetoothUserService
"BcastDVRUserService"=BcastDVRUserService
"Camera"=FrameS
"diagnostics"=DiagSvc
"PrintWorkflow"=PrintWorkflowUserSvc
"GraphicsPerfSvcGroup"=GraphicsPerfSvc
"DevicesFlow"=DevicesFlowUserSvc
DevicePickerUserSvc
"smbsvcs"=lanmanserver

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=PlugPlay
DcomLaunch
DeviceInstall
"PrintWorkflow"=PrintWorkflowUserSvc
"smbsvcs"=lanmanserver


---------- | SvcHost - Netsvcs (Whitelist)


---------- | Software

[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\7-Zip]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Adobe]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Akeo Consulting]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\AppDataLow]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Ashampoo]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\ASIO4ALL v2 by Wuschel]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Aureal]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Authorsoft]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\BandiMPEG1]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\BANDISOFT]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Browser Cleanup]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Chromium]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Clients]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\CurioLab]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Cygwin]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Disc Soft]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\DMGR2.0.0]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\DMGR2.0.6]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Eraser]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\famatech]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\FLT]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Freemake]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\[email protected]@n]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Ghisler]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\GOG.com]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Google]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\HWiNFO32]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\HWiNFO64]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Image-Line]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Imagination Technologies]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\ImgBurn]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\iZotope]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\JavaSoft]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\KasperskyLab]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\KMPlayer]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\MacheteSoft]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Macromedia]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Malwarebytes]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Meltytech]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\MozillaPlugins]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Native Instruments]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Netscape]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\NirSoft]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\NVIDIA Corporation]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Opera Software]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Perun Creative]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Piriform]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Policies]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\PowerISO]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\QtProject]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\RegisteredApplications]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\ShiningMorning]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Smart Projects]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\SoftVoice]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Stellar]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Sysinternals]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Tailored Noise]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Ubisoft]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\undefined]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Unity]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\VB and VBA Program Settings]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\VIA]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\VirtualDJ]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Wargaming.net]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\WinRAR]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\WinRAR SFX]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Wizards Of The Coast]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Wow6432Node]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows\Winlogon]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\7-Zip]
[HKLM\Software\ASIO]
[HKLM\Software\AVAST Software]
[HKLM\Software\BandiMPEG1]
[HKLM\Software\BANDISOFT]
[HKLM\Software\Clients]
[HKLM\Software\Curiolab]
[HKLM\Software\Disc Soft]
[HKLM\Software\Dolby]
[HKLM\Software\DTS]
[HKLM\Software\Fortemedia]
[HKLM\Software\[email protected]@n]
[HKLM\Software\Ghisler]
[HKLM\Software\Google]
[HKLM\Software\Image-Line]
[HKLM\Software\Intel]
[HKLM\Software\IPS]
[HKLM\Software\IrfanView]
[HKLM\Software\KasperskyLab]
[HKLM\Software\Khronos]
[HKLM\Software\KMPlayer 64X]
[HKLM\Software\Knowles]
[HKLM\Software\Macromedia]
[HKLM\Software\McAfee]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Nahimic]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\Partner]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\PowerISO]
[HKLM\Software\Propellerhead Software]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\ShiningMorning]
[HKLM\Software\SoftVoice]
[HKLM\Software\SonicFocus]
[HKLM\Software\SoundResearch]
[HKLM\Software\SRS Labs]
[HKLM\Software\sysinternals]
[HKLM\Software\VideoLAN]
[HKLM\Software\WinRAR]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Yamaha APO]
[HKLM\Software\Microsoft\Windows\ClickNote]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\Dwm]
[HKLM\Software\Microsoft\Windows\DynamicManagement]
[HKLM\Software\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\Microsoft\Windows\Heat]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs]
[HKLM\Software\WOW6432Node\Adobe]
[HKLM\Software\WOW6432Node\AMD]
[HKLM\Software\WOW6432Node\Applogon]
[HKLM\Software\WOW6432Node\Ashampoo]
[HKLM\Software\WOW6432Node\ASIO]
[HKLM\Software\WOW6432Node\ASIO4ALL]
[HKLM\Software\WOW6432Node\AVAST Software]
[HKLM\Software\WOW6432Node\BandiMPEG1]
[HKLM\Software\WOW6432Node\BANDISOFT]
[HKLM\Software\WOW6432Node\Camel Audio]
[HKLM\Software\WOW6432Node\Caphyon]
[HKLM\Software\WOW6432Node\Chromium]
[HKLM\Software\WOW6432Node\Comodo]
[HKLM\Software\WOW6432Node\ComodoGroup]
[HKLM\Software\WOW6432Node\Conexant]
[HKLM\Software\WOW6432Node\Curiolab]
[HKLM\Software\WOW6432Node\Cygwin]
[HKLM\Software\WOW6432Node\famatech]
[HKLM\Software\WOW6432Node\Freemake]
[HKLM\Software\WOW6432Node\Ghisler]
[HKLM\Software\WOW6432Node\GOG.com]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\Image-Line]
[HKLM\Software\WOW6432Node\ImgBurn]
[HKLM\Software\WOW6432Node\InstallShield]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\InterVideo]
[HKLM\Software\WOW6432Node\IObit]
[HKLM\Software\WOW6432Node\JavaSoft]
[HKLM\Software\WOW6432Node\JreMetrics]
[HKLM\Software\WOW6432Node\KasperskyLab]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\McAfee NGI]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\Native Instruments]
[HKLM\Software\WOW6432Node\Notepad++]
[HKLM\Software\WOW6432Node\NVIDIA Corporation]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\OpenAL]
[HKLM\Software\WOW6432Node\Oracle]
[HKLM\Software\WOW6432Node\PowerISO]
[HKLM\Software\WOW6432Node\Propellerhead Software]
[HKLM\Software\WOW6432Node\Realtek]
[HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\WOW6432Node\Smart Projects]
[HKLM\Software\WOW6432Node\SoftVoice]
[HKLM\Software\WOW6432Node\SRS Labs]
[HKLM\Software\WOW6432Node\Stellar Data Recovery]
[HKLM\Software\WOW6432Node\The Silicon Realms Toolworks]
[HKLM\Software\WOW6432Node\VIA Technologies, Inc]
[HKLM\Software\WOW6432Node\VirtualDJ]
[HKLM\Software\WOW6432Node\Waves Audio]
[HKLM\Software\WOW6432Node\Wise Solutions]
[HKLM\Software\WOW6432Node\Wizards of the Coast]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm]
[HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Heat]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs]

---------- | Drives


E:

[07/11/2007 08:03:18] - |A| - (.(C) Microsoft Corporation. - UI Wrapper Resource DLL.) - [76304] - (9.0.21022.8) - E:\install.res.1028.dll
[07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. Alle Rechte vorbehalten. - Ressourcen-DLL für UI-Wrapper.) - [96272] - (9.0.21022.8) - E:\install.res.1031.dll
[07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. - UI Wrapper Resource DLL.) - [91152] - (9.0.21022.8) - E:\install.res.1033.dll
[07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. Tous droits réservés. - UI Wrapper Resource DLL.) - [97296] - (9.0.21022.8) - E:\install.res.1036.dll
[07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. Tutti i diritti riservati. - DLL di risorse del wrapper dell'interfaccia utente.) - [95248] - (9.0.21022.8) - E:\install.res.1040.dll
[07/11/2007 08:03:18] - |A| - (.(C) Copyright Microsoft Corporation. - UI Wrapper Resource DLL.) - [81424] - (9.0.21022.8) - E:\install.res.1041.dll
[07/11/2007 08:03:18] - |A| - (.(C) Microsoft Corporation. - UI 래퍼 리소스 DLL.) - [79888] - (9.0.21022.8) - E:\install.res.1042.dll
[07/11/2007 08:03:18] - |A| - (.(C) Microsoft Corporation。保留所有权利。 - 用户界面包装资源 DLL.) - [75792] - (9.0.21022.8) - E:\install.res.2052.dll
[07/11/2007 08:03:18] - |A| - (.© Microsoft Corporation. Reservados todos los derechos. - Archivo DLL de recursos del contenedor de la interfaz de usuario.) - [96272] - (9.0.21022.8) - E:\install.res.3082.dll
[15/03/2019 16:57:31] - |A| - (.Copyright © 2008-2010 The Eraser Project - Eraser Setup Bootstrapper.) - [9097616] - (6.0.9.2343) - E:\Eraser 6.0.9.2343.exe
[05/03/2019 16:31:27] - |A| - (.Copyright © 2008-2015 The Eraser Project - Eraser Setup Bootstrapper.) - [8338384] - (6.2.0.2970) - E:\Eraser_6.2.0.2970.exe
[01/05/2018 00:50:53] - |AH| - (.Copyright © DreamWorks Interactive 1996 - The Neverhood.) - [202240] - (0.0.0.14) - E:\setup95.exe
[01/05/2015 00:12:26] - |SH| - (.-.) - [357] - (0.0.0.0) - E:\boot.ini
[23/12/2015 12:46:01] - |A| - (.-.) - [199] - (0.0.0.0) - E:\DARE.INI
[07/11/2007 08:00:40] - |A| - (.-.) - [1110] - (0.0.0.0) - E:\globdata.ini
[07/11/2007 08:00:40] - |A| - (.-.) - [843] - (0.0.0.0) - E:\install.ini
[03/08/2004 22:38:34] - |RASH| - (.-.) - [47564] - (0.0.0.0) - E:\NTDETECT.COM

---------- | C:

[12/04/2018 01:38:20] - |SHD| - [3996] - C:\$Recycle.Bin
[11/09/2018 22:23:37] - |D| - [121428474] - C:\AdwCleaner
[17/08/2018 21:58:52] - |RD| - [8184083228] - C:\Backup
[MD5.15A881C93E29481AEA94004DB6614D3B] - [21/03/2019 22:48:31] - |SH| - (.-.) - [80] - (0.0.0.0) - C:\bootTel.dat
[18/08/2018 18:12:25] - |D| - [15731777] - C:\Documentation
[17/08/2018 21:38:05] - |SHD| - [224384748933] - C:\Documents and Settings
[18/08/2018 18:12:26] - |D| - [50765824] - C:\DXi
[19/04/2019 21:08:32] - |D| - [0] - C:\EFSTMPWP
[09/07/2019 01:06:52] - |D| - [123239946] - C:\FRST
[14/02/2019 22:55:14] - |D| - [3302634453] - C:\GOG Games
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [17/08/2018 21:37:57] - |ASH| - (.-.) - [5153665024] - (0.0.0.0) - C:\hiberfil.sys
[28/06/2019 20:18:37] - |AD| - [83993] - C:\KRD2018_Data
[12/09/2018 04:37:04] - |D| - [91611] - C:\KVRT_Data
[18/08/2018 18:12:25] - |D| - [291] - C:\mca
[18/08/2018 18:12:25] - |D| - [56524] - C:\motions
[MD5.B7BC766EA5C8B24A687F37951DA4F02F] - [18/08/2018 18:12:25] - |A| - (.-.) - [1546] - (0.0.0.0) - C:\Newsound.ksd
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [17/08/2018 21:35:58] - |ASH| - (.-.) - [21474836480] - (0.0.0.0) - C:\pagefile.sys
[12/04/2018 01:38:20] - |D| - [0] - C:\PerfLogs
[12/04/2018 01:38:20] - |RD| - [12977097215] - C:\Program Files
[12/04/2018 01:38:20] - |RD| - [16984780673] - C:\Program Files (x86)
[12/04/2018 01:38:20] - |HD| - [4262543952] - C:\ProgramData
[MD5.ADB62F683FEE413129D649645E489212] - [18/08/2018 18:12:25] - |A| - (.-.) - [114] - (0.0.0.0) - C:\ProgramList.pls
[16/03/2019 12:31:23] - |D| - [6814437] - C:\psexec
[09/07/2019 18:30:25] - |D| - [68685] - C:\QuickDiag
[MD5.6D7E07E6F4183F2E5F856CB25CED71DD] - [09/07/2019 18:30:33] - |A| - (.-.) - [225378] - (0.0.0.0) - C:\QuickDiag.txt
[17/08/2018 21:38:07] - |SHD| - [0] - C:\Recovery
[07/09/2018 15:24:58] - |SHD| - [170] - C:\RECYCLER
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [17/08/2018 21:35:58] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys
[17/08/2018 21:35:57] - |SHD| - [0] - C:\System Volume Information
[MD5.38FCF8ABAF0061B02450DB9E025C435D] - [18/08/2018 18:12:25] - |A| - (.-.) - [3411150] - (0.0.0.0) - C:\tables.dat
[28/06/2019 17:09:01] - |D| - [3628544] - C:\Temp
[23/09/2018 19:19:30] - |D| - [15655923] - C:\totalcmd
[11/04/2018 23:04:33] - |RD| - [224384748933] - C:\Users
[29/04/2019 19:57:33] - |D| - [103525237] - C:\Wconnect
[11/04/2018 23:04:33] - |D| - [25045789130] - C:\Windows

---------- | C:\Windows

[12/04/2018 01:38:20] - |D| - [802] - C:\Windows\addins
[12/04/2018 01:38:20] - |D| - [20358706] - C:\Windows\appcompat
[12/04/2018 01:38:20] - |D| - [8620256] - C:\Windows\apppatch
[12/04/2018 01:38:20] - |D| - [0] - C:\Windows\AppReadiness
[12/04/2018 01:38:20] - |RSD| - [987020615] - C:\Windows\assembly
[12/04/2018 01:38:20] - |D| - [720353] - C:\Windows\bcastdvr
[MD5.178BA90AA13F6F834E5C060DC923FB55] - [12/04/2018 01:34:02] - |A| - (.© Microsoft Corporation. Všechna práva vyhrazena. - Boot File Servicing Utility.) - [67072] - (10.0.17134.1) - C:\Windows\bfsvc.exe
[12/04/2018 01:38:20] - |D| - [38330878] - C:\Windows\Boot
[MD5.BA67B447ACCADBAEC7238084732F78A4] - [17/08/2018 21:36:40] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat
[12/04/2018 01:38:21] - |D| - [2456152] - C:\Windows\Branding
[12/04/2018 01:30:02] - |D| - [0] - C:\Windows\CbsTemp
[MD5.6E42CF0D47AF25DEA4CECDBE093D521C] - [13/09/2018 12:04:51] - |N| - (.-.) - [10134] - (0.0.0.0) - C:\Windows\CmeauSPDIF2.ico
[MD5.62CAFCF34806F36D15D987D265062CF2] - [13/09/2018 12:04:47] - |N| - (.-.) - [1224] - (0.0.0.0) - C:\Windows\CMSPDIF2.ini.cfg
[MD5.5DEF8D933F313F348BC538D4A49D6394] - [13/09/2018 12:04:51] - |A| - (.-.) - [240] - (0.0.0.0) - C:\Windows\CMSPDIF2.ini.cfl
[MD5.D5BA1B1D168B1EE614EB456345D8D62C] - [13/09/2018 12:04:47] - |A| - (.-.) - [340] - (0.0.0.0) - C:\Windows\CMSPDIF2.ini.imi
[MD5.A155FFABF2F04265A97274CCAB44D773] - [12/04/2018 17:52:34] - |A| - (.-.) - [35138] - (0.0.0.0) - C:\Windows\Core.xml
[12/04/2018 17:50:08] - |D| - [100352] - C:\Windows\cs-CZ
[12/04/2018 01:38:21] - |D| - [11482410] - C:\Windows\Cursors
[12/04/2018 01:38:21] - |D| - [414999] - C:\Windows\debug
[12/04/2018 01:38:21] - |D| - [4851225] - C:\Windows\diagnostics
[MD5.9CADC91DF349C198FFB5477A5B23B6C2] - [13/09/2018 12:04:47] - |A| - (.© Microsoft Corporation. - Driver Install Frameworks for API library module.) - [524768] - (2.1.0.0) - C:\Windows\difxapi.dll
[12/04/2018 17:50:08] - |D| - [0] - C:\Windows\DigitalLocker
[12/04/2018 01:38:21] - |SD| - [715601] - C:\Windows\Downloaded Program Files
[12/04/2018 01:38:21] - |HD| - [110120] - C:\Windows\ELAMBKUP
[04/03/2019 00:03:31] - |D| - [47104] - C:\Windows\en-GB
[12/04/2018 17:50:08] - |D| - [49152] - C:\Windows\en-US
[MD5.C8FB56B60458B09C1CAEBD4DAF1AC8BB] - [09/04/2019 19:41:05] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [3933296] - (10.0.17134.677) - C:\Windows\explorer.exe
[12/04/2018 01:38:21] - |RSD| - [394030432] - C:\Windows\Fonts
[12/04/2018 01:38:21] - |D| - [0] - C:\Windows\GameBarPresenceWriter
[12/04/2018 01:38:21] - |D| - [57955547] - C:\Windows\Globalization
[12/04/2018 01:38:21] - |D| - [72448722] - C:\Windows\Help
[MD5.30D302335B017DC3B53519BD9E33D763] - [12/02/2019 22:04:33] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [1054720] - (10.0.17134.556) - C:\Windows\HelpPane.exe
[MD5.A50C9DF7603E2F1AEA6B54053794A326] - [12/04/2018 01:34:25] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [17920] - (10.0.17134.1) - C:\Windows\hh.exe
[12/04/2018 01:38:21] - |D| - [29869] - C:\Windows\IdentityCRL
[12/04/2018 01:38:21] - |D| - [28829078] - C:\Windows\IME
[12/04/2018 01:38:21] - |RD| - [8496097] - C:\Windows\ImmersiveControlPanel
[12/04/2018 01:36:48] - |D| - [83450904] - C:\Windows\INF
[12/04/2018 01:38:21] - |D| - [1345615377] - C:\Windows\InfusedApps
[12/04/2018 01:38:21] - |D| - [38137502] - C:\Windows\InputMethod
[MD5.84CE93815F9770CF85519294973060A2] - [13/09/2018 12:04:51] - |N| - (.-.) - [246896] - (0.0.0.0) - C:\Windows\Install-01.bmp
[MD5.93389DD11FDA10EEA7B43907D0E345D3] - [13/09/2018 12:04:51] - |N| - (.-.) - [98638] - (0.0.0.0) - C:\Windows\Install-02.bmp
[12/04/2018 01:38:21] - |SHD| - [650747105] - C:\Windows\Installer
[18/08/2018 01:37:27] - |D| - [0] - C:\Windows\IObit
[MD5.515E4684008E955DE0C81E6A7AEA1C2A] - [27/05/2019 14:36:31] - |A| - (.Copyright InstallShield Corporation, Inc. 1990-1997 - InstallShield® unInstaller.) - [306688] - (5.51.138.0) - C:\Windows\IsUninst.exe
[MD5.65577EF62A45AA9A29639BEC2649FB72] - [18/08/2018 14:58:05] - |A| - (.Copyright © 2001 Indigo Rose Corporation. All Rights Reserved - SUF60Runtime.) - [720896] - (6.0.0.3) - C:\Windows\iun6002.exe
[12/04/2018 01:38:21] - |D| - [94163] - C:\Windows\L2Schemas
[12/04/2018 01:38:21] - |HD| - [0] - C:\Windows\LanguageOverlayCache
[12/04/2018 01:38:21] - |D| - [0] - C:\Windows\LiveKernelReports
[11/04/2018 23:04:39] - |D| - [17188004] - C:\Windows\Logs
[12/04/2018 01:38:21] - |RSD| - [20486563] - C:\Windows\media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [12/04/2018 01:34:36] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin
[12/04/2018 01:38:20] - |RD| - [830556677] - C:\Windows\Microsoft.NET
[12/04/2018 01:38:21] - |D| - [3135] - C:\Windows\Migration
[23/10/2018 01:33:48] - |D| - [0] - C:\Windows\Minidump
[12/04/2018 01:38:21] - |D| - [0] - C:\Windows\ModemLogs
[MD5.BB9A06B8F2DD9D24C77F389D7B2B58D2] - [12/04/2018 01:34:20] - |A| - (.© Microsoft Corporation. - Notepad.) - [245760] - (10.0.17134.1) - C:\Windows\notepad.exe
[MD5.8BED73DA42C6EDFC73203C69F81ECFB6] - [16/03/2019 12:35:53] - |A| - (.-.) - [683072] - (0.0.0.0) - C:\Windows\ntbtlog.txt
[MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [11/11/2018 15:40:18] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\Windows\NvContainerRecovery.bat
[MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [11/11/2018 15:40:49] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\Windows\NvTelemetryContainerRecovery.bat
[12/04/2018 17:51:21] - |D| - [577822] - C:\Windows\OCR
[12/04/2018 01:38:21] - |RD| - [65] - C:\Windows\Offline Web Pages
[17/08/2018 22:35:29] - |D| - [3851101] - C:\Windows\Panther
[20/04/2019 23:30:09] - |D| - [0] - C:\Windows\PCHEALTH
[12/04/2018 01:38:21] - |D| - [400813] - C:\Windows\Performance
[MD5.87B8BE85FDE907910C8BEA60A1E2965E] - [18/08/2018 01:05:13] - |A| - (.-.) - [414114] - (0.0.0.0) - C:\Windows\PFRO.log
[12/04/2018 01:38:21] - |D| - [1278315] - C:\Windows\PLA
[12/04/2018 01:38:21] - |D| - [3437843] - C:\Windows\PolicyDefinitions
[17/08/2018 21:36:09] - |D| - [0] - C:\Windows\Prefetch
[12/04/2018 01:38:21] - |RD| - [1965018] - C:\Windows\PrintDialog
[12/04/2018 01:38:21] - |D| - [5479518] - C:\Windows\Provisioning
[MD5.AC91328EE5CFFBD695CE912F75F876F6] - [12/04/2018 01:34:34] - |A| - (.© Microsoft Corporation. Všechna práva vyhrazena. - Editor registru.) - [336384] - (10.0.17134.1) - C:\Windows\regedit.exe
[12/04/2018 01:38:21] - |D| - [22588] - C:\Windows\Registration
[12/04/2018 01:38:21] - |D| - [18677600] - C:\Windows\rescache
[12/04/2018 01:38:21] - |D| - [3801477] - C:\Windows\Resources
[MD5.A095B3E67C8EB8F2137EAC63687F2F5B] - [07/11/2018 21:53:38] - |A| - (.Copyright (C) 2016 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2839520] - (1.0.7.0) - C:\Windows\RtlExUpd.dll
[12/04/2018 01:38:21] - |D| - [0] - C:\Windows\SchCache
[12/04/2018 01:38:21] - |D| - [122082] - C:\Windows\schemas
[12/04/2018 01:38:21] - |D| - [1099140] - C:\Windows\security
[17/08/2018 21:36:00] - |D| - [190102014] - C:\Windows\ServiceProfiles
[12/04/2018 01:38:21] - |D| - [0] - C:\Windows\ServiceState
[11/04/2018 23:04:33] - |D| - [224134777] - C:\Windows\servicing
[12/04/2018 01:41:20] - |D| - [42] - C:\Windows\Setup
[MD5.447BE2C98A2274B6A699F180F1EDADC8] - [12/06/2019 21:44:31] - |A| - (.-.) - [93440] - (0.0.0.0) - C:\Windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/03/2019 00:04:41] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log
[MD5.13DE8A3E20CA586E76467B1AF4EADB5A] - [07/11/2018 21:06:56] - |A| - (.-.) - [24] - (0.0.0.0) - C:\Windows\SetupTemp.ini
[12/04/2018 01:38:21] - |D| - [6443008] - C:\Windows\ShellComponents
[12/04/2018 01:38:21] - |D| - [53634048] - C:\Windows\ShellExperiences
[12/04/2018 17:51:09] - |D| - [4491568] - C:\Windows\SKB
[17/08/2018 21:38:13] - |D| - [426404466] - C:\Windows\SoftwareDistribution
[12/04/2018 01:38:21] - |D| - [104135198] - C:\Windows\Speech
[12/04/2018 01:38:21] - |D| - [50768090] - C:\Windows\Speech_OneCore
[MD5.8D59B31FF375059E3C32B17BF31A76D5] - [12/04/2018 01:34:41] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.17134.1) - C:\Windows\splwow64.exe
[12/04/2018 01:38:21] - |D| - [31462] - C:\Windows\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [12/04/2018 01:38:24] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini
[11/04/2018 23:04:33] - |D| - [5538456967] - C:\Windows\System32
[12/04/2018 01:38:21] - |D| - [226393689] - C:\Windows\SystemApps
[12/04/2018 01:38:21] - |D| - [27067217] - C:\Windows\SystemResources
[11/04/2018 23:04:41] - |D| - [1568591337] - C:\Windows\SysWOW64
[12/04/2018 01:38:21] - |D| - [0] - C:\Windows\TAPI
[12/04/2018 01:38:21] - |D| - [546] - C:\Windows\Tasks
[12/04/2018 01:38:21] - |D| - [69631614] - C:\Windows\Temp
[12/04/2018 01:38:21] - |D| - [13610496] - C:\Windows\TextInput
[12/04/2018 01:38:21] - |D| - [0] - C:\Windows\tracing
[12/04/2018 01:38:21] - |D| - [7680] - C:\Windows\twain_32
[MD5.076387B253E6A381090F59EDBFC5EEF6] - [12/04/2018 01:34:53] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\Windows\twain_32.dll
[12/04/2018 01:38:21] - |D| - [12420] - C:\Windows\Vss
[11/04/2018 23:04:37] - |D| - [25818] - C:\Windows\WaaS
[12/04/2018 01:38:21] - |D| - [15729830] - C:\Windows\Web
[MD5.23CF8138F49416231807E6DE371FB9E6] - [12/04/2018 01:38:24] - |A| - (.-.) - [92] - (0.0.0.0) - C:\Windows\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [12/04/2018 01:34:36] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest
[MD5.2CC83D93DD1DDE691158CF5E9882420B] - [03/03/2019 23:57:25] - |A| - (.-.) - [276] - (0.0.0.0) - C:\Windows\WindowsUpdate.log
[MD5.EE1F0DE1ED3E8A5BF080B3497049969E] - [12/04/2018 01:34:52] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [11776] - (10.0.17134.1) - C:\Windows\winhlp32.exe
[11/04/2018 23:04:33] - |D| - [11849773052] - C:\Windows\WinSxS
[MD5.BAF20BBC7F8347E7CB410B97CE58232B] - [20/04/2019 23:30:07] - |A| - (.-.) - [575] - (0.0.0.0) - C:\Windows\wmsetup.log
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [12/04/2018 01:33:56] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx
[MD5.5266C61652051E9EF3A4D199001F6B17] - [12/04/2018 01:34:19] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.17134.1) - C:\Windows\write.exe

---------- | C:\Windows\System32\GroupPolicy

[11/09/2018 23:26:49] - |D| - [0] - C:\Windows\System32\GroupPolicy\User

---------- | Systemroot\System

[13/09/2018 12:04:47] - |A| - [289] - C:\Windows\System\CMSPDIF2.ini () - ()
[13/09/2018 12:04:51] - |A| - [134] - C:\Windows\System\Dlap.pfx () - ()

---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[10/05/2011 16:42:04] - C:\Windows\Installer\1135aa.msi : (VIA Universal Setup Program - VIA Technologies, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/09/2018 23:55:51] - C:\Windows\Installer\14c6c.msi : (Kaspersky Free - Kaspersky Lab) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/11/2012 13:34:36] - C:\Windows\Installer\1ac06c0d.msi : (VirtualDJ PRO Full Installer - Atomix Productions) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/05/2019 19:42:27] - C:\Windows\Installer\32e3449c.msi : (MTG Arena - Wizards of the Coast) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/03/2015 10:42:22] - C:\Windows\Installer\598e9a0.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[07/11/2018 15:04:34] - C:\Windows\Installer\5e0c6.msi : (Java SE Runtime Environment 8 Update 191 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[07/11/2018 15:04:32] - C:\Windows\Installer\5e0d1.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/05/2019 03:19:20] - C:\Windows\Installer\63082ca.msi : (Google Update Helper - Google LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/03/2019 16:31:44] - C:\Windows\Installer\8a3f155.msi : (Eraser Installer - The Eraser Project) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/11/2018 17:24:32] - [17375232] - (.().-. - ()) - C:\Windows\Installer\103161ca.msp
[18/09/2018 13:11:42] - [17960960] - (.().-. - ()) - C:\Windows\Installer\114af5.msp
[03/06/2019 12:44:23] - [4653056] - (.().-. - ()) - C:\Windows\Installer\237b323b.msp
[15/04/2019 12:05:22] - [19210240] - (.().-. - ()) - C:\Windows\Installer\31ea16a.msp
[02/10/2018 00:37:25] - [18440192] - (.().-. - ()) - C:\Windows\Installer\7f9b7f.msp
[13/06/2019 14:38:00] - [2260992] - (.().-. - ()) - C:\Windows\Installer\97c5280.msp

---------- | %System%\*.in*

[01/10/2018 00:37:01] - [216] - C:\Windows\System32\AsPatchViaAudio.ini
[12/04/2018 01:33:56] - [3329] - C:\Windows\System32\ieuinit.inf
[17/08/2018 21:44:46] - [1689050] - C:\Windows\System32\PerfStringBackup.INI
[12/04/2018 01:34:33] - [60124] - C:\Windows\System32\tcpmon.ini
[12/04/2018 01:34:20] - [2404] - C:\Windows\System32\WimBootCompress.ini
[12/04/2018 01:34:00] - [3329] - C:\Windows\Syswow64\ieuinit.inf
[12/04/2018 01:34:49] - [2404] - C:\Windows\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.62DBDBCE2328C36DE3E23BDB6902237C] - |A| - [09/07/2019 12:57:47] - (.-.) - [1.84 Ko] - (0.0.0.0) - C:\Windows\Temp\AsPatchViaAudio.log
[MD5.FB5A3B4D2AA3FFB566DD9E8ECD6BB0B4] - |A| - [09/07/2019 18:13:35] - (.Copyright (c) 2009-2017, Comodo Security Solutions, Inc. - Comodo Dragon.) - [67920.26 Ko] - (57.0.2987.93) - C:\Windows\Temp\chromodo_setup.exe
[MD5.7B0B9255A474A097BB804AED91E0687C] - |A| - [09/07/2019 18:13:35] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\Windows\Temp\chromodo_version.inf
[MD5.00000000000000000000000000000000] - |D| - [09/07/2019 12:57:53] - [5.72 Ko] - C:\Windows\Temp\Comodo LogsFolder
[MD5.00000000000000000000000000000000] - |D| - [09/07/2019 18:13:33] - [0 Ko] - C:\Windows\Temp\DiagTrack_alternativeTrace
[MD5.00000000000000000000000000000000] - |D| - [09/07/2019 18:13:33] - [0 Ko] - C:\Windows\Temp\DiagTrack_aot
[MD5.00000000000000000000000000000000] - |D| - [09/07/2019 18:13:33] - [0 Ko] - C:\Windows\Temp\DiagTrack_diag
[MD5.00000000000000000000000000000000] - |D| - [09/07/2019 18:13:33] - [0 Ko] - C:\Windows\Temp\DiagTrack_miniTrace
[MD5.344380795A92A09FECF25804D9B76C3E] - |A| - [09/07/2019 13:01:48] - (.-.) - [14.64 Ko] - (0.0.0.0) - C:\Windows\Temp\HighPerformancePlan.log
[MD5.5DFDCEC26AB9C57AA3A9FC98896BA150] - |A| - [09/07/2019 13:01:48] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\Temp\PowerPlan.log
[MD5.3893C9004C127FE8D9A1FFE39394BDC7] - |A| - [09/07/2019 17:41:08] - (.-.) - [46.06 Ko] - (0.0.0.0) - C:\Windows\Temp\sa.9NBLGGH444L4_0__.Public.InstallAgent.dat
[MD5.00C32385E1226D6021A02D30CDC61053] - |A| - [09/07/2019 13:01:43] - (.-.) - [10.88 Ko] - (0.0.0.0) - C:\Windows\Temp\UsoStoreFile.xml
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:09] - [0 Ko] - C:\Windows\System32\0409
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 01:34:20] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\Windows\System32\@AudioToastIcon.png
[MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [12/04/2018 01:34:07] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\Windows\System32\@BackgroundAccessToastIcon.png
[MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [12/04/2018 01:34:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\Windows\System32\@bitlockertoastimage.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 01:34:14] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\Windows\System32\@EnrollmentToastIcon.png
[MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [12/04/2018 01:34:27] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\Windows\System32\@language_notification_icon.png
[MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [12/04/2018 01:34:32] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\Windows\System32\@optionalfeatures.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 01:34:33] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\Windows\System32\@VpnToastIcon.png
[MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [12/04/2018 01:34:44] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\Windows\System32\@WiFiNotificationIcon.png
[MD5.79166EAF65485F1432DD72B72870026B] - |A| - [12/04/2018 01:34:04] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\Windows\System32\@windows-hello-V4.1.gif
[MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [12/04/2018 01:34:04] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\Windows\System32\@WindowsHelloFaceToastIcon.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\Windows\System32\@WindowsUpdateToastIcon.contrast-black.png
[MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\Windows\System32\@WindowsUpdateToastIcon.contrast-white.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\Windows\System32\@WindowsUpdateToastIcon.png
[MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 01:34:20] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\Windows\System32\@WirelessDisplayToast.png
[MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [12/04/2018 01:34:12] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\Windows\System32\@WwanNotificationIcon.png
[MD5.85D91E478AF18125007C531227FF6E59] - |A| - [12/04/2018 01:34:12] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\Windows\System32\@WwanSimLockIcon.png
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:39] - [2891.9 Ko] - C:\Windows\System32\AdvancedInstallers
[MD5.B4F803BBEAFAD4DE89C6D3718E93F4F0] - |A| - [12/04/2018 01:34:15] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [602 Ko] - (3.3.2.0) - C:\Windows\System32\archiveint.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\System32\as-IN
[MD5.96CBFC8DB8026CB0092D3BDF09CD8079] - |A| - [01/10/2018 00:37:01] - (.©ASUSTek Computer INC. All right reserved. - ASUS Patch For VIA Audio.) - [156.69 Ko] - (1.0.0.1) - C:\Windows\System32\AsPatchViaAudio.exe
[MD5.E378A364E0B7D3792820F0757C45DB8F] - |A| - [01/10/2018 00:37:01] - (.-.) - [0.21 Ko] - (0.0.0.0) - C:\Windows\System32\AsPatchViaAudio.ini
[MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [12/04/2018 01:34:04] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\Windows\System32\AverageRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\System32\az-Latn-AZ
[MD5.531F17189C60ED61BDE4DCC82CC66B59] - |A| - [26/01/2017 09:26:44] - (.-.) - [73.48 Ko] - (0.0.0.0) - C:\Windows\System32\bdmjpeg64.dll
[MD5.2F42956D6772A840D47C92C48004C946] - |A| - [26/01/2017 09:26:50] - (.-.) - [74.01 Ko] - (0.0.0.0) - C:\Windows\System32\bdmpega64.acm
[MD5.12C2E65CA9CDFB4E77B65CC311FD97C3] - |A| - [26/01/2017 09:26:46] - (.-.) - [73.51 Ko] - (0.0.0.0) - C:\Windows\System32\bdmpegv64.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\System32\be-BY
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [256.5 Ko] - C:\Windows\System32\bg-BG
[MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIcon.contrast-black.png
[MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIcon.contrast-high.png
[MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIcon.contrast-white.png
[MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIcon.png
[MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothSystemToastIcon.contrast-white.png
[MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\System32\bn-BD
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\System32\bn-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4933.63 Ko] - C:\Windows\System32\Boot
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\System32\bs-Latn-BA
[MD5.06DB0A736F8A78151518276F232669FC] - |A| - [12/04/2018 01:34:19] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [181 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.1 Ko] - C:\Windows\System32\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\System32\ca-ES
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31 Ko] - C:\Windows\System32\ca-ES-valencia
[MD5.936CCC6EADD4831CDE23393AFCD850FB] - |A| - [07/11/2018 18:42:08] - (.(c) Conexant System, Inc. - CAFAPI.) - [112.42 Ko] - (3.0.0.1) - C:\Windows\System32\Caf64api.dll
[MD5.F0D9E4A750746EB291D15798AA925D9D] - |A| - [07/11/2018 18:42:08] - (.©Conexant Systems, Inc. - Conexant Audio Processing Objects, (x64).) - [595.11 Ko] - (2.51.0.0) - C:\Windows\System32\CAF64APO2.dll
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [99176.44 Ko] - C:\Windows\System32\CatRoot
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [52205.96 Ko] - C:\Windows\System32\catroot2
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [23 Ko] - C:\Windows\System32\chr-CHER-US
[MD5.46ABAEA703C320E10B1A22B334BB6152] - |N| - [13/09/2018 12:04:51] - (.Copyright (C) 2011 - Vista Driver Installer.) - [798.5 Ko] - (1.0.3.3) - C:\Windows\System32\CmeauSPDIF2.exe
[MD5.11BB3D5DC9336037C14A46873FA1FFDF] - |N| - [13/09/2018 12:04:47] - (.Copyright (C) 2006 - Vista Driver Installer.) - [351 Ko] - (1.0.1.0) - C:\Windows\System32\CmiInstallResAll64.dll
[MD5.D1DA268814909698D1D503D31E8781B2] - |N| - [13/09/2018 12:04:51] - (.© C-Media Inc. - C-Media ASIO DLL.) - [31 Ko] - (7.0.12.713) - C:\Windows\System32\CMUACWOASIO64.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [3135.77 Ko] - C:\Windows\System32\CodeIntegrity
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [373 Ko] - C:\Windows\System32\com
[MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\Windows\System32\ComputerToastIcon.contrast-white.png
[MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\Windows\System32\ComputerToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [273430.26 Ko] - C:\Windows\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [83.04 Ko] - C:\Windows\System32\Configuration
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:09] - [3374.5 Ko] - C:\Windows\System32\cs
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [35459.74 Ko] - C:\Windows\System32\cs-CZ
[MD5.BDEBD2FC4927DA00EEA263AF9CF8F7ED] - |A| - [12/04/2018 01:34:15] - (.© 1996 - 2017 Daniel Stenberg, <[email protected]>. - The curl executable.) - [414.5 Ko] - (7.55.1.0) - C:\Windows\System32\curl.exe
[MD5.707DBFA069D1A078D5FC6CB57A9BB707] - |A| - [07/11/2018 21:53:41] - (.©Conexant Systems Inc. - Conexant APO.) - [1578.79 Ko] - (1.74.0.0) - C:\Windows\System32\CX64APO.dll
[MD5.42403C608F1EB6A3A003ED8949C3CE04] - |A| - [07/11/2018 18:42:08] - (.©Conexant Systems Inc. - Conexant MFX APO Proxy.) - [1493.3 Ko] - (1.2.0.0) - C:\Windows\System32\CX64Proxy.dll
[MD5.2B4C3D9F114EE40FEAD6A86395F2FC89] - |A| - [07/11/2018 18:42:08] - (.-.) - [5.47 Ko] - (0.0.0.0) - C:\Windows\System32\cxapo.lncs
[MD5.7C5FD3EEC5147A5C2060B080AF7604D2] - |A| - [07/11/2018 18:42:08] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\Windows\System32\cxapo.prop
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31.5 Ko] - C:\Windows\System32\cy-GB
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [311.5 Ko] - C:\Windows\System32\da-DK
[MD5.48E51DAA9278C41213957795D439A274] - |A| - [07/11/2018 19:26:17] - (.-.) - [138 Ko] - (0.0.0.0) - C:\Windows\System32\DataStoreCacheDumpTool.exe
[MD5.00000000000000000000000000000000] - |D| - [30/09/2018 15:10:20] - [14215.07 Ko] - C:\Windows\System32\DAX2
[MD5.00000000000000000000000000000000] - |D| - [30/09/2018 15:10:20] - [6813.54 Ko] - C:\Windows\System32\DAX3
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [217.6 Ko] - C:\Windows\System32\DDFs
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [355 Ko] - C:\Windows\System32\de-DE
[MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 01:34:06] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\Windows\System32\DefaultAccountTile.png
[MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [12/04/2018 01:34:04] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\Windows\System32\DefaultHrtfs.bin
[MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [12/04/2018 01:38:27] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\Windows\System32\DefaultQuestions.json
[MD5.851A9305E14B348CA0D9C7FB75391FDB] - |A| - [13/11/2018 20:38:06] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\Windows\System32\DesktopKeepOnToastImg.gif
[MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [12/04/2018 01:34:17] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\Windows\System32\DetailedReading-Default.xml
[MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [949 Ko] - C:\Windows\System32\DiagSvcs
[MD5.12ACC91FA93C8BF82D4EF3FB779ECEF8] - |A| - [12/04/2018 01:34:24] - (.-.) - [80.27 Ko] - (0.0.0.0) - C:\Windows\System32\DiskSnapshot.conf
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [9764.27 Ko] - C:\Windows\System32\Dism
[MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\System32\DisplaySystemToastIcon.contrast-white.png
[MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\Windows\System32\DisplaySystemToastIcon.png
[MD5.B692F28F37DEFAA40086C2F347207BEE] - |A| - [07/11/2018 21:53:42] - (.(c) DTS. - DTS GFX APO.) - [488.82 Ko] - (2.1.1.0) - C:\Windows\System32\DTSU2PGFX64.dll
[MD5.7505A31B570656C12AE138B3B015BF20] - |A| - [07/11/2018 21:53:42] - (.(c) DTS. - DTS LFX APO.) - [502.46 Ko] - (2.1.1.0) - C:\Windows\System32\DTSU2PLFX64.dll
[MD5.A0C71F41AF8714B176E1B671A0451EAE] - |A| - [07/11/2018 21:53:42] - (.(c) DTS. - DTS LFX APO.) - [418.19 Ko] - (2.1.1.0) - C:\Windows\System32\DTSU2PREC64.dll
[MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [12/04/2018 01:34:04] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\Windows\System32\DynamicLong.bin
[MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [12/04/2018 01:34:04] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\Windows\System32\DynamicMedium.bin
[MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [12/04/2018 01:34:04] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\Windows\System32\DynamicShort.bin
[MD5.10C38E1CA0D664F58E8B9F3645885E1D] - |A| - [12/02/2019 22:04:32] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\edgehtmlpluginpolicy.bin
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [351 Ko] - C:\Windows\System32\el-GR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:10] - [3118 Ko] - C:\Windows\System32\en
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [17519.27 Ko] - C:\Windows\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [25243.09 Ko] - C:\Windows\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [340.5 Ko] - C:\Windows\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [268 Ko] - C:\Windows\System32\es-MX
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [236.5 Ko] - C:\Windows\System32\et-EE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\System32\eu-ES
[MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [17201.64 Ko] - C:\Windows\System32\F12
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\System32\fa-IR
[MD5.4DBB768C8F7E49566670FF10A61726A3] - |A| - [18/08/2018 00:30:58] - (.-.) - [1278 Ko] - (0.0.0.0) - C:\Windows\System32\FaceProcessor.dll
[MD5.F5A3997555DA1A4F7036D4E8B2FCB386] - |A| - [18/08/2018 00:30:26] - (.-.) - [530.16 Ko] - (0.0.0.0) - C:\Windows\System32\FaceProcessorCore.dll
[MD5.BB0137476B1EC8B10CE944BF023C91F6] - |A| - [12/04/2018 01:34:04] - (.-.) - [1317.05 Ko] - (0.0.0.0) - C:\Windows\System32\FaceTrackerInternal.dll
[MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [12/04/2018 01:34:41] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\Windows\System32\FeatureToastBulldogImg.png
[MD5.E65D2A37B6D4445D0CD9234BA933475B] - |A| - [12/04/2018 01:33:53] - (.-.) - [72.96 Ko] - (0.0.0.0) - C:\Windows\System32\FeatureToastHeroImg.jpg
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [316 Ko] - C:\Windows\System32\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32.5 Ko] - C:\Windows\System32\fil-PH
[MD5.71111E80B40C7292CF95807307F65F49] - |A| - [17/08/2018 21:35:59] - (.-.) - [258.85 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [276 Ko] - C:\Windows\System32\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [351.5 Ko] - C:\Windows\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\System32\FxsTmp
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32.5 Ko] - C:\Windows\System32\ga-IE
[MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\System32\GameSystemToastIcon.contrast-white.png
[MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\Windows\System32\GameSystemToastIcon.png
[MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [12/04/2018 01:34:39] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [34 Ko] - C:\Windows\System32\gd-GB
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31 Ko] - C:\Windows\System32\gl-ES
[MD5.00000000000000000000000000000000] - |HD| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\System32\gu-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\System32\ha-Latn-NG
[MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\Windows\System32\HandwritingSystemToastIcon.contrast-white.png
[MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\Windows\System32\HandwritingSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [254.5 Ko] - C:\Windows\System32\he-IL
[MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\Windows\System32\HeadphoneSystemToastIcon.contrast-white.png
[MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\Windows\System32\HeadphoneSystemToastIcon.png
[MD5.202A07E4526B050E22624328E64E0470] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\Windows\System32\HeadsetSystemToastIcon.contrast-white.png
[MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\Windows\System32\HeadsetSystemToastIcon.png
[MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\Windows\System32\HealthSystemToastIcon.contrast-white.png
[MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\Windows\System32\HealthSystemToastIcon.png
[MD5.D6906D226393F94E7D8B3B2AC1E41D94] - |A| - [12/04/2018 01:34:10] - (.-.) - [247.5 Ko] - (0.0.0.0) - C:\Windows\System32\HeatCore.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\System32\hi-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [248 Ko] - C:\Windows\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [321.5 Ko] - C:\Windows\System32\hu-HU
[MD5.E1712E7E7F912EC72EEDA318C3B25E25] - |A| - [12/04/2018 01:33:54] - (.-.) - [31 Ko] - (0.0.0.0) - C:\Windows\System32\HvSocket.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [27.5 Ko] - C:\Windows\System32\hy-AM
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:52:15] - [160.64 Ko] - C:\Windows\System32\hydrogen
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5.36 Ko] - C:\Windows\System32\ias
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [36.27 Ko] - C:\Windows\System32\icsxml
[MD5.CD591279F103D5E02F84ABD7ED450E57] - |RA| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1848 Ko] - (59.1.0.0) - C:\Windows\System32\icuin.dll
[MD5.4185EE055F39FD2D726A91E6A8A1A093] - |RA| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1311.5 Ko] - (59.1.0.0) - C:\Windows\System32\icuuc.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\System32\id-ID
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [27 Ko] - C:\Windows\System32\ig-NG
[MD5.67B646C256190F118619C9D10AAE4B5C] - |A| - [12/04/2018 01:34:04] - (.-.) - [168 Ko] - (0.0.0.0) - C:\Windows\System32\IHDS.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [25220 Ko] - C:\Windows\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\System32\inetsrv
[MD5.BB1480586B5C174900A1051CEB2B462F] - |A| - [12/04/2018 01:34:12] - (.-.) - [480.22 Ko] - (0.0.0.0) - C:\Windows\System32\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6671.5 Ko] - C:\Windows\System32\InputMethod
[MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\Windows\System32\InputSystemToastIcon.contrast-white.png
[MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\Windows\System32\InputSystemToastIcon.png
[MD5.4B50A976673054965C8D75832DD01FB6] - |A| - [07/11/2018 21:53:44] - (.© Knowles Electronics. - Knowles HD Audio APO.) - [603.7 Ko] - (4.1105.6000.53) - C:\Windows\System32\KAAPORT64.dll
[MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\KeyboardSystemToastIcon.contrast-white.png
[MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\Windows\System32\KeyboardSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\System32\kk-KZ
[MD5.48BA9C6110A5EBA910E7FB2E7D23CFC1] - |A| - [17/09/2018 23:59:14] - (.Copyright © Kaspersky Lab ZAO 1996-2012. - Filtering Platform Helper Class.) - [107.59 Ko] - (1.0.0.12) - C:\Windows\System32\klfphc.dll
[MD5.EC667C2F5D3DF14ADA6E18C3428E0EA5] - |A| - [17/09/2018 23:58:52] - (.© 2018 AO Kaspersky Lab. - System Interceptors PDK usermode service interceptor.) - [148.72 Ko] - (20.0.122.0) - C:\Windows\System32\klhkum.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28 Ko] - C:\Windows\System32\km-KH
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31.5 Ko] - C:\Windows\System32\kn-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [233.5 Ko] - C:\Windows\System32\ko-KR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\System32\kok-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\System32\ku-Arab-IQ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\System32\ky-KG
[MD5.9451D4436E2EA67EB33FCC764E4AABED] - |A| - [13/11/2018 20:38:16] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\Windows\System32\LaptopPlugInToastImg.gif
[MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [12/04/2018 01:34:04] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\Windows\System32\LargeRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [33 Ko] - C:\Windows\System32\lb-LU
[MD5.4F5120E44845A78D5920D2F0BDE0340F] - |A| - [12/04/2018 17:51:49] - (.-.) - [1953 Ko] - (2.6.4.0) - C:\Windows\System32\libcrypto.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [559.86 Ko] - C:\Windows\System32\Licenses
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [27 Ko] - C:\Windows\System32\lo-LA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [9148.69 Ko] - C:\Windows\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [244 Ko] - C:\Windows\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [245.5 Ko] - C:\Windows\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [62392.23 Ko] - C:\Windows\System32\Macromed
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32.68 Ko] - C:\Windows\System32\MailContactsCalendarSync
[MD5.6C3157FD2E850739EDEA659D40D0977D] - |A| - [07/11/2018 21:53:44] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [322.8 Ko] - (2.2.9.0) - C:\Windows\System32\MaxxAudioAPO20.dll
[MD5.84E57F29ADF92B001C5EB4DB2AB2F7B1] - |A| - [07/11/2018 21:53:44] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [662.28 Ko] - (3.6.0.0) - C:\Windows\System32\MaxxAudioAPO30.dll
[MD5.963A8F89B0CC40B14F27FCAD30BE8CA3] - |A| - [07/11/2018 21:53:44] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1138.82 Ko] - (4.5.8.0) - C:\Windows\System32\MaxxAudioAPO4064.dll
[MD5.CD896175B887ACCD27F789A2998D0774] - |A| - [07/11/2018 21:53:44] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1185.21 Ko] - (5.6.5.0) - C:\Windows\System32\MaxxAudioAPO5064.dll
[MD5.CBDFB5557D482AD114B501A3FE4541BF] - |A| - [07/11/2018 21:53:44] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1389.57 Ko] - (6.1.17.0) - C:\Windows\System32\MaxxAudioAPO6064.dll
[MD5.B48DE64266518A9CD20B826F595ED469] - |A| - [07/11/2018 21:53:44] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [2237.6 Ko] - (7.0.24.0) - C:\Windows\System32\MaxxAudioAPO7064.dll
[MD5.8DD9C5774067C9BE2D3A0E935D135420] - |A| - [07/11/2018 21:53:44] - (.Copyright (C) 2010-2013 - MaxxAudio APO Shell.) - [909.78 Ko] - (4.10.8.0) - C:\Windows\System32\MaxxAudioAPOShell64.dll
[MD5.811ADFEF0647CF13888082F76868C16D] - |A| - [07/11/2018 18:42:10] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [24031.52 Ko] - (4.5.4.0) - C:\Windows\System32\MaxxAudioCapture64.dll
[MD5.82244FEFCFEB8B4D7CBC8212A614AB5A] - |A| - [07/11/2018 21:53:44] - (.Copyright © 1996-2014 -.) - [2002.13 Ko] - (4.1.1.0) - C:\Windows\System32\MaxxAudioEQ64.dll
[MD5.1076EC14B45D3AC6E2A0194844C9EFDD] - |A| - [07/11/2018 21:53:44] - (.Copyright © 1996-2013 -.) - [13727.78 Ko] - (4.4.10.0) - C:\Windows\System32\MaxxAudioRealtek64.dll
[MD5.CBBF1E407F1157AFDDF90C48C19C4894] - |A| - [07/11/2018 18:42:11] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [23207.41 Ko] - (7.5.5.0) - C:\Windows\System32\MaxxAudioRender64.dll
[MD5.7347AD6DECABD5936EA7B65F9B3D8AAD] - |A| - [07/11/2018 18:42:11] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [23303.76 Ko] - (7.5.5.0) - C:\Windows\System32\MaxxAudioRenderAVX64.dll
[MD5.D5F1490A24F91E838C1ECBD601619D4F] - |A| - [07/11/2018 21:53:45] - (.© Waves Audio Ltd. - MaxxSpeech APO.) - [1303.1 Ko] - (1.1.4.0) - C:\Windows\System32\MaxxSpeechAPO64.dll
[MD5.CFE357DBB63E9B936E88253A2BA99326] - |A| - [07/11/2018 21:53:45] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [976.41 Ko] - (2.6.2.0) - C:\Windows\System32\MaxxVoiceAPO2064.dll
[MD5.B820ED6498F8246F8BB1D4496A80EA8D] - |A| - [07/11/2018 21:53:45] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12815.02 Ko] - (3.1.14.0) - C:\Windows\System32\MaxxVoiceAPO3064.dll
[MD5.76E6BD12233C8CD59524A2B5685D46BD] - |A| - [07/11/2018 21:53:45] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12683.92 Ko] - (4.0.19.0) - C:\Windows\System32\MaxxVoiceAPO4064.dll
[MD5.ADFBDA58D830421CBF456CAAED17BBAD] - |A| - [07/11/2018 21:53:45] - (.© Waves Audio Ltd. - MaxxVolumeSD APO.) - [661.78 Ko] - (3.6.0.0) - C:\Windows\System32\MaxxVolumeSDAPO.dll
[MD5.3DCF07F29FFC6A20F14E05C20D3621F7] - |A| - [15/03/2019 17:04:45] - (.-.) - [791.5 Ko] - (0.0.0.0) - C:\Windows\System32\MBR2GPT.EXE
[MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\Windows\System32\MediaSystemToastIcon.contrast-white.png
[MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\Windows\System32\MediaSystemToastIcon.png
[MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [12/04/2018 01:34:04] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\Windows\System32\MediumRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\System32\mi-NZ
[MD5.00000000000000000000000000000000] - |SD| - [17/08/2018 21:35:59] - [5.07 Ko] - C:\Windows\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5576.77 Ko] - C:\Windows\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [47367.95 Ko] - C:\Windows\System32\migwiz
[MD5.D225B2044789A6059344503C1AE33347] - |A| - [12/04/2018 01:34:29] - (.-.) - [3.11 Ko] - (0.0.0.0) - C:\Windows\System32\mmc.exe.config
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\System32\mn-MN
[MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\Windows\System32\MouseSystemToastIcon.contrast-white.png
[MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\Windows\System32\MouseSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\System32\mr-IN
[MD5.00000000000000000000000000000000] - |D| - [18/08/2018 00:37:42] - [0 Ko] - C:\Windows\System32\MRT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\System32\ms-MY
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45.5 Ko] - C:\Windows\System32\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4148.28 Ko] - C:\Windows\System32\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31 Ko] - C:\Windows\System32\mt-MT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [18.65 Ko] - C:\Windows\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [34.35 Ko] - C:\Windows\System32\my-mm
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [304 Ko] - C:\Windows\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [640 Ko] - C:\Windows\System32\NDF
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31.5 Ko] - C:\Windows\System32\ne-NP
[MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [12/04/2018 01:34:39] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [51 Ko] - C:\Windows\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [329 Ko] - C:\Windows\System32\nl-NL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\System32\nn-NO
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\System32\nso-ZA
[MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [3781.5 Ko] - C:\Windows\System32\Nui
[MD5.BED94E70C10EFF09AEF94D18CA7FF7F7] - |A| - [11/11/2018 15:40:26] - (.-.) - [7924.04 Ko] - (0.0.0.0) - C:\Windows\System32\nvcoproc.bin
[MD5.D2715E724478FAE559968916BD7DCADA] - |A| - [11/11/2018 15:38:56] - (.-.) - [47.27 Ko] - (0.0.0.0) - C:\Windows\System32\nvinfo.pb
[MD5.1F8E72D18D9DF680D0E0E5AA10ECA760] - |A| - [12/04/2018 01:38:28] - (.-.) - [16.94 Ko] - (0.0.0.0) - C:\Windows\System32\OEMDefaultAssociations.xml
[MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\Windows\System32\OkDone_80.contrast-black.png
[MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\Windows\System32\OkDone_80.contrast-white.png
[MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\Windows\System32\OkDone_80.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [14602.25 Ko] - C:\Windows\System32\oobe
[MD5.2AD7B4F3C8D2BB686D231EDFF404B7A4] - |A| - [18/08/2018 01:51:42] - (.Copyright (C) 2000-2006 - Standard OpenAL(TM) Implementation.) - [120.02 Ko] - (6.14.357.24) - C:\Windows\System32\OpenAL32.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:50] - [3834.5 Ko] - C:\Windows\System32\OpenSSH
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32.5 Ko] - C:\Windows\System32\or-IN
[MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [12/04/2018 01:34:04] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\Windows\System32\OutdoorAudioEnvironment.bin
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\System32\pa-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\System32\pa-IN
[MD5.874B0871DA3EC061D1BF30423C1E165B] - |A| - [12/04/2018 01:34:43] - (.-.) - [48.5 Ko] - (0.0.0.0) - C:\Windows\System32\PerceptionSimulationInput.exe
[MD5.934A0D307FD2284B29660C7BA69D04DB] - |A| - [12/04/2018 17:50:13] - (.-.) - [140.95 Ko] - (0.0.0.0) - C:\Windows\System32\perfc005.dat
[MD5.DFF4920A525DA46A65ECDE4E5F3FFD0F] - |A| - [12/04/2018 01:40:29] - (.-.) - [129.59 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat
[MD5.EB82767CF3CCF998165C5BE732693066] - |A| - [12/04/2018 17:50:13] - (.-.) - [37.87 Ko] - (0.0.0.0) - C:\Windows\System32\perfd005.dat
[MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [12/04/2018 01:40:29] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat
[MD5.57CF8B41D66D488CC969D522F28AFBED] - |A| - [12/04/2018 17:50:13] - (.-.) - [698.28 Ko] - (0.0.0.0) - C:\Windows\System32\perfh005.dat
[MD5.9A7A03BC554129AFC888963B8D537100] - |A| - [12/04/2018 01:40:29] - (.-.) - [683.36 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat
[MD5.C6A858536F7F69A285D3C5C24F7494DD] - |A| - [17/08/2018 21:44:46] - (.-.) - [1649.46 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI
[MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [12/04/2018 01:34:02] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\Windows\System32\PhoneSystemToastIcon.contrast-white.png
[MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\Windows\System32\PhoneSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [327.5 Ko] - C:\Windows\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [693 Ko] - C:\Windows\System32\PointOfService
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:10] - [969.35 Ko] - C:\Windows\System32\Printing_Admin_Scripts
[MD5.DE94C662452FA0EC42F68A2509C55F28] - |A| - [11/09/2015 05:06:36] - (.TODO: (c) <Company name>. - TODO: <File description>.) - [74.13 Ko] - (1.0.0.1) - C:\Windows\System32\PropPageExt.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\System32\ProximityToast
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\System32\prs-AF
[MD5.007893E8374C766471239EB291BA8C17] - |A| - [12/04/2018 01:34:40] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\Windows\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [329 Ko] - C:\Windows\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [325 Ko] - C:\Windows\System32\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32.5 Ko] - C:\Windows\System32\quc-Latn-GT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\System32\quz-PE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.75 Ko] - C:\Windows\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\System32\RasToast
[MD5.5BBEA6A833CAE2CAB5E400D757998BBF] - |A| - [18/08/2018 00:31:06] - (.-.) - [1907.5 Ko] - (1.0.1802.7001) - C:\Windows\System32\rdpnano.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1.09 Ko] - C:\Windows\System32\Recovery
[MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\Windows\System32\RemoteSystemToastIcon.contrast-white.png
[MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\Windows\System32\RemoteSystemToastIcon.png
[MD5.93915F385A4EED6C0FBEE364EA90CE56] - |A| - [12/04/2018 01:34:43] - (.-.) - [9.09 Ko] - (0.0.0.0) - C:\Windows\System32\ResPriHMImageList
[MD5.39A2449AFF6ABAD80B97EA7C7CEB3F8E] - |A| - [12/04/2018 01:34:43] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\Windows\System32\ResPriImageList
[MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\Windows\System32\RestartNowPower_80.contrast-black.png
[MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\Windows\System32\RestartNowPower_80.contrast-white.png
[MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\Windows\System32\RestartNowPower_80.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.07 Ko] - C:\Windows\System32\restore
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [252 Ko] - C:\Windows\System32\ro-RO
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [319.5 Ko] - C:\Windows\System32\ru-RU
[MD5.BA34CA469FE48B13922CD7A07A4A904A] - |A| - [01/10/2018 12:43:46] - (.-.) - [51.5 Ko] - (0.0.0.0) - C:\Windows\System32\runexehelper.exe
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\System32\rw-RW
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [12/04/2018 01:35:22] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml
[MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\Windows\System32\ScheduleTime_80.contrast-black.png
[MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\Windows\System32\ScheduleTime_80.contrast-white.png
[MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\Windows\System32\ScheduleTime_80.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\System32\sd-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6.92 Ko] - C:\Windows\System32\SecureBootUpdates
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [12/04/2018 01:34:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\System32\settings.dat
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2246 Ko] - C:\Windows\System32\ShellExperiences
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [53.2 Ko] - C:\Windows\System32\si-lk
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [252.5 Ko] - C:\Windows\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [249.5 Ko] - C:\Windows\System32\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [17/08/2018 21:36:00] - [201501.36 Ko] - C:\Windows\System32\SleepStudy
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:10] - [97.16 Ko] - C:\Windows\System32\slmgr
[MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [12/04/2018 01:34:04] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\Windows\System32\SmallRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [13385.02 Ko] - C:\Windows\System32\SMI
[MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\Windows\System32\Snooze_80.contrast-black.png
[MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\Windows\System32\Snooze_80.contrast-white.png
[MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\Windows\System32\Snooze_80.png
[MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\Windows\System32\SpeakersSystemToastIcon.contrast-white.png
[MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\Windows\System32\SpeakersSystemToastIcon.png
[MD5.3C238A27DD48D63F21CBB8AE6E4210BD] - |A| - [12/04/2018 01:34:41] - (.-.) - [37 Ko] - (0.0.0.0) - C:\Windows\System32\SpectrumSyncClient.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [7607.4 Ko] - C:\Windows\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [12221.57 Ko] - C:\Windows\System32\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44669.65 Ko] - C:\Windows\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5952.06 Ko] - C:\Windows\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.61 Ko] - C:\Windows\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\System32\sq-AL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\System32\sr-Cyrl-BA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\System32\sr-Cyrl-RS
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [251.5 Ko] - C:\Windows\System32\sr-Latn-RS
[MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [18/08/2018 00:30:20] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\Windows\System32\srms-apr.dat
[MD5.4FD560E994EDF0353835F3F9F506A62C] - |A| - [18/08/2018 00:30:16] - (.-.) - [57.15 Ko] - (0.0.0.0) - C:\Windows\System32\srms.dat
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [59160 Ko] - C:\Windows\System32\sru
[MD5.8A02EF186BDC952CA75EFA689EC4F275] - |A| - [12/04/2018 01:34:04] - (.-.) - [434 Ko] - (0.0.0.0) - C:\Windows\System32\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [311 Ko] - C:\Windows\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\System32\sw-KE
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [1410.25 Ko] - C:\Windows\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [930.28 Ko] - C:\Windows\System32\SystemResetPlatform
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44.73 Ko] - C:\Windows\System32\ta-in
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [10.73 Ko] - C:\Windows\System32\ta-lk
[MD5.9CD66B93520B6DD13C71EAEF487D7899] - |A| - [12/04/2018 01:34:16] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [49 Ko] - (3.3.2.0) - C:\Windows\System32\tar.exe
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [561.44 Ko] - C:\Windows\System32\Tasks
[MD5.A3C97023CE50955FC9E7081633368209] - |A| - [12/06/2019 19:29:26] - (.-.) - [1.28 Ko] - (0.0.0.0) - C:\Windows\System32\tcbres.wim
[MD5.D602CA245CC6774A0981B607F0675609] - |A| - [12/04/2018 01:34:33] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\System32\te-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32 Ko] - C:\Windows\System32\tg-Cyrl-TJ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [230 Ko] - C:\Windows\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [22.5 Ko] - C:\Windows\System32\ti-ET
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [27.5 Ko] - C:\Windows\System32\tk-TM
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32.5 Ko] - C:\Windows\System32\tn-ZA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [306.5 Ko] - C:\Windows\System32\tr-TR
[MD5.B88B8D017386A00D7724519F475317A0] - |A| - [12/04/2018 01:34:44] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\Windows\System32\TransformPPSToWlan.xslt
[MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [12/04/2018 01:34:44] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\Windows\System32\TransformPPSToWlanCredentials.xslt
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\System32\tt-RU
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28 Ko] - C:\Windows\System32\ug-CN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [246.5 Ko] - C:\Windows\System32\uk-UA
[MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [2716.43 Ko] - C:\Windows\System32\UNP
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\System32\ur-PK
[MD5.5B0D59652F66ABB715DC53C312B26BD0] - |A| - [12/04/2018 01:34:14] - (.-.) - [37 Ko] - (0.0.0.0) - C:\Windows\System32\UsbPmApi.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32 Ko] - C:\Windows\System32\uz-Latn-UZ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31.5 Ko] - C:\Windows\System32\vi-VN
[MD5.62E5411B06A0D66DABF79362EDAF6C50] - |A| - [11/09/2015 05:07:32] - (.(c) VIA Technologies, Inc. - ViaKaraoke APO.) - [1174.5 Ko] - (0.1.0.0) - C:\Windows\System32\ViaKaraokeApo.dll
[MD5.EF5267308844090EA030A54DF3B6D78E] - |A| - [11/09/2015 05:06:50] - (.(c)VIA Technologies,Inc. - VIA APO for MicArray Applications..) - [139.14 Ko] - (0.2.0.0) - C:\Windows\System32\ViaKaraokePropPageExt.dll
[MD5.DEFB8C7128DD1D58FA80F94A5FC92AC0] - |A| - [11/09/2015 05:06:52] - (.(c) VIA Technologies, Inc. - Service binary.) - [45.64 Ko] - (0.1.0.0) - C:\Windows\System32\ViakaraokeSrv.exe
[MD5.715D9E782AED90EE80E8D575290EB05D] - |A| - [11/09/2015 05:07:36] - (.(c)Copyright Reserved. VIA Technologies,Inc. - ViaMicArray APO.) - [1992.67 Ko] - (0.5.0.0) - C:\Windows\System32\ViaMicArrayAPO.dll
[MD5.8C51F8CB757539B45D218CBC6B4401D3] - |A| - [11/09/2015 05:06:52] - (.VIA Technologies,Inc. - VIA APO for MicArray Applications..) - [111.65 Ko] - (0.5.0.0) - C:\Windows\System32\ViaMicArrayPropPageExt.dll
[MD5.4D9B71AD5E7BB4D0C85BDCB3D34DCCE2] - |A| - [11/09/2015 05:06:56] - (.VIA Technologies, Inc. - VIA LFX/GFX DSP UI component.) - [3241.7 Ko] - (11.5.0.20) - C:\Windows\System32\VIAPropPageExt.dll
[MD5.AF12D7394C5270648C9C903E6804274C] - |A| - [11/09/2015 05:07:38] - (.Copyright (c) VIA Technologies, Inc. All Rights Reserved - VIA LFX/GFX DSP Component.) - [583.73 Ko] - (1.0.0.0) - C:\Windows\System32\VIASysFx.dll
[MD5.3B4EDABBACD35E15F87B6FAAB6F54FD0] - |A| - [11/09/2015 05:07:46] - (.Copyright (c) 2006-2013 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [2007.07 Ko] - (1.2.16.73) - C:\Windows\System32\VMAPO264.DLL
[MD5.8B75139C6732CE2B1FCEDC589209479C] - |A| - [11/09/2015 05:07:52] - (.Copyright (c) 2006-2011 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [893.18 Ko] - (1.0.54.0) - C:\Windows\System32\VMAPO64.DLL
[MD5.5F8F794F80E740ED30F275E2AE1F9C43] - |A| - [11/09/2015 05:07:52] - (.Copyright (c) 2006-2010 Creative Technology Ltd. - Creative Chaining Property Page Loader Module.) - [70.85 Ko] - (1.0.0.180) - C:\Windows\System32\VMPPCN64.DLL
[MD5.E7336DBE10CEEE637F16E382BC331790] - |A| - [11/09/2015 05:07:54] - (.Copyright (c) 2006-2011 Creative Technology Ltd. - Creative Property Page Loader Module.) - [74.92 Ko] - (1.0.54.0) - C:\Windows\System32\VMPPLD64.DLL
[MD5.33CABC7CB4AEBEDBD8A9B149FBEEA3A5] - |A| - [11/09/2015 05:07:58] - (.Copyright (c) 2006-2011 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [636.09 Ko] - (1.0.15.150) - C:\Windows\System32\VMTHX64.DLL
[MD5.59C917C53BB4058787D4A469C045DB76] - |A| - [11/09/2015 05:04:14] - (.Copyright (c) 2006-2010 Creative Technology Ltd. - Audio Processing Object Chaining Module.) - [412.02 Ko] - (1.0.0.270) - C:\Windows\System32\VMWRP64.DLL
[MD5.5D892A0D1588C8DFC7E93D8C42B11CD8] - |A| - [11/03/2015 11:47:34] - (.Copyright (C)2001 H.Mutsuki - Ogg Vorbis CODEC for MSACM.) - [1436.5 Ko] - (0.0.3.6) - C:\Windows\System32\vorbis.acm
[MD5.5450A69087D2F6955A253CB2BF86503C] - |A| - [09/12/2017 00:24:44] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [906.8 Ko] - (1.0.65.1) - C:\Windows\System32\vulkan-1-1-0-65-1.dll
[MD5.5450A69087D2F6955A253CB2BF86503C] - |A| - [11/11/2018 15:40:31] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [906.8 Ko] - (1.0.65.1) - C:\Windows\System32\vulkan-1.dll
[MD5.95253BF8F996BEA19BFA974F61277E87] - |A| - [09/12/2017 00:24:32] - (.-.) - [577.8 Ko] - (0.0.0.0) - C:\Windows\System32\vulkaninfo-1-1-0-65-1.exe
[MD5.95253BF8F996BEA19BFA974F61277E87] - |A| - [11/11/2018 15:40:31] - (.-.) - [577.8 Ko] - (0.0.0.0) - C:\Windows\System32\vulkaninfo.exe
[MD5.2A2446E35A9747E2CD9AF1552F876281] - |A| - [07/11/2018 21:53:48] - (.Copyright © 1996-2012 - General Library for Plug-Ins.) - [2061.13 Ko] - (4.4.5.0) - C:\Windows\System32\WavesGUILib64.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [98477.25 Ko] - C:\Windows\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:11] - [0 Ko] - C:\Windows\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [59646.94 Ko] - C:\Windows\System32\WDI
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [12/04/2018 01:34:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1.12 Ko] - C:\Windows\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44134.66 Ko] - C:\Windows\System32\WinBioPlugIns
[MD5.9FB33FC28587B322B6563F73A8F0CBBD] - |A| - [12/04/2018 01:34:10] - (.-.) - [123 Ko] - (0.0.0.0) - C:\Windows\System32\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [9809.51 Ko] - C:\Windows\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [204268 Ko] - C:\Windows\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5569.42 Ko] - C:\Windows\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:11] - [204.39 Ko] - C:\Windows\System32\winrm
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [27.5 Ko] - C:\Windows\System32\wo-SN
[MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [12/04/2018 01:34:42] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\Windows\System32\wpcmon.png
[MD5.A853BF78DA5ED707FC4430FBEA74CC15] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\Windows\System32\wpr.config.xml
[MD5.549347BCD4AACD63243D78E8F869DBB1] - |A| - [18/08/2018 01:51:42] - (.Copyright © 2008 - OpenAL32.) - [455.52 Ko] - (2.2.0.5) - C:\Windows\System32\wrap_oal.dll
[MD5.DE198ABE13B6E663E60E006E17CF68B1] - |A| - [12/04/2018 01:34:06] - (.-.) - [79.5 Ko] - (0.0.0.0) - C:\Windows\System32\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\System32\xh-ZA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\System32\yo-NG
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [233.49 Ko] - C:\Windows\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [197.5 Ko] - C:\Windows\System32\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\System32\zu-ZA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:11] - [0 Ko] - C:\Windows\SysWOW64\0409
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 01:34:49] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\@AudioToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 01:34:48] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\@EnrollmentToastIcon.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 01:34:59] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\@VpnToastIcon.png
[MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 01:34:49] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\@WirelessDisplayToast.png
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:41] - [1900.9 Ko] - C:\Windows\SysWOW64\AdvancedInstallers
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\SysWOW64\af-ZA
[MD5.00000000000000000000000000000000] - |SHD| - [29/04/2019 21:09:19] - [0 Ko] - C:\Windows\SysWOW64\AI_RecycleBin
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [22 Ko] - C:\Windows\SysWOW64\am-ET
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [250 Ko] - C:\Windows\SysWOW64\ar-SA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\SysWOW64\as-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\SysWOW64\az-Latn-AZ
[MD5.69BC2386DFA5E79BCDD1079B59CCA1C4] - |A| - [26/01/2017 09:26:38] - (.-.) - [69.48 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\bdmjpeg.dll
[MD5.9B3C54A9C49CA00F5A9DA7C7F84A57F9] - |A| - [26/01/2017 09:26:48] - (.-.) - [69.51 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\bdmpega.acm
[MD5.90476773F98F4AE0A3CB013F4D21650B] - |A| - [26/01/2017 09:26:44] - (.-.) - [69.51 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\bdmpegv.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\SysWOW64\be-BY
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [235 Ko] - C:\Windows\SysWOW64\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\SysWOW64\bn-BD
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\SysWOW64\bn-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\SysWOW64\bs-Latn-BA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.1 Ko] - C:\Windows\SysWOW64\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\SysWOW64\ca-ES
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31 Ko] - C:\Windows\SysWOW64\ca-ES-valencia
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [23 Ko] - C:\Windows\SysWOW64\chr-CHER-US
[MD5.25778195E7E52EAC46AE711099A38FBE] - |N| - [13/09/2018 12:04:51] - (.© C-Media Inc. - C-Media ASIO DLL.) - [26 Ko] - (7.0.12.713) - C:\Windows\SysWOW64\CMUACWOASIO.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [325.5 Ko] - C:\Windows\SysWOW64\com
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1334.56 Ko] - C:\Windows\SysWOW64\config
[MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [83.04 Ko] - C:\Windows\SysWOW64\Configuration
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:11] - [3121.5 Ko] - C:\Windows\SysWOW64\cs
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [28829.49 Ko] - C:\Windows\SysWOW64\cs-CZ
[MD5.20037F9EABBE6CE83844EAFA1D5E6B12] - |A| - [01/10/2018 19:49:56] - (.©Conexant Systems Inc. - Conexant APO.) - [1493.45 Ko] - (1.74.0.0) - C:\Windows\SysWOW64\CX32APO.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31.5 Ko] - C:\Windows\SysWOW64\cy-GB
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [291.5 Ko] - C:\Windows\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [332.5 Ko] - C:\Windows\SysWOW64\de-DE
[MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 01:34:46] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\DefaultAccountTile.png
[MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [205 Ko] - C:\Windows\SysWOW64\DiagSvcs
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [7774.13 Ko] - C:\Windows\SysWOW64\Dism
[MD5.1E91815C329345AD54FE08BF7A98F749] - |A| - [12/04/2018 17:50:48] - (.Copyright (C) 2017 - Gracenote SDK component.) - [4073.5 Ko] - (3.10.5.5585) - C:\Windows\SysWOW64\gnsdk_fp.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\SysWOW64\gu-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\SysWOW64\ha-Latn-NG
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [236.5 Ko] - C:\Windows\SysWOW64\he-IL
[MD5.B4242227EAA6B910E3D0B985816DB2E7] - |A| - [12/04/2018 01:34:45] - (.-.) - [218 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\HeatCore.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\SysWOW64\hi-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [227.5 Ko] - C:\Windows\SysWOW64\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [300 Ko] - C:\Windows\SysWOW64\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [27.5 Ko] - C:\Windows\SysWOW64\hy-AM
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [36.27 Ko] - C:\Windows\SysWOW64\icsxml
[MD5.17F5D3282D520EB2EA7C488AA6C57438] - |RA| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1594 Ko] - (59.1.0.0) - C:\Windows\SysWOW64\icuin.dll
[MD5.A456E020684366A0DB0714ABFB1B5A2A] - |RA| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1134 Ko] - (59.1.0.0) - C:\Windows\SysWOW64\icuuc.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\SysWOW64\id-ID
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [27 Ko] - C:\Windows\SysWOW64\ig-NG
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [20757.55 Ko] - C:\Windows\SysWOW64\IME
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\inetsrv
[MD5.9DDE110E76DD3D7FAA7282361069528E] - |A| - [12/04/2018 01:34:47] - (.-.) - [355.66 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [215.5 Ko] - C:\Windows\SysWOW64\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1160 Ko] - C:\Windows\SysWOW64\InstallShield
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\SysWOW64\is-IS
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [319 Ko] - C:\Windows\SysWOW64\it-IT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [223 Ko] - C:\Windows\SysWOW64\ja-JP
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\SysWOW64\ka-GE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\SysWOW64\kk-KZ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28 Ko] - C:\Windows\SysWOW64\km-KH
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31.5 Ko] - C:\Windows\SysWOW64\kn-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [220 Ko] - C:\Windows\SysWOW64\ko-KR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\SysWOW64\kok-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\SysWOW64\ku-Arab-IQ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\SysWOW64\ky-KG
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [33 Ko] - C:\Windows\SysWOW64\lb-LU
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [559.86 Ko] - C:\Windows\SysWOW64\Licenses
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [27 Ko] - C:\Windows\SysWOW64\lo-LA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [224 Ko] - C:\Windows\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [225.5 Ko] - C:\Windows\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44485.05 Ko] - C:\Windows\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32.68 Ko] - C:\Windows\SysWOW64\MailContactsCalendarSync
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\SysWOW64\mi-NZ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2990.92 Ko] - C:\Windows\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [827.4 Ko] - C:\Windows\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\SysWOW64\mk-MK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32.5 Ko] - C:\Windows\SysWOW64\ml-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\SysWOW64\mn-MN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\SysWOW64\mr-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\SysWOW64\ms-MY
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45.5 Ko] - C:\Windows\SysWOW64\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [52.28 Ko] - C:\Windows\SysWOW64\Msdtc
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31 Ko] - C:\Windows\SysWOW64\mt-MT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [18.65 Ko] - C:\Windows\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [284.5 Ko] - C:\Windows\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31.5 Ko] - C:\Windows\SysWOW64\ne-NP
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [51 Ko] - C:\Windows\SysWOW64\networklist
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [307 Ko] - C:\Windows\SysWOW64\nl-NL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\SysWOW64\nn-NO
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\SysWOW64\nso-ZA
[MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [3781.5 Ko] - C:\Windows\SysWOW64\Nui
[MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [12/04/2018 01:34:02] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\OneDrive.ico
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [688.69 Ko] - C:\Windows\SysWOW64\oobe
[MD5.235355A8DD26903E75D5E812ECF50E53] - |A| - [18/08/2018 01:51:42] - (.Copyright (C) 2000-2006 - Standard OpenAL(TM) Implementation.) - [106.52 Ko] - (6.14.357.24) - C:\Windows\SysWOW64\OpenAL32.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32.5 Ko] - C:\Windows\SysWOW64\or-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\SysWOW64\pa-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\SysWOW64\pa-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [305 Ko] - C:\Windows\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:12] - [969.53 Ko] - C:\Windows\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\SysWOW64\prs-AF
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [307.5 Ko] - C:\Windows\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [303 Ko] - C:\Windows\SysWOW64\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32.5 Ko] - C:\Windows\SysWOW64\quc-Latn-GT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\SysWOW64\quz-PE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.75 Ko] - C:\Windows\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\RasToast
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.82 Ko] - C:\Windows\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\restore
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [231 Ko] - C:\Windows\SysWOW64\ro-RO
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [298.5 Ko] - C:\Windows\SysWOW64\ru-RU
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\SysWOW64\rw-RW
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\SysWOW64\sd-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\SysWOW64\si-LK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [230 Ko] - C:\Windows\SysWOW64\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [228.5 Ko] - C:\Windows\SysWOW64\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:12] - [97.16 Ko] - C:\Windows\SysWOW64\slmgr
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\SMI
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4169.4 Ko] - C:\Windows\SysWOW64\Speech
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [8940.65 Ko] - C:\Windows\SysWOW64\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1309.47 Ko] - C:\Windows\SysWOW64\spp
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.61 Ko] - C:\Windows\SysWOW64\sppui
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30.5 Ko] - C:\Windows\SysWOW64\sq-AL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\SysWOW64\sr-Cyrl-BA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\SysWOW64\sr-Cyrl-RS
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [231 Ko] - C:\Windows\SysWOW64\sr-Latn-RS
[MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [18/08/2018 00:30:20] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\srms-apr.dat
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\sru
[MD5.DC2DB04CA829CAD7910CE71263F68C90] - |A| - [12/04/2018 01:34:45] - (.-.) - [321.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [291 Ko] - C:\Windows\SysWOW64\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29 Ko] - C:\Windows\SysWOW64\sw-KE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:12] - [0 Ko] - C:\Windows\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [34 Ko] - C:\Windows\SysWOW64\ta-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\Windows\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\SysWOW64\te-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32 Ko] - C:\Windows\SysWOW64\tg-Cyrl-TJ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [211 Ko] - C:\Windows\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [22.5 Ko] - C:\Windows\SysWOW64\ti-ET
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [27.5 Ko] - C:\Windows\SysWOW64\tk-TM
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32.5 Ko] - C:\Windows\SysWOW64\tn-ZA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [286.5 Ko] - C:\Windows\SysWOW64\tr-TR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28.5 Ko] - C:\Windows\SysWOW64\tt-RU
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [28 Ko] - C:\Windows\SysWOW64\ug-CN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [226 Ko] - C:\Windows\SysWOW64\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\SysWOW64\ur-PK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [32 Ko] - C:\Windows\SysWOW64\uz-Latn-UZ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [31.5 Ko] - C:\Windows\SysWOW64\vi-VN
[MD5.9033DAF3277F0498BC86C8D4566C25CE] - |A| - [11/03/2015 11:47:34] - (.Copyright (C)2001 H.Mutsuki - Ogg Vorbis CODEC for MSACM.) - [1518.5 Ko] - (0.0.3.6) - C:\Windows\SysWOW64\vorbis.acm
[MD5.ECAD282D3035068CFB021D159C91B514] - |A| - [09/12/2017 00:25:12] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [779.8 Ko] - (1.0.65.1) - C:\Windows\SysWOW64\vulkan-1-1-0-65-1.dll
[MD5.ECAD282D3035068CFB021D159C91B514] - |A| - [11/11/2018 15:40:31] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [779.8 Ko] - (1.0.65.1) - C:\Windows\SysWOW64\vulkan-1.dll
[MD5.35065D5FFEFB6886F77AA6A7E5DF901B] - |A| - [09/12/2017 00:25:00] - (.-.) - [479.3 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\vulkaninfo-1-1-0-65-1.exe
[MD5.35065D5FFEFB6886F77AA6A7E5DF901B] - |A| - [11/11/2018 15:40:31] - (.-.) - [479.3 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\vulkaninfo.exe
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [18634.04 Ko] - C:\Windows\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:12] - [0 Ko] - C:\Windows\SysWOW64\WCN
[MD5.F8A04B2ADF9693ADF0D70B966CA4498E] - |A| - [12/04/2018 01:34:45] - (.-.) - [109 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [8976.68 Ko] - C:\Windows\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5569.41 Ko] - C:\Windows\SysWOW64\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:50:12] - [204.39 Ko] - C:\Windows\SysWOW64\winrm
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [27.5 Ko] - C:\Windows\SysWOW64\wo-SN
[MD5.D494267BC169604FAC5E3679B9A97FED] - |A| - [18/08/2018 01:51:42] - (.Copyright © 2008 - OpenAL32.) - [434.52 Ko] - (2.2.0.5) - C:\Windows\SysWOW64\wrap_oal.dll
[MD5.62236256C14EBAB96F24E4F1D7049CA8] - |A| - [12/04/2018 01:34:45] - (.-.) - [54.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\SysWOW64\xh-ZA
[MD5.00000000000000000000000000000000] - |D| - [03/10/2018 14:53:35] - [10.16 Ko] - C:\Windows\SysWOW64\XPSViewer
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [29.5 Ko] - C:\Windows\SysWOW64\yo-NG
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [192 Ko] - C:\Windows\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [186.5 Ko] - C:\Windows\SysWOW64\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:51:45] - [30 Ko] - C:\Windows\SysWOW64\zu-ZA

---------- | [Administrator]

[16/03/2019 16:02:28] - |RD| - [298] - C:\Users\Administrator\3D Objects
[16/03/2019 16:02:25] - |HD| - [407409832] - C:\Users\Administrator\AppData
[16/03/2019 16:02:28] - |RD| - [412] - C:\Users\Administrator\Contacts
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\Data aplikací
[16/03/2019 16:02:25] - |RD| - [1699] - C:\Users\Administrator\Desktop
[16/03/2019 16:02:25] - |RD| - [402] - C:\Users\Administrator\Documents
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\Dokumenty
[16/03/2019 16:02:25] - |RD| - [282] - C:\Users\Administrator\Downloads
[16/03/2019 16:02:25] - |RD| - [482] - C:\Users\Administrator\Favorites
[16/03/2019 16:02:25] - |RD| - [2017] - C:\Users\Administrator\Links
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\Local Settings
[16/03/2019 16:41:12] - |HD| - [0] - C:\Users\Administrator\MicrosoftEdgeBackups
[16/03/2019 16:02:25] - |RD| - [504] - C:\Users\Administrator\Music
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\Nabídka Start
[16/03/2019 16:02:25] - |AH| - [1310720] - C:\Users\Administrator\NTUSER.DAT
[10/04/2019 19:03:36] - |AH| - [1024] - C:\Users\Administrator\NTUSER.DAT.LOG
[16/03/2019 16:02:25] - |ASH| - [0] - C:\Users\Administrator\ntuser.dat.LOG1
[16/03/2019 16:02:25] - |ASH| - [352256] - C:\Users\Administrator\ntuser.dat.LOG2
[16/03/2019 16:02:25] - |ASH| - [65536] - C:\Users\Administrator\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf
[16/03/2019 16:02:25] - |ASH| - [524288] - C:\Users\Administrator\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms
[16/03/2019 16:02:25] - |ASH| - [524288] - C:\Users\Administrator\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms
[16/03/2019 16:02:25] - |SH| - [20] - C:\Users\Administrator\ntuser.ini
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\Okolní síť
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\Okolní tiskárny
[16/03/2019 16:03:30] - |RD| - [104] - C:\Users\Administrator\OneDrive
[16/03/2019 16:02:25] - |RD| - [884] - C:\Users\Administrator\Pictures
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\Poslední
[16/03/2019 16:02:25] - |RD| - [282] - C:\Users\Administrator\Saved Games
[16/03/2019 16:02:28] - |RD| - [1875] - C:\Users\Administrator\Searches
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\SendTo
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\Soubory cookie
[16/03/2019 16:02:25] - |RD| - [694] - C:\Users\Administrator\Videos
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\Šablony
[16/03/2019 16:02:25] - |D| - [299285070] - C:\Users\Administrator\AppData\Local
[16/03/2019 16:02:25] - |D| - [107065193] - C:\Users\Administrator\AppData\LocalLow
[16/03/2019 16:02:25] - |D| - [1059569] - C:\Users\Administrator\AppData\Roaming
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\AppData\Local\Data aplikací
[16/03/2019 16:33:14] - |D| - [55] - C:\Users\Administrator\AppData\Local\Eraser 6
[16/03/2019 16:02:29] - |D| - [0] - C:\Users\Administrator\AppData\Local\Google
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\AppData\Local\History
[16/03/2019 21:42:29] - |AH| - [41499] - C:\Users\Administrator\AppData\Local\IconCache.db
[16/03/2019 16:02:29] - |D| - [235676] - C:\Users\Administrator\AppData\Local\mbamtray
[16/03/2019 16:02:25] - |D| - [202364693] - C:\Users\Administrator\AppData\Local\Microsoft
[16/03/2019 16:02:51] - |D| - [72267] - C:\Users\Administrator\AppData\Local\MicrosoftEdge
[16/03/2019 16:02:27] - |D| - [96570880] - C:\Users\Administrator\AppData\Local\Packages
[22/04/2019 22:29:02] - |D| - [0] - C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder
[16/03/2019 16:02:37] - |D| - [0] - C:\Users\Administrator\AppData\Local\Publishers
[16/03/2019 16:02:25] - |D| - [0] - C:\Users\Administrator\AppData\Local\Temp
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\AppData\Local\Temporary Internet Files
[16/03/2019 16:03:03] - |SD| - [35614] - C:\Users\Administrator\AppData\LocalLow\Microsoft
[22/04/2019 22:33:18] - |D| - [15371] - C:\Users\Administrator\AppData\LocalLow\Sun
[23/04/2019 00:00:15] - |D| - [107014208] - C:\Users\Administrator\AppData\LocalLow\Wizards Of The Coast
[16/03/2019 16:02:27] - |D| - [0] - C:\Users\Administrator\AppData\Roaming\Adobe
[16/03/2019 16:03:17] - |D| - [172674] - C:\Users\Administrator\AppData\Roaming\IObit
[16/03/2019 16:02:25] - |SD| - [381050] - C:\Users\Administrator\AppData\Roaming\Microsoft
[22/04/2019 23:07:06] - |D| - [505845] - C:\Users\Administrator\AppData\Roaming\Notepad++
[22/04/2019 22:33:18] - |D| - [0] - C:\Users\Administrator\AppData\Roaming\Sun
[16/03/2019 16:02:28] - |SH| - [174] - C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[16/03/2019 16:02:25] - |RD| - [21230] - C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[16/03/2019 16:02:25] - |SHD| - [0] - C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
[16/03/2019 16:02:25] - |RD| - [3888] - C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[16/03/2019 16:02:25] - |RD| - [2925] - C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[16/03/2019 16:02:28] - |RD| - [174] - C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[16/03/2019 16:02:25] - |SH| - [264] - C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[16/03/2019 16:02:25] - |D| - [170] - C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[16/03/2019 16:02:25] - |A| - [2385] - C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[16/03/2019 16:02:28] - |RD| - [174] - C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[16/03/2019 16:02:25] - |RD| - [3496] - C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[16/03/2019 16:02:25] - |RD| - [7754] - C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[16/03/2019 16:02:28] - |SH| - [174] - C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [Administrátor]

[29/04/2019 20:31:59] - |D| - [2420] - C:\Users\Administrátor\.android
[17/08/2018 21:46:23] - |RD| - [298] - C:\Users\Administrátor\3D Objects
[17/08/2018 21:43:31] - |HD| - [2624093470] - C:\Users\Administrátor\AppData
[17/08/2018 21:46:23] - |RD| - [412] - C:\Users\Administrátor\Contacts
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\Data aplikací
[17/08/2018 21:43:31] - |RD| - [40496131014] - C:\Users\Administrátor\Desktop
[17/08/2018 21:43:31] - |RD| - [788974130] - C:\Users\Administrátor\Documents
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\Dokumenty
[17/08/2018 21:43:31] - |RD| - [173943391733] - C:\Users\Administrátor\Downloads
[17/08/2018 21:43:31] - |RD| - [690] - C:\Users\Administrátor\Favorites
[17/08/2018 21:43:31] - |RD| - [3490] - C:\Users\Administrátor\Links
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\Local Settings
[17/08/2018 21:46:40] - |HD| - [0] - C:\Users\Administrátor\MicrosoftEdgeBackups
[17/08/2018 21:43:31] - |RD| - [504] - C:\Users\Administrátor\Music
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\Nabídka Start
[17/08/2018 21:43:31] - |AH| - [3145728] - C:\Users\Administrátor\NTUSER.DAT
[10/04/2019 19:03:36] - |AH| - [1024] - C:\Users\Administrátor\NTUSER.DAT.LOG
[17/08/2018 21:43:31] - |ASH| - [888832] - C:\Users\Administrátor\ntuser.dat.LOG1
[17/08/2018 21:43:31] - |ASH| - [868352] - C:\Users\Administrátor\ntuser.dat.LOG2
[17/08/2018 21:43:31] - |ASH| - [65536] - C:\Users\Administrátor\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf
[17/08/2018 21:43:31] - |ASH| - [524288] - C:\Users\Administrátor\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms
[17/08/2018 21:43:31] - |ASH| - [524288] - C:\Users\Administrátor\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms
[17/08/2018 21:43:31] - |SH| - [20] - C:\Users\Administrátor\ntuser.ini
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\Okolní síť
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\Okolní tiskárny
[17/08/2018 21:48:09] - |RD| - [104] - C:\Users\Administrátor\OneDrive
[17/08/2018 21:43:31] - |RD| - [12300551] - C:\Users\Administrátor\Pictures
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\Poslední
[17/08/2018 21:43:31] - |RD| - [1831252570] - C:\Users\Administrátor\Saved Games
[17/08/2018 21:46:23] - |RD| - [1879] - C:\Users\Administrátor\Searches
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\SendTo
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\Soubory cookie
[28/06/2019 17:57:47] - |D| - [0] - C:\Users\Administrátor\source
[17/08/2018 21:43:31] - |RD| - [694] - C:\Users\Administrátor\Videos
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\Šablony
[17/08/2018 21:43:31] - |D| - [1782248825] - C:\Users\Administrátor\AppData\Local
[17/08/2018 21:43:31] - |D| - [425234440] - C:\Users\Administrátor\AppData\LocalLow
[17/08/2018 21:43:31] - |D| - [416610205] - C:\Users\Administrátor\AppData\Roaming
[29/04/2019 21:09:20] - |D| - [0] - C:\Users\Administrátor\AppData\Local\Caphyon
[28/01/2019 00:23:46] - |D| - [0] - C:\Users\Administrátor\AppData\Local\CEF
[04/10/2018 21:37:41] - |D| - [22044672] - C:\Users\Administrátor\AppData\Local\Comms
[03/10/2018 21:02:10] - |D| - [81619833] - C:\Users\Administrátor\AppData\Local\Comodo
[17/08/2018 21:46:22] - |D| - [26701929] - C:\Users\Administrátor\AppData\Local\ConnectedDevicesPlatform
[12/09/2018 12:44:52] - |D| - [182614552] - C:\Users\Administrátor\AppData\Local\CrashDumps
[18/08/2018 17:02:48] - |D| - [137032] - C:\Users\Administrátor\AppData\Local\D3DSCache
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\AppData\Local\Data aplikací
[18/08/2018 00:37:41] - |D| - [0] - C:\Users\Administrátor\AppData\Local\DBG
[06/06/2019 01:54:12] - |A| - [3584] - C:\Users\Administrátor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[18/08/2018 19:27:00] - |D| - [0] - C:\Users\Administrátor\AppData\Local\Diagnostics
[06/03/2019 00:12:49] - |D| - [10973] - C:\Users\Administrátor\AppData\Local\DOSBox
[20/04/2019 23:27:14] - |D| - [10125924] - C:\Users\Administrátor\AppData\Local\Downloaded Installations
[30/09/2018 12:57:29] - |D| - [75276] - C:\Users\Administrátor\AppData\Local\ElevatedDiagnostics
[17/09/2018 22:47:37] - |D| - [0] - C:\Users\Administrátor\AppData\Local\enchant
[07/03/2019 01:37:02] - |D| - [48775497] - C:\Users\Administrátor\AppData\Local\Eraser 6
[17/09/2018 22:38:50] - |D| - [1178148] - C:\Users\Administrátor\AppData\Local\fontconfig
[31/08/2018 22:20:35] - |D| - [4788] - C:\Users\Administrátor\AppData\Local\Frontier Developments
[23/09/2018 19:19:58] - |D| - [0] - C:\Users\Administrátor\AppData\Local\GHISLER
[18/08/2018 01:12:24] - |D| - [153627142] - C:\Users\Administrátor\AppData\Local\Google
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\AppData\Local\History
[03/03/2019 23:28:48] - |D| - [5786] - C:\Users\Administrátor\AppData\Local\IsolatedStorage
[12/09/2018 05:33:20] - |D| - [776360] - C:\Users\Administrátor\AppData\Local\mbam
[08/10/2018 12:38:55] - |D| - [235676] - C:\Users\Administrátor\AppData\Local\mbamtray
[30/12/2018 03:21:57] - |D| - [398120] - C:\Users\Administrátor\AppData\Local\Mega Limited
[30/12/2018 03:21:47] - |D| - [67789080] - C:\Users\Administrátor\AppData\Local\MEGAsync
[03/10/2018 15:08:56] - |D| - [12818089] - C:\Users\Administrátor\AppData\Local\Meltytech
[17/08/2018 21:43:31] - |D| - [323249121] - C:\Users\Administrátor\AppData\Local\Microsoft
[17/08/2018 21:46:32] - |D| - [70882] - C:\Users\Administrátor\AppData\Local\MicrosoftEdge
[18/08/2018 17:03:21] - |D| - [2485248] - C:\Users\Administrátor\AppData\Local\Native Instruments
[28/01/2019 00:23:35] - |D| - [173708] - C:\Users\Administrátor\AppData\Local\NVIDIA
[30/12/2018 04:03:20] - |D| - [0] - C:\Users\Administrátor\AppData\Local\Opera Software
[17/08/2018 21:46:22] - |D| - [647489585] - C:\Users\Administrátor\AppData\Local\Packages
[17/08/2018 21:47:48] - |D| - [3573] - C:\Users\Administrátor\AppData\Local\PlaceholderTileLogoFolder
[28/01/2019 00:19:51] - |D| - [8398683] - C:\Users\Administrátor\AppData\Local\PokerStars.NET
[18/08/2018 01:35:59] - |D| - [0] - C:\Users\Administrátor\AppData\Local\Programs
[17/08/2018 21:46:28] - |D| - [0] - C:\Users\Administrátor\AppData\Local\Publishers
[04/03/2019 01:52:34] - |A| - [218] - C:\Users\Administrátor\AppData\Local\recently-used.xbel
[28/06/2019 17:51:19] - |D| - [32] - C:\Users\Administrátor\AppData\Local\ServiceHub
[18/08/2018 00:04:32] - |D| - [1880] - C:\Users\Administrátor\AppData\Local\speech
[17/08/2018 21:43:31] - |D| - [171453747] - C:\Users\Administrátor\AppData\Local\Temp
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\AppData\Local\Temporary Internet Files
[31/08/2018 17:51:53] - |D| - [153203] - C:\Users\Administrátor\AppData\Local\Ubisoft
[17/08/2018 21:46:22] - |D| - [19816244] - C:\Users\Administrátor\AppData\Local\VirtualStore
[28/05/2019 17:29:45] - |D| - [151126] - C:\Users\Administrátor\AppData\LocalLow\Adobe
[18/08/2018 01:36:29] - |D| - [331] - C:\Users\Administrátor\AppData\LocalLow\IObit
[17/08/2018 21:47:02] - |SD| - [7252486] - C:\Users\Administrátor\AppData\LocalLow\Microsoft
[22/08/2018 22:32:09] - |D| - [676] - C:\Users\Administrátor\AppData\LocalLow\Perun Creative
[18/08/2018 00:59:46] - |D| - [15382] - C:\Users\Administrátor\AppData\LocalLow\Sun
[22/04/2019 00:26:30] - |D| - [417814439] - C:\Users\Administrátor\AppData\LocalLow\Wizards Of The Coast
[17/08/2018 21:46:22] - |D| - [50310] - C:\Users\Administrátor\AppData\Roaming\Adobe
[29/04/2019 21:08:47] - |D| - [1041408] - C:\Users\Administrátor\AppData\Roaming\Antonio de la Iglesia
[29/04/2019 21:09:19] - |D| - [1465] - C:\Users\Administrátor\AppData\Roaming\APKTOW10M
[28/06/2019 17:21:47] - |D| - [0] - C:\Users\Administrátor\AppData\Roaming\Ashampoo
[20/11/2018 14:30:50] - |D| - [452] - C:\Users\Administrátor\AppData\Roaming\Bandicam Company
[11/09/2018 22:44:56] - |D| - [9659] - C:\Users\Administrátor\AppData\Roaming\Curiolab
[31/08/2018 17:44:03] - |D| - [0] - C:\Users\Administrátor\AppData\Roaming\DAEMON Tools Lite
[18/08/2018 16:41:17] - |D| - [0] - C:\Users\Administrátor\AppData\Roaming\Daichi
[01/10/2018 01:49:04] - |D| - [441] - C:\Users\Administrátor\AppData\Roaming\DataWorks
[31/08/2018 22:20:35] - |D| - [0] - C:\Users\Administrátor\AppData\Roaming\Frontier Developments
[23/09/2018 19:19:30] - |D| - [815] - C:\Users\Administrátor\AppData\Roaming\GHISLER
[18/08/2018 14:44:48] - |D| - [2752370] - C:\Users\Administrátor\AppData\Roaming\Image-Line
[28/12/2018 14:28:24] - |D| - [30578] - C:\Users\Administrátor\AppData\Roaming\ImgBurn
[17/09/2018 22:38:40] - |D| - [25005] - C:\Users\Administrátor\AppData\Roaming\inkscape
[31/08/2018 17:49:07] - |D| - [0] - C:\Users\Administrátor\AppData\Roaming\InstallShield
[18/08/2018 01:36:05] - |D| - [304867277] - C:\Users\Administrátor\AppData\Roaming\IObit
[07/09/2018 10:00:02] - |D| - [2538] - C:\Users\Administrátor\AppData\Roaming\IrfanView
[18/08/2018 16:28:05] - |D| - [349965] - C:\Users\Administrátor\AppData\Roaming\iZotope
[03/10/2018 10:50:49] - |D| - [187] - C:\Users\Administrátor\AppData\Roaming\KMP
[03/10/2018 14:33:41] - |D| - [970] - C:\Users\Administrátor\AppData\Roaming\Machete Lite
[13/12/2018 00:38:22] - |D| - [1024] - C:\Users\Administrátor\AppData\Roaming\Macromedia
[22/04/2019 21:23:42] - |D| - [4648] - C:\Users\Administrátor\AppData\Roaming\Mael Horz
[17/08/2018 21:43:31] - |SD| - [1628939] - C:\Users\Administrátor\AppData\Roaming\Microsoft
[19/04/2019 19:23:39] - |D| - [2474089] - C:\Users\Administrátor\AppData\Roaming\Notepad++
[24/02/2019 22:00:56] - |D| - [11741990] - C:\Users\Administrátor\AppData\Roaming\NVIDIA
[19/06/2019 13:50:33] - |D| - [1295523] - C:\Users\Administrátor\AppData\Roaming\OpenOffice
[30/12/2018 04:02:55] - |D| - [0] - C:\Users\Administrátor\AppData\Roaming\Opera Software
[28/12/2018 13:59:59] - |D| - [236] - C:\Users\Administrátor\AppData\Roaming\PowerISO
[18/08/2018 00:59:46] - |D| - [0] - C:\Users\Administrátor\AppData\Roaming\Sun
[28/06/2019 17:51:18] - |D| - [5637024] - C:\Users\Administrátor\AppData\Roaming\Visual Studio Setup
[08/09/2018 11:31:57] - |D| - [83796793] - C:\Users\Administrátor\AppData\Roaming\vlc
[28/06/2019 17:51:19] - |D| - [66] - C:\Users\Administrátor\AppData\Roaming\vstelemetry
[28/06/2019 17:51:15] - |D| - [0] - C:\Users\Administrátor\AppData\Roaming\vs_installershell
[18/08/2018 14:57:14] - |D| - [12] - C:\Users\Administrátor\AppData\Roaming\WinRAR
[17/08/2018 21:46:23] - |SH| - [174] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[17/08/2018 21:43:31] - |RD| - [81061] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[17/08/2018 21:43:31] - |SHD| - [0] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
[17/08/2018 21:43:31] - |RD| - [3888] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[17/08/2018 21:43:31] - |RD| - [2929] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[17/08/2018 21:46:23] - |RD| - [174] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[18/08/2018 14:45:51] - |D| - [4477] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[18/08/2018 15:27:01] - |D| - [1330] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dada Life
[17/08/2018 21:43:31] - |SH| - [372] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[03/10/2018 14:09:18] - |D| - [0] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[18/08/2018 14:44:47] - |D| - [8634] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[17/09/2018 22:38:02] - |A| - [883] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[18/08/2018 15:03:44] - |D| - [2603] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iZotope
[17/08/2018 21:43:31] - |D| - [170] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[30/12/2018 03:21:50] - |D| - [4570] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
[18/08/2018 15:01:45] - |D| - [20723] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments
[17/08/2018 21:43:31] - |A| - [2391] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[17/08/2018 21:46:23] - |RD| - [174] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[17/08/2018 21:43:31] - |RD| - [3496] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[23/09/2018 19:19:31] - |D| - [2174] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
[12/11/2018 22:54:25] - |D| - [2370] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\u-he
[20/11/2018 22:51:02] - |D| - [7324] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[17/08/2018 21:43:31] - |RD| - [7754] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[18/08/2018 14:56:24] - |D| - [4625] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[17/08/2018 21:46:23] - |SH| - [174] - C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [Public]

[17/08/2018 21:46:23] - |RHD| - [196] - C:\Users\Public\AccountPictures
[12/04/2018 01:38:20] - |RHD| - [27546] - C:\Users\Public\Desktop
[12/04/2018 01:38:24] - |ASH| - [174] - C:\Users\Public\desktop.ini
[12/04/2018 01:38:20] - |RD| - [278] - C:\Users\Public\Documents
[12/04/2018 01:38:20] - |RD| - [174] - C:\Users\Public\Downloads
[12/04/2018 01:38:20] - |RHD| - [1174] - C:\Users\Public\Libraries
[12/04/2018 01:38:20] - |RD| - [380] - C:\Users\Public\Music
[18/08/2018 01:03:10] - |A| - [8192] - C:\Users\Public\ntuser.dat
[10/04/2019 19:03:36] - |AH| - [1024] - C:\Users\Public\NTUSER.DAT.LOG
[18/08/2018 01:03:10] - |ASH| - [8192] - C:\Users\Public\ntuser.dat.LOG1
[18/08/2018 01:03:10] - |ASH| - [0] - C:\Users\Public\ntuser.dat.LOG2
[18/08/2018 01:03:10] - |ASH| - [65536] - C:\Users\Public\ntuser.dat{09c920ac-a255-11e8-9333-00252281e08d}.TM.blf
[18/08/2018 01:03:10] - |ASH| - [524288] - C:\Users\Public\ntuser.dat{09c920ac-a255-11e8-9333-00252281e08d}.TMContainer00000000000000000001.regtrans-ms
[18/08/2018 01:03:10] - |ASH| - [524288] - C:\Users\Public\ntuser.dat{09c920ac-a255-11e8-9333-00252281e08d}.TMContainer00000000000000000002.regtrans-ms
[12/04/2018 01:38:20] - |RD| - [1263209] - C:\Users\Public\Pictures
[31/08/2018 18:00:51] - |D| - [5827903] - C:\Users\Public\Ubisoft
[12/04/2018 01:38:20] - |RD| - [380] - C:\Users\Public\Videos

---------- | C:\ProgramData

[28/05/2019 17:28:51] - |D| - [422789217] - C:\ProgramData\Adobe
[28/06/2019 17:21:06] - |D| - [786701] - C:\ProgramData\Ashampoo
[30/09/2018 15:10:20] - |D| - [19808] - C:\ProgramData\Audyssey Labs
[28/12/2018 13:57:40] - |D| - [9776] - C:\ProgramData\AVAST Software
[18/08/2018 15:48:21] - |D| - [500668] - C:\ProgramData\Camel Audio
[31/08/2018 17:40:40] - |D| - [1468] - C:\ProgramData\DAEMON Tools Lite
[17/08/2018 21:38:05] - |SHD| - [0] - C:\ProgramData\Data aplikací
[17/08/2018 21:38:05] - |SHD| - [0] - C:\ProgramData\Dokumenty
[30/09/2018 15:10:26] - |AH| - [0] - C:\ProgramData\DP45977C.lfl
[14/02/2019 22:58:17] - |D| - [706140] - C:\ProgramData\GOG.com
[26/04/2019 15:50:43] - |D| - [0] - C:\ProgramData\HTC
[31/08/2018 17:49:07] - |D| - [132] - C:\ProgramData\InstallShield
[18/08/2018 01:36:15] - |D| - [20903744] - C:\ProgramData\IObit
[17/08/2018 21:53:00] - |D| - [1019781742] - C:\ProgramData\Kaspersky Lab
[17/08/2018 21:51:06] - |D| - [0] - C:\ProgramData\Kaspersky Lab Setup Files
[26/03/2019 12:41:01] - |RASHD| - [1024] - C:\ProgramData\Key-Base
[26/04/2019 15:50:43] - |D| - [0] - C:\ProgramData\LGE
[12/09/2018 05:32:54] - |D| - [138092564] - C:\ProgramData\Malwarebytes
[28/12/2018 13:57:28] - |D| - [0] - C:\ProgramData\McAfee
[12/04/2018 01:38:20] - |SD| - [2421998616] - C:\ProgramData\Microsoft
[17/08/2018 21:47:46] - |D| - [0] - C:\ProgramData\Microsoft OneDrive
[28/06/2019 17:50:36] - |D| - [1092] - C:\ProgramData\Microsoft Visual Studio
[17/08/2018 21:38:05] - |SHD| - [0] - C:\ProgramData\Nabídka Start
[18/08/2018 01:03:10] - |A| - [8192] - C:\ProgramData\ntuser.dat
[18/08/2018 01:03:10] - |ASH| - [8192] - C:\ProgramData\ntuser.dat.LOG1
[18/08/2018 01:03:10] - |ASH| - [0] - C:\ProgramData\ntuser.dat.LOG2
[18/08/2018 01:03:10] - |ASH| - [65536] - C:\ProgramData\ntuser.dat{09c920a2-a255-11e8-9333-00252281e08d}.TM.blf
[18/08/2018 01:03:10] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{09c920a2-a255-11e8-9333-00252281e08d}.TMContainer00000000000000000001.regtrans-ms
[18/08/2018 01:03:10] - |ASH| - [524288] - C:\ProgramData\ntuser.dat{09c920a2-a255-11e8-9333-00252281e08d}.TMContainer00000000000000000002.regtrans-ms
[18/12/2018 19:49:55] - |RASH| - [8] - C:\ProgramData\ntuser.pol
[11/11/2018 15:40:18] - |D| - [2502463] - C:\ProgramData\NVIDIA
[11/11/2018 15:38:33] - |D| - [3068730] - C:\ProgramData\NVIDIA Corporation
[18/08/2018 00:59:25] - |D| - [70997662] - C:\ProgramData\Oracle
[18/08/2018 01:52:38] - |D| - [149273793] - C:\ProgramData\Package Cache
[20/08/2018 23:12:50] - |D| - [1015808] - C:\ProgramData\Packages
[14/10/2018 12:50:39] - |D| - [485] - C:\ProgramData\Planet Coaster
[17/08/2018 21:38:05] - |SHD| - [0] - C:\ProgramData\Plocha
[29/06/2019 09:59:13] - |D| - [104] - C:\ProgramData\ProductData
[12/04/2018 01:38:20] - |D| - [2073] - C:\ProgramData\regid.1991-06.com.microsoft
[11/09/2018 23:03:13] - |D| - [475130] - C:\ProgramData\RogueKiller
[12/04/2018 01:38:20] - |D| - [0] - C:\ProgramData\SoftwareDistribution
[12/04/2018 01:38:20] - |D| - [13980] - C:\ProgramData\USOPrivate
[17/08/2018 21:40:04] - |D| - [8470528] - C:\ProgramData\USOShared
[12/04/2018 17:52:15] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices
[26/03/2019 12:41:01] - |D| - [0] - C:\ProgramData\{FA7D5C51-6ACA-0558-7668-96BA089C68BD}
[17/08/2018 21:38:05] - |SHD| - [0] - C:\ProgramData\Šablony

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[12/04/2018 01:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[12/04/2018 01:38:20] - |RD| - [192090] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[17/08/2018 21:38:05] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programy
[27/02/2019 22:28:21] - |A| - [1128] - C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[28/06/2019 17:33:08] - |D| - [1557] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[12/04/2018 01:38:20] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[12/04/2018 01:38:20] - |RD| - [13063] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[28/05/2019 17:29:29] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[12/04/2018 01:38:20] - |RD| - [21770] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[28/06/2019 17:21:20] - |D| - [1404] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[20/11/2018 14:30:40] - |D| - [3286] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
[18/08/2018 15:48:21] - |D| - [4076] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camel Audio
[03/03/2019 23:33:42] - |D| - [963] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[18/08/2018 00:45:47] - |D| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[12/04/2018 01:38:24] - |ASH| - [400] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[01/10/2018 02:11:55] - |D| - [2817] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 5
[05/03/2019 16:32:26] - |A| - [1828] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
[09/07/2019 00:57:11] - |D| - [2714] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
[18/08/2018 01:12:50] - |A| - [2301] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[20/08/2018 23:01:14] - |D| - [871] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
[22/04/2019 21:23:39] - |D| - [3379] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
[18/08/2018 14:44:47] - |D| - [3913] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[28/12/2018 14:25:34] - |D| - [5922] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[28/12/2018 14:25:34] - |A| - [1950] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[12/04/2018 01:35:21] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[18/08/2018 18:31:07] - |D| - [2750] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[18/08/2018 18:31:07] - |A| - [1428] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
[07/09/2018 10:00:10] - |D| - [8979] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[28/12/2018 15:18:10] - |D| - [6980] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
[18/08/2018 00:59:40] - |D| - [6758] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[17/09/2018 23:59:23] - |D| - [5186] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Free
[12/04/2018 01:38:20] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[08/07/2019 13:26:11] - |D| - [3896] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[22/04/2019 00:20:05] - |D| - [1415] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTG Arena
[19/04/2019 19:23:40] - |A| - [1104] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
[11/11/2018 15:42:09] - |D| - [4994] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[14/10/2018 12:48:56] - |D| - [2005] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Planet Coaster
[28/12/2018 13:57:27] - |D| - [7109] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[18/08/2018 14:58:18] - |D| - [4088] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prosoniq Ambisone VST 2.02
[18/08/2018 14:58:29] - |D| - [4043] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prosoniq Dynasone VST 2.02
[18/08/2018 14:58:05] - |D| - [4129] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prosoniq OrangeVocoder VST 2.02
[18/08/2018 14:58:40] - |D| - [3975] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prosoniq PiWarp VST 2.02
[18/08/2018 14:59:31] - |D| - [4124] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prosoniq Roomulator VST 2.02
[18/08/2018 14:59:41] - |D| - [4088] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prosoniq VoxCiter VST 2.02
[14/02/2019 22:58:16] - |D| - [2646] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rain World [GOG.com]
[04/03/2019 03:10:27] - |D| - [3382] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[12/04/2018 01:38:20] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
[12/04/2018 01:38:20] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[11/11/2018 15:33:52] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIA
[08/09/2018 11:31:39] - |D| - [5850] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[28/06/2019 17:56:31] - |D| - [2099] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019
[28/06/2019 17:56:07] - |A| - [1499] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019.lnk
[28/06/2019 17:51:23] - |A| - [1359] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
[18/08/2018 15:53:50] - |D| - [4364] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxengo
[26/04/2019 15:50:44] - |A| - [2759] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Device Recovery Tool.lnk
[20/04/2019 21:58:16] - |D| - [3051] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.0
[18/08/2018 14:56:24] - |D| - [4553] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[12/04/2018 01:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files (x86)

[28/05/2019 17:29:18] - |D| - [371702206] - C:\Program Files (x86)\Adobe
[28/06/2019 17:21:05] - |D| - [131044400] - C:\Program Files (x86)\Ashampoo
[18/08/2018 14:45:51] - |D| - [573777] - C:\Program Files (x86)\ASIO4ALL v2
[20/11/2018 14:30:35] - |D| - [48356741] - C:\Program Files (x86)\Bandicam
[20/11/2018 14:30:34] - |D| - [9130326] - C:\Program Files (x86)\BandiMPEG1
[18/08/2018 15:48:21] - |D| - [131557] - C:\Program Files (x86)\Camel Audio
[12/04/2018 01:38:20] - |D| - [264565175] - C:\Program Files (x86)\Common Files
[18/08/2018 19:41:42] - |D| - [160013915] - C:\Program Files (x86)\Comodo
[18/08/2018 19:28:43] - |D| - [0] - C:\Program Files (x86)\DAE
[12/04/2018 01:38:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[18/08/2018 01:12:26] - |D| - [480703556] - C:\Program Files (x86)\Google
[18/08/2018 14:39:09] - |D| - [8552609070] - C:\Program Files (x86)\Image-Line
[28/12/2018 14:25:34] - |D| - [3153590] - C:\Program Files (x86)\ImgBurn
[13/09/2018 12:05:10] - |HD| - [10556049] - C:\Program Files (x86)\InstallShield Installation Information
[12/04/2018 01:38:20] - |D| - [2004463] - C:\Program Files (x86)\Internet Explorer
[18/08/2018 01:36:25] - |D| - [78904514] - C:\Program Files (x86)\IObit
[18/08/2018 15:04:14] - |D| - [108457017] - C:\Program Files (x86)\iZotope
[18/08/2018 00:59:23] - |D| - [183067966] - C:\Program Files (x86)\Java
[17/09/2018 23:59:01] - |D| - [333728366] - C:\Program Files (x86)\Kaspersky Lab
[26/04/2019 15:50:43] - |D| - [78224862] - C:\Program Files (x86)\Microsoft Care Suite
[20/04/2019 17:32:35] - |D| - [228602213] - C:\Program Files (x86)\Microsoft SDKs
[28/06/2019 17:51:09] - |D| - [660508106] - C:\Program Files (x86)\Microsoft Visual Studio
[18/08/2018 01:51:30] - |D| - [6076507] - C:\Program Files (x86)\Microsoft XNA
[12/04/2018 01:38:20] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET
[03/10/2018 14:53:32] - |D| - [2015806] - C:\Program Files (x86)\MSBuild
[18/08/2018 15:01:07] - |D| - [253734310] - C:\Program Files (x86)\Native Instruments
[19/04/2019 19:23:39] - |D| - [10195036] - C:\Program Files (x86)\Notepad++
[11/11/2018 15:40:11] - |D| - [35228100] - C:\Program Files (x86)\NVIDIA Corporation
[18/08/2018 01:51:42] - |D| - [809496] - C:\Program Files (x86)\OpenAL
[03/10/2018 14:53:32] - |D| - [200932037] - C:\Program Files (x86)\Reference Assemblies
[07/11/2018 21:27:33] - |D| - [0] - C:\Program Files (x86)\ShiningMorning
[28/12/2018 15:18:09] - |D| - [13924233] - C:\Program Files (x86)\Smart Projects
[18/08/2018 15:03:44] - |D| - [216992265] - C:\Program Files (x86)\Steinberg
[30/09/2018 13:56:39] - |HD| - [0] - C:\Program Files (x86)\Temp
[09/11/2018 10:59:05] - |D| - [63043064] - C:\Program Files (x86)\u-he
[01/10/2018 00:37:15] - |D| - [3077865] - C:\Program Files (x86)\VIA
[20/11/2018 22:50:59] - |D| - [11654144] - C:\Program Files (x86)\VirtualDJ
[18/08/2018 14:45:07] - |D| - [38881053] - C:\Program Files (x86)\VstPlugins
[11/11/2018 15:40:31] - |D| - [1735394] - C:\Program Files (x86)\VulkanRT
[12/04/2018 01:38:20] - |D| - [1822328] - C:\Program Files (x86)\Windows Defender
[17/12/2018 23:49:04] - |D| - [4433858] - C:\Program Files (x86)\Windows Kits
[12/04/2018 01:38:20] - |D| - [625664] - C:\Program Files (x86)\Windows Mail
[12/04/2018 17:50:52] - |D| - [3323847] - C:\Program Files (x86)\Windows Media Player
[12/04/2018 01:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Multimedia Platform
[12/04/2018 01:38:20] - |D| - [7604568] - C:\Program Files (x86)\windows nt
[20/04/2019 21:58:16] - |D| - [58653462] - C:\Program Files (x86)\Windows Phone Kits
[12/04/2018 01:38:20] - |D| - [5409544] - C:\Program Files (x86)\Windows Photo Viewer
[12/04/2018 01:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Portable Devices
[12/04/2018 01:38:20] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[12/04/2018 01:38:20] - |D| - [2247115] - C:\Program Files (x86)\WindowsPowerShell
[22/04/2019 00:20:05] - |D| - [4336218343] - C:\Program Files (x86)\Wizards of the Coast

---------- | C:\Program Files

[28/06/2019 17:33:08] - |D| - [5204927] - C:\Program Files\7-Zip
[18/08/2018 15:48:32] - |D| - [131420] - C:\Program Files\Camel Audio
[03/03/2019 23:33:40] - |D| - [41242400] - C:\Program Files\CCleaner
[12/04/2018 01:38:20] - |D| - [209407278] - C:\Program Files\Common Files
[31/08/2018 17:44:02] - |D| - [23830127] - C:\Program Files\DAEMON Tools Lite
[12/04/2018 01:38:23] - |ASH| - [174] - C:\Program Files\desktop.ini
[17/12/2018 23:49:07] - |D| - [707464] - C:\Program Files\DIFX
[05/03/2019 16:32:26] - |D| - [6520522] - C:\Program Files\Eraser
[11/09/2018 22:44:33] - |D| - [18507298] - C:\Program Files\Exterminate It!
[24/02/2019 22:16:47] - |D| - [19274378] - C:\Program Files\Exterminate It!64
[20/08/2018 23:01:14] - |D| - [4977481] - C:\Program Files\HWiNFO64
[22/04/2019 21:23:38] - |D| - [8150288] - C:\Program Files\HxD
[18/08/2018 14:44:47] - |D| - [6320083] - C:\Program Files\Image-Line
[17/09/2018 22:37:29] - |D| - [216321405] - C:\Program Files\Inkscape
[12/04/2018 01:38:20] - |D| - [2636282] - C:\Program Files\internet explorer
[07/09/2018 10:00:02] - |D| - [6796083] - C:\Program Files\IrfanView
[03/10/2018 10:50:23] - |D| - [124545727] - C:\Program Files\KMPlayer 64X
[12/09/2018 05:32:54] - |D| - [170759844] - C:\Program Files\Malwarebytes
[28/12/2018 13:57:31] - |D| - [0] - C:\Program Files\McAfee
[03/10/2018 14:53:32] - |D| - [25757] - C:\Program Files\MSBuild
[11/11/2018 15:35:54] - |D| - [669768550] - C:\Program Files\NVIDIA Corporation
[14/10/2018 12:46:06] - |D| - [7562610738] - C:\Program Files\Planet Coaster
[22/12/2018 01:26:23] - |D| - [13369755] - C:\Program Files\PowerISO
[04/03/2019 03:10:26] - |D| - [10449456] - C:\Program Files\Recuva
[03/10/2018 14:53:32] - |D| - [36741289] - C:\Program Files\Reference Assemblies
[16/11/2018 20:05:08] - |D| - [37131921] - C:\Program Files\rempl
[12/11/2018 22:54:51] - |D| - [21594359] - C:\Program Files\Steinberg
[17/08/2018 21:36:16] - |HD| - [0] - C:\Program Files\Uninstall Information
[19/06/2019 15:14:38] - |D| - [5795426] - C:\Program Files\UNP
[11/11/2018 15:44:08] - |D| - [2929872] - C:\Program Files\VIA
[08/09/2018 11:31:27] - |D| - [172381388] - C:\Program Files\VideoLAN
[18/08/2018 15:53:49] - |D| - [2193232] - C:\Program Files\Voxengo
[18/08/2018 15:48:32] - |D| - [54478395] - C:\Program Files\VSTPlugins
[12/04/2018 01:38:20] - |RD| - [19590831] - C:\Program Files\Windows Defender
[12/04/2018 01:38:20] - |D| - [635392] - C:\Program Files\Windows Mail
[12/04/2018 17:50:52] - |D| - [4890091] - C:\Program Files\Windows Media Player
[12/04/2018 01:38:20] - |D| - [46576] - C:\Program Files\Windows Multimedia Platform
[12/04/2018 01:38:20] - |D| - [7871320] - C:\Program Files\windows nt
[12/04/2018 01:38:20] - |D| - [6209800] - C:\Program Files\Windows Photo Viewer
[12/04/2018 01:38:20] - |D| - [46576] - C:\Program Files\Windows Portable Devices
[12/04/2018 01:38:20] - |D| - [106165] - C:\Program Files\Windows Security
[12/04/2018 01:38:20] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[12/04/2018 01:38:20] - |HD| - [2472088797] - C:\Program Files\WindowsApps
[12/04/2018 01:38:20] - |D| - [2495349] - C:\Program Files\WindowsPowerShell
[18/08/2018 14:56:13] - |D| - [8671566] - C:\Program Files\WinRAR
[27/02/2019 22:28:11] - |D| - [7146655] - C:\Program Files\WinRAR57

---------- | C:\Program Files (x86)\Common Files

[28/05/2019 17:29:18] - |D| - [23846438] - C:\Program Files (x86)\Common Files\Adobe
[18/08/2018 18:03:56] - |D| - [86585344] - C:\Program Files (x86)\Common Files\Digidesign
[31/08/2018 17:45:52] - |D| - [5571484] - C:\Program Files (x86)\Common Files\InstallShield
[18/08/2018 18:31:09] - |D| - [0] - C:\Program Files (x86)\Common Files\IObit
[07/11/2018 15:05:17] - |D| - [1973744] - C:\Program Files (x86)\Common Files\Java
[17/12/2018 23:48:47] - |D| - [6419917] - C:\Program Files (x86)\Common Files\Microsoft
[12/04/2018 01:38:20] - |D| - [25505554] - C:\Program Files (x86)\Common Files\microsoft shared
[18/08/2018 18:03:57] - |D| - [6230053] - C:\Program Files (x86)\Common Files\Native Instruments
[07/11/2018 15:05:28] - |D| - [1370320] - C:\Program Files (x86)\Common Files\Oracle
[18/08/2018 14:45:06] - |D| - [1435256] - C:\Program Files (x86)\Common Files\Propellerhead Software
[12/04/2018 01:38:20] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[18/08/2018 15:53:49] - |D| - [7028432] - C:\Program Files (x86)\Common Files\Steinberg
[12/04/2018 01:38:20] - |D| - [9798539] - C:\Program Files (x86)\Common Files\system
[18/08/2018 15:03:56] - |D| - [88797392] - C:\Program Files (x86)\Common Files\VST3

---------- | C:\Program Files\Common files

[17/08/2018 21:53:36] - |D| - [1885243] - C:\Program Files\Common files\AV
[18/08/2018 15:53:50] - |D| - [8072216] - C:\Program Files\Common files\Avid
[18/08/2018 17:13:28] - |D| - [0] - C:\Program Files\Common files\Digidesign
[12/04/2018 01:38:20] - |D| - [53586602] - C:\Program Files\Common files\microsoft shared
[18/08/2018 14:45:06] - |D| - [2193016] - C:\Program Files\Common files\Propellerhead Software
[12/04/2018 01:38:20] - |D| - [2702] - C:\Program Files\Common files\Services
[18/08/2018 15:53:49] - |D| - [8003280] - C:\Program Files\Common files\Steinberg
[12/04/2018 01:38:20] - |D| - [10504075] - C:\Program Files\Common files\system
[18/08/2018 14:45:07] - |D| - [7070720] - C:\Program Files\Common files\VST2
[18/08/2018 15:04:02] - |D| - [118089424] - C:\Program Files\Common files\VST3

---------- | Tasks

[MD5.D343CDB9AD8119D02785F0082470B78F] - [09/07/2019 18:09:34] - |A| - [214] - C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
[MD5.00000000000000000000000000000000] - [28/12/2018 16:18:53] - |D| - [0] - C:\Windows\Tasks\ImCleanDisabled
[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [17/08/2018 21:36:09] - |AH| - [6] - C:\Windows\Tasks\SA.DAT
[MD5.B1C1535057B8BDF0E4B26EDB1AAE67BF] - [09/07/2019 00:55:29] - |A| - [326] - C:\Windows\Tasks\Uninstaller_SkipUac_Administrátor.job
[MD5.D0CE7C7D2539A6D869363194EF47C685] - [28/05/2019 17:29:39] - |A| - [4562] - C:\Windows\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[MD5.A41A625BB99BB8A55661B01BCE1EAE5F] - [19/08/2018 19:52:24] - |A| - [4682] - C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier : C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_pepper.exe
[MD5.C4943990B7936CEBED220EFA5E39069A] - [05/12/2018 20:34:47] - |A| - [4506] - C:\Windows\System32\Tasks\Adobe Flash Player Updater : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
[MD5.432B80398C7C804B1A73AB127578C724] - [01/10/2018 00:37:01] - |A| - [3304] - C:\Windows\System32\Tasks\ASUS Patch for VIA Audio : C:\Windows\system32\AsPatchViaAudio.exe
[MD5.00000000000000000000000000000000] - [28/12/2018 16:15:29] - |D| - [0] - C:\Windows\System32\Tasks\Avast Software
[MD5.48EA8E3823856A869FF16950FA1B023F] - [03/03/2019 23:33:42] - |A| - [4210] - C:\Windows\System32\Tasks\CCleaner Update : C:\Program Files\CCleaner\CCUpdate.exe
[MD5.B860C669485ED321823AAC61FF700B57] - [03/03/2019 23:33:43] - |A| - [2904] - C:\Windows\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe"
[MD5.B482E945267DA166012C0B4759D44FBF] - [21/04/2019 18:43:40] - |A| - [3672] - C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask : c:\windows\explorer.exe
[MD5.E9B427C976DD7606EC2C1708EFF3D3D0] - [18/08/2018 01:12:29] - |A| - [3348] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.5BE83553A0CDD707FB346CEC8068E063] - [18/08/2018 01:12:29] - |A| - [3472] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] - [30/12/2018 03:21:57] - |D| - [3844] - C:\Windows\System32\Tasks\MEGA
[MD5.00000000000000000000000000000000] - [12/04/2018 01:38:21] - |D| - [527074] - C:\Windows\System32\Tasks\Microsoft
[MD5.E2A63F3C32E13D2CE65C484865E3A570] - [17/08/2018 21:48:58] - |A| - [3396] - C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3472240800-3569865723-1055443696-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.2D01BA3DE58644D13FFEA75A529144CA] - [22/04/2019 22:28:30] - |A| - [3394] - C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3472240800-3569865723-1055443696-500 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.EDD0A894CC09952AE8A5A39C031F1085] - [09/07/2019 00:55:29] - |A| - [2544] - C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrátor : C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
[MD5.00000000000000000000000000000000] - [12/04/2018 01:38:21] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"WirelessDisplay-Infra-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|[email protected],-10206|[email protected],-10207|[email protected],-100|
"WirelessDisplay-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|[email protected],-10204|[email protected],-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|[email protected],-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|[email protected],-10202|[email protected],-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|[email protected],-100|TTK2_22=WFDDisplay|
"WirelessDisplay-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|[email protected],-10200|[email protected],-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|[email protected],-100|TTK2_22=WFDDisplay|
"Netlogon-TCP-RPC-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|[email protected],-1008|[email protected],-1009|[email protected],-1010|
"Netlogon-NamedPipe-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|[email protected],-1003|[email protected],-1006|[email protected],-1010|
"DeliveryOptimization-UDP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|[email protected]%systemroot%\system32\dosvc.dll,-103|[email protected]%systemroot%\system32\dosvc.dll,-104|[email protected]%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"DeliveryOptimization-TCP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|[email protected]%systemroot%\system32\dosvc.dll,-102|[email protected]%systemroot%\system32\dosvc.dll,-104|[email protected]%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"WiFiDirect-KM-Driver-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|[email protected],-37381|[email protected],-37893|[email protected],-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-In-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|[email protected],-37380|[email protected],-37892|[email protected],-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|[email protected],-37379|[email protected],-37891|[email protected],-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|[email protected],-37378|[email protected],-37890|[email protected],-36865|TTK2_27=WFDKmDriver|
"TCP Query User{E96235E5-EDCE-415F-8632-AD4985C9F6B0}C:\program files (x86)\google\chrome\application\chrome.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\google\chrome\application\chrome.exe|Name=Google Chrome|Desc=Google Chrome|Defer=User|
"UDP Query User{DA595FDE-2607-4729-BC55-C1461DB32C17}C:\program files (x86)\google\chrome\application\chrome.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\google\chrome\application\chrome.exe|Name=Google Chrome|Desc=Google Chrome|Defer=User|





---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1169ec26-0cff-41fb-8d18-1d0ec75d68b0}] : (WMZUNEUSBSER) [] -> @oem23.inf,%DeviceClass%;Windows Phone USB Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2EA9B43F-3045-43B5-80F2-FD06C55FBB90}] : (vhdmp) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs)
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{78A1C341-4539-11D3-B88D-00C04FAD5171}] : (mfesapsn) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[29/04/2019 11:39:50] - (2.1.12.0) - (AO Kaspersky Lab - Kaspersky Lab Anti-Rootkit Monitor) - C:\Windows\System32\Drivers\klupd_klif_arkmon.sys
[27/01/2018 11:10:16] - (5.2.6.0) - (AO Kaspersky Lab - Cryptographic Module Driver x64 (56 bit)) - C:\Windows\system32\DRIVERS\cm_km.sys
[27/12/2017 10:10:46] - (15.1.206.0) - (AO Kaspersky Lab - Backup Disk Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klbackupdisk.sys
[29/04/2019 15:45:17] - (11.1.12.0) - (AO Kaspersky Lab - Kaspersky Lab Boot Guard Driver) - C:\Windows\System32\Drivers\klupd_klif_klbg.sys
[17/09/2018 23:58:52] - (20.0.122.61) - (AO Kaspersky Lab - klhk [fre_win7_x64]) - C:\Windows\System32\drivers\klhk.sys
[02/02/2018 03:45:32] - (15.1.205.0) - (AO Kaspersky Lab - Backup File Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klbackupflt.sys
[17/09/2018 23:58:52] - (15.1.242.0) - (AO Kaspersky Lab - Filter Core [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klflt.sys
[17/09/2018 23:58:52] - (15.1.242.0) - (AO Kaspersky Lab - Core System Interceptors [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klif.sys
[30/05/2017 18:51:40] - (15.1.203.0) - (AO Kaspersky Lab - Format Recognizer [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klpd.sys
[17/02/2018 02:50:40] - (15.1.211.0) - (AO Kaspersky Lab - WFP Network Connection Filter Driver [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klwtp.sys
[12/02/2018 04:17:16] - (15.1.203.0) - (AO Kaspersky Lab - Packet Network Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klim6.sys
[28/12/2018 13:57:26] - (6.9.0.0) - (Power Software Ltd - PowerISO Virtual Drive) - C:\Windows\System32\Drivers\SCDEmu.SYS
[24/02/2018 05:17:48] - (15.1.215.0) - (AO Kaspersky Lab - Network Processor [fre_win8_x64]) - C:\Windows\system32\DRIVERS\kneps.sys
[16/05/2018 21:05:18] - (16.2.207.0) - (AO Kaspersky Lab - Virtual Disk [fre_win8_x64]) - C:\Windows\system32\DRIVERS\kldisk.sys
[18/08/2018 01:36:29] - (8.98.0.0) - (REALiX(tm) - HWiNFO AMD64 Kernel Driver) - C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
[20/08/2018 23:01:24] - (10.11.0.0) - (REALiX(tm) - HWiNFO AMD64 Kernel Driver) - C:\Windows\system32\drivers\HWiNFO64A.SYS
[11/11/2018 15:38:56] - (23.21.13.9135) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 391.35) - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvlddmkm.sys
[31/08/2018 17:44:03] - (5.24.0.0) - (Disc Soft Ltd - DAEMON Tools Lite Virtual SCSI Bus Driver) - C:\Windows\System32\drivers\dtlitescsibus.sys
[17/07/2015 18:26:01] - (7.0.12.713) - (C-Media Inc. - C-Media USB Audio Class Driver) - C:\Windows\system32\DRIVERS\CMUACWO.sys
[15/01/2018 05:13:30] - (15.1.204.0) - (AO Kaspersky Lab - Keyboard Device Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klkbdflt.sys
[11/12/2017 11:49:16] - (15.1.202.0) - (AO Kaspersky Lab - Mouse Device Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klmouflt.sys
[22/03/2019 18:12:08] - (0.0.0.47) - (AO Kaspersky Lab - Kernel heuristics engine) - C:\Windows\System32\Drivers\klupd_klif_kimul.sys
[29/04/2019 11:39:50] - (6.1.12.0) - (AO Kaspersky Lab - Kaspersky Lab Anti-Rootkit Engine) - C:\Windows\System32\Drivers\klupd_klif_mark.sys
[18/08/2018 18:31:07] - (1.0.0.20) - (IObit - IUProcessFilter) - C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys
[18/08/2018 18:31:07] - (1.0.0.20) - (IObit - IURegistryFilter) - C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys
[29/04/2019 15:46:18] - (4.1.12.0) - (AO Kaspersky Lab - Kaspersky Lab Anti-Rootkit) - C:\Windows\System32\Drivers\klupd_klif_klark.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - amdide64 () -> System32\drivers\amdide64.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - cm_km (AO Kaspersky Lab Cryptographic Module x64 (56 bit)) -> system32\DRIVERS\cm_km.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) -> System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - ItSas35i () -> System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - klbackupdisk (Kaspersky Lab klbackupdisk) -> system32\DRIVERS\klbackupdisk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - klelam (klelam) -> system32\DRIVERS\klelam.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - klupd_klif_arkmon (klupd_klif_arkmon) -> System32\Drivers\klupd_klif_arkmon.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - klupd_klif_klbg () -> System32\Drivers\klupd_klif_klbg.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - MbamElam (MbamElam) -> system32\DRIVERS\MbamElam.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas35i () -> System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) -> system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - afunix (afunix) -> \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - HWiNFO (HWiNFO Kernel Driver) -> \??\C:\Windows\system32\drivers\HWiNFO64A.SYS - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - HWiNFO32 (HWiNFO32/64 Kernel Driver) -> \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - klbackupflt (Kaspersky Lab klbackupflt) -> system32\DRIVERS\klbackupflt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - kldisk (kldisk) -> \SystemRoot\system32\DRIVERS\kldisk.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - KLHK (@oem24.inf,%klhkDisplayName%;Kaspersky Lab service driver) -> \SystemRoot\System32\drivers\klhk.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - KLIF (Kaspersky Lab Driver) -> system32\DRIVERS\klif.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - klim6 (@oem7.inf,%KLIM6_Desc%;Kaspersky Anti-Virus NDIS 6 Filter) -> \SystemRoot\system32\DRIVERS\klim6.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - klpd (Kaspersky Lab format recognizer driver) -> system32\DRIVERS\klpd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - klwtp (KLwtp - WFP callout traffic inspector) -> \SystemRoot\system32\DRIVERS\klwtp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - kneps (kneps) -> \SystemRoot\system32\DRIVERS\kneps.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - SCDEmu () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)


---------- | Uninstall (Whitelist)

[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\HWiNFO64_is1] : (HWiNFO64 Version 5.86.-.Martin Malík - REALiX) -> "C:\Program Files\HWiNFO64\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Voxengo SPAN_is1] : (Voxengo SPAN.-.Voxengo) -> "C:\Program Files\Voxengo\Voxengo SPAN\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{58F37E51-2A83-49F3-9117-6005C63CF399}] : (Eraser 6.2.0.2970.-.The Eraser Project) -> MsiExec.exe /I{58F37E51-2A83-49F3-9117-6005C63CF399}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (NVIDIA Ansel.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Ovládací panel NVIDIA 391.35.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer] : (DisplayDriverAnalyzer.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog] : (NVIDIA Display Watchdog Plugin.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer] : (NVIDIA Display Session Container.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry] : (NVIDIA Telemetry Client.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer] : (NVIDIA Telemetry Container.-.NVIDIA Corporation) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\1541665964_is1] : (Rain World.-.GOG.com) -> "C:\GOG Games\Rain World\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Camel Audio CamelCrusher] : (Camel Audio CamelCrusher.-.Camel Audio) -> C:\Program Files (x86)\Camel Audio\CamelCrusher\CamelCrusherUninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Camel Audio CamelCrusher64] : (Camel Audio CamelCrusher64.-.Camel Audio) -> C:\Program Files\Camel Audio\CamelCrusher\CamelCrusherUninstall64.exe
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Exterminate It!] : (Exterminate It!.-.Curio Systems GmbH) -> C:\Program Files\Exterminate It!\ExterminateIt_Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Inkscape] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}] : (Kaspersky Free.-.Kaspersky Lab) -> MsiExec.exe /I{718613F4-492D-4272-ACC3-D04A8EF0F883} REMOVE=ALL
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IObitUninstall] : (IObit Uninstaller 8.-.IObit) -> "C:\Program Files (x86)\IObit\IObit Uninstaller\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IsoBuster_is1] : (IsoBuster 4.2.-.Smart Projects) -> "C:\Program Files (x86)\Smart Projects\IsoBuster\Uninst\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MTG Arena 0.1.1391.0] : (MTG Arena.-.Wizards of the Coast) -> msiexec.exe /x {2C05A091-D2BF-4001-8CA1-3C3ABF03850F} AI_UNINSTALLER_CTP=1
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Native Instruments Massive v1.0.1.008 VSTi DXi RTAS] : (Native Instruments Massive v1.0.1.008 VSTi DXi RTAS.-.) -> \UNWISE.EXE \INSTALL.LOG
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\u-he Zebra2] : (u-he Zebra2.-.u-he) -> "C:\Program Files (x86)\u-he\Zebra2.7.2.3898\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) ->
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{20D4A895-748C-4D88-871C-FDB1695B0169}] : (Platform.-.VIA Technologies, Inc.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180191F0}] : (Java 8 Update 191.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180191F0}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2C05A091-D2BF-4001-8CA1-3C3ABF03850F}] : (MTG Arena.-.Wizards of the Coast) -> MsiExec.exe /X{2C05A091-D2BF-4001-8CA1-3C3ABF03850F}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google LLC) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{718613F4-492D-4272-ACC3-D04A8EF0F883}] : (Kaspersky Free.-.Kaspersky Lab) -> MsiExec.exe /I{718613F4-492D-4272-ACC3-D04A8EF0F883}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C515E2A3-4878-4C85-A519-52630C7AB08B}] : (VirtualDJ PRO Full.-.Atomix Productions) -> MsiExec.exe /I{C515E2A3-4878-4C85-A519-52630C7AB08B}

---------- | Ports


---------- | Installer

[HKCR\Installer\Products\05E3B26797B388D41B517915C3ECC8BD] : vs_minshellmsi
[HKCR\Installer\Products\15E73F8538A23F94197106506CC33F99] : Eraser 6.2.0.2970 -> C:\Windows\Installer\{58F37E51-2A83-49F3-9117-6005C63CF399}\Eraser.exe
[HKCR\Installer\Products\184AE0FFBD24EA8A3865840CF9D759D3] : Windows IP Over USB
[HKCR\Installer\Products\190A50C2FB2D1004C81AC3A3FB3058F0] : MTG Arena -> C:\Windows\Installer\{2C05A091-D2BF-4001-8CA1-3C3ABF03850F}\Icon_1.exe
[HKCR\Installer\Products\271AD80F77706C048AAB0D3F4165B0EE] : vs_FileTracker_Singleton
[HKCR\Installer\Products\3D5E8C7ECDE90344A8FEDF9590735FF5] : Windows Phone IP Over USB
[HKCR\Installer\Products\4BA5F0F3EC9C622438399EFC8F63D9D9] : Emergency Download Driver
[HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110190F] : Java 8 Update 191 -> C:\Program Files (x86)\Java\jre1.8.0_191\\bin\javaws.exe
[HKCR\Installer\Products\4F316817D2942724CA3C0DA4E80F8F38] : Kaspersky Free -> C:\Windows\Installer\{718613F4-492D-4272-ACC3-D04A8EF0F883}\arp.ico
[HKCR\Installer\Products\56FAAB925E9025F4D851F2FAE2328ACD] : WinUSB Drivers ext
[HKCR\Installer\Products\57F5B12D240893B3081A1F5DD6D64BBA] : Windows Phone 8.0 Managed SDK Profiler (X86)
[HKCR\Installer\Products\598A4D02C84788D478C1DF1B96B51096] : Platform
[HKCR\Installer\Products\632B0A4A6406BAC41877E1FA1611C257] : WinUSB Compatible ID Drivers
[HKCR\Installer\Products\66DC40CEA30CD0740B2DB4CB786F83D2] : vs_minshellmsires
[HKCR\Installer\Products\68AB67CA7DA73301B744CAF070E41400] : Adobe Acrobat Reader DC -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico
[HKCR\Installer\Products\8381B2ADE2B30224B8E297F664424D36] : vs_minshellmsires
[HKCR\Installer\Products\94C938AC1D3B6AE4BBA81239B7087817] : FFU Loader Driver 1.0.0
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
[HKCR\Installer\Products\A81955798FDCE1F448353695FCA133A0] : WinUsb CoInstallers
[HKCR\Installer\Products\A86BF41F88196304DAD00D45CBC92919] : Update for Windows 10 for x64-based Systems (KB4023057)
[HKCR\Installer\Products\B280515779B0C1337952D924FED05E10] : Windows Phone 8.0 Emulation Images
[HKCR\Installer\Products\CE62EE7CD7740D73784BDE41C6A5C92D] : Windows Phone SDK 8.0 Assemblies
[HKCR\Installer\Products\DA3AED6DE736A863DB0005D144F3E568] : Windows Phone 8.0 Managed SDK Profiler (ARM)
[HKCR\Installer\Products\DCDBBAA5D5DEDFA4482348D78DF7E8C4] : vs_filehandler_x86
[HKCR\Installer\Products\EA2D34FE15EE3C14CB0A5C7E09322B71] : vs_filehandler_amd64
[HKCR\Installer\Products\EF57A2D91EC87924EA1C0A794DB7CA9E] : Lumia UEFI Blue Driver
[HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater
[HKCR\Installer\Products\F80615A5B95F54B4EA602163F3BE6E10] : Windows Device Recovery Tool 3.14.07501 -> C:\Windows\Installer\{5A51608F-F59B-4B45-AE06-12363FEBE601}\DefaultApplicationIcon.ico

---------- | Drives


---------- | MBR


64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog


----------( EOF)---------- - 4221 | 18:46:33
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,379
551
Quick Diag Fix.



First please create a restore point!
Right click on Quick Diag Run as Admin.
Copy the content of the code box below to your clipboard.
Click on the S within the User Interface of the program.
Then click on Script.
Allow completion.
Post the log created in your next reply.




Code:
Key::
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]|"AvastUI.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Browser Cleanup]
[HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Chromium]
[HKLM\Software\AVAST Software]
[HKLM\Software\McAfee]
[HKLM\Software\WOW6432Node\AVAST Software]
[HKLM\Software\WOW6432Node\Chromium]
[HKLM\Software\WOW6432Node\IObit]
[HKLM\Software\WOW6432Node\McAfee NGI]



Task::
CCleaner Update
Uninstaller_SkipUac_Administrátor


File::
C:\Program Files\AVAST Software\Avast\AvLaunch.exe
C:\Program Files\AVAST Software
C:\Program Files (x86)\IObit
C:\Windows\IObit
C:\Windows\iun6002.exe
C:\Windows\System\CMSPDIF2.ini 
C:\Users\Administrátor\AppData\LocalLow\IObit
C:\Users\Administrátor\AppData\Roaming\IObit
C:\ProgramData\AVAST Software
C:\ProgramData\IObit
C:\ProgramData\McAfee
C:\ProgramData\{FA7D5C51-6ACA-0558-7668-96BA089C68BD}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
C:\Program Files\McAfee
C:\Program Files (x86)\Common Files\IObit
C:\Windows\Tasks\ImCleanDisabled
C:\Windows\Tasks\Uninstaller_SkipUac_Administrátor.job
C:\Windows\System32\Tasks\Avast Software
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrátor 
C:\Windows\System32\drivers\aswVmm.sys
C:\Windows\System32\drivers\aswStm.sys
C:\Windows\System32\drivers\aswSP.sys
C:\Windows\System32\drivers\aswSnx.sys
C:\Windows\System32\drivers\aswRvrt.sys
C:\Windows\System32\drivers\aswRdr2.sys
C:\Windows\System32\drivers\aswMonFlt.sys
C:\Windows\System32\drivers\aswKbd.sys
C:\Windows\System32\drivers\aswHwid.sys
C:\Windows\System32\drivers\aswHdsKe.sys
C:\Windows\System32\drivers\aswElam.sys
C:\Windows\System32\drivers\aswbloga.sys
C:\Windows\System32\drivers\aswbidsha.sys
C:\Windows\System32\drivers\aswbidsdrivera.sys


CMD::
rd /s /q C:\WINDOWS\Temp\*
del /f /q C:\WINDOWS\Temp\*
sc delete diagtrack
sc delete dwmappushservice
###


Clean::
yes
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,379
551
No problem, this script is run in the Quick Diag tool and should take less than a couple minutes. When you come back tomorrow, let me know what issues remain after running the script and posting the log.
 

bbdra

PCHF Member
PCHF Member
May 9, 2019
54
2
29
I ran the script, everything went ok. Then I made a restart with update. PC loaded with no problems. I think I currently have no problems with hit.gemius.pl. Unfortunatelly the Microsoft Edge wont start after the first fix we made in FRST, the search engine i bottom left corner (magnificant glass icon) wont start too.


--------------- QuickScript | [email protected]@n | V5_27.02.19.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 10/07/2019 21:35:01

Updated 27/02/2019 | 11:10 (GMT) by [email protected]@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague

Registry saved : C:\QuickDiag\Save\Registry [10.07.2019 @ 21_35_02]

Value : [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]~[AvastUI.exe] Deleted Successfully
Key : [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}] Deleted Successfully
Key : [HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Browser Cleanup] Deleted Successfully
Key : [HKU\S-1-5-21-3472240800-3569865723-1055443696-1001\Software\Chromium] Deleted Successfully
Key : [HKLM\Software\AVAST Software] Deleted Successfully
Key : [HKLM\Software\McAfee] Deleted Successfully
Key : [HKLM\Software\WOW6432Node\AVAST Software] Not Found !
Key : [HKLM\Software\WOW6432Node\Chromium] Deleted Successfully
Key : [HKLM\Software\WOW6432Node\IObit] Deleted Successfully
Key : [HKLM\Software\WOW6432Node\McAfee NGI] Deleted Successfully
Task CCleaner Update Not Found !
Task Uninstaller_SkipUac_Administrátor Not Found !
C:\Program Files\AVAST Software\Avast\AvLaunch.exe Not Found !
C:\Program Files\AVAST Software Not Found !
C:\Program Files (x86)\IObit Moved Successfully
C:\Windows\IObit Moved Successfully
C:\Windows\iun6002.exe Moved Successfully
C:\Windows\System\CMSPDIF2.ini Moved Successfully
C:\Users\Administrátor\AppData\LocalLow\IObit Moved Successfully
C:\Users\Administrátor\AppData\Roaming\IObit Moved Successfully
C:\ProgramData\AVAST Software Moved Successfully
C:\ProgramData\IObit Moved Successfully
C:\ProgramData\McAfee Moved Successfully
C:\ProgramData\{FA7D5C51-6ACA-0558-7668-96BA089C68BD} Moved Successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller Moved Successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk Moved Successfully
C:\Program Files\McAfee Moved Successfully
C:\Program Files (x86)\Common Files\IObit Moved Successfully
C:\Windows\Tasks\ImCleanDisabled Moved Successfully
C:\Windows\Tasks\Uninstaller_SkipUac_Administrátor.job Moved Successfully
C:\Windows\System32\Tasks\Avast Software Moved Successfully
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrátor Moved Successfully
C:\Windows\System32\drivers\aswVmm.sys Not Found !
C:\Windows\System32\drivers\aswStm.sys Not Found !
C:\Windows\System32\drivers\aswSP.sys Not Found !
C:\Windows\System32\drivers\aswSnx.sys Not Found !
C:\Windows\System32\drivers\aswRvrt.sys Not Found !
C:\Windows\System32\drivers\aswRdr2.sys Not Found !
C:\Windows\System32\drivers\aswMonFlt.sys Not Found !
C:\Windows\System32\drivers\aswKbd.sys Not Found !
C:\Windows\System32\drivers\aswHwid.sys Not Found !
C:\Windows\System32\drivers\aswHdsKe.sys Not Found !
C:\Windows\System32\drivers\aswElam.sys Not Found !
C:\Windows\System32\drivers\aswbloga.sys Moved Successfully
C:\Windows\System32\drivers\aswbidsha.sys Moved Successfully
C:\Windows\System32\drivers\aswbidsdrivera.sys Moved Successfully
Batch File Executed !

-------------- | CleanDisk :

FreeSpace : 155367
Cleaning.......
FreeSpace : 155367

----------(EOF)----------