Solved Some viruses in my pc

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

depor99

PCHF Member
PCHF Member
Jul 31, 2019
7
0
27
Hello guys, I have problem with my pc. When I open my google chrome, I click anywhere it opens and close immediately bars or new windows. I have adblock plus, avast online security and malwarebytes browser extention beta. And today I wanted to watch some videos and when I clicked it opened some windows and closed and closed whole google chrome. It slower my pc I can see it in the game CS GO, I have lower fps.

Second problem I downloaded aswmbr.exe when I start it, it crash my pc and say my pc is broken need to be repaired and it took 30 second to restart computer, I cant use it, I dont know why.




Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-07-2019 01
Ran by denni (administrator) on DESKTOP-OM902LA (ASUSTeK COMPUTER INC. X556UR) (31-07-2019 09:23:48)
Running from C:\Users\denni\Desktop
Loaded Profiles: denni (Available Profiles: denni)
Platform: Windows 10 Home Version 1803 17134.885 (X64) Language: Slovenčina (Slovensko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_1.16.1012.0_x64__8wekyb3d8bbwe\GameBar.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(ASUS) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ICEpower a/s -> ICEpower) C:\Windows\System32\ICEsoundService64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11906.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-09] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1846016 2015-12-09] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
HKU\S-1-5-21-1430618548-964272824-186209200-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3210016 2019-07-17] (Valve -> Valve Corporation)
HKU\S-1-5-21-1430618548-964272824-186209200-1001\...\Run: [Bloody2] => C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe [19337216 2017-01-23] () [File not signed]
HKU\S-1-5-21-1430618548-964272824-186209200-1001\...\Run: [utweb] => "C:\Users\denni\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-16] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {129D53C2-2D19-4164-8310-8869A49157AA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {18BD62ED-A61A-4E11-BBB7-ECCE1A1E9AF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-13] (Google Inc -> Google LLC)
Task: {1DC0F5E9-D804-46BD-B16E-16573F69E512} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506368 2018-11-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {2FB92222-0EBB-49A4-B360-8B64C77F913A} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [54784 2015-12-02] (ASUS) [File not signed]
Task: {371F5572-041F-4164-B478-55CD6A1F53BC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3919BE06-7A2E-4728-8779-EBB53F3D9A41} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {563875C2-CABB-4BDE-BF79-02342161AD61} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsnotify.exe [514408 2016-04-03] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {62000AFE-FF2E-4137-B09B-4E9B2C36CF44} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-13] (Google Inc -> Google LLC)
Task: {621521B6-87E7-472D-BB0A-A192DD9AD983} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391104 2018-11-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {72DD2ADA-3D06-4660-A4B2-10598FB65668} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18416 2015-12-18] (ASUSTeK Computer Inc. -> AsusTek)
Task: {7E90FE39-4E88-4665-B0E3-C6C40A5D4C5E} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {964D79E0-F839-4050-A221-29C0A206B963} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9A33AD55-381A-4169-B4BE-67332B73D9A1} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {A2AD880A-FFFD-4C34-9CD7-3853ECD31879} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {A2EBD2EE-3327-486A-8F80-37C948F23CC0} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdate.exe [481128 2016-04-03] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {D450C219-79A2-4571-8007-A13B5E2DF9E7} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1616160 2016-01-19] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2670b808-8c92-4106-b1e6-d42996d50301}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a4770a48-bbb9-4051-8148-596b9b597b3c}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE

FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-13] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-13] (Google Inc -> Google LLC)

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default [2019-07-31]
CHR Extension: (Prezentácie) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-07-13]
CHR Extension: (Safe Torrent Scanner) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2019-07-24]
CHR Extension: (Dokumenty) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-07-13]
CHR Extension: (Disk Google) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-07-13]
CHR Extension: (YouTube) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-07-13]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-07-31]
CHR Extension: (Tabuľky) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-07-13]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-07-14]
CHR Extension: (Avast Online Security) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-18]
CHR Extension: (Malwarebytes Browser Extension) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2019-07-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-07-13]
CHR Extension: (Gmail) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-13]
CHR Extension: (Chrome Media Router) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-13]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [362464 2016-03-24] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] (ASUSTeK Computer Inc. -> )
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [1700968 2018-01-12] (Intel Corporation -> Intel Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-09] (NVIDIA Corporation -> NVIDIA Corporation)
R2 ICEsoundService; C:\WINDOWS\system32\ICEsoundService64.exe [806344 2018-11-01] (ICEpower a/s -> ICEpower)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdatesvr.exe [133480 2016-04-03] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-09] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-09] (NVIDIA Corporation -> NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-09] (NVIDIA Corporation -> NVIDIA Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [18048 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R3 AsusSGDrv; C:\WINDOWS\System32\drivers\AsusSGDrv.sys [152064 2017-01-09] (ASUSTeK Computer Inc. -> ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [74168 2018-01-12] (Intel Corporation -> Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [69560 2018-01-12] (Intel Corporation -> Intel Corporation)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-01-14] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-01-14] (Disc Soft Ltd -> Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [382392 2018-01-12] (Intel Corporation -> Intel Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [31112 2018-01-12] (ASUSTeK Computer Inc. -> ASUS)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_24fa95e729ecaade\nvlddmkm.sys [20605496 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-09] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [36384 2018-10-02] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69544 2018-10-02] (NVIDIA Corporation -> NVIDIA Corporation)
S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [65792 2018-10-02] (NVIDIA Corporation -> NVIDIA Corporation)
R3 Qcamain10x64; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2413968 2018-01-12] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010648 2018-01-12] (Realtek Semiconductor Corp. -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2018-01-12] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-31 09:23 - 2019-07-31 09:24 - 000023452 _____ C:\Users\denni\Desktop\FRST.txt
2019-07-31 09:23 - 2019-07-31 09:23 - 000000000 ____D C:\Users\denni\Desktop\FRST-OlderVersion
2019-07-31 09:23 - 2019-07-31 09:23 - 000000000 ____D C:\FRST
2019-07-31 09:22 - 2019-07-31 09:22 - 005200384 _____ (AVAST Software) C:\Users\denni\Downloads\aswmbr.exe
2019-07-31 09:19 - 2019-07-31 09:19 - 001908496 _____ C:\Users\denni\Downloads\FRST64(1).zip
2019-07-31 09:03 - 2019-07-31 09:03 - 000000000 ____D C:\Users\denni\AppData\Local\mbam
2019-07-31 09:02 - 2019-07-31 09:02 - 000000000 ____D C:\Users\denni\AppData\Local\mbamtray
2019-07-31 09:01 - 2019-07-31 09:02 - 064333800 _____ (Malwarebytes ) C:\Users\denni\Downloads\mb3-setup-43841.43841-3.8.3.2965-1.0.613-1.0.11270.exe
2019-07-22 18:43 - 2019-07-22 18:43 - 000001867 _____ C:\Users\denni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
2019-07-14 03:07 - 2019-07-14 03:07 - 000000000 ____D C:\Program Files\UNP
2019-07-13 18:35 - 2019-07-13 18:36 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-13 18:35 - 2019-07-13 18:35 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-13 18:34 - 2019-07-13 18:34 - 000000000 ____D C:\Program Files\rempl
2019-07-13 16:23 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2019-07-13 16:23 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2019-07-13 16:23 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2019-07-13 16:23 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2019-07-13 16:23 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2019-07-13 16:23 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2019-07-13 16:23 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2019-07-13 16:23 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2019-07-13 16:23 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2019-07-13 16:23 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2019-07-13 16:23 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2019-07-13 16:23 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2019-07-13 16:23 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2019-07-13 16:23 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2019-07-13 16:23 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2019-07-13 16:23 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2019-07-13 16:23 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2019-07-13 16:23 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2019-07-13 16:23 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2019-07-13 16:23 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2019-07-13 16:23 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2019-07-13 16:23 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2019-07-13 16:23 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2019-07-13 16:23 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2019-07-13 16:23 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2019-07-13 16:23 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2019-07-13 16:23 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2019-07-13 16:23 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2019-07-13 16:23 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2019-07-13 16:23 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2019-07-13 16:23 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2019-07-13 16:23 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2019-07-13 16:23 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2019-07-13 16:23 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2019-07-13 16:23 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2019-07-13 16:23 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2019-07-13 16:23 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2019-07-13 16:23 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2019-07-13 16:23 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2019-07-13 16:23 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2019-07-13 16:23 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2019-07-13 16:23 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2019-07-13 16:23 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2019-07-13 16:23 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2019-07-13 16:23 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2019-07-13 16:23 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2019-07-13 16:23 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2019-07-13 16:23 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2019-07-13 16:23 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2019-07-13 16:23 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2019-07-13 16:23 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2019-07-13 16:23 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2019-07-13 16:23 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2019-07-13 16:23 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2019-07-13 16:23 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2019-07-13 16:23 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2019-07-13 16:23 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2019-07-13 16:23 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2019-07-13 16:23 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2019-07-13 16:23 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2019-07-13 16:23 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2019-07-13 16:23 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2019-07-13 16:23 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2019-07-13 16:23 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2019-07-13 16:23 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2019-07-13 16:23 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2019-07-13 16:23 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2019-07-13 16:23 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2019-07-13 16:23 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2019-07-13 16:23 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2019-07-13 16:23 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2019-07-13 16:23 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2019-07-13 16:23 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2019-07-13 16:23 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2019-07-13 16:23 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2019-07-13 16:23 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2019-07-13 16:23 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2019-07-13 16:23 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2019-07-13 16:23 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2019-07-13 16:23 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2019-07-13 16:23 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2019-07-13 16:23 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2019-07-13 16:23 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2019-07-13 16:23 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2019-07-13 16:23 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2019-07-13 16:23 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2019-07-13 16:23 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2019-07-13 16:23 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2019-07-13 16:23 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2019-07-13 16:23 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2019-07-13 16:23 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2019-07-13 16:23 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2019-07-13 16:23 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2019-07-13 16:23 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2019-07-13 16:23 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2019-07-13 16:23 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2019-07-13 16:23 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2019-07-13 16:23 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2019-07-13 16:23 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2019-07-13 16:23 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2019-07-13 16:23 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2019-07-13 16:23 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2019-07-13 16:23 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2019-07-13 16:23 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2019-07-13 16:23 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2019-07-13 16:23 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2019-07-13 16:23 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2019-07-13 16:23 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2019-07-13 16:23 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2019-07-13 16:23 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2019-07-13 16:23 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2019-07-13 16:23 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2019-07-13 16:23 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2019-07-13 16:23 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2019-07-13 16:23 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2019-07-13 16:23 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2019-07-13 16:23 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2019-07-13 16:23 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2019-07-13 16:23 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2019-07-13 16:23 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2019-07-13 16:23 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2019-07-13 16:23 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2019-07-13 16:23 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2019-07-13 16:23 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2019-07-13 16:23 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2019-07-13 16:23 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2019-07-13 16:23 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2019-07-13 16:23 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2019-07-13 16:23 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2019-07-13 16:23 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2019-07-13 16:23 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2019-07-13 16:23 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2019-07-13 16:23 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2019-07-13 16:23 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2019-07-13 16:23 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2019-07-13 16:23 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2019-07-13 16:23 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2019-07-13 16:23 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2019-07-13 16:23 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2019-07-13 16:23 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2019-07-13 16:23 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2019-07-13 16:23 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2019-07-13 16:23 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2019-07-13 16:23 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2019-07-13 16:23 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2019-07-13 16:23 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2019-07-13 16:23 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2019-07-13 16:23 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2019-07-13 16:23 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2019-07-13 16:23 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2019-07-13 16:23 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2019-07-13 16:23 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2019-07-13 16:23 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2019-07-13 16:23 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2019-07-13 16:23 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2019-07-13 16:23 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2019-07-13 16:23 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2019-07-13 16:23 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2019-07-13 16:23 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2019-07-13 16:23 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2019-07-13 16:23 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2019-07-13 16:23 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2019-07-13 16:23 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2019-07-13 16:23 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2019-07-13 16:23 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2019-07-13 16:23 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2019-07-13 16:23 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2019-07-13 16:23 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2019-07-13 16:23 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2019-07-13 16:23 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2019-07-13 16:23 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2019-07-13 16:23 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2019-07-13 16:23 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2019-07-13 16:23 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2019-07-13 16:22 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2019-07-13 16:22 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2019-07-13 16:15 - 2019-07-13 16:15 - 000000000 ____D C:\Users\denni\Desktop\aps
2019-07-13 16:13 - 2019-07-13 16:13 - 000002096 _____ C:\Users\Public\Desktop\Bloody6.lnk
2019-07-13 16:13 - 2019-07-13 16:13 - 000000000 ____D C:\Program Files (x86)\Bloody6
2019-07-13 15:45 - 2019-07-30 22:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-07-13 15:45 - 2019-07-26 20:39 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-07-13 15:45 - 2019-07-13 15:45 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2019-07-13 15:45 - 2019-07-13 15:45 - 000003004 _____ C:\WINDOWS\System32\Tasks\WpsUpdateTask_Administrator
2019-07-13 15:45 - 2019-07-13 15:45 - 000003004 _____ C:\WINDOWS\System32\Tasks\WpsNotifyTask_Administrator
2019-07-13 15:45 - 2019-07-13 15:45 - 000002924 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2019-07-13 15:45 - 2019-07-13 15:45 - 000002862 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2019-07-13 15:45 - 2019-07-13 15:45 - 000002346 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2019-07-13 15:45 - 2019-07-13 15:45 - 000002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2019-07-13 15:45 - 2019-07-13 15:45 - 000002214 _____ C:\WINDOWS\System32\Tasks\ATK Package A22126881260
2019-07-13 15:45 - 2019-07-13 15:45 - 000002214 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2019-07-13 15:45 - 2019-07-13 15:21 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2019-07-13 15:45 - 2019-07-13 15:08 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2019-07-13 15:44 - 2018-04-12 01:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2019-07-13 15:39 - 2019-07-13 15:39 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2019-07-13 15:36 - 2019-07-13 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2019-07-13 15:36 - 2019-07-13 15:40 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2019-07-13 15:36 - 2019-07-13 15:40 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-07-13 15:36 - 2019-07-13 15:40 - 000000000 ____D C:\Program Files (x86)\Intel
2019-07-13 15:36 - 2019-07-13 15:39 - 000000000 ___HD C:\Intel
2019-07-13 15:36 - 2019-07-13 15:39 - 000000000 ____D C:\Program Files\Intel
2019-07-13 15:36 - 2019-07-13 15:36 - 000000219 _____ C:\Users\denni\Desktop\Counter-Strike Global Offensive.url
2019-07-13 15:36 - 2019-07-13 15:36 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2019-07-13 15:36 - 2019-07-13 15:36 - 000000000 ____D C:\WINDOWS\system32\DAX3
2019-07-13 15:36 - 2019-07-13 15:36 - 000000000 ____D C:\WINDOWS\system32\DAX2
2019-07-13 15:36 - 2019-07-13 15:36 - 000000000 ____D C:\Program Files\Realtek
2019-07-13 15:36 - 2019-07-13 15:36 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2019-07-13 15:36 - 2018-10-02 07:37 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2019-07-13 15:36 - 2018-10-02 07:35 - 005939512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-07-13 15:36 - 2018-10-02 07:35 - 002611592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-07-13 15:36 - 2018-10-02 07:35 - 001767920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-07-13 15:36 - 2018-10-02 07:35 - 000635888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-07-13 15:36 - 2018-10-02 07:35 - 000450768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-07-13 15:36 - 2018-10-02 07:35 - 000123944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-07-13 15:36 - 2018-10-02 07:35 - 000082800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-07-13 15:36 - 2018-09-29 02:50 - 008368212 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-07-13 15:36 - 2016-11-30 08:36 - 000113672 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2019-07-13 15:36 - 2016-11-30 08:36 - 000104456 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2019-07-13 15:35 - 2019-07-31 08:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-07-13 15:35 - 2019-07-13 16:29 - 000394256 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-13 15:35 - 2019-07-13 15:35 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2019-07-13 15:35 - 2019-07-13 15:35 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
2019-07-13 15:35 - 2019-07-13 15:35 - 000000000 ____D C:\WINDOWS\system32\Intel
2019-07-13 15:35 - 2019-07-13 15:35 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2019-07-13 15:34 - 2019-07-13 15:34 - 000000000 ____D C:\Users\denni\AppData\Local\Steam
2019-07-13 15:34 - 2019-07-13 15:34 - 000000000 ____D C:\Users\denni\AppData\Local\CEF
2019-07-13 15:33 - 2019-07-30 22:53 - 000000000 ____D C:\Program Files (x86)\Steam
2019-07-13 15:33 - 2019-07-13 15:33 - 000001034 _____ C:\Users\Public\Desktop\Steam.lnk
2019-07-13 15:32 - 2019-07-13 15:32 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2019-07-13 15:32 - 2019-07-13 15:32 - 000000000 ____D C:\Users\denni\Desktop\zaloha cfg
2019-07-13 15:32 - 2019-04-02 18:33 - 001573568 _____ C:\Users\denni\Desktop\SteamSetup.exe
2019-07-13 15:24 - 2019-07-13 15:22 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-07-13 15:19 - 2019-07-16 17:59 - 000000000 ____D C:\Users\denni\AppData\Local\D3DSCache
2019-07-13 15:13 - 2019-07-13 15:13 - 000000000 ____D C:\Users\denni\AppData\Roaming\WildTangent
2019-07-13 15:08 - 2019-07-13 15:08 - 000000000 ____D C:\Users\denni\AppData\Local\Comms
2019-07-13 15:01 - 2019-07-13 15:01 - 000003980 _____ C:\WINDOWS\System32\Tasks\Update Checker
2019-07-13 14:56 - 2019-07-13 14:56 - 000000000 ____D C:\Users\denni\AppData\Roaming\Macromedia
2019-07-13 14:55 - 2019-07-13 14:55 - 000000000 ___RD C:\Users\denni\OneDrive
2019-07-13 14:55 - 2019-07-13 14:55 - 000000000 ____D C:\Users\denni\AppData\Roaming\Google
2019-07-13 14:54 - 2019-07-16 02:59 - 000002274 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-07-13 14:53 - 2019-07-13 18:31 - 000000000 ____D C:\Users\denni\AppData\Local\Google
2019-07-13 14:53 - 2019-07-13 15:08 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUSTek Computer Inc
2019-07-13 14:53 - 2019-07-13 14:54 - 000000000 ____D C:\Program Files (x86)\Google
2019-07-13 14:53 - 2019-07-13 14:53 - 000003456 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-07-13 14:53 - 2019-07-13 14:53 - 000003332 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-07-13 14:53 - 2019-07-13 14:53 - 000000000 ____D C:\Users\denni\AppData\Roaming\WebStorage
2019-07-13 14:53 - 2019-07-13 14:53 - 000000000 ____D C:\Users\denni\AppData\Local\Crashpad
2019-07-13 14:52 - 2019-07-31 09:00 - 000000184 _____ C:\Users\denni\AppData\Roaming\sp_data.sys
2019-07-13 14:52 - 2019-07-14 14:49 - 000000000 ____D C:\Users\denni\AppData\Local\PlaceholderTileLogoFolder
2019-07-13 14:52 - 2019-07-13 14:52 - 000000000 ____D C:\Users\denni\AppData\Local\NVIDIA
2019-07-13 14:51 - 2019-07-13 15:11 - 000000000 ____D C:\Users\denni\AppData\Local\Publishers
2019-07-13 14:51 - 2019-07-13 14:51 - 000000000 ___HD C:\Users\denni\MicrosoftEdgeBackups
2019-07-13 14:51 - 2019-07-13 14:51 - 000000000 ____D C:\Users\denni\AppData\Local\MicrosoftEdge
2019-07-13 14:50 - 2019-07-30 22:52 - 000000000 __SHD C:\Users\denni\IntelGraphicsProfiles
2019-07-13 14:50 - 2019-07-30 13:16 - 000000000 ____D C:\Users\denni\AppData\Local\Packages
2019-07-13 14:50 - 2019-07-13 14:50 - 000000000 ___RD C:\Users\denni\3D Objects
2019-07-13 14:50 - 2019-07-13 14:50 - 000000000 ____D C:\Users\denni\AppData\Roaming\Adobe
2019-07-13 14:50 - 2019-07-13 14:50 - 000000000 ____D C:\Users\denni\AppData\Local\VirtualStore
2019-07-13 14:50 - 2019-07-13 14:50 - 000000000 ____D C:\Users\denni\AppData\Local\ConnectedDevicesPlatform
2019-07-13 14:49 - 2019-07-13 15:41 - 000000000 ____D C:\WINDOWS\ASUS
2019-07-13 14:49 - 2019-07-13 14:49 - 000000000 ____D C:\WINDOWS\InfusedApps
2019-07-13 14:48 - 2019-07-13 14:48 - 000000000 ____D C:\WINDOWS\Firmware
2019-07-13 14:47 - 2019-07-30 13:45 - 000000000 ____D C:\Users\denni
2019-07-13 14:47 - 2019-07-13 14:48 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2019-07-13 14:47 - 2019-07-13 14:47 - 000000020 ___SH C:\Users\denni\ntuser.ini
2019-07-13 14:44 - 2019-07-13 14:44 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2019-07-13 14:44 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\Setup
2019-07-13 14:42 - 2019-07-21 13:35 - 000000000 ____D C:\WINDOWS\OCR
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\te-IN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\or-IN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\km-KH
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\is-IS
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\id-ID
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\be-BY
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\as-IN
2019-07-13 14:42 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2019-07-13 14:42 - 2019-07-13 14:42 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2019-07-13 14:42 - 2019-07-13 14:42 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2019-07-13 14:42 - 2019-07-13 14:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2019-07-13 14:42 - 2019-07-13 14:42 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2019-07-13 14:42 - 2019-07-13 14:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2019-07-13 14:42 - 2019-07-13 14:42 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2019-07-13 14:42 - 2019-07-13 14:42 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2019-07-13 14:42 - 2019-07-13 14:42 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2019-07-13 14:42 - 2019-07-13 14:42 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2019-07-13 14:42 - 2019-07-13 14:42 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2019-07-13 14:42 - 2019-07-13 14:42 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2019-07-13 14:42 - 2019-07-13 14:42 - 000000000 ____D C:\Program Files\Reference Assemblies
2019-07-13 14:42 - 2019-07-13 14:42 - 000000000 ____D C:\Program Files\MSBuild
2019-07-13 14:42 - 2019-07-13 14:42 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-07-13 14:42 - 2019-07-13 14:42 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-07-13 14:41 - 2019-07-13 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2019-07-13 14:41 - 2019-07-13 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2019-07-13 14:41 - 2019-07-13 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2019-07-13 14:41 - 2019-07-13 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2019-07-13 14:41 - 2019-07-13 15:41 - 000000000 ____D C:\WINDOWS\system32\winrm
2019-07-13 14:41 - 2019-07-13 15:41 - 000000000 ____D C:\WINDOWS\system32\WCN
2019-07-13 14:41 - 2019-07-13 15:41 - 000000000 ____D C:\WINDOWS\system32\slmgr
2019-07-13 14:41 - 2019-07-13 15:41 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2019-07-13 14:41 - 2019-07-13 14:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2019-07-13 14:41 - 2019-07-13 14:41 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2019-07-13 14:41 - 2019-07-13 14:41 - 000000000 ____D C:\WINDOWS\system32\sk
2019-07-13 14:41 - 2019-07-13 14:41 - 000000000 ____D C:\WINDOWS\system32\0409
2019-07-13 14:41 - 2019-07-13 14:41 - 000000000 ____D C:\WINDOWS\DigitalLocker
2019-07-13 14:40 - 2019-05-31 03:57 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-07-13 14:40 - 2019-05-31 03:57 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-07-13 14:38 - 2019-07-31 09:13 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-07-13 14:38 - 2019-07-30 22:52 - 000000000 ____D C:\WINDOWS\system32\setup
2019-07-13 14:38 - 2019-07-30 21:46 - 000000000 ___RD C:\Program Files (x86)
2019-07-13 14:38 - 2019-07-30 13:45 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-07-13 14:38 - 2019-07-30 13:17 - 000000000 ___HD C:\Program Files\WindowsApps
2019-07-13 14:38 - 2019-07-14 03:05 - 000000000 ____D C:\WINDOWS\appcompat
2019-07-13 14:38 - 2019-07-13 18:34 - 000000000 ____D C:\Program Files\Windows Defender
2019-07-13 14:38 - 2019-07-13 15:45 - 000000000 __RHD C:\Users\Public\Libraries
2019-07-13 14:38 - 2019-07-13 15:41 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-07-13 14:38 - 2019-07-13 15:41 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2019-07-13 14:38 - 2019-07-13 15:41 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-07-13 14:38 - 2019-07-13 15:41 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-07-13 14:38 - 2019-07-13 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-07-13 14:38 - 2019-07-13 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2019-07-13 14:38 - 2019-07-13 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-07-13 14:38 - 2019-07-13 15:41 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2019-07-13 14:38 - 2019-07-13 15:41 - 000000000 ____D C:\WINDOWS\system32\spool
2019-07-13 14:38 - 2019-07-13 15:41 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-07-13 14:38 - 2019-07-13 15:41 - 000000000 ____D C:\WINDOWS\system32\MUI
2019-07-13 14:38 - 2019-07-13 15:41 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-07-13 14:38 - 2019-07-13 15:41 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-07-13 14:38 - 2019-07-13 15:41 - 000000000 ____D C:\WINDOWS\IME
2019-07-13 14:38 - 2019-07-13 15:41 - 000000000 ____D C:\WINDOWS\Help
2019-07-13 14:38 - 2019-07-13 15:41 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2019-07-13 14:38 - 2019-07-13 15:40 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2019-07-13 14:38 - 2019-07-13 15:39 - 000000000 ____D C:\Program Files\Common Files\system
2019-07-13 14:38 - 2019-07-13 15:37 - 000000000 ___RD C:\WINDOWS\PrintDialog
2019-07-13 14:38 - 2019-07-13 15:37 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2019-07-13 14:38 - 2019-07-13 15:17 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-07-13 14:38 - 2019-07-13 14:49 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2019-07-13 14:38 - 2019-07-13 14:47 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2019-07-13 14:38 - 2019-07-13 14:45 - 000000000 ____D C:\WINDOWS\Registration
2019-07-13 14:38 - 2019-07-13 14:44 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-07-13 14:38 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\TextInput
2019-07-13 14:38 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2019-07-13 14:38 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2019-07-13 14:38 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\ta-in
2019-07-13 14:38 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\si-lk
2019-07-13 14:38 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2019-07-13 14:38 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-07-13 14:38 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\system32\am-et
2019-07-13 14:38 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-07-13 14:38 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-07-13 14:38 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\Provisioning
2019-07-13 14:38 - 2019-07-13 14:44 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-07-13 14:38 - 2019-07-13 14:44 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-07-13 14:38 - 2019-07-13 14:41 - 000000000 ___SD C:\WINDOWS\system32\dsc
2019-07-13 14:38 - 2019-07-13 14:41 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2019-07-13 14:38 - 2019-07-13 14:41 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2019-07-13 14:38 - 2019-07-13 14:41 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-07-13 14:38 - 2019-07-13 14:41 - 000000000 ____D C:\WINDOWS\system32\com
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 __SHD C:\Program Files\Windows Sidebar
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 __RSD C:\WINDOWS\media
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ___SD C:\WINDOWS\system32\Nui
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\Web
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\WaaS
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\Vss
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\tracing
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\TAPI
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\SystemResources
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\SystemApps
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\winevt
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\ras
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\my-mm
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\IME
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\icsxml
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\ias
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\DriverState
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\downlevel
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\DDFs
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\System
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\SKB
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\schemas
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\SchCache
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\ServiceState
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\security
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\Resources
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\rescache
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\PLA
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\Performance
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\ModemLogs
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\L2Schemas
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\InputMethod
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\IdentityCRL
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\Globalization
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\Cursors
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\Branding
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\addins
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\Program Files\Windows Security
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\Program Files\Windows Portable Devices
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\Program Files\windows nt
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\Program Files\Common Files\Services
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\Program Files (x86)\windows nt
2019-07-13 14:38 - 2019-07-13 14:38 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2019-07-13 14:38 - 2019-07-13 14:37 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2019-07-13 14:38 - 2019-07-13 14:37 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2019-07-13 14:38 - 2019-07-13 14:37 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2019-07-13 14:38 - 2019-07-13 14:37 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2019-07-13 14:38 - 2019-07-13 14:37 - 000017346 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2019-07-13 14:38 - 2019-07-13 14:37 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2019-07-13 14:38 - 2019-07-13 14:37 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2019-07-13 14:38 - 2019-07-13 14:37 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2019-07-13 14:38 - 2019-07-13 14:37 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2019-07-13 14:37 - 2019-07-30 22:59 - 000000000 ____D C:\WINDOWS\INF
2019-07-13 14:34 - 2019-07-30 22:52 - 082575360 _____ C:\WINDOWS\system32\config\SOFTWARE
2019-07-13 14:34 - 2019-07-30 22:52 - 020709376 _____ C:\WINDOWS\system32\config\SYSTEM
2019-07-13 14:34 - 2019-07-30 22:52 - 000524288 _____ C:\WINDOWS\system32\config\DEFAULT
2019-07-13 14:34 - 2019-07-30 22:52 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-07-13 14:34 - 2019-07-30 22:52 - 000065536 _____ C:\WINDOWS\system32\config\SAM
2019-07-13 14:34 - 2019-07-30 22:52 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2019-07-13 14:34 - 2019-07-30 21:45 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-13 14:34 - 2019-07-13 15:24 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-07-13 14:34 - 2019-07-13 14:41 - 000000000 ____D C:\WINDOWS\servicing
2019-07-13 14:34 - 2019-07-13 14:38 - 000000000 ____D C:\WINDOWS\system32\SMI
2019-07-13 14:33 - 2019-07-13 14:45 - 000000000 ____D C:\WINDOWS\Panther
2019-07-13 13:31 - 2019-07-13 14:49 - 000000000 ___HD C:\$SysReset
2019-07-11 09:59 - 2019-07-04 11:40 - 021390504 ____N (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-07-11 09:59 - 2019-07-04 11:40 - 001616840 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-07-11 09:59 - 2019-07-04 11:18 - 003614208 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-07-11 09:59 - 2019-07-04 10:51 - 020384128 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-07-11 09:59 - 2019-07-04 10:37 - 002882048 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-07-11 09:59 - 2019-07-04 07:00 - 001035040 ____N (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-07-11 09:59 - 2019-07-04 06:58 - 001219896 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-07-11 09:59 - 2019-07-04 06:57 - 003292152 ____N (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-07-11 09:59 - 2019-07-04 06:56 - 009084216 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-07-11 09:59 - 2019-07-04 06:56 - 007519896 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-07-11 09:59 - 2019-07-04 06:56 - 007436536 ____N (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-07-11 09:59 - 2019-07-04 06:56 - 002810680 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-07-11 09:59 - 2019-07-04 06:42 - 006570368 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-11 09:59 - 2019-07-04 06:42 - 006044008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-07-11 09:59 - 2019-07-04 06:42 - 002479176 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-07-11 09:59 - 2019-07-04 06:37 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-07-11 09:59 - 2019-07-04 06:33 - 022017536 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-07-11 09:59 - 2019-07-04 06:29 - 022717440 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-07-11 09:59 - 2019-07-04 06:26 - 004385280 ____N (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-07-11 09:59 - 2019-07-04 06:25 - 019372544 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-07-11 09:59 - 2019-07-04 06:25 - 007589888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-07-11 09:59 - 2019-07-04 06:25 - 004861440 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-07-11 09:59 - 2019-07-04 06:25 - 003401216 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-07-11 09:59 - 2019-07-04 06:23 - 001765888 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-07-11 09:59 - 2019-07-04 06:22 - 003707904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-07-11 09:59 - 2019-07-04 06:21 - 005784064 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-07-11 09:59 - 2019-07-04 06:21 - 003202560 ____N (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-07-11 09:59 - 2019-07-04 06:21 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-07-11 09:59 - 2019-06-13 14:12 - 002871848 ____N (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-07-11 09:59 - 2019-06-13 14:05 - 000810296 ____N (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-07-11 09:59 - 2019-06-13 14:04 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-07-11 09:59 - 2019-06-13 13:59 - 000740664 ____N (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-07-11 09:59 - 2019-06-13 13:42 - 004038688 ____N (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-07-11 09:59 - 2019-06-13 13:18 - 006586880 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-07-11 09:59 - 2019-06-13 13:18 - 004847104 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-07-11 09:59 - 2019-06-13 13:17 - 012756992 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-07-11 09:59 - 2019-06-13 13:16 - 000767488 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-07-11 09:59 - 2019-06-13 13:15 - 004718080 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-07-11 09:59 - 2019-06-13 13:14 - 000900096 ____N (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-07-11 09:59 - 2019-06-13 13:13 - 002920448 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-07-11 09:59 - 2019-06-13 13:13 - 000951808 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-07-11 09:59 - 2019-06-13 12:05 - 003700160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-07-11 09:59 - 2019-06-13 11:55 - 005657088 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-07-11 09:59 - 2019-06-13 11:54 - 011942912 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-07-11 09:59 - 2019-06-13 11:50 - 000896512 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-07-11 09:59 - 2019-06-13 09:01 - 000513336 ____N (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-07-11 09:59 - 2019-06-13 08:47 - 005625160 ____N (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-07-11 09:59 - 2019-06-13 08:45 - 002421560 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-07-11 09:59 - 2019-06-13 08:44 - 002769688 ____N (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-07-11 09:59 - 2019-06-13 08:14 - 003318784 ____N (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-07-11 09:59 - 2019-06-13 08:13 - 004771840 ____N (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-07-11 09:59 - 2019-06-13 08:13 - 002370048 ____N (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-07-11 09:59 - 2019-06-13 08:10 - 002912256 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-07-11 09:59 - 2019-06-13 07:14 - 000415544 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-07-11 09:59 - 2019-06-13 07:06 - 002256768 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-07-11 09:58 - 2019-07-04 11:43 - 000094008 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-07-11 09:58 - 2019-07-04 11:40 - 001631808 ____N (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-07-11 09:58 - 2019-07-04 11:40 - 000790416 ____N (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-07-11 09:58 - 2019-07-04 11:22 - 000131072 ____N (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-07-11 09:58 - 2019-07-04 11:22 - 000128000 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-07-11 09:58 - 2019-07-04 11:21 - 008627200 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-07-11 09:58 - 2019-07-04 11:20 - 001609216 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-07-11 09:58 - 2019-07-04 11:19 - 000420864 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-07-11 09:58 - 2019-07-04 11:18 - 001663488 ____N (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-07-11 09:58 - 2019-07-04 10:56 - 001453416 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-07-11 09:58 - 2019-07-04 10:54 - 000662352 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-07-11 09:58 - 2019-07-04 10:41 - 007990784 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-07-11 09:58 - 2019-07-04 10:36 - 001471488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-07-11 09:58 - 2019-07-04 06:58 - 001328440 ____N (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-07-11 09:58 - 2019-07-04 06:58 - 000416312 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-07-11 09:58 - 2019-07-04 06:58 - 000192824 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-07-11 09:58 - 2019-07-04 06:57 - 001027384 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-07-11 09:58 - 2019-07-04 06:57 - 000986128 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-07-11 09:58 - 2019-07-04 06:57 - 000776784 ____N (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-07-11 09:58 - 2019-07-04 06:57 - 000723728 ____N (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-07-11 09:58 - 2019-07-04 06:57 - 000708696 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-07-11 09:58 - 2019-07-04 06:57 - 000568104 ____N (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-07-11 09:58 - 2019-07-04 06:57 - 000362264 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-07-11 09:58 - 2019-07-04 06:57 - 000209424 ____N (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-07-11 09:58 - 2019-07-04 06:57 - 000194360 ____N (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-07-11 09:58 - 2019-07-04 06:57 - 000137656 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-07-11 09:58 - 2019-07-04 06:57 - 000134968 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-07-11 09:58 - 2019-07-04 06:57 - 000091776 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-07-11 09:58 - 2019-07-04 06:56 - 002571640 ____N (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-07-11 09:58 - 2019-07-04 06:56 - 001566520 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-07-11 09:58 - 2019-07-04 06:56 - 001459120 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-07-11 09:58 - 2019-07-04 06:56 - 001260776 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-07-11 09:58 - 2019-07-04 06:56 - 001141496 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-07-11 09:58 - 2019-07-04 06:56 - 000983936 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-07-11 09:58 - 2019-07-04 06:56 - 000767536 ____N (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-07-11 09:58 - 2019-07-04 06:56 - 000734952 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-07-11 09:58 - 2019-07-04 06:56 - 000713272 ____N (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-07-11 09:58 - 2019-07-04 06:56 - 000604984 ____N (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-07-11 09:58 - 2019-07-04 06:56 - 000493752 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-07-11 09:58 - 2019-07-04 06:56 - 000115512 ____N (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-07-11 09:58 - 2019-07-04 06:43 - 000832016 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-07-11 09:58 - 2019-07-04 06:43 - 000665440 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-07-11 09:58 - 2019-07-04 06:43 - 000328696 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-07-11 09:58 - 2019-07-04 06:43 - 000287376 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-07-11 09:58 - 2019-07-04 06:43 - 000191800 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-07-11 09:58 - 2019-07-04 06:42 - 001980984 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-07-11 09:58 - 2019-07-04 06:42 - 001427768 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-07-11 09:58 - 2019-07-04 06:42 - 000573808 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-07-11 09:58 - 2019-07-04 06:42 - 000356312 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-07-11 09:58 - 2019-07-04 06:42 - 000097272 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-07-11 09:58 - 2019-07-04 06:41 - 000559328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-07-11 09:58 - 2019-07-04 06:26 - 000310272 ____N (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-07-11 09:58 - 2019-07-04 06:26 - 000051200 ____N (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-07-11 09:58 - 2019-07-04 06:25 - 000295424 ____N (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-07-11 09:58 - 2019-07-04 06:25 - 000079872 ____N (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-07-11 09:58 - 2019-07-04 06:24 - 000726528 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-07-11 09:58 - 2019-07-04 06:24 - 000567808 ____N (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-07-11 09:58 - 2019-07-04 06:24 - 000462336 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-07-11 09:58 - 2019-07-04 06:24 - 000153600 ____N (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-07-11 09:58 - 2019-07-04 06:23 - 001217536 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-07-11 09:58 - 2019-07-04 06:23 - 000786432 ____N (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-07-11 09:58 - 2019-07-04 06:22 - 002587648 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-07-11 09:58 - 2019-07-04 06:22 - 002176000 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-07-11 09:58 - 2019-07-04 06:22 - 001561088 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-07-11 09:58 - 2019-07-04 06:22 - 001549824 ____N (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-07-11 09:58 - 2019-07-04 06:22 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-07-11 09:58 - 2019-07-04 06:22 - 000300544 ____N (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-07-11 09:58 - 2019-07-04 06:22 - 000110592 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-07-11 09:58 - 2019-07-04 06:22 - 000032768 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-07-11 09:58 - 2019-07-04 06:21 - 005307392 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-07-11 09:58 - 2019-07-04 06:21 - 001920000 ____N (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-07-11 09:58 - 2019-07-04 06:21 - 001220608 ____N (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-07-11 09:58 - 2019-07-04 06:21 - 000324096 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-07-11 09:58 - 2019-07-04 06:21 - 000124416 ____N (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-07-11 09:58 - 2019-07-04 06:21 - 000059392 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-07-11 09:58 - 2019-07-04 06:20 - 001156608 ____N (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-07-11 09:58 - 2019-07-04 06:20 - 000544256 ____N (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-07-11 09:58 - 2019-07-04 06:20 - 000392704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-07-11 09:58 - 2019-07-04 06:20 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-07-11 09:58 - 2019-07-04 06:19 - 000886272 ____N (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-07-11 09:58 - 2019-07-04 06:19 - 000230912 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-07-11 09:58 - 2019-07-04 06:18 - 002602496 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-07-11 09:58 - 2019-07-04 06:18 - 001076224 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-07-11 09:58 - 2019-07-04 06:18 - 000965632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-07-11 09:58 - 2019-07-04 06:18 - 000953344 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-07-11 09:58 - 2019-07-04 06:18 - 000275968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-07-11 09:58 - 2019-07-04 06:17 - 000531968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-07-11 09:58 - 2019-07-04 05:01 - 000001312 ____N C:\WINDOWS\system32\tcbres.wim
2019-07-11 09:58 - 2019-06-21 10:50 - 000280584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-07-11 09:58 - 2019-06-13 14:15 - 000324408 ____N (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-07-11 09:58 - 2019-06-13 14:00 - 000464696 ____N (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-07-11 09:58 - 2019-06-13 13:58 - 000637752 ____N (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-07-11 09:58 - 2019-06-13 13:58 - 000071480 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-07-11 09:58 - 2019-06-13 13:56 - 000164152 ____N (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-07-11 09:58 - 2019-06-13 13:43 - 001048480 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-07-11 09:58 - 2019-06-13 13:42 - 000566536 ____N (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-07-11 09:58 - 2019-06-13 13:40 - 000540984 ____N (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-07-11 09:58 - 2019-06-13 13:38 - 000766264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-07-11 09:58 - 2019-06-13 13:37 - 000101192 ____N (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2019-07-11 09:58 - 2019-06-13 13:36 - 000251000 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-07-11 09:58 - 2019-06-13 13:36 - 000236520 ____N (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2019-07-11 09:58 - 2019-06-13 13:35 - 001376688 ____N (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-07-11 09:58 - 2019-06-13 13:34 - 000146888 ____N (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-07-11 09:58 - 2019-06-13 13:17 - 000178176 ____N (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-07-11 09:58 - 2019-06-13 13:17 - 000115200 ____N (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-07-11 09:58 - 2019-06-13 13:17 - 000109056 ____N (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-07-11 09:58 - 2019-06-13 13:17 - 000093184 ____N (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-07-11 09:58 - 2019-06-13 13:15 - 000041984 ____N (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-07-11 09:58 - 2019-06-13 13:14 - 001127936 ____N (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-07-11 09:58 - 2019-06-13 13:14 - 000346624 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-07-11 09:58 - 2019-06-13 13:14 - 000246272 ____N (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-07-11 09:58 - 2019-06-13 13:13 - 001339392 ____N (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-07-11 09:58 - 2019-06-13 13:13 - 000765440 ____N (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-07-11 09:58 - 2019-06-13 13:13 - 000181248 ____N (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2019-07-11 09:58 - 2019-06-13 13:12 - 000394240 ____N (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-07-11 09:58 - 2019-06-13 13:10 - 000239104 ____N (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-07-11 09:58 - 2019-06-13 12:07 - 001027008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-07-11 09:58 - 2019-06-13 12:07 - 000660496 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-07-11 09:58 - 2019-06-13 12:07 - 000221232 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2019-07-11 09:58 - 2019-06-13 11:54 - 000151552 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-07-11 09:58 - 2019-06-13 11:53 - 000089600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-07-11 09:58 - 2019-06-13 11:51 - 000622080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-07-11 09:58 - 2019-06-13 11:49 - 002406400 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-07-11 09:58 - 2019-06-13 11:49 - 000371200 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-07-11 09:58 - 2019-06-13 09:48 - 000677376 ____N (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2019-07-11 09:58 - 2019-06-13 09:46 - 000713216 ____N (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-07-11 09:58 - 2019-06-13 09:01 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-07-11 09:58 - 2019-06-13 09:01 - 000036152 ____N (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-07-11 09:58 - 2019-06-13 08:59 - 000785264 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-07-11 09:58 - 2019-06-13 08:47 - 001063224 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-07-11 09:58 - 2019-06-13 08:46 - 001076536 ____N (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2019-07-11 09:58 - 2019-06-13 08:46 - 000510296 ____N (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-07-11 09:58 - 2019-06-13 08:46 - 000093984 ____N (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-07-11 09:58 - 2019-06-13 08:44 - 002546704 ____N (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-07-11 09:58 - 2019-06-13 08:44 - 001098272 ____N (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-07-11 09:58 - 2019-06-13 08:44 - 001033696 ____N (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-07-11 09:58 - 2019-06-13 08:44 - 000607112 ____N (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2019-07-11 09:58 - 2019-06-13 08:44 - 000545808 ____N (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-07-11 09:58 - 2019-06-13 08:44 - 000130624 ____N (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-07-11 09:58 - 2019-06-13 08:17 - 000106496 ____N (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-07-11 09:58 - 2019-06-13 08:16 - 001626112 ____N (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-07-11 09:58 - 2019-06-13 08:16 - 000140288 ____N (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-07-11 09:58 - 2019-06-13 08:15 - 000514560 ____N (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-07-11 09:58 - 2019-06-13 08:15 - 000433152 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-07-11 09:58 - 2019-06-13 08:15 - 000204288 ____N (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-07-11 09:58 - 2019-06-13 08:15 - 000137728 ____N (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2019-07-11 09:58 - 2019-06-13 08:15 - 000083456 ____N (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2019-07-11 09:58 - 2019-06-13 08:14 - 000409088 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-07-11 09:58 - 2019-06-13 08:14 - 000361472 ____N (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-07-11 09:58 - 2019-06-13 08:14 - 000302080 ____N (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-07-11 09:58 - 2019-06-13 08:13 - 000761344 ____N (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-07-11 09:58 - 2019-06-13 08:13 - 000322560 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-07-11 09:58 - 2019-06-13 08:13 - 000110592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-07-11 09:58 - 2019-06-13 08:12 - 000916480 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-07-11 09:58 - 2019-06-13 08:12 - 000894464 ____N (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-07-11 09:58 - 2019-06-13 08:12 - 000808448 ____N (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-07-11 09:58 - 2019-06-13 08:12 - 000624640 ____N (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-07-11 09:58 - 2019-06-13 08:12 - 000532992 ____N (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-07-11 09:58 - 2019-06-13 08:12 - 000501248 ____N (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-07-11 09:58 - 2019-06-13 08:11 - 000508416 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-07-11 09:58 - 2019-06-13 08:11 - 000271872 ____N (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-07-11 09:58 - 2019-06-13 08:11 - 000048128 ____N (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-07-11 09:58 - 2019-06-13 08:10 - 001400832 ____N (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-07-11 09:58 - 2019-06-13 08:10 - 001215488 ____N (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-07-11 09:58 - 2019-06-13 08:10 - 000871424 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-07-11 09:58 - 2019-06-13 08:10 - 000869376 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-11 09:58 - 2019-06-13 08:10 - 000849408 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2019-07-11 09:58 - 2019-06-13 08:10 - 000523776 ____N (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-07-11 09:58 - 2019-06-13 08:09 - 001854976 ____N (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-07-11 09:58 - 2019-06-13 08:09 - 000922112 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-07-11 09:58 - 2019-06-13 08:09 - 000755712 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-07-11 09:58 - 2019-06-13 08:08 - 000506368 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-07-11 09:58 - 2019-06-13 07:08 - 000443632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-07-11 09:58 - 2019-06-13 07:07 - 000101192 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-07-11 09:58 - 2019-06-13 07:07 - 000080744 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-07-11 09:58 - 2019-06-13 07:06 - 001130776 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-07-11 09:58 - 2019-06-13 07:06 - 000581600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-07-11 09:58 - 2019-06-13 06:49 - 000172544 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-07-11 09:58 - 2019-06-13 06:47 - 003554304 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2019-07-11 09:58 - 2019-06-13 06:47 - 002899456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2019-07-11 09:58 - 2019-06-13 06:47 - 000450048 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-07-11 09:58 - 2019-06-13 06:46 - 000608768 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-07-11 09:58 - 2019-06-13 06:46 - 000331776 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-07-11 09:58 - 2019-06-13 06:46 - 000038400 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-07-11 09:58 - 2019-06-13 06:45 - 000602112 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-07-11 09:58 - 2019-06-13 06:45 - 000578560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-07-11 09:58 - 2019-06-13 06:44 - 001003008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-07-11 09:58 - 2019-06-13 06:44 - 000648192 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-07-11 09:58 - 2019-06-13 06:44 - 000630784 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-07-11 09:58 - 2019-06-13 06:44 - 000582144 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2019-07-11 09:58 - 2019-06-13 06:44 - 000251904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-07-11 09:58 - 2019-06-13 06:43 - 000681472 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-07-11 09:58 - 2019-06-13 06:43 - 000646656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-11 09:58 - 2019-06-13 06:43 - 000445952 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-31 09:23 - 2019-05-09 06:00 - 002096128 _____ (Farbar) C:\Users\denni\Desktop\FRST64(1).exe
2019-07-30 22:59 - 2016-04-03 06:19 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-14 00:32 - 2016-04-03 06:33 - 000000000 ____D C:\Program Files (x86)\ASUS
2019-07-13 15:45 - 2015-10-30 09:24 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2019-07-13 15:41 - 2016-11-01 00:48 - 000000000 ____D C:\WINDOWS\system32\ihvmanager
2019-07-13 15:41 - 2016-04-03 14:32 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2019-07-13 15:41 - 2015-10-30 09:24 - 000000000 ___RD C:\WINDOWS\PurchaseDialog
2019-07-13 15:41 - 2015-10-30 09:24 - 000000000 ___RD C:\WINDOWS\DesktopTileResources
2019-07-13 15:40 - 2016-11-01 00:58 - 000000000 ____D C:\Program Files (x86)\ICEpower
2019-07-13 15:40 - 2016-11-01 00:48 - 000000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2019-07-13 15:40 - 2016-11-01 00:47 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-07-13 15:40 - 2016-11-01 00:47 - 000000000 ____D C:\Program Files (x86)\Realtek
2019-07-13 15:40 - 2016-04-03 06:35 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-07-13 15:40 - 2016-04-03 06:35 - 000000000 ____D C:\Program Files (x86)\Kingsoft
2019-07-13 15:40 - 2015-10-30 20:19 - 000000000 ____D C:\Program Files\Windows Journal
2019-07-13 15:39 - 2016-11-01 09:30 - 000000000 ____D C:\eSupport
2019-07-13 15:39 - 2016-11-01 00:58 - 000000000 ____D C:\Program Files\AVAST Software
2019-07-13 15:39 - 2016-11-01 00:55 - 000000000 ____D C:\Program Files\DIFX
2019-07-13 15:39 - 2016-11-01 00:50 - 000000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
2019-07-13 15:17 - 2016-11-01 01:05 - 000000000 ____D C:\Program Files\Microsoft Office
2019-07-13 14:50 - 2016-11-01 00:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-13 14:50 - 2016-04-03 14:12 - 000000000 ____D C:\WINDOWS\Log

==================== Files in the root of some directories ================

2019-07-13 14:52 - 2019-07-31 09:00 - 000000184 _____ () C:\Users\denni\AppData\Roaming\sp_data.sys

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================











Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2019 01
Ran by denni (31-07-2019 09:25:00)
Running from C:\Users\denni\Desktop
Windows 10 Home Version 1803 17134.885 (X64) (2019-07-13 12:45:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1430618548-964272824-186209200-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1430618548-964272824-186209200-503 - Limited - Disabled)
denni (S-1-5-21-1430618548-964272824-186209200-1001 - Administrator - Enabled) => C:\Users\denni
Guest (S-1-5-21-1430618548-964272824-186209200-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1430618548-964272824-186209200-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.14.0006 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0041 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.135 - ICEpower a/s)
Bloody6 (HKLM-x32\...\Bloody3) (Version: 17.01.0002 - Bloody)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.3 - ASUSTek Computer Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{a2d9fda8-65eb-4c06-81ef-31e0a4daa335}) (Version: 10.1.1.11 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4364 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 359.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Ovládací panel NVIDIA 416.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 416.16 - NVIDIA Corporation) Hidden
Qualcomm Atheros 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.10299 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8564 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusSGDrv) Mouse (11/11/2015 8.0.0.23) (HKLM\...\FF0137EA2940E916D51DA702B6425126CC7C89BF) (Version: 11/11/2015 8.0.0.23 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.1.0 - ASUS)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5247 - Kingsoft Corp.)

Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_5.8.4.0_x86__kgqvnymyfvs32 [2019-07-16] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.15.13.0_x86__kgqvnymyfvs32 [2019-07-13] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1550.4.0_x86__kgqvnymyfvs32 [2019-07-15] (king.com)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-07-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-07-13] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-07-13] (Microsoft Studios) [MS Ad]
Microsoft Telefón -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2019-07-13] (Microsoft Corporation)
MSN Počasie -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.0.0.0_x64__a2t3txkz9j1jw [2019-07-27] (MAGIX)
MyASUS-Service Center -> C:\Program Files\WindowsApps\B9ECED6F.MyASUS_3.3.11.0_x86__qmba6cd70vzyy [2019-07-13] (ASUSTeK COMPUTER INC.)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.478.0_x64__mcm4njqhnhss8 [2019-07-13] (Netflix, Inc.)
Pošta a kalendár -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-07-13] (Microsoft Corporation) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0 [2019-07-13] (Spotify AB)
TripAdvisor Hotels Flights Restaurants -> C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotelsFlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2019-07-13] (TripAdvisor LLC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1430618548-964272824-186209200-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\denni\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1430618548-964272824-186209200-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\denni\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1430618548-964272824-186209200-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\denni\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxDTCM.dll [2016-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-10-02] (NVIDIA Corporation -> NVIDIA Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-12-02 20:01 - 2015-12-02 20:01 - 000124928 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-12-02 20:01 - 2015-12-02 20:01 - 000027648 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-12-02 20:01 - 2015-12-02 20:01 - 000029184 _____ () [File not signed] C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll
2019-07-13 16:13 - 2017-01-23 10:39 - 019337216 _____ () [File not signed] C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe
2019-07-13 16:13 - 2016-05-26 15:28 - 004672512 _____ () [File not signed] C:\Program Files (x86)\Bloody6\Bloody6\Data\RES\Forms\Internet_Advertisement\Internet_Advertisement_DLL.dll
2019-07-13 16:13 - 2013-10-11 09:43 - 000085504 _____ () [File not signed] C:\Program Files (x86)\Bloody6\Bloody6\DLL\DLL_ZoomControl.dll
2015-12-02 20:01 - 2015-12-02 20:01 - 001676288 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ApplyLUT.dll
2015-12-02 20:01 - 2015-12-02 20:01 - 000178176 _____ (ASUS TeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\GenLUT.dll
2015-12-02 20:01 - 2015-12-02 20:01 - 000054784 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
2015-12-02 20:01 - 2015-12-02 20:01 - 000164864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\Splendid\ColorU.dll
2015-05-19 11:11 - 2015-05-19 11:11 - 000335872 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
2016-11-01 00:44 - 2015-12-09 03:51 - 001182928 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 09:24 - 2015-10-30 09:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1430618548-964272824-186209200-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-1430618548-964272824-186209200-1001\...\StartupApproved\Run: => "utweb"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{05509A1D-E11D-43BD-8042-C97001BC74DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5625C944-0832-4016-860F-4FF36DD43B51}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{ACDAC432-63B8-4B14-9361-55DDFF85A6B1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CA0CE6F2-A4CC-4752-8529-A5AF9E0122EA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C4659620-9E65-450F-AD90-E59FF1D711C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{897A47E8-737B-4E1A-AD11-3B0C332DE42E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2789836B-296C-4DFF-8F28-9A5D43406997}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FD10DCA5-7F04-4A6A-9207-6D6528A00283}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BE37B665-302D-468C-AEC2-CA5B613762C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D85504EA-315A-48D7-A1A6-47F2DA795A1E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EE0E9EF5-A8F8-4EDF-996E-330AA94F037C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{684AECCD-B5B7-470E-85A2-2DC101D2BC8A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{547C92A0-59DF-4214-93B7-902690B731F3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CD92EFA5-0065-4DD0-95D4-CA56A38CDB75}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D9819420-C2C4-479C-AF35-D3C37C4A66D9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.110.540.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2879F1FE-4082-462E-9173-C86EA39406A6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{38418CB4-8736-47B3-8FB0-96DEE87317D3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E44394D9-F177-4026-9175-B58BFA58771D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{D0E9727B-B821-423C-B878-CE1C50B2583F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{5F0C66F4-8D4E-4752-A123-E40983B9EA6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{CA354446-8BBC-4582-8488-40EA3F295047}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{6F4B626F-F837-4758-B96C-47E766C558ED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{741BBB8B-9723-4227-82FA-1050B59EDE2A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{814E273F-C212-4832-9FBB-ECB76AD8ABC9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)

==================== Restore Points =========================

13-07-2019 15:08:17 Removed ASUS HiPost
22-07-2019 18:43:23 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
30-07-2019 21:45:05 Inštalátor modulov systému Windows

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2019 10:59:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/30/2019 10:59:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/30/2019 01:11:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/30/2019 01:11:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/27/2019 05:10:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: AUDIODG.EXE, verzia: 10.0.17134.829, časová značka: 0x9ed7383d
Názov chybujúceho modulu: ICEsoundAPO64.dll, verzia: 1.0.0.39, časová značka: 0x5bd6e5e4
Kód výnimky: 0xc0000005
Odstup chyby: 0x000000000003cda7
Identifikácia chybujúceho procesu: 0x1df8
Čas spustenia chybujúcej aplikácie: 0x01d5448ae9960942
Cesta chybujúcej aplikácie: C:\WINDOWS\system32\AUDIODG.EXE
Cesta chybujúceho modulu: C:\WINDOWS\system32\ICEsoundAPO64.dll
Identifikácia hlásenia: 76fd7589-054a-49ba-8b63-9a8799a8f934
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (07/22/2019 02:29:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/22/2019 02:29:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (07/18/2019 12:46:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.


System errors:
=============
Error: (07/31/2019 09:09:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/31/2019 09:05:42 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-OM902LA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-OM902LA\denni SID (S-1-5-21-1430618548-964272824-186209200-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/31/2019 09:00:26 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-OM902LA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-OM902LA\denni SID (S-1-5-21-1430618548-964272824-186209200-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/31/2019 12:25:55 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-OM902LA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-OM902LA\denni SID (S-1-5-21-1430618548-964272824-186209200-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/30/2019 10:54:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/30/2019 10:54:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/30/2019 10:52:48 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-OM902LA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-OM902LA\denni SID (S-1-5-21-1430618548-964272824-186209200-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/30/2019 10:52:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby NVIDIA Streamer Network Service bol dosiahnutý časový limit (30000 ms).


Windows Defender:
===================================
Date: 2019-07-28 03:08:22.160
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {FB146813-0E9F-4423-BCFD-B91FD12B22DB}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-07-22 22:36:13.430
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {8169E0D0-A0EA-4A65-86D7-B21C0ADF0497}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-07-22 20:33:57.068
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {39A60747-35C6-41B7-A1C1-BEB47F8456D1}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-07-18 18:18:03.159
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9A8113C1-15DB-4CF3-9183-DD61C1C813D4}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-07-18 14:37:03.040
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {CB52022C-525F-4A23-BA0D-7EBDF80C2271}
Scan Type: Antimalware
Scan Parameters: Quick Scan

==================== Memory info ===========================

BIOS: American Megatrends Inc. X556UR.315 01/25/2019
Motherboard: ASUSTeK COMPUTER INC. X556UR
Processor: Intel(R) Core(TM) i5-6198DU CPU @ 2.30GHz
Percentage of memory in use: 46%
Total physical RAM: 8059.11 MB
Available physical RAM: 4280.76 MB
Total Virtual: 9339.11 MB
Available Virtual: 4836.66 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:476.18 GB) (Free:408.66 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{70fbadb5-2350-4127-83af-57c5d2bdac3e}\ (RECOVERY) (Fixed) (Total:0.49 GB) (Free:0.11 GB) NTFS
\\?\Volume{15542718-767c-44d6-b025-313df5b5046e}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 89387496)

Partition: GPT.

==================== End of Addition.txt ============================
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,394
551
Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.



  • Close all open programs and internet browsers.
  • Right Click on adwcleaner.exe and run as admin to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

===============================================================================


Adware Removal Tool Scan.



Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.















Hit Ok.















Hit next make sure to leave all items checked, for removal.















The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

=================================================================================================


Download Quick Diag to your desktop.
Very Important!! -- Make sure program is on your desktop.
Disable your Antivirus/Antispyware prior to scanning.
Right Click Run as Administrator.
Select the Quick Scan.










Post the log that is generated in your next post.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,394
551
I'd replace Adblock ................... Ublock Origin.

=============================================================================

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • Like
Reactions: Madmatt2006

depor99

PCHF Member
PCHF Member
Jul 31, 2019
7
0
27
Hello, thank you for your interest. But the problem is not solved. For now I just open google chrome a it pops some windows and immediately close them, for about 3 or 4 windows in a row, but it is not happening every time what I open google chrome.

Here are the logs.


# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-07-22.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-01-2019
# Duration: 00:00:09
# OS: Windows 10 Home
# Scanned: 35810
# Detected: 22


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.ASUSDeviceActivation
Preinstalled.ASUSLiveUpdate
Preinstalled.ASUSProductRegistration
Preinstalled.ASUSSmartGesture
Preinstalled.ASUSSplendid
Preinstalled.ASUSWebStorage


AdwCleaner[S00].txt - [1505 octets] - [01/08/2019 13:48:25]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########










=====================================================================================





* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool 5.1
Time: 2019_08_01_14_00_13
OS: Windows 10 Home - x64 Bit
Account Name: denni
Adware Definition: 07312019
Elapsed time: 21:20
Repair Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\


No results found


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool 5.1
Time: 2019_08_01_14_00_13
OS: Windows 10 Home - x64 Bit
Account Name: denni
Adware Definition: 07312019
Elapsed time: 21:20
Scan Status:- Automatic Done

\\\\\\\\\\\\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\\\\\\\\\\\\


No results found





=============================================================================================











--------------- QuickDiag | [email protected]@n | V5_27.02.19.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 01/08/2019 14:26:18

Updated 27/02/2019 | 11:10 (GMT) by [email protected]@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+01:00) Belehrad, Bratislava, Budapešť, Ľubľana, Praha
[denni (Administrator)] - [DESKTOP-OM902LA] (S-1-5-21-1430618548-964272824-186209200-1001)

System: Microsoft Windows 10 Home - - (10.0.17134) - BuildType: Multiprocessor Free - OSLanguage: 1051 (041b) -> (1803)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Home|C:\WINDOWS|\Device\Harddisk0\Partition3
Boot : Normal boot
PC: X556UR - ASUSTeK COMPUTER INC. - IdNumber: GAN0CV21M323437 - UUID: 5EC7EAA5-951F-F543-88DE-82C638E275D3
Processor : X64 - 2400 Mhz - Intel(R) Core(TM) i5-6198DU CPU @ 2.30GHz
X556UR.315 - en|US|iso8859-1 - American Megatrends Inc. - S/N: GAN0CV21M323437 - X556UR.315 - _ASUS_ - 1072009
CoreTemp : 57 Celsius

----------| Quick


---------- | SoundDevice

Intel(R) Zvuk pre obrazovky - Status: OK - Manufacturer: Intel(R) Corporation - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_2809&SUBSYS_80860101&REV_1000\4&2504AC16&0&0201
Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0255&SUBSYS_104311C0&REV_1000\4&2504AC16&0&0001
NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: ROOT\UNNAMED_DEVICE\0000

---------- | Video

Intel(R) HD Graphics 510 - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igdumdim64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igd10iumd64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igd10iumd64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igd12umd64.dll - PNPDeviceID: PCI\VEN_8086&DEV_1906&SUBSYS_10DE1043&REV_07\3&11583659&1&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824
NVIDIA GeForce 930MX - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController2 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_24fa95e729ecaade\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_24fa95e729ecaade\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_24fa95e729ecaade\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_24fa95e729ecaade\nvldumdx.dll - PNPDeviceID: PCI\VEN_10DE&DEV_134E&SUBSYS_10DE1043&REV_A2\4&267F3346&0&00E0 - AdapterCompatibility: NVIDIA - RAM: -2147483648
Inegrated Video Chipset DeviceName: Intel(R) HD Graphics 510 - DriverVersion: 21.20.16.4550 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34696 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42480 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39424 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 86016 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36264 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25408 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK

---------- | CPU

CPU #1 value:0 %
CPU #2 value:0 %
CPU #3 value:0 %
CPU #4 value:0 %
Total Overall CPU Usage value:0 %

---------- | Network

Realtek PCIe GBE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec
Qualcomm Atheros QCA9377 Wireless Network Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall -> SEND Maxium:0 bytes/sec, / RECEIVE Maximum:0 bytes/sec

Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000
Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_200F1043&REV_10\01000000684CE00000
Qualcomm Atheros QCA9377 Wireless Network Adapter - Ethernet 802.3 - Qualcomm Atheros Communications Inc. - Status: - PnPID : PCI\VEN_168C&DEV_0042&SUBSYS_2B311A3B&REV_31\4&33185F15&0&00E5
Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&13D8E7D6&0&11
Bluetooth Device (RFCOMM Protocol TDI) - - - Status: - PnPID :
Bluetooth Device (Personal Area Network) - - - Status: - PnPID :
Microsoft Wi-Fi Direct Virtual Adapter #2 - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&13D8E7D6&0&12
WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT
WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT
WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT
WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT
WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT
WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP
WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6
WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH

---------- | Memory

RAM = Total (MB) : 8253 | Free (MB) : 5720
Pagefile = Total (MB) : 9563 | Free (MB) : 6842
Virtual = Total (MB) : 4194 | Free (MB) : 3895

Physical Memory 0 : Capacity: 8589934592 - ChannelA-DIMM0 - Posit.: 0 - Manufacturer: SK Hynix - PartNumber: HMA81GS6MFR8N-TF - S/N: 00000000

---------- | SID Users

Administrator : [S-1-5-21-1430618548-964272824-186209200-500]
DefaultAccount : [S-1-5-21-1430618548-964272824-186209200-503]
denni : [S-1-5-21-1430618548-964272824-186209200-1001]
Guest : [S-1-5-21-1430618548-964272824-186209200-501]
WDAGUtilityAccount : [S-1-5-21-1430618548-964272824-186209200-504]
Administrators : [S-1-5-32-544]
Device Owners : [S-1-5-32-583]
Distributed COM Users : [S-1-5-32-562]
Event Log Readers : [S-1-5-32-573]
Guests : [S-1-5-32-546]
IIS_IUSRS : [S-1-5-32-568]
Performance Log Users : [S-1-5-32-559]
Performance Monitor Users : [S-1-5-32-558]
Remote Management Users : [S-1-5-32-580]
System Managed Accounts Group : [S-1-5-32-581]
Users : [S-1-5-32-545]

---------- | SystemAccounts

Name: Everyone - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATOR OWNER - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: CREATOR GROUP - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: OWNER RIGHTS - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: DIALUP - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: NETWORK - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: BATCH - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIVE - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: PROXY - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SYSTEM - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Authenticated Users - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: TERMINAL SERVER USER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: LOCAL SERVICE - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: NETWORK SERVICE - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ -> [Fixed] | [OS] | Total : 476.18 Go | Free : 408.2 Go -> NTFS (SSD) [SATA]

Disk Usage Information [1 total Physical Disks]

Physical Drive #0 [C:] : Read:392,713 bytes/sec, Written:1,102,462 bytes/sec Max Read:392,713 bytes/sec, Max Write:1,102,462 bytes/sec

Overall - Read Maximum:392,713 bytes/sec, Write Maximum:1,102,462 bytes/sec

DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_MICRON_1&PROD_100_MTFDDAK512TB\4&10236D14&0&000000

---------- | Windows updates - Activation - License


W.A.T : :)

Test 1 : Windows Is Activated
Test 2 : Possible Fixed Windows

Volume License


---------- | Browsers

IE : 11.0.17134.1 (© Microsoft Corporation. Všetky práva vyhradené.)
GC : 75.0.3770.142 (Copyright 2019 Google LLC.)

Default : "C:\Program Files\Internet Explorer\IEXPLORE.EXE"

---------- | FlashPlayer

FlashPlayer ActiveX : 32.0.0.207

---------- | Security

AV : Windows Defender Enabled
AS : Windows Defender Enabled
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Manual(3)] = stopped
AS: Windows Defender [Auto(2)] = Running
WMI: Windows Management Instrumentation [Auto(2)] = Running



---------- | Running processes

388 | [Owner : SYSTEM | Parent : 4(System) | ?????] - (.Microsoft Corporation - Windows Session Manager.) - (10.0.17134.590) = C:\Windows\System32\smss.exe [13/02/2019 18:50:09] CPU Usage:0 %
564 | [Owner : SYSTEM | Parent : 492() | ?????] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 %
688 | [Owner : SYSTEM | Parent : 492() | ?????] - (.Microsoft Corporation - Windows Start-Up Application.) - (10.0.17134.1) = C:\Windows\System32\wininit.exe [12/04/2018 01:34:22] CPU Usage:0 %
696 | [Owner : SYSTEM | Parent : 680() | ?????] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe [12/04/2018 01:34:22] CPU Usage:0 %
760 | [Owner : SYSTEM | Parent : 688(wininit.exe) | ?????] - (.Microsoft Corporation - Services and Controller app.) - (10.0.17134.191) = C:\Windows\System32\services.exe [15/08/2018 13:33:22] CPU Usage:0 %
768 | [Owner : SYSTEM | Parent : 688(wininit.exe) | 16.57 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.17134.376) = C:\Windows\System32\lsass.exe [14/11/2018 00:04:44] CPU Usage:0 %
888 | [Owner : SYSTEM | Parent : 760(services.exe) | 3.5 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
912 | [Owner : UMFD-0 | Parent : 688(wininit.exe) | 3.26 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.885) = C:\Windows\System32\fontdrvhost.exe [11/07/2019 09:58:54] CPU Usage:0 %
920 | [Owner : SYSTEM | Parent : 760(services.exe) | 28.36 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1008 | [Owner : NETWORK SERVICE | Parent : 760(services.exe) | 12.65 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
356 | [Owner : SYSTEM | Parent : 760(services.exe) | 7.88 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
840 | [Owner : SYSTEM | Parent : 680() | 9.91 Mo] - (.Microsoft Corporation - Windows Logon Application.) - (10.0.17134.319) = C:\Windows\System32\winlogon.exe [10/10/2018 17:37:24] CPU Usage:0 %
1000 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 11.52 Mo] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (10.0.17134.1) = C:\Windows\System32\WUDFHost.exe [12/04/2018 01:34:28] CPU Usage:0 %
1060 | [Owner : UMFD-1 | Parent : 840(winlogon.exe) | 6.86 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.885) = C:\Windows\System32\fontdrvhost.exe [11/07/2019 09:58:54] CPU Usage:0 %
1132 | [Owner : DWM-1 | Parent : 840(winlogon.exe) | 69.51 Mo] - (.Microsoft Corporation - Desktop Window Manager.) - (10.0.17134.1) = C:\Windows\System32\dwm.exe [12/04/2018 01:34:19] CPU Usage:0 %
1268 | [Owner : SYSTEM | Parent : 760(services.exe) | 8.9 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1280 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 11.02 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1296 | [Owner : SYSTEM | Parent : 760(services.exe) | 14.4 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1364 | [Owner : SYSTEM | Parent : 760(services.exe) | 10.28 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1444 | [Owner : SYSTEM | Parent : 760(services.exe) | 5.4 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1460 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 18.41 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1548 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 17.71 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1592 | [Owner : SYSTEM | Parent : 760(services.exe) | 8.8 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1772 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 7.6 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1816 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 9.36 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1832 | [Owner : SYSTEM | Parent : 760(services.exe) | 8.86 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2431.7967) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [13/07/2019 15:36:45] CPU Usage:0 %
1844 | [Owner : SYSTEM | Parent : 760(services.exe) | 8.68 Mo] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 359.23.) - (8.17.13.5923) = C:\Windows\System32\nvvsvc.exe [01/11/2016 00:43:59] CPU Usage:0 %
1872 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 7.11 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2028 | [Owner : SYSTEM | Parent : 760(services.exe) | 5.36 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2036 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 7.43 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1056 | [Owner : SYSTEM | Parent : 760(services.exe) | 12.18 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2104 | [Owner : NETWORK SERVICE | Parent : 760(services.exe) | 10.44 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2124 | [Owner : SYSTEM | Parent : 760(services.exe) | 11.95 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2132 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 5.94 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2176 | [Owner : SYSTEM | Parent : 760(services.exe) | 7.71 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2264 | [Owner : SYSTEM | Parent : 760(services.exe) | 7.41 Mo] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4550) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe [30/11/2016 08:33:46] CPU Usage:0 %
2300 | [Owner : SYSTEM | Parent : 1832(NVDisplay.Container.exe) | 10.43 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2431.7967) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [13/07/2019 15:36:45] CPU Usage:0 %
2340 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 8.78 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2352 | [Owner : SYSTEM | Parent : 760(services.exe) | 7.17 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2380 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 6.66 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2556 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 12.07 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2584 | [Owner : NETWORK SERVICE | Parent : 760(services.exe) | 7.46 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2636 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 6.24 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2644 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 11.86 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2740 | [Owner : SYSTEM | Parent : 760(services.exe) | 13.11 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2816 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 6.91 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2924 | [Owner : SYSTEM | Parent : 760(services.exe) | 15.01 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3044 | [Owner : SYSTEM | Parent : 760(services.exe) | 5.14 Mo] - (.ASUSTek Computer Inc. - ASLDR Service.) - (1.0.88.1) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [22/07/2015 18:38:48] CPU Usage:0 %
3052 | [Owner : SYSTEM | Parent : 760(services.exe) | 11.23 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2056 | [Owner : SYSTEM | Parent : 760(services.exe) | 2.9 Mo] - (.ASUSTek Computer Inc. - GFNEXSrv.) - (1.0.12.2) = C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [01/04/2015 20:01:32] CPU Usage:0 %
3132 | [Owner : SYSTEM | Parent : 760(services.exe) | 13.72 Mo] - (.Microsoft Corporation - Spooler SubSystem App.) - (10.0.17134.1) = C:\Windows\System32\spoolsv.exe [12/04/2018 01:34:41] CPU Usage:0 %
3200 | [Owner : NETWORK SERVICE | Parent : 760(services.exe) | 7.72 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3320 | [Owner : SYSTEM | Parent : 760(services.exe) | 6.65 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3372 | [Owner : SYSTEM | Parent : 760(services.exe) | 8.39 Mo] - (.Windows (R) Win 7 DDK provider - Windows Setup API.) - (6.3.9600.17038) = C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe [24/03/2016 01:01:38] CPU Usage:0 %
3380 | [Owner : SYSTEM | Parent : 760(services.exe) | 12.13 Mo] - (.NVIDIA Corporation - NVIDIA GeForce ExperienceService.) - (2.8.1.21) = C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [01/11/2016 00:44:08] CPU Usage:0 %
3388 | [Owner : SYSTEM | Parent : 760(services.exe) | 6.08 Mo] - (.ICEpower - ICEpower ICEsound APO service.) - (1.0.0.39) = C:\Windows\System32\ICEsoundService64.exe [01/11/2018 01:33:16] CPU Usage:0 %
3396 | [Owner : SYSTEM | Parent : 760(services.exe) | 5.57 Mo] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework.) - (8.3.10203.4295) = C:\Windows\System32\Intel\DPTF\esif_uf.exe [12/01/2018 14:38:22] CPU Usage:0 %
3408 | [Owner : SYSTEM | Parent : 760(services.exe) | 6.01 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3416 | [Owner : NETWORK SERVICE | Parent : 760(services.exe) | 9.61 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3424 | [Owner : SYSTEM | Parent : 760(services.exe) | 6.97 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3440 | [Owner : SYSTEM | Parent : 760(services.exe) | 20.5 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3456 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 23.47 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3536 | [Owner : SYSTEM | Parent : 760(services.exe) | 16.26 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3632 | [Owner : SYSTEM | Parent : 760(services.exe) | 8.34 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3640 | [Owner : SYSTEM | Parent : 760(services.exe) | 10.14 Mo] - (.NVIDIA Corporation - NVIDIA Network Service.) - (2.4.13.69) = C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [01/11/2016 00:44:06] CPU Usage:0 %
3676 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 5.97 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3688 | [Owner : SYSTEM | Parent : 760(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.13.17134.191) = C:\Windows\System32\SecurityHealthService.exe [15/08/2018 13:33:26] CPU Usage:0 %
3712 | [Owner : SYSTEM | Parent : 760(services.exe) | 5.08 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3720 | [Owner : SYSTEM | Parent : 760(services.exe) | 18.43 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3748 | [Owner : SYSTEM | Parent : 760(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.1907.4) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe [26/07/2019 20:39:46] CPU Usage:0 %
3900 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 8.07 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3952 | [Owner : SYSTEM | Parent : 760(services.exe) | 11.14 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
4064 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 4.94 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3964 | [Owner : SYSTEM | Parent : 760(services.exe) | 11.48 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
4860 | [Owner : SYSTEM | Parent : 760(services.exe) | 5.27 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
4888 | [Owner : SYSTEM | Parent : 760(services.exe) | 7.97 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
5040 | [Owner : denni | Parent : 3396(esif_uf.exe) | 3.43 Mo] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework Utility Application.) - (8.3.10203.4295) = C:\Windows\System32\Intel\DPTF\dptf_helper.exe [12/01/2018 14:38:22] CPU Usage:0 %
5056 | [Owner : SYSTEM | Parent : 3044(AsLdrSrv.exe) | 8.99 Mo] - (.ASUSTek Computer Inc. - HControl.) - (1.0.88.2) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [31/08/2015 13:52:18] CPU Usage:0 %
3564 | [Owner : denni | Parent : 1592(svchost.exe) | 24.66 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.17134.1) = C:\Windows\System32\sihost.exe [12/04/2018 01:34:12] CPU Usage:0 %
1264 | [Owner : denni | Parent : 760(services.exe) | 14.13 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
4644 | [Owner : denni | Parent : 760(services.exe) | 32.3 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
2808 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 18.98 Mo] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8931) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [04/06/2018 02:55:51] CPU Usage:0 %
4048 | [Owner : NETWORK SERVICE | Parent : 760(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.18.1907.4) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe [26/07/2019 20:39:46] CPU Usage:0 %
4848 | [Owner : denni | Parent : 1296(svchost.exe) | 1.95 Mo] - (.ASUS - ACMON.) - (1.0.8.0) = C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [02/12/2015 20:01:44] CPU Usage:0 %
2988 | [Owner : denni | Parent : 1296(svchost.exe) | 13.48 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (10.0.17134.619) = C:\Windows\System32\taskhostw.exe [13/03/2019 16:20:57] CPU Usage:0 %
5232 | [Owner : SYSTEM | Parent : 760(services.exe) | 7.22 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
5296 | [Owner : denni | Parent : 5232(svchost.exe) | 18.31 Mo] - (.Microsoft Corporation - CTF Loader.) - (10.0.17134.1) = C:\Windows\System32\ctfmon.exe [12/04/2018 01:34:37] CPU Usage:0 %
5452 | [Owner : SYSTEM | Parent : 760(services.exe) | 5.9 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
5712 | [Owner : denni | Parent : 5628() | 126.03 Mo] - (.Microsoft Corporation - Prieskumník.) - (10.0.17134.858) = C:\Windows\explorer.exe [11/07/2019 09:59:03] CPU Usage:0 %
5768 | [Owner : denni | Parent : 5580() | 12.02 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4550) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe [30/11/2016 08:34:10] CPU Usage:0 %
5884 | [Owner : denni | Parent : 4812() | 7.05 Mo] - (.ASUSTek Computer Inc. - ATK Media.) - (2.0.22.2) = C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [22/04/2015 12:28:24] CPU Usage:0 %
5896 | [Owner : denni | Parent : 4668() | 8.47 Mo] - (.ASUSTek Computer Inc. - ATKOSD2.) - (7.0.33.3) = C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [21/05/2015 16:52:36] CPU Usage:0 %
5928 | [Owner : SYSTEM | Parent : 760(services.exe) | 5.24 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
5256 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 13.95 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
5700 | [Owner : SYSTEM | Parent : 760(services.exe) | 14.78 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
6160 | [Owner : denni | Parent : 920(svchost.exe) | 76.37 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.17134.753) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [15/05/2019 22:36:00] CPU Usage:0 %
6384 | [Owner : denni | Parent : 920(svchost.exe) | 116.57 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.17134.885) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [11/07/2019 09:59:13] CPU Usage:0 %
6572 | [Owner : denni | Parent : 920(svchost.exe) | 14.04 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 %
6604 | [Owner : denni | Parent : 920(svchost.exe) | 18.59 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 %
7044 | [Owner : SYSTEM | Parent : 760(services.exe) | 22.54 Mo] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.17134.677) = C:\Windows\System32\SearchIndexer.exe [11/04/2019 21:19:35] CPU Usage:0 %
7132 | [Owner : denni | Parent : 920(svchost.exe) | 5.96 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.17134.885) = C:\Windows\System32\SettingSyncHost.exe [11/07/2019 09:58:56] CPU Usage:0 %
3140 | [Owner : denni | Parent : 920(svchost.exe) | 11.14 Mo] - (.-.) - (8.50.0.38) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe [25/07/2019 21:54:20] CPU Usage:0 %
2920 | [Owner : denni | Parent : 920(svchost.exe) | 136.96 Mo] - (.Microsoft Corporation - SkypeApp.) - (8.50.0.38) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.50.38.0_x64__kzf8qxf38zg5c\SkypeApp.exe [25/07/2019 21:54:20] CPU Usage:0 %
7172 | [Owner : denni | Parent : 920(svchost.exe) | 0.53 Mo] - (.-.) - (10.19031.1141.0) = C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe [13/07/2019 15:19:42] CPU Usage:0 %
7304 | [Owner : denni | Parent : 920(svchost.exe) | 15.52 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 %
7860 | [Owner : denni | Parent : 6872() | 1.43 Mo] - (.AsusTek - ASUS Smart Gesture Loader.) - (1.0.51.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [18/12/2015 19:21:58] CPU Usage:0 %
8008 | [Owner : SYSTEM | Parent : 3672() | 0.85 Mo] - (.Google LLC - Google Crash Handler.) - (1.3.34.11) = C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe [13/07/2019 14:53:54] CPU Usage:0 %
8032 | [Owner : SYSTEM | Parent : 3672() | 0.72 Mo] - (.Google LLC - Google Crash Handler.) - (1.3.34.11) = C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe [13/07/2019 14:53:54] CPU Usage:0 %
5012 | [Owner : denni | Parent : 7860(AsusTPLoader.exe) | 2.9 Mo] - (.AsusTek - ASUS Smart Gesture Center.) - (1.0.0.84) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe [18/12/2015 19:21:52] CPU Usage:0 %
5172 | [Owner : denni | Parent : 920(svchost.exe) | 19.69 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 %
8232 | [Owner : denni | Parent : 5012(AsusTPCenter.exe) | 1.01 Mo] - (.AsusTek - ASUS Smart Gesture Helper.) - (1.0.22.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe [18/12/2015 19:22:16] CPU Usage:0 %
8284 | [Owner : denni | Parent : 920(svchost.exe) | 7.85 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe [12/04/2018 01:34:06] CPU Usage:0 %
8484 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 12.34 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
8604 | [Owner : denni | Parent : 5712(explorer.exe) | 11.67 Mo] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.13.17134.1) = C:\Program Files\Windows Defender\MSASCuiL.exe [12/04/2018 01:33:58] CPU Usage:0 %
8724 | [Owner : denni | Parent : 5712(explorer.exe) | 19.14 Mo] - (.NVIDIA Corporation - NVIDIA Backend.) - (20.12.1.0) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [01/11/2016 00:44:08] CPU Usage:0 %
8928 | [Owner : denni | Parent : 5712(explorer.exe) | 65.32 Mo] - (.Valve Corporation - Steam Client Bootstrapper.) - (5.23.87.7) = C:\Program Files (x86)\Steam\Steam.exe [22/05/2018 02:30:20] CPU Usage:0 %
9016 | [Owner : denni | Parent : 8928(Steam.exe) | 46.92 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (5.23.87.7) = C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe [17/07/2019 10:58:12] CPU Usage:0 %
9064 | [Owner : SYSTEM | Parent : 760(services.exe) | 14.06 Mo] - (.Valve Corporation - Steam Client Service.) - (5.23.87.7) = C:\Program Files (x86)\Common Files\Steam\SteamService.exe [13/07/2019 15:33:09] CPU Usage:0 %
9128 | [Owner : denni | Parent : 9016(steamwebhelper.exe) | 12.1 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (5.23.87.7) = C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe [17/07/2019 10:58:12] CPU Usage:0 %
1392 | [Owner : denni | Parent : 9016(steamwebhelper.exe) | 44.03 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (5.23.87.7) = C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe [17/07/2019 10:58:12] CPU Usage:0 %
6420 | [Owner : denni | Parent : 5712(explorer.exe) | 148.26 Mo] - (.-.) - (1.0.0.0) = C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe [13/07/2019 16:13:10] CPU Usage:0 %
8692 | [Owner : denni | Parent : 9016(steamwebhelper.exe) | 88.46 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (5.23.87.7) = C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe [17/07/2019 10:58:12] CPU Usage:0 %
8020 | [Owner : denni | Parent : 9016(steamwebhelper.exe) | 38.93 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (5.23.87.7) = C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe [17/07/2019 10:58:12] CPU Usage:0 %
2364 | [Owner : denni | Parent : 1296(svchost.exe) | 2.24 Mo] - (.Realtek Semiconductor - Správca zvuku s vysokým rozlíšením Realtek.) - (1.0.0.1128) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [01/11/2018 01:33:22] CPU Usage:0 %
2460 | [Owner : denni | Parent : 1296(svchost.exe) | 1.7 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.295) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [01/11/2018 01:33:22] CPU Usage:0 %
6424 | [Owner : SYSTEM | Parent : 920(svchost.exe) | 32.03 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [12/04/2018 01:34:40] CPU Usage:0 %
1860 | [Owner : SYSTEM | Parent : 760(services.exe) | 5.76 Mo] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (11.0.0.1173) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [16/10/2015 08:15:54] CPU Usage:0 %
1952 | [Owner : SYSTEM | Parent : 760(services.exe) | 11.62 Mo] - (.Intel Corporation - Intel(R) Local Management Service.) - (11.0.0.1173) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [16/10/2015 08:14:56] CPU Usage:0 %
2580 | [Owner : SYSTEM | Parent : 760(services.exe) | 9.05 Mo] - (.Microsoft Corporation - sedsvc.) - (10.0.17134.10066) = C:\Program Files\rempl\sedsvc.exe [11/06/2019 11:37:42] CPU Usage:0 %
1112 | [Owner : SYSTEM | Parent : 760(services.exe) | ?????] - (.Microsoft Corporation - System Guard Runtime Monitor Broker Service.) - (10.0.17134.1) = C:\Windows\System32\SgrmBroker.exe [12/04/2018 01:34:04] CPU Usage:0 %
3148 | [Owner : SYSTEM | Parent : 760(services.exe) | 27.94 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3544 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 8.32 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
3840 | [Owner : denni | Parent : 760(services.exe) | 11.25 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
8144 | [Owner : SYSTEM | Parent : 760(services.exe) | 7.92 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
9708 | [Owner : denni | Parent : 920(svchost.exe) | 30.53 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.17134.1) = C:\Windows\System32\ApplicationFrameHost.exe [12/04/2018 01:34:18] CPU Usage:0 %
8972 | [Owner : LOCAL SERVICE | Parent : 760(services.exe) | 6.73 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
5332 | [Owner : denni | Parent : 920(svchost.exe) | 19.53 Mo] - (.-.) - (2019.19051.16210.0) = C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe [13/07/2019 15:17:25] CPU Usage:0 %
1584 | [Owner : SYSTEM | Parent : 760(services.exe) | 17.88 Mo] - (.Intel Corporation - Intel(R) Security Assist.) - (1.0.0.532) = C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [19/05/2015 11:11:00] CPU Usage:0 %
9036 | [Owner : denni | Parent : 920(svchost.exe) | 39.86 Mo] - (.Microsoft Corporation - Store.) - (11906.1001.18.0) = C:\Program Files\WindowsApps\Microsoft.WindowsStore_11906.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe [30/07/2019 13:16:32] CPU Usage:0 %
8200 | [Owner : denni | Parent : 920(svchost.exe) | 42.32 Mo] - (.Microsoft Corporation - Nastavenia.) - (10.0.17134.112) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe [13/06/2018 15:14:26] CPU Usage:0 %
9404 | [Owner : SYSTEM | Parent : 760(services.exe) | 18.59 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe [13/02/2019 18:50:12] CPU Usage:0 %
1416 | [Owner : denni | Parent : 920(svchost.exe) | 21.61 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.17134.677) = C:\Windows\System32\smartscreen.exe [11/04/2019 21:19:40] CPU Usage:0 %
10204 | [Owner : LOCAL SERVICE | Parent : 2556(svchost.exe) | 15.87 Mo] - (.Microsoft Corporation - Windows Audio Device Graph Isolation.) - (10.0.17134.829) = C:\Windows\System32\audiodg.exe [15/06/2019 12:01:13] CPU Usage:0 %
200 | [Owner : denni | Parent : 920(svchost.exe) | 39.08 Mo] - (.Microsoft Corporation - Prieskumník.) - (10.0.17134.858) = C:\Windows\explorer.exe [11/07/2019 09:59:03] CPU Usage:0 %
6640 | [Owner : denni | Parent : 5712(explorer.exe) | 57.55 Mo] - (.SosVirus - QuickDiag.) - (27.2.19.1) = C:\Users\denni\Desktop\quickdiag_V5_27.02.19.1.exe [01/08/2019 13:47:23] CPU Usage:0 %
32 | [Owner : NETWORK SERVICE | Parent : 920(svchost.exe) | 9.58 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [12/04/2018 01:34:55] CPU Usage:0 %

---------- | Locked Applications


---------- | Explorer.exe Modules (Microsoft Files Whitelisted)

(..-..) - (0.0.0.0) -- C:\Windows\System32\InputHost.dll
(.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (21.20.16.4550) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igd10iumd64.dll
(.Intel Corporation.-.Intel Graphics Shader Compiler for Intel(R) Graphics Accelerator.) - (21.20.16.4550) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igc64.dll
(..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll
(..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll
(.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 416.16.) - (25.21.14.1616) -- C:\WINDOWS\system32\nvapi64.dll
(.NVIDIA Corporation.-.NVIDIA Slovak language resource library.) - (6.14.14.1616) -- C:\WINDOWS\SYSTEM32\Nv3DAppShExtR.dll
(.NVIDIA Corporation.-.NVIDIA Shell Extensions.) - (6.14.14.1616) -- C:\WINDOWS\system32\nv3dappshext.dll

---------- | Explorer.exe Modules (Microsoft Files Whitelisted)


---------- | Winlogon.exe Modules (Microsoft Files Whitelisted)


---------- | svchost.exe Modules (Microsoft Files Whitelisted)

(.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.21.0.0) -- c:\windows\system32\winsqlite3.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: NT AUTHORITY\LOCAL SERVICE
OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: NT AUTHORITY\NETWORK SERVICE
Steam - ("C:\Program Files (x86)\Steam\steam.exe" -silent [HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\...\Run]) - User: DESKTOP-OM902LA\denni
Bloody2 - ("C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe" Minimum [HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\...\Run]) - User: DESKTOP-OM902LA\denni
utweb - ("C:\Users\denni\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED [HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\...\Run]) - User: DESKTOP-OM902LA\denni
SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public
NvBackend - ("C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [HKLM\SOFTWARE\...\Run]) - User: Public
ShadowPlay - (C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart [HKLM\SOFTWARE\...\Run]) - User: Public

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files (x86)\Steam\steam.exe" -silent
"Bloody2"="C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe" Minimum
"utweb"="C:\Users\denni\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"Bloody2"=0x020000000000000000000000
"Steam"=0x020000000000000000000000
"utweb"=0x03000000C128F9EB0E47D501

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"=msconfig\1
"MRUList"=a

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"Device"=OneNote,winspool,Ne03:
"IsMRUEstablished"=0
"LegacyDefaultPrinterMode"=0

[HKLM\Software\Microsoft\Command Processor]
"DefaultColor"=0
"EnableExtensions"=1
"CompletionChar"=64
"PathCompletionChar"=64

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"=C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"SecurityHealth"=0x060000000000000000000000
"NvBackend"=0x020000000000000000000000
"ShadowPlay"=0x020000000000000000000000
"WindowsDefender"=0x020000000000000000000000

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"WebStorage"=0x040000000000000000000000

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc
"AppInit_DLLs"=
"DdeSendTimeout"=0
"DesktopHeapLogging"=1
"DeviceNotSelectedTimeout"=15
"DwmInputUsesIoCompletionPort"=1
"EnableDwmInputProcessing"=7
"GDIProcessHandleQuota"=10000
"IconServiceLib"=IconCodecService.dll
"LoadAppInit_DLLs"=0
"NaturalInputHandler"=Ninput.dll
"ShutdownWarningDialogTimeout"=4294967295
"Spooler"=yes
"ThreadUnresponsiveLogTimeout"=500
"TransmissionRetryTimeout"=90
"USERNestedWindowLimit"=50
"USERPostMessageLimit"=10000
"USERProcessHandleQuota"=10000
"Win32kLastWriteTime"=1D3D1ED98C0F7D8

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=9
"DefaultColor"=0
"EnableExtensions"=1
"PathCompletionChar"=9

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc
"AppInit_DLLs"=
"DdeSendTimeout"=0
"DesktopHeapLogging"=1
"DeviceNotSelectedTimeout"=15
"DwmInputUsesIoCompletionPort"=1
"EnableDwmInputProcessing"=7
"GDIProcessHandleQuota"=10000
"IconServiceLib"=IconCodecService.dll
"LoadAppInit_DLLs"=0
"NaturalInputHandler"=Ninput.dll
"ShutdownWarningDialogTimeout"=4294967295
"Spooler"=yes
"ThreadUnresponsiveLogTimeout"=500
"TransmissionRetryTimeout"=90
"USERNestedWindowLimit"=50
"USERPostMessageLimit"=10000
"USERProcessHandleQuota"=10000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}


---------- | Win.ini :



---------- | System.ini :



---------- | Tasks List

ASUS Smart Gesture Launcher
ASUS Splendid ACMON
ATK Package 36D18D69AFC3
ATK Package A22126881260
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
RtHDVBg_ListenToDevice
RTKCPL
WpsNotifyTask_Administrator
WpsUpdateTask_Administrator

---------- | Startings up registry ¦ Folder


---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server


[HKLM\System\CurrentControlSet\Control]
"BootDriverFlags"=28
"CurrentUser"=USERNAME
"EarlyStartServices"=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
AppIdSvc
"PreshutdownOrder"=UsoSvc
DeviceInstall
gpsvc
trustedinstaller
"SvcHostSplitThresholdInKB"=3670016
"WaitToKillServiceTimeout"=2000
"SystemStartOptions"= NOEXECUTE=OPTIN NOVGA
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(3)
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1)
"LastBootSucceeded"=1
"LastBootShutdown"=1
"DirtyShutdownCount"=5

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbasedirectories"=0
"auditbaseobjects"=0
"Bounds"=0x0030000000200000
"crashonauditfail"=0
"fullprivilegeauditing"=0x00
"LimitBlankPasswordUse"=1
"NoLmHash"=1
"Security Packages"="" [13/07/2019 14:47:40]
"Notification Packages"=scecli
"Authentication Packages"=msv1_0
"LsaPid"=768
"SecureBoot"=1
"ProductType"=3
"disabledomaincreds"=0
"everyoneincludesanonymous"=0
"forceguest"=0
"restrictanonymoussam"=1
"restrictanonymous"=0
"SamConnectedAccountsExist"=1

[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll

[HKLM\System\CurrentControlSet\Control\Session Manager]
"AutoChkTimeout"=8
"BootExecute"=autocheck autochk *
"BootShell"=%SystemRoot%\system32\bootim.exe
"CriticalSectionTimeout"=2592000
"ExcludeFromKnownDlls"=
"GlobalFlag"=0
"HeapDeCommitFreeBlockThreshold"=0
"HeapDeCommitTotalFreeThreshold"=0
"HeapSegmentCommit"=0
"HeapSegmentReserve"=0
"InitConsoleFlags"=0
"NumberOfInitialSessions"=2
"ObjectDirectories"=\Windows
\RPC Control
"ProcessorControl"=2
"ProtectionMode"=1
"RunLevelExecute"=WinInit
ServiceControlManager
"RunLevelValidate"=ServiceControlManager
"SETUPEXECUTE"=
"AutoChkSkipSystemPartition"=0
"ResourceTimeoutCount"=648000

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"AllowRemoteRPC"=0
"DelayConMgrTimeout"=0
"DeleteTempDirsOnExit"=1
"fDenyTSConnections"=1
"fSingleSessionPerUser"=1
"NotificationTimeOut"=0
"PerSessionTempDir"=0
"ProductVersion"=5.1
"RCDependentServices"=CertPropSvc
SessionEnv
"SnapshotMonitors"=1
"StartRCM"=0
"TSUserEnabled"=0
"InstanceID"=67c84736-de5b-4d7b-a301-28aff63
"GlassSessionId"=1


---------- | .LNK with Arguments


---------- | AppCertDlls


---------- | Dnsapi.dll

C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Control Panel\Desktop]
"ActiveWndTrackTimeout"=0
"BlockSendInputResets"=0
"CaretTimeout"=5000
"CaretWidth"=1
"ClickLockTime"=1200
"CoolSwitchColumns"=7
"CoolSwitchRows"=3
"CursorBlinkRate"=530
"DockMoving"=1
"DragFromMaximize"=1
"DragFullWindows"=1
"DragHeight"=4
"DragWidth"=4
"FocusBorderHeight"=1
"FocusBorderWidth"=1
"FontSmoothing"=2
"FontSmoothingGamma"=0
"FontSmoothingOrientation"=1
"FontSmoothingType"=2
"ForegroundFlashCount"=7
"ForegroundLockTimeout"=200000
"LeftOverlapChars"=3
"MenuShowDelay"=400
"MouseWheelRouting"=2
"PaintDesktopVersion"=0
"Pattern"=0
"RightOverlapChars"=3
"ScreenSaveActive"=1
"SnapSizing"=1
"TileWallpaper"=0
"WallPaper"=
"WallpaperOriginX"=0
"WallpaperOriginY"=0
"WallpaperStyle"=2
"WheelScrollChars"=1
"WheelScrollLines"=3
"WindowArrangementActive"=1
"Win8DpiScaling"=0
"DpiScalingVer"=4096
"UserPreferencesMask"=0x9E1E078012000000
"MaxVirtualDesktopDimension"=1920
"MaxMonitorDimension"=1920
"TranscodedImageCount"=1
"LastUpdated"=4294967295
"TranscodedImageCache"=0x7AC30100BA7239008007000038040000C665A3280A2CD10143003A005C00570049004E0044004F00570053005C0061007300750073005C00770061006C006C007000610070006500720073005C0061007300750073002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
"IgnorePerProcessSystemDPIToast"=1
"WaitToKillAppTimeout"=2000
"HungAppTimeout"=2000

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ExplorerStartupTraceRecorded"=1
"ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000
"UserSignedIn"=1
"SlowContextMenuEntries"=0x6024B221EA3A6910A2DC08002B30309DC5010000206BB9B11DDA3C4A92C17229B32F232698060000CEC429A936FD7042B4F534ECAC5BD63C33020000D3EFA9CCED290A43BA6DE6BBFF0A60C26B03000016EC7DE90DA5BB49AE24CF682282E08DC5010000
"SIDUpdatedOnLibraries"=1
"LocalKnownFoldersMigrated"=1
"TelemetrySalt"=0
"GlobalAssocChangedCounter"=35
"FirstRunTelemetryComplete"=1
"AppReadinessLogonComplete"=1
"EdgeDesktopShortcutCreated"=1
"PostAppInstallTasksCompleted"=1

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2
"ServerAdminUI"=0
"Hidden"=2
"ShowCompColor"=1
"HideFileExt"=1
"DontPrettyPath"=0
"ShowInfoTip"=1
"HideIcons"=0
"MapNetDrvBtn"=0
"WebView"=1
"Filter"=0
"ShowSuperHidden"=0
"SeparateProcess"=0
"AutoCheckSelect"=0
"IconsOnly"=0
"ShowTypeOverlay"=1
"ShowStatusBar"=1
"StoreAppsOnTaskbar"=1
"ListviewAlphaSelect"=1
"ListviewShadow"=1
"TaskbarAnimations"=1
"StartMenuInit"=13
"TaskbarStateLastRun"=0x6924405D00000000
"ReindexedProfile"=1

[HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"authenticodeenabled"=0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableFullTrustStartupTasks"=2
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableUIADesktopToggle"=0
"EnableUwpStartupTasks"=2
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"ValidateAdminCodeSignatures"=0
"FilterAdministratorToken"=1
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"NoRecentDocsHistory"=0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1
"NoComponents"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1
"DefaultValue"=2
"HKeyRoot"=2147483649
"Id"=2
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"Text"[email protected],-30500
"Type"=radio
"ValueName"=Hidden

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0
"ActiveSetupTaskOverride"=1
"AsyncRunOnce"=1
"AsyncUpdatePCSettings"=1
"DisableAppInstallsOnFirstLogon"=1
"DisableResolveStoreCategories"=1
"DisableUpgradeCleanup"=1
"EarlyAppResolverStart"=1
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
"FSIASleepTimeInMs"=60000
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
"IconUnderline"=2
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
"MachineOobeUpdates"=1
"NoWaitOnRoamingPayloads"=1
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
"GlobalAssocChangedCounter"=5

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1
"TaskbarSizeMove"=0

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s

[HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"authenticodeenabled"=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableFullTrustStartupTasks"=2
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableUIADesktopToggle"=0
"EnableUwpStartupTasks"=2
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"ValidateAdminCodeSignatures"=0
"FilterAdministratorToken"=1
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"NoRecentDocsHistory"=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1
"NoComponents"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1
"DefaultValue"=2
"HKeyRoot"=2147483649
"Id"=2
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"Text"[email protected],-30500
"Type"=radio
"ValueName"=Hidden

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0
"ActiveSetupTaskOverride"=1
"AsyncRunOnce"=1
"AsyncUpdatePCSettings"=1
"DisableAppInstallsOnFirstLogon"=1
"DisableResolveStoreCategories"=1
"DisableUpgradeCleanup"=1
"EarlyAppResolverStart"=1
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
"FSIASleepTimeInMs"=60000
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
"IconUnderline"=2
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
"MachineOobeUpdates"=1
"NoWaitOnRoamingPayloads"=1
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
"GlobalAssocChangedCounter"=4

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1
"TaskbarSizeMove"=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s


---------- | Winlogon

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders
"BuildNumber"=17134
"FirstLogon"=0
"PUUActive"=0x0EFB17D00100040018008B004E790700215F0F00215F0F00D200000002000B009D95FED680B81800CBA50E00C8950300C5780300987C0200000000007D780E000B090000140500008608564C5F48D5014E79070000000000010000004E790700EE4200001F180000CEB78C0000000000
"DP"=0xD200E80038000400170000000EFB17D0CEB78C00000000008608564C5F48D501C33A8AD34948D501BFEF56000000000000000000174454000000000000000000000000000000000000000000000000000000000000000000000000000000F03F80510100C4090180F0004441F0C844451E3300002684200F26A4200F32220180020903600219036844B50080453990044D399014E93B00800204012602060526A73C00C065510A60755B0A656C0801800600770406007714C9E100805400A9005481BD0CEA590080010041740100457C75910040AE420A20BE420E243542008000A0234000A02340

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoRestartShell"=1
"Background"=0 0 0
"CachedLogonsCount"=10
"DebugServerCommand"=no
"DisableBackButton"=1
"EnableSIHostIntegration"=1
"ForceUnlockLogon"=0
"LegalNoticeCaption"=
"LegalNoticeText"=
"PasswordExpiryWarning"=5
"PowerdownAfterShutdown"=0
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}
"ReportBootOk"=1
"Shell"=explorer.exe
"ShellCritical"=0
"ShellInfrastructure"=sihost.exe
"SiHostCritical"=0
"SiHostReadyTimeOut"=0
"SiHostRestartCountLimit"=0
"SiHostRestartTimeGap"=0
"VMApplet"=SystemPropertiesPerformance.exe /pagefile
"WinStationsDisabled"=0
"scremoveoption"=0
"LastLogOffEndTimePerfCounter"=238332805901
"ShutdownFlags"=2147483687
"DisableCad"=1
"USERINIT"=C:\windows\system32\userinit.exe,
"DisableLockWorkstation"=0
"EnableFirstLogonAnimation"=1
"AutoLogonSID"=S-1-5-21-1430618548-964272824-186209200-1001
"LastUsedUsername"=denni

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultDomainName"=
"DefaultUserName"=
"EnableSIHostIntegration"=1
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}
"Shell"=explorer.exe
"ShellCritical"=0
"SiHostCritical"=0
"SiHostReadyTimeOut"=0
"SiHostRestartCountLimit"=0
"SiHostRestartTimeGap"=0


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile
"Content Type"=application/x-msdownload

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*
"IsolatedCommand"="%1" %*

[HKLM\Software\Classes\.com]
""=comfile

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.reg]
""=regfile

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"

[HKLM\Software\Classes\.scr]
""=scrfile

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S

[HKLM\Software\Classes\.bat]
""=batfile

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.cmd]
""=cmdfile

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.pif]
""=piffile

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.inf]
""=inffile

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\Classes\.url]
""=InternetShortcut

[HKLM\Software\Classes\.lnk]
""=lnkfile

[HKLM\Software\Classes\.hta]
""=htafile
"Content Type"=application/hta
"PerceivedType"=text

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

[HKLM\Software\Classes\InternetShortcut]
"EditFlags"=2
"FriendlyTypeName"[email protected]:\WINDOWS\system32\ieframe.dll,-10046
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"IsShortcut"=
"NeverShowExt"=
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment
""=Internetový odkaz

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest
"BrowserFlags"=4096
"EditFlags"=4259840
"FriendlyTypeName"[email protected]:\Windows\System32\dfshim.dll,-200

[HKLM\Software\Classes\Application.Reference]
""=Application Reference
"EditFlags"=131072
"FriendlyTypeName"[email protected]:\Windows\System32\dfshim.dll,-201
"IsShortcut"=
"NeverShowExt"=

[HKLM\Software\Classes\Folder]
""=Folder
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay
"ContentViewModeLayoutPatternForBrowse"=delta
"ContentViewModeLayoutPatternForSearch"=alpha
"EditFlags"=0xD2030000
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus
"NoRecentDocs"=
"ThumbnailCutoff"=0
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile
"Content Type"=application/x-msdownload

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*
"IsolatedCommand"="%1" %*

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile

[HKLM\Software\WOW6432Node\Classes\.hta]
""=htafile
"Content Type"=application/hta
"PerceivedType"=text

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"EditFlags"=2
"FriendlyTypeName"[email protected]:\WINDOWS\system32\ieframe.dll,-10046
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"IsShortcut"=
"NeverShowExt"=
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment
""=Internetový odkaz

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest
"BrowserFlags"=4096
"EditFlags"=4259840
"FriendlyTypeName"[email protected]:\Windows\System32\dfshim.dll,-200

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
""=Application Reference
"EditFlags"=131072
"FriendlyTypeName"[email protected]:\Windows\System32\dfshim.dll,-201
"IsShortcut"=
"NeverShowExt"=

[HKLM\Software\WOW6432Node\Classes\Folder]
""=Folder
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay
"ContentViewModeLayoutPatternForBrowse"=delta
"ContentViewModeLayoutPatternForSearch"=alpha
"EditFlags"=0xD2030000
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus
"NoRecentDocs"=
"ThumbnailCutoff"=0
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 19:02:10]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe [12/04/2018 19:02:10]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall


---------- | AppcompatFlags

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"=0x534143500100000000000000070000002800000038B30600CB99070001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000DFD9760E000000000F0000000F000000
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"=0x5341435001000000000000000700000028000000386303003DFB030001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000DFD9760E000000000F0000000F000000
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe"=0x5341435001000000000000000700000028000000F0BD0200F0B7030001000000000000000000000A73220000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000007ABB760E000000000E0000000E000000
"C:\Users\denni\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ChromeSetup (1).exe"=0x534143500100000000000000070000002800000038921100D8CF110001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000080650000000000000100000001000000
"C:\Users\denni\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000787C03003765040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Users\denni\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x534143500100000000000000070000002800000078E4FC0124EEFC0101000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Users\denni\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\FileSyncConfig.exe"=0x534143500100000000000000070000002800000078D404009BC1050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"=0x5341435001000000000000000700000028000000F0702C000D6F2D0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000060470200000000000200000002000000
"C:\Program Files (x86)\ASUS\Giftbox\uninstall.exe"=0x534143500100000000000000070000002800000038F3020038E9030003000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000E63A0000000000000100000001000000
"C:\Program Files\AVAST Software\SecureLine\unins000.exe"=0x5341435001000000000000000700000028000000C83113001078130003000000000000000000030600010000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000020000000000000000000000000000097F0200000000000100000001000000
"C:\Program Files (x86)\TeamViewer\uninstall.exe"=0x534143500100000000000000070000002800000028FE0800B877090003000000000000000000010600010000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000001080000000000000008000000000001A350000000000000100000001000000010000000400000001000000
"C:\Program Files (x86)\WildTangent Games\Touchpoints\asus\Uninstall.exe"=0x5341435001000000000000000700000028000000F0100500CC30050003000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009A1D0000000000000100000001000000
"C:\Program Files (x86)\ASUS\WebStorage\uninst.exe"=0x534143500100000000000000070000002800000013510300D041C70003000000000000000000010600010000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000073960000000000000100000001000000
"C:\Program Files\mcafee\msc\mcuihost.exe"=0x534143500100000000000000070000002800000018B10E00E0AB0F0003000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A7100400000000000100000001000000
"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe"=0x534143500100000000000000070000002800000048B600006317010001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A30C0000000000000200000002000000
"C:\Users\denni\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\OneDriveSetup.exe"=0x534143500100000000000000070000002800000078E4FC0124EEFC0103000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Users\denni\Desktop\SteamSetup.exe"=0x5341435001000000000000000700000028000000C0021800841D180001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E5350000000000000100000001000000
"C:\Users\denni\AppData\Local\Temp\Temp1_Bloody6_V2017.0123_US.zip\Bloody6_V2017.0123_US.exe"=0x534143500100000000000000070000002800000069ABCB010000000001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000003FA50F00000000000100000001000000
"C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe"=0x5341435001000000000000000700000028000000001027010000000001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000BA080000000000000200000002000000
"C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe"=0x534143500100000000000000070000002800000038272A007DDF2A0001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000576C0000000000000100000001000000
"C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe"=0x534143500100000000000000070000002800000090F9040031D7050001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000016040000000000000200000002000000
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000F0BD1700C839180001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000080FCCF05000000000A0000000A000000
"C:\Program Files (x86)\Steam\Steam.exe"=0x534143500100000000000000070000002800000020FB300035DB310001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000003F000000000000002900000029000000
"C:\Program Files (x86)\Evernote\Evernote\EvernoteCleanup.exe"=0x53414350010000000000000007000000280000000866020074D5020001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000003F000000000000000100000001000000
"C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe"=0x5341435001000000000000000700000028000000D00214006298140003000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000291B0000000000000100000001000000
"C:\Users\denni\AppData\Roaming\uTorrent Web\Uninstall.exe"=0x5341435001000000000000000700000028000000B0CF03002050040003000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000044210000000000000100000001000000
"C:\Users\denni\Desktop\FRST64(1).exe"=0x534143500100000000000000070000002800000000182500B1AF250001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000
"C:\Users\denni\Desktop\aswmbr.exe"=0x5341435001000000000000000700000028000000005A4F000000000001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000
"C:\Users\denni\Desktop\adwcleaner_7.4.exe"=0x5341435001000000000000000700000028000000C854740054F0740001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000
"C:\Users\denni\Desktop\quickdiag_V5_27.02.19.1.exe"=0x534143500100000000000000070000002800000098F74E00B9194F0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000A78B0300000000000100000001000000
"C:\Users\denni\Desktop\Adware Removal Tool by TSA.exe"=0x5341435001000000000000000700000028000000A87A0B0004E60B0001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000B1911700000000000200000002000000


---------- | IFEO


---------- | Mountpoints2


---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"Beep"=#USR:Control Panel\Sound
"CoolSwitch"=USR:Control Panel\Desktop
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"DoubleClickHeight"=#USR:Control Panel\Mouse
"DoubleClickSpeed"=#USR:Control Panel\Mouse
"DoubleClickWidth"=#USR:Control Panel\Mouse
"DragFullWindows"=USR:Control Panel\Desktop
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard
"LowPowerActive"=#USR:Control Panel\Desktop
"LowPowerTimeOut"=#USR:Control Panel\Desktop
"MouseSpeed"=#USR:Control Panel\Mouse
"MouseThreshold1"=#USR:Control Panel\Mouse
"MouseThreshold2"=#USR:Control Panel\Mouse
"PowerOffActive"=#USR:Control Panel\Desktop
"PowerOffTimeOut"=#USR:Control Panel\Desktop
"ScreenSaveActive"=#USR:Control Panel\Desktop
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop
"SnapToDefaultButton"=#USR:Control Panel\Mouse
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"SwapMouseButtons"=#USR:Control Panel\Mouse
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
"ScreenSaverActive"=USR:Control Panel\Desktop
"ScreenSaverIsSecure"=USR:Control Panel\Desktop
"SCRNSAVE.EXE"=USR:Control Panel\Desktop
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"Beep"=#USR:Control Panel\Sound
"CoolSwitch"=USR:Control Panel\Desktop
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"DoubleClickHeight"=#USR:Control Panel\Mouse
"DoubleClickSpeed"=#USR:Control Panel\Mouse
"DoubleClickWidth"=#USR:Control Panel\Mouse
"DragFullWindows"=USR:Control Panel\Desktop
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard
"LowPowerActive"=#USR:Control Panel\Desktop
"LowPowerTimeOut"=#USR:Control Panel\Desktop
"MouseSpeed"=#USR:Control Panel\Mouse
"MouseThreshold1"=#USR:Control Panel\Mouse
"MouseThreshold2"=#USR:Control Panel\Mouse
"PowerOffActive"=#USR:Control Panel\Desktop
"PowerOffTimeOut"=#USR:Control Panel\Desktop
"ScreenSaveActive"=#USR:Control Panel\Desktop
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop
"SnapToDefaultButton"=#USR:Control Panel\Mouse
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"SwapMouseButtons"=#USR:Control Panel\Mouse
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
"ScreenSaverActive"=USR:Control Panel\Desktop
"ScreenSaverIsSecure"=USR:Control Panel\Desktop
"SCRNSAVE.EXE"=USR:Control Panel\Desktop
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=132074991441642178

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender
"ProductIcon"[email protected]%ProgramFiles%\Windows Defender\EppManifest.dll,-100
"ProductLocalizedName"[email protected]%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
"RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe
"ProductType"=2
"InstallTime"=0x42A5C5428139D501
"InstallLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\
"TrustedImageIdentifier"={X556UR00-0000-0000-0000-000000000000}
"OOBEInstallTime"=0xF0B05ECA7939D501
"DisableAntiSpyware"=0
"DisableAntiVirus"=0
"ProductStatus"=0
"LastEnabledTime"=0x85604FAE7D39D501
"ManagedDefenderProductType"=0
"ReportingGUID"=C297EE81-9324-B349-F403-D4DF5114B298
"BackupLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1906.3-0

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

---------- | Winsock (Whitelist)


---------- | Hosts


---------- | Ping

Pinging google.com [172.217.23.206] with 32 bytes of data:
Reply from 172.217.23.206: bytes=32 time=18ms TTL=53
Reply from 172.217.23.206: bytes=32 time=18ms TTL=53
Reply from 172.217.23.206: bytes=32 time=18ms TTL=53
Reply from 172.217.23.206: bytes=32 time=18ms TTL=53

Ping statistics for 172.217.23.206:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 18ms, Average = 18ms

---------- | @

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Internet Explorer\Main]
"Anchor Underline"=yes
"Cache_Update_Frequency"=yes
"Disable Script Debugger"=yes
"DisableScriptDebuggerIE"=yes
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=%11%\blank.htm
"Save_Session_History_On_Exit"=no
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"UseClearType"=no
"XMLHTTP"=1
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=http://asus15.msn.com/?pc=ASTE
"Default_Page_URL"=http://asus15.msn.com/?pc=ASTE
"DisableFirstRunCustomize"=3
"ImageStoreRandomFolder"=w2jn42f

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"DisableCachingOfSSLPages"=0
"IE5_UA_Backup_Flag"=5.0
"PrivacyAdvanced"=1
"SecureProtocols"=2688
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"CertificateRevocation"=1
"ZonesSecurityUpgrade"=0x343151ECCC33D201
"WarnonZoneCrossing"=0
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0
"LockDatabase"=132074959328110586

[HKLM\Software\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\System32\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"TabProcGrowth"=Medium

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\SysWOW64\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1


---------- | Proxy


---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify


---------- | Execution FileExts









---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [12/04/2018 01:34:24]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} --

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=


---------- | Toolbar

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=1

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}


---------- | Extensions

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A95fe080-8f5d-11d2-a20b-00aa003c157a}] : (@C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101) - []

---------- | SearchScopes

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}] - (Google) - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRASU1&src=IE11TR&pc=ASTE :
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRASU1&src=IE11TR&pc=ASTE :
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}] - (Google) - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} :

---------- | Browser Helper Objects


---------- | Chrome

C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb = : __MSG_description__ - short_name: __MSG_name__ - permissions:[tabs\u003Call_urls>contextMenuswebRequestwebRequestBlockingwebNavigationstorageunlimitedStoragenotifications] - https://clients2.google.com/service/update2/crx
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\ihcjicgdanjaechkgeegckofjjedodee = : The fastest and safest web browsing experience. - Malwarebytes Browser Extension - permissions:[downloadsstoragetabswebRequestwebRequestBlockingunlimitedStorage\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail - Google & co - [*://mail.google.com/mail] - https://clients2.google.com/service/update2/crx
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx


---------- | Opera


---------- | Firefox


[HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp] - () : C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf] - () : C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68] - (Intel IPT WebApi plugin) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater] - (This plugin updates Intel WebAPI component) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll



---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{2670b808-8c92-4106-b1e6-d42996d50301}]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{a4770a48-bbb9-4051-8148-596b9b597b3c}]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{2670b808-8c92-4106-b1e6-d42996d50301}]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{a4770a48-bbb9-4051-8148-596b9b597b3c}]
"DhcpNameServer"=192.168.1.1

---------- | Applications

[HKLM\SOFTWARE\Classes\Applications\chrome.exe] : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
[HKLM\SOFTWARE\Classes\Applications\et.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\office6\et.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\Classes\Applications\wpp.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\office6\wpp.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\wps.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\office6\wps.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\chrome.exe] : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\et.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\office6\et.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wpp.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\office6\wpp.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wps.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\office6\wps.exe" "%1"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=Power
LSM
BrokerInfrastructure
PlugPlay
DcomLaunch
DeviceInstall
SystemEventsBroker
"rdxgroup"=RetailDemo
"wusvcs"=WaaSMedicSvc
"BthAppGroup"=BluetoothUserService
"BcastDVRUserService"=BcastDVRUserService
"Camera"=FrameS
"diagnostics"=DiagSvc
"PrintWorkflow"=PrintWorkflowUserSvc
"GraphicsPerfSvcGroup"=GraphicsPerfSvc
"DevicesFlow"=DevicesFlowUserSvc
DevicePickerUserSvc
"smbsvcs"=lanmanserver
browser

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=PlugPlay
DcomLaunch
DeviceInstall
"PrintWorkflow"=PrintWorkflowUserSvc
"smbsvcs"=lanmanserver


---------- | SvcHost - Netsvcs (Whitelist)


---------- | Software

[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\AppDataLow]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\ASUS]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Chromium]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\DropboxUpdate]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\ECAREME]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\[email protected]@n]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Google]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Intel]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\MacroMouse]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Malwarebytes]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\NVIDIA Corporation]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\nwjs]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Opera Stable Offer]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Policies]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Realtek]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\RegisteredApplications]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\sysinternals]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Valve]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Wow6432Node]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\Winlogon]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\AGEIA Technologies]
[HKLM\Software\Agere]
[HKLM\Software\ASUS]
[HKLM\Software\Atheros]
[HKLM\Software\Clients]
[HKLM\Software\Dolby]
[HKLM\Software\DTS]
[HKLM\Software\ECAREME]
[HKLM\Software\Fortemedia]
[HKLM\Software\[email protected]@n]
[HKLM\Software\Google]
[HKLM\Software\ICEpower]
[HKLM\Software\Intel]
[HKLM\Software\IPS]
[HKLM\Software\Khronos]
[HKLM\Software\Knowles]
[HKLM\Software\LSI]
[HKLM\Software\Macromedia]
[HKLM\Software\McAfee]
[HKLM\Software\Microsoft]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Nahimic]
[HKLM\Software\Network Associates]
[HKLM\Software\Nuance]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\Partner]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RTLSetup]
[HKLM\Software\SonicFocus]
[HKLM\Software\SoundResearch]
[HKLM\Software\SRS Labs]
[HKLM\Software\Synaptics]
[HKLM\Software\sysinternals]
[HKLM\Software\Waves Audio]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Yamaha APO]
[HKLM\Software\Microsoft\Windows\ClickNote]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\DWM]
[HKLM\Software\Microsoft\Windows\DynamicManagement]
[HKLM\Software\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\Microsoft\Windows\Heat]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs]
[HKLM\Software\WOW6432Node\Adware Removal Tool by TSA]
[HKLM\Software\WOW6432Node\AGEIA Technologies]
[HKLM\Software\WOW6432Node\Apple Inc.]
[HKLM\Software\WOW6432Node\ASIO]
[HKLM\Software\WOW6432Node\ASUS]
[HKLM\Software\WOW6432Node\ATHEROS]
[HKLM\Software\WOW6432Node\Bloody]
[HKLM\Software\WOW6432Node\Chromium]
[HKLM\Software\WOW6432Node\ECAREME]
[HKLM\Software\WOW6432Node\Foxit Software]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Kingsoft]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\McAfee]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\Network Associates]
[HKLM\Software\WOW6432Node\Nuance]
[HKLM\Software\WOW6432Node\NVIDIA Corporation]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\Qualcomm Atheros]
[HKLM\Software\WOW6432Node\Realtek]
[HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\WOW6432Node\SRS Labs]
[HKLM\Software\WOW6432Node\TeamViewer]
[HKLM\Software\WOW6432Node\Valve]
[HKLM\Software\WOW6432Node\WildTangent]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm]
[HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Heat]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs]

---------- | Drives


---------- | C:

[13/07/2019 14:38:42] - |SHD| - [387] - C:\$Recycle.Bin
[13/07/2019 13:31:01] - |HD| - [100608019] - C:\$SysReset
[01/08/2019 13:48:01] - |D| - [8018992] - C:\AdwCleaner
[03/04/2016 15:09:57] - |SHD| - [18457756] - C:\Boot
[MD5.0DBACCF6F62484244F6A48B7584019A8] - [30/10/2015 10:13:43] - |RASH| - (.-.) - [400228] - (0.0.0.0) - C:\bootmgr
[01/11/2016 09:30:54] - |D| - [2762305961] - C:\eSupport
[31/07/2019 09:23:25] - |D| - [108860159] - C:\FRST
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [13/07/2019 15:44:35] - |ASH| - (.-.) - [3380232192] - (0.0.0.0) - C:\hiberfil.sys
[13/07/2019 15:36:13] - |HD| - [267764] - C:\Intel
[20/01/2019 23:58:35] - |RHD| - [802660306] - C:\MSOCache
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/11/2016 00:31:38] - |ASH| - (.-.) - [1342177280] - (0.0.0.0) - C:\pagefile.sys
[13/07/2019 14:38:42] - |HD| - [0] - C:\PerfLogs
[13/07/2019 14:38:42] - |RD| - [4358857483] - C:\Program Files
[13/07/2019 14:38:42] - |RD| - [26554956165] - C:\Program Files (x86)
[13/07/2019 14:38:42] - |HD| - [717144891] - C:\ProgramData
[01/08/2019 13:52:23] - |D| - [393775] - C:\QuickDiag
[MD5.DBBFFAEBAD7736DC41AF7A04E1C0166C] - [01/08/2019 14:26:18] - |A| - (.-.) - [136047] - (0.0.0.0) - C:\QuickDiag.txt
[MD5.56D15E8F2A0E4C39007F34715B911CBA] - [01/08/2019 13:56:13] - |RAST| - (.-.) - [322949] - (0.0.0.0) - C:\QuickDiag_01_08_2019_13_56_13.txt
[03/04/2016 06:12:01] - |SHD| - [4954849342] - C:\Recovery
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/11/2016 00:31:38] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys
[01/11/2016 09:25:42] - |SHD| - [0] - C:\System Volume Information
[13/07/2019 14:34:00] - |RD| - [1195871021] - C:\Users
[13/07/2019 14:34:00] - |D| - [39133053399] - C:\Windows

---------- | C:\WINDOWS

[MD5.A486C15BA34B4C23677AA34F47CE2C0D] - [01/11/2016 00:50:37] - |A| - (.-.) - [1078] - (0.0.0.0) - C:\WINDOWS\ACU.ico
[13/07/2019 14:38:42] - |D| - [802] - C:\WINDOWS\addins
[13/07/2019 14:38:42] - |D| - [10006297] - C:\WINDOWS\appcompat
[13/07/2019 14:38:42] - |D| - [8280510] - C:\WINDOWS\apppatch
[13/07/2019 14:38:42] - |D| - [0] - C:\WINDOWS\AppReadiness
[MD5.F3B25701FE362EC84616A93A45CE9998] - [01/11/2016 09:30:54] - |A| - (.-.) - [2] - (0.0.0.0) - C:\WINDOWS\AsCDProc.log
[MD5.3B8ACE958BAFB2187C0D560218AC149A] - [18/05/2016 08:24:27] - |A| - (.-.) - [24] - (0.0.0.0) - C:\WINDOWS\AsDCDVer.txt
[MD5.FE5B1AD554FCE7597EDB2C70DECE162A] - [03/04/2016 15:03:41] - |A| - (.-.) - [28] - (0.0.0.0) - C:\WINDOWS\AsHDIVer.txt
[MD5.52100AC9ECF4B21B0A32155A635E8C97] - [17/02/2016 08:54:52] - |A| - (.-.) - [80] - (0.0.0.0) - C:\WINDOWS\ASOFSVer.txt
[MD5.410C0F4B8FD2594365D1311257C99C1C] - [01/11/2016 09:31:17] - |A| - (.-.) - [96] - (0.0.0.0) - C:\WINDOWS\AsPEToolVer.txt
[13/07/2019 14:38:42] - |RSD| - [881032967] - C:\WINDOWS\assembly
[MD5.467E7BA4A4ECB38F6046BDC6699DB24E] - [01/11/2016 09:31:17] - |A| - (.-.) - [55] - (0.0.0.0) - C:\WINDOWS\AsToolCDVer.txt
[13/07/2019 14:49:57] - |D| - [412898245] - C:\WINDOWS\ASUS
[13/07/2019 14:38:42] - |D| - [720353] - C:\WINDOWS\bcastdvr
[MD5.178BA90AA13F6F834E5C060DC923FB55] - [12/04/2018 01:34:02] - |N| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [67072] - (10.0.17134.1) - C:\WINDOWS\bfsvc.exe
[13/07/2019 14:38:42] - |D| - [38319551] - C:\WINDOWS\Boot
[MD5.3ACEABE9E81F7FEE46252BA9783292C3] - [13/07/2019 14:49:44] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat
[13/07/2019 14:38:42] - |D| - [2448472] - C:\WINDOWS\Branding
[13/07/2019 14:34:47] - |D| - [0] - C:\WINDOWS\CbsTemp
[MD5.EF26845B2194269AE85BFC918EDE0066] - [01/11/2016 01:17:15] - |A| - (.-.) - [6586] - (0.0.0.0) - C:\WINDOWS\comsetup.log
[MD5.F59060E298148DE24DEBB3E8321C4407] - [30/10/2015 20:19:51] - |A| - (.-.) - [31816] - (0.0.0.0) - C:\WINDOWS\CoreSingleLanguage.xml
[03/04/2016 14:39:23] - |D| - [0] - C:\WINDOWS\cs-CZ
[MD5.F7C6DE1B6A6C7B1A36E0615B4BF980CC] - [03/04/2016 06:21:00] - |A| - (.-.) - [12] - (0.0.0.0) - C:\WINDOWS\csup.txt
[13/07/2019 14:38:42] - |D| - [11482410] - C:\WINDOWS\Cursors
[13/07/2019 14:38:42] - |D| - [3549] - C:\WINDOWS\debug
[30/10/2015 09:24:24] - |RD| - [0] - C:\WINDOWS\DesktopTileResources
[MD5.EF82B304067EDCF3CF990A42DE93B695] - [01/11/2016 01:17:15] - |A| - (.-.) - [9510] - (0.0.0.0) - C:\WINDOWS\diagerr.xml
[13/07/2019 14:38:42] - |D| - [4590061] - C:\WINDOWS\diagnostics
[MD5.EF82B304067EDCF3CF990A42DE93B695] - [01/11/2016 01:17:15] - |A| - (.-.) - [9510] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml
[13/07/2019 14:41:58] - |D| - [0] - C:\WINDOWS\DigitalLocker
[MD5.36E93D99FE6F386D3F8F903614EF3ECD] - [13/07/2019 16:23:00] - |A| - (.-.) - [10009] - (0.0.0.0) - C:\WINDOWS\DirectX.log
[13/07/2019 14:38:42] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files
[MD5.A3B69E7B332E2A27D016AFB44F1B46FB] - [01/11/2016 00:55:36] - |A| - (.-.) - [4820] - (0.0.0.0) - C:\WINDOWS\DPINST.LOG
[MD5.163244DB517D466A45AC22523F2C6AEC] - [18/05/2016 08:17:44] - |A| - (.-.) - [4783] - (0.0.0.0) - C:\WINDOWS\DriverCD_Template.txt
[MD5.38F419B92196B7C1A6B38872370D99EE] - [13/07/2019 14:40:29] - |A| - (.-.) - [3610] - (0.0.0.0) - C:\WINDOWS\DtcInstall.log
[13/07/2019 14:38:42] - |HD| - [44616] - C:\WINDOWS\ELAMBKUP
[30/10/2015 20:10:40] - |D| - [0] - C:\WINDOWS\en-GB
[13/07/2019 14:41:58] - |D| - [49152] - C:\WINDOWS\en-US
[MD5.A1D1CE7D323A357163A500CDC15EDA54] - [11/07/2019 09:59:03] - |A| - (.© Microsoft Corporation. Všetky práva vyhradené. - Prieskumník.) - [4038688] - (10.0.17134.858) - C:\WINDOWS\explorer.exe
[MD5.E1FD9DE48AF5D7652AA31BBE914F54B8] - [26/02/2009 08:50:32] - |A| - (.-.) - [176] - (0.0.0.0) - C:\WINDOWS\explorer.exe.config
[13/07/2019 14:48:10] - |D| - [6162432] - C:\WINDOWS\Firmware
[13/07/2019 14:38:42] - |RSD| - [375389372] - C:\WINDOWS\Fonts
[13/07/2019 14:38:42] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter
[13/07/2019 14:38:42] - |D| - [46780131] - C:\WINDOWS\Globalization
[13/07/2019 14:38:42] - |D| - [71423676] - C:\WINDOWS\Help
[MD5.30D302335B017DC3B53519BD9E33D763] - [13/02/2019 18:50:09] - |N| - (.© Microsoft Corporation. Všetky práva vyhradené. - Microsoft Help and Support.) - [1054720] - (10.0.17134.556) - C:\WINDOWS\HelpPane.exe
[MD5.A50C9DF7603E2F1AEA6B54053794A326] - [12/04/2018 01:34:25] - |N| - (.© Microsoft Corporation. Všetky práva vyhradené. - Microsoft® HTML Help Executable.) - [17920] - (10.0.17134.1) - C:\WINDOWS\hh.exe
[03/04/2016 14:46:26] - |D| - [0] - C:\WINDOWS\hu-HU
[13/07/2019 14:38:42] - |D| - [29869] - C:\WINDOWS\IdentityCRL
[13/07/2019 14:38:42] - |D| - [28826518] - C:\WINDOWS\IME
[13/07/2019 14:38:42] - |RD| - [8489249] - C:\WINDOWS\ImmersiveControlPanel
[13/07/2019 14:37:29] - |D| - [134129533] - C:\WINDOWS\INF
[13/07/2019 14:49:51] - |D| - [1851212250] - C:\WINDOWS\InfusedApps
[13/07/2019 14:38:42] - |D| - [38137502] - C:\WINDOWS\InputMethod
[MD5.48D8D206C3E099D3B6F3696601F7EE7A] - [01/11/2016 00:33:54] - |A| - (.-.) - [1926186] - (0.0.0.0) - C:\WINDOWS\Inst.log
[13/07/2019 14:38:42] - |SHD| - [150932187] - C:\WINDOWS\Installer
[MD5.64B6EE9D188DB07B8CD2E0D7C65A4399] - [01/11/2016 00:58:12] - |A| - (.-.) - [1102] - (0.0.0.0) - C:\WINDOWS\Inst_AsModelCopy.log
[MD5.9F6546121B75E19513BF7E8F82149BD5] - [01/11/2016 00:35:24] - |A| - (.-.) - [19994] - (0.0.0.0) - C:\WINDOWS\Inst_CMD.log
[MD5.D227CD39635AB84D46BD79736588AF84] - [01/11/2016 00:36:05] - |A| - (.-.) - [682196] - (0.0.0.0) - C:\WINDOWS\Inst_Device.log
[13/07/2019 14:38:42] - |D| - [94163] - C:\WINDOWS\L2Schemas
[13/07/2019 14:38:42] - |HD| - [0] - C:\WINDOWS\LanguageOverlayCache
[13/07/2019 14:38:42] - |D| - [0] - C:\WINDOWS\LiveKernelReports
[03/04/2016 14:12:22] - |D| - [18686750] - C:\WINDOWS\Log
[13/07/2019 14:38:42] - |D| - [24394768] - C:\WINDOWS\Logs
[MD5.E53E4D67879C09B22978144BAC37E49B] - [13/07/2019 15:35:19] - |A| - (.-.) - [1376] - (0.0.0.0) - C:\WINDOWS\lsasetup.log
[13/07/2019 14:38:42] - |RSD| - [20486563] - C:\WINDOWS\media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [12/04/2018 01:34:36] - |N| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin
[13/07/2019 14:38:42] - |RD| - [779332806] - C:\WINDOWS\Microsoft.NET
[13/07/2019 14:38:42] - |D| - [3135] - C:\WINDOWS\Migration
[31/07/2019 09:34:13] - |D| - [0] - C:\WINDOWS\Minidump
[13/07/2019 14:38:42] - |D| - [0] - C:\WINDOWS\ModemLogs
[MD5.BB9A06B8F2DD9D24C77F389D7B2B58D2] - [12/04/2018 01:34:20] - |N| - (.© Microsoft Corporation. Všetky práva vyhradené. - Poznámkový blok.) - [245760] - (10.0.17134.1) - C:\WINDOWS\notepad.exe
[MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [13/07/2019 15:36:45] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvContainerRecovery.bat
[13/07/2019 14:42:20] - |D| - [254036] - C:\WINDOWS\OCR
[13/07/2019 14:38:42] - |RD| - [65] - C:\WINDOWS\Offline Web Pages
[13/07/2019 14:33:58] - |D| - [137033327] - C:\WINDOWS\Panther
[13/07/2019 14:38:42] - |D| - [390801] - C:\WINDOWS\Performance
[MD5.42E88E9FDE054E851C07EF6317C48FBF] - [13/07/2019 16:29:23] - |A| - (.-.) - [22240] - (0.0.0.0) - C:\WINDOWS\PFRO.log
[03/04/2016 14:32:45] - |D| - [0] - C:\WINDOWS\pl-PL
[13/07/2019 14:38:42] - |D| - [1121835] - C:\WINDOWS\PLA
[13/07/2019 14:38:42] - |D| - [2648711] - C:\WINDOWS\PolicyDefinitions
[13/07/2019 14:38:42] - |D| - [3889321] - C:\WINDOWS\prefetch
[13/07/2019 14:38:42] - |RD| - [1965018] - C:\WINDOWS\PrintDialog
[13/07/2019 14:38:42] - |D| - [5519070] - C:\WINDOWS\Provisioning
[30/10/2015 09:24:24] - |RD| - [0] - C:\WINDOWS\PurchaseDialog
[MD5.AC91328EE5CFFBD695CE912F75F876F6] - [12/04/2018 01:34:34] - |N| - (.© Microsoft Corporation. - Registry Editor.) - [336384] - (10.0.17134.1) - C:\WINDOWS\regedit.exe
[13/07/2019 14:38:42] - |D| - [1094420] - C:\WINDOWS\Registration
[13/07/2019 14:38:42] - |D| - [3678312] - C:\WINDOWS\rescache
[13/07/2019 14:38:42] - |D| - [5057489] - C:\WINDOWS\Resources
[MD5.C907881F207C3BC2BFA7005DDD8C81EF] - [01/11/2016 00:47:39] - |A| - (.Copyright (C) 2015 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2826832] - (1.0.6.6) - C:\WINDOWS\RtlExUpd.dll
[13/07/2019 14:38:42] - |D| - [0] - C:\WINDOWS\SchCache
[13/07/2019 14:38:42] - |D| - [122082] - C:\WINDOWS\schemas
[13/07/2019 14:38:42] - |D| - [7623788] - C:\WINDOWS\security
[13/07/2019 15:35:20] - |D| - [65191504] - C:\WINDOWS\ServiceProfiles
[13/07/2019 14:38:42] - |D| - [0] - C:\WINDOWS\ServiceState
[13/07/2019 14:34:00] - |D| - [75426716] - C:\WINDOWS\servicing
[13/07/2019 14:44:28] - |D| - [42] - C:\WINDOWS\Setup
[MD5.57C0BE9D6EB97B60F8C33EC573EB0BB9] - [13/07/2019 15:35:55] - |A| - (.-.) - [1840] - (0.0.0.0) - C:\WINDOWS\setupact.log
[MD5.5D13D3C5156E54E115644CF0A19141A2] - [13/07/2019 15:35:55] - |A| - (.-.) - [107] - (0.0.0.0) - C:\WINDOWS\setuperr.log
[13/07/2019 14:38:42] - |D| - [6443008] - C:\WINDOWS\ShellComponents
[13/07/2019 14:38:42] - |D| - [53634048] - C:\WINDOWS\ShellExperiences
[30/10/2015 20:19:04] - |D| - [0] - C:\WINDOWS\ShellNew
[13/07/2019 14:41:58] - |D| - [50688] - C:\WINDOWS\sk-SK
[13/07/2019 14:38:42] - |D| - [0] - C:\WINDOWS\SKB
[01/11/2016 00:32:56] - |D| - [305374505] - C:\WINDOWS\SoftwareDistribution
[13/07/2019 14:38:42] - |D| - [15504633] - C:\WINDOWS\Speech
[13/07/2019 14:38:42] - |D| - [19459183] - C:\WINDOWS\Speech_OneCore
[MD5.1CC7C7CCB919892585890F22DB69258D] - [11/07/2019 09:58:52] - |N| - (.© Microsoft Corporation. - Print driver host for applications.) - [131072] - (10.0.17134.885) - C:\WINDOWS\splwow64.exe
[13/07/2019 14:38:42] - |D| - [31039] - C:\WINDOWS\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [30/10/2015 09:24:29] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini
[13/07/2019 14:34:00] - |D| - [21590546459] - C:\WINDOWS\System32
[13/07/2019 14:38:42] - |D| - [225487048] - C:\WINDOWS\SystemApps
[13/07/2019 14:38:42] - |D| - [25664857] - C:\WINDOWS\SystemResources
[13/07/2019 14:38:42] - |D| - [1697244579] - C:\WINDOWS\SysWOW64
[13/07/2019 14:38:42] - |D| - [0] - C:\WINDOWS\TAPI
[30/10/2015 09:24:25] - |D| - [854] - C:\WINDOWS\Tasks
[13/07/2019 14:38:42] - |D| - [154197] - C:\WINDOWS\Temp
[13/07/2019 14:38:42] - |D| - [13610496] - C:\WINDOWS\TextInput
[13/07/2019 14:38:42] - |D| - [0] - C:\WINDOWS\tracing
[13/07/2019 14:38:42] - |D| - [7680] - C:\WINDOWS\twain_32
[MD5.076387B253E6A381090F59EDBFC5EEF6] - [12/04/2018 01:34:53] - |N| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll
[13/07/2019 14:38:42] - |D| - [12420] - C:\WINDOWS\Vss
[13/07/2019 14:38:42] - |D| - [25818] - C:\WINDOWS\WaaS
[13/07/2019 14:38:42] - |D| - [15729830] - C:\WINDOWS\Web
[MD5.60CDAF0811BF825164C0E246F4F5620D] - [30/10/2015 09:24:29] - |A| - (.-.) - [124] - (0.0.0.0) - C:\WINDOWS\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [12/04/2018 01:34:36] - |H| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest
[MD5.2CC83D93DD1DDE691158CF5E9882420B] - [03/04/2016 06:22:00] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log
[MD5.EE1F0DE1ED3E8A5BF080B3497049969E] - [12/04/2018 01:34:52] - |N| - (.© Microsoft Corporation. Všetky práva vyhradené. - Windows Winhlp32 Stub.) - [11776] - (10.0.17134.1) - C:\WINDOWS\winhlp32.exe
[13/07/2019 14:34:00] - |D| - [9916692711] - C:\WINDOWS\WinSxS
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [12/04/2018 01:33:56] - |N| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx
[MD5.5266C61652051E9EF3A4D199001F6B17] - [12/04/2018 01:34:19] - |N| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.17134.1) - C:\WINDOWS\write.exe

---------- | C:\WINDOWS\System32\GroupPolicy


---------- | Systemroot\System


---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[19/01/2016 07:54:47] - C:\WINDOWS\Installer\132ec9.msi : (Device Setup - ASUSTek Computer Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/11/2016 00:48:53] - C:\WINDOWS\Installer\19355.msi : (Blank Project Template - InstallShield) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/11/2016 00:49:19] - C:\WINDOWS\Installer\1935c.msi : (Blank Project Template - InstallShield) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/08/2015 08:52:24] - C:\WINDOWS\Installer\19360.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/06/2018 17:31:30] - C:\WINDOWS\Installer\1ba4b7d.msi : ( - ASUSTeK COMPUTER INC.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/07/2015 07:49:26] - C:\WINDOWS\Installer\67b5.msi : (Intel(R) Serial IO - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/12/2015 12:08:52] - C:\WINDOWS\Installer\6b5f.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[18/12/2015 11:23:00] - C:\WINDOWS\Installer\6d38.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/08/2015 19:07:44] - C:\WINDOWS\Installer\715a.msi : (Intel(R) Chipset Device Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/11/2016 00:58:14] - C:\WINDOWS\Installer\8b5a.msi : (AudioWizard - ICEpower a/s) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2015 08:18:06] - C:\WINDOWS\Installer\9695.msi : (Intel(R) ME UninstallLegacy - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2015 08:18:56] - C:\WINDOWS\Installer\9699.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2015 08:19:12] - C:\WINDOWS\Installer\969d.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/05/2015 19:27:22] - C:\WINDOWS\Installer\96a1.msi : (Intel(R) Trusted Connect Service Client - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/05/2015 03:25:00] - C:\WINDOWS\Installer\96a5.msi : (Intel® Security Assist - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/11/2015 09:55:46] - C:\WINDOWS\Installer\a2ab.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/07/2019 14:53:54] - C:\WINDOWS\Installer\d2975.msi : (Google Update Helper - Google LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/03/2019 21:03:32] - C:\WINDOWS\Installer\d297b.msi : ( - ASUSTeK COMPUTER INC.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

---------- | %System%\*.in*

[12/04/2018 01:33:56] - [3329] - C:\WINDOWS\System32\ieuinit.inf
[03/04/2016 06:19:22] - [838560] - C:\WINDOWS\System32\PerfStringBackup.INI
[12/04/2018 01:34:33] - [60124] - C:\WINDOWS\System32\tcpmon.ini
[12/04/2018 01:34:20] - [2404] - C:\WINDOWS\System32\WimBootCompress.ini
[12/04/2018 01:34:00] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf
[12/04/2018 01:34:49] - [2404] - C:\WINDOWS\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [30/07/2019 22:52:28] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSAPIDebugLogFile.txt
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [30/07/2019 22:52:28] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSTIFFDebugLogFile.txt
[MD5.C8777FDE627FAA526E2FAE0DFC4FFA87] - |A| - [01/08/2019 13:48:18] - (.-.) - [15.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\HighPerformancePlan.log
[MD5.4E20A7B3A8279D4383811F3F3CDFD7C0] - |A| - [31/07/2019 09:13:11] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\mb_errors6492.log
[MD5.7219E68C6ED01E612BBBE61CCF23DEF1] - |A| - [22/07/2019 04:58:40] - (.-.) - [74.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log
[MD5.29AAF84F0982585CE6392831DD91467F] - |A| - [30/07/2019 00:19:27] - (.-.) - [44.51 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpSigStub.log
[MD5.D08606EFC25C45EDFA332A10675C5519] - |A| - [01/08/2019 13:48:18] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PowerPlan.log
[MD5.76F1A85AEBFF9DCC4422EF925C281DCA] - |A| - [01/08/2019 13:48:17] - (.-.) - [16.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\UsoStoreFile.xml
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:41:58] - [0 Ko] - C:\WINDOWS\System32\0409
[MD5.82C37C3E27020AF6C2E018E944284676] - |N| - [12/04/2018 01:34:20] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png
[MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |N| - [12/04/2018 01:34:07] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png
[MD5.3937359E324E15F6A7A7092D4DAEBD64] - |N| - [12/04/2018 01:34:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |N| - [12/04/2018 01:34:14] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png
[MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |N| - [12/04/2018 01:34:27] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png
[MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |N| - [12/04/2018 01:34:32] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |N| - [12/04/2018 01:34:33] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png
[MD5.7AC3EA1A5175106ED6467FF0C5315541] - |N| - [12/04/2018 01:34:44] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png
[MD5.79166EAF65485F1432DD72B72870026B] - |N| - [12/04/2018 01:34:04] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@windows-hello-V4.1.gif
[MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |N| - [12/04/2018 01:34:04] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png
[MD5.DAD405CBDE259DE527EBF71BCC28099C] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png
[MD5.DB71001FC261F6685BE410527DAE3942] - |N| - [12/04/2018 01:34:20] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png
[MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |N| - [12/04/2018 01:34:12] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png
[MD5.85D91E478AF18125007C531227FF6E59] - |N| - [12/04/2018 01:34:12] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png
[MD5.FA014663F5E9DA41391A70828E6531EC] - |A| - [01/11/2018 01:33:04] - (.-.) - [115.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AcpiServiceVnA64.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [2891.9 Ko] - C:\WINDOWS\System32\AdvancedInstallers
[MD5.B4F803BBEAFAD4DE89C6D3718E93F4F0] - |N| - [12/04/2018 01:34:15] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [602 Ko] - (3.3.2.0) - C:\WINDOWS\System32\archiveint.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\System32\as-IN
[MD5.5376DA98A7940DAA2DBC3D38DF100166] - |A| - [01/11/2018 01:33:48] - (.ASUSTeK COMPUTER INC. - ASUS WMI Interface for Gaming DT/NB.) - [171.52 Ko] - (3.0.0.1) - C:\WINDOWS\System32\ATKWMI.dll
[MD5.7C4B511638DA6C989365A81E27BDCD5F] - |A| - [01/11/2018 01:33:06] - (.-.) - [102.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\audioLibVc.dll
[MD5.C03F0062C0749CDB59A4D60862C3E83E] - |N| - [12/04/2018 01:34:04] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin
[MD5.D282CC8607B66AB15225468B836C2898] - |A| - [01/11/2016 01:13:48] - (.-.) - [256 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AxeLog-000.etl
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\System32\az-Latn-AZ
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\System32\be-BY
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [345.5 Ko] - C:\WINDOWS\System32\bg-BG
[MD5.705628497C0012302212A46ADD463E6E] - |N| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-black.png
[MD5.F63C615733A3337BF2BEA96C6EE9B568] - |N| - [12/04/2018 01:34:02] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-high.png
[MD5.705628497C0012302212A46ADD463E6E] - |N| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-white.png
[MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |N| - [12/04/2018 01:34:02] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.png
[MD5.28ECA83D7F9D10D69E969675D1FF6725] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.contrast-white.png
[MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\System32\bn-BD
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\System32\bn-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [4833.51 Ko] - C:\WINDOWS\System32\Boot
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\System32\bs-Latn-BA
[MD5.06DB0A736F8A78151518276F232669FC] - |N| - [12/04/2018 01:34:19] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [181 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\System32\ca-ES
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [31 Ko] - C:\WINDOWS\System32\ca-ES-valencia
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:34:00] - [76378.63 Ko] - C:\WINDOWS\System32\CatRoot
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [29629.3 Ko] - C:\WINDOWS\System32\catroot2
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [23 Ko] - C:\WINDOWS\System32\chr-CHER-US
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [3461.39 Ko] - C:\WINDOWS\System32\CodeIntegrity
[MD5.64430E214B5B229D426D2D35538C402D] - |A| - [18/05/2016 08:18:15] - (.-.) - [366.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ColorImageEnhancement.wmv
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [368 Ko] - C:\WINDOWS\System32\com
[MD5.535884123FABC2C15AA7DEC9834B55D4] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.contrast-white.png
[MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.png
[MD5.04437926A6F8D9DF73F60B079E39432E] - |A| - [01/11/2018 01:33:06] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [119.55 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:34:00] - [231977.99 Ko] - C:\WINDOWS\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [13/07/2019 14:38:42] - [49.3 Ko] - C:\WINDOWS\System32\Configuration
[MD5.0E7CCD69215CA3615CDF824D81D82D1B] - |A| - [30/11/2016 03:06:38] - (.-.) - [547.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\cp_resources.bin
[MD5.00000000000000000000000000000000] - |D| - [03/04/2016 14:39:24] - [0 Ko] - C:\WINDOWS\System32\cs
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [403.5 Ko] - C:\WINDOWS\System32\cs-CZ
[MD5.BDEBD2FC4927DA00EEA263AF9CF8F7ED] - |N| - [12/04/2018 01:34:15] - (.© 1996 - 2017 Daniel Stenberg, <[email protected]>. - The curl executable.) - [414.5 Ko] - (7.55.1.0) - C:\WINDOWS\System32\curl.exe
[MD5.CC98160AED3EE674CC8CA8BD20D44D8E] - |A| - [01/11/2016 00:47:41] - (.©Conexant Systems Inc. - Conexant APO.) - [1564.41 Ko] - (1.31.0.0) - C:\WINDOWS\System32\CX64APO.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [31.5 Ko] - C:\WINDOWS\System32\cy-GB
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [399 Ko] - C:\WINDOWS\System32\da-DK
[MD5.48E51DAA9278C41213957795D439A274] - |N| - [14/11/2018 00:04:42] - (.-.) - [138 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 15:36:23] - [14122.32 Ko] - C:\WINDOWS\System32\DAX2
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 15:36:23] - [9568.75 Ko] - C:\WINDOWS\System32\DAX3
[MD5.F3D8953D9DD688F642277DD6E9605D2A] - |A| - [01/11/2018 01:33:50] - (.© 2017 Dolby Laboratories, Inc. - Dolby DAX APO Property Page.) - [1507.95 Ko] - (1.1.7.13) - C:\WINDOWS\System32\DAX3APOProp.dll
[MD5.1ED773D545D4A713A4D3A8889C6FC800] - |A| - [01/11/2018 01:33:52] - (.© 2017 Dolby Laboratories, Inc. - Dolby DAX APO.) - [1340.12 Ko] - (1.1.7.13) - C:\WINDOWS\System32\DAX3APOv251.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [217.6 Ko] - C:\WINDOWS\System32\DDFs
[MD5.E07AB7C2FEC33FD496F08AAB97B1F055] - |A| - [01/11/2018 01:33:52] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [271.65 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPA64.dll
[MD5.F3ED2B35A03A9D6134E0E6C2C873C4A9] - |A| - [01/11/2018 01:33:54] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [308.47 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPA64F3.dll
[MD5.A0D9EC25DEB7D6633D0E82F293B0F4FA] - |A| - [01/11/2018 01:33:54] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1925.06 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPD64A.dll
[MD5.9F3D203D2FD29EFCF6B6DAC8F63AB783] - |A| - [01/11/2018 01:33:56] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1918.99 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPD64AF3.dll
[MD5.C1F72143D126FF275EB8E8E66B449871] - |A| - [01/11/2018 01:33:56] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [325.1 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPO64A.dll
[MD5.581A5DA51F80025AFA45C8D78962C373] - |A| - [01/11/2018 01:33:58] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [358.89 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPO64AF3.dll
[MD5.0D0934946802B676458EF7CABBEC80C5] - |A| - [01/11/2018 01:33:08] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6935.4 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPP64A.dll
[MD5.2A9C040F20026212A5B63D3FC6090B69] - |A| - [01/11/2018 01:33:10] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6123.32 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPP64AF3.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [453 Ko] - C:\WINDOWS\System32\de-DE
[MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |N| - [12/04/2018 01:34:06] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png
[MD5.618BA9E529EAB7E11DBA43469481835F] - |N| - [12/04/2018 01:34:04] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin
[MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [13/07/2019 14:38:45] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json
[MD5.851A9305E14B348CA0D9C7FB75391FDB] - |N| - [14/11/2018 00:05:08] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DesktopKeepOnToastImg.gif
[MD5.4A6FA3C0EFD237F104E09A22883D9388] - |N| - [12/04/2018 01:34:17] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DetailedReading-Default.xml
[MD5.00000000000000000000000000000000] - |SD| - [13/07/2019 14:38:42] - [946 Ko] - C:\WINDOWS\System32\DiagSvcs
[MD5.12ACC91FA93C8BF82D4EF3FB779ECEF8] - |N| - [12/04/2018 01:34:24] - (.-.) - [80.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [9745.57 Ko] - C:\WINDOWS\System32\Dism
[MD5.BE8941F76F047859A35CA1AAC9763C57] - |A| - [18/05/2016 08:18:18] - (.-.) - [806.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplayAudiox64.cab
[MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.contrast-white.png
[MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.png
[MD5.7496F2FB8ACF41CEEEB222F041F21120] - |A| - [01/11/2018 01:33:58] - (.© 2017 Dolby Laboratories, Inc. - Dolby DAX APO.) - [1414.72 Ko] - (1.1.5.3) - C:\WINDOWS\System32\DolbyAPOv251gm.dll
[MD5.39515C2C3865E92DBACFBEE78B8EADA9] - |A| - [01/11/2018 01:34:00] - (.© 2017 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [1137.22 Ko] - (1.6.1.2) - C:\WINDOWS\System32\DolbyAPOvlldpgm.dll
[MD5.D53167F0BDE21E274050D6EF2CDDE20C] - |A| - [01/11/2018 01:33:12] - (.© 2018 Dolby Laboratories, Inc. - Dolby DAX2 APO Property Page.) - [1132.1 Ko] - (0.8.8.33) - C:\WINDOWS\System32\DolbyDAX2APOProp.dll
[MD5.AEA1DD65498C1BA796E4C747B6632211] - |A| - [01/11/2018 01:34:00] - (.© 2018 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [2387.28 Ko] - (0.8.8.33) - C:\WINDOWS\System32\DolbyDAX2APOv201.dll
[MD5.CD34B3D358272BB45910A8EB3EA5D81B] - |A| - [01/11/2018 01:34:02] - (.© 2018 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [5221.57 Ko] - (0.8.8.33) - C:\WINDOWS\System32\DolbyDAX2APOv211.dll
[MD5.FE3CC6FD3A3145FCDB3405CF0F654C39] - |A| - [01/11/2018 01:34:04] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [1230.1 Ko] - (1.6.1.53) - C:\WINDOWS\System32\DolbyDAX2APOvlldp.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [2404.09 Ko] - C:\WINDOWS\System32\downlevel
[MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [18/05/2016 08:18:18] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyApp.exe.config
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [18/05/2016 08:18:18] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyAppv2_0.exe.config
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:25] - [131061.52 Ko] - C:\WINDOWS\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\System32\DriverState
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:34:00] - [17206013.42 Ko] - C:\WINDOWS\System32\DriverStore
[MD5.00000000000000000000000000000000] - |SD| - [13/07/2019 14:38:42] - [152 Ko] - C:\WINDOWS\System32\dsc
[MD5.E7BC29DD34E5C461CFFA2810674E6E72] - |A| - [01/11/2018 01:34:04] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [733.59 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBassEnhancementDLL64.dll
[MD5.6004CB691FD2A13A86967CC6EDDDBEC6] - |A| - [01/11/2018 01:34:06] - (.(c) DTS. - DTS Boost COM DLL.) - [1480.63 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBoostDLL64.dll
[MD5.F0F3A8A317B2F2305F55C5D5A788B7CC] - |A| - [01/11/2018 01:34:06] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [437.98 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSGainCompensatorDLL64.dll
[MD5.F9680EB5A6AE374B2E7B313911E894A2] - |A| - [01/11/2018 01:34:06] - (.(c) DTS. - DTS GFX APO.) - [255.01 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPO64.dll
[MD5.D2E4F7325D47262C0ADE38EF849F23AE] - |A| - [01/11/2018 01:34:08] - (.(c) DTS. - DTS GFX APO.) - [254.01 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPONS64.dll
[MD5.13204A18ADD052D3B0B414BA3C3CC125] - |A| - [01/11/2018 01:34:10] - (.(c) DTS. - DTS LFX APO.) - [254.98 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSLFXAPO64.dll
[MD5.AB57D934C2117AD9A2E5055560208222] - |A| - [01/11/2018 01:34:10] - (.(c) DTS. - DTS Limiter COM DLL.) - [442.02 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSLimiterDLL64.dll
[MD5.7BF6E609E4B0392EDE1208B6C9465E10] - |A| - [01/11/2018 01:34:12] - (.(c) DTS. - DTS NEO:pC COM DLL.) - [499.55 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSNeoPCDLL64.dll
[MD5.4AD278185666C0DA26CC5E37EE72490C] - |A| - [01/11/2018 01:34:12] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1561.04 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2HeadphoneDLL64.dll
[MD5.81AF343FFF1587C5C0455AA96CFF81C6] - |A| - [01/11/2018 01:34:12] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1746.15 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2SpeakerDLL64.dll
[MD5.9E40383D46BA9D1EADCC9952DC28A9C7] - |A| - [01/11/2018 01:34:12] - (.(c) DTS. - DTS Symmetry COM DLL.) - [717.66 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSSymmetryDLL64.dll
[MD5.21F6F0EB305EEDB65D0AF6A8F60AD5C0] - |A| - [01/11/2016 00:47:41] - (.(c) DTS. - DTS GFX APO.) - [488.83 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PGFX64.dll
[MD5.FCEB8EE508639D7595F1D3F9D1125D49] - |A| - [01/11/2016 00:47:41] - (.(c) DTS. - DTS LFX APO.) - [502.47 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PLFX64.dll
[MD5.D1F5BEBC01177215FD588D4E865A4A8A] - |A| - [01/11/2016 00:47:41] - (.(c) DTS. - DTS LFX APO.) - [418.2 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PREC64.dll
[MD5.12F33558AA9A500CEE7891E8A7FAB7F3] - |A| - [01/11/2018 01:34:14] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [698.98 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSVoiceClarityDLL64.dll
[MD5.DF84EB7B44D1414284BA384F0061D1DC] - |N| - [12/04/2018 01:34:04] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin
[MD5.346870077DFD18867A9693C7A59AA3E6] - |N| - [12/04/2018 01:34:04] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin
[MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |N| - [12/04/2018 01:34:04] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin
[MD5.10C38E1CA0D664F58E8B9F3645885E1D] - |N| - [13/02/2019 18:50:07] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [451.5 Ko] - C:\WINDOWS\System32\el-GR
[MD5.8366D9B73AFF416327D220B4C99E8F96] - |A| - [13/07/2019 15:45:23] - (.-.) - [22.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:41:58] - [3118 Ko] - C:\WINDOWS\System32\en
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [324 Ko] - C:\WINDOWS\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [24692.09 Ko] - C:\WINDOWS\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [433.5 Ko] - C:\WINDOWS\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [358.5 Ko] - C:\WINDOWS\System32\es-MX
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [318.5 Ko] - C:\WINDOWS\System32\et-EE
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\System32\eu-ES
[MD5.00000000000000000000000000000000] - |SD| - [13/07/2019 14:38:42] - [17114.64 Ko] - C:\WINDOWS\System32\F12
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\System32\fa-IR
[MD5.4DBB768C8F7E49566670FF10A61726A3] - |N| - [11/07/2018 15:02:06] - (.-.) - [1278 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessor.dll
[MD5.F5A3997555DA1A4F7036D4E8B2FCB386] - |N| - [11/07/2018 15:01:55] - (.-.) - [530.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessorCore.dll
[MD5.BB0137476B1EC8B10CE944BF023C91F6] - |N| - [12/04/2018 01:34:04] - (.-.) - [1317.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceTrackerInternal.dll
[MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |N| - [12/04/2018 01:34:41] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastBulldogImg.png
[MD5.E65D2A37B6D4445D0CD9234BA933475B] - |N| - [12/04/2018 01:33:53] - (.-.) - [72.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastHeroImg.jpg
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [404.5 Ko] - C:\WINDOWS\System32\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32.5 Ko] - C:\WINDOWS\System32\fil-PH
[MD5.A08B87CC51FB774ED45FDF4284B1974F] - |A| - [18/05/2016 08:18:18] - (.-.) - [626.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FilmModeDetection.wmv
[MD5.6DDE0D9A989B051291FA178F9B8AC032] - |A| - [13/07/2019 15:35:19] - (.-.) - [385.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [369 Ko] - C:\WINDOWS\System32\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [447.5 Ko] - C:\WINDOWS\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32.5 Ko] - C:\WINDOWS\System32\ga-IE
[MD5.41FD64AE28A0C932CA7B2A250993D675] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.contrast-white.png
[MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.png
[MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |N| - [12/04/2018 01:34:39] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [34 Ko] - C:\WINDOWS\System32\gd-GB
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [18/05/2016 08:18:18] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv2_0.exe.config
[MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [18/05/2016 08:18:18] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv4_0.exe.config
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [13/07/2019 15:36:16] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GfxValDisplayLog.bin
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [31 Ko] - C:\WINDOWS\System32\gl-ES
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\System32\gu-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\System32\ha-Latn-NG
[MD5.EA99A87E98D995DE6E280CF85CEAD413] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.contrast-white.png
[MD5.B8E586ED92DB703FFA480E254996160E] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.png
[MD5.3144A3B5D89C2F561659AE3F66B3E3D1] - |A| - [01/11/2018 01:33:14] - (.(c) 2016 Harman. - Harman APO Interface.) - [150.84 Ko] - (1.2.0.0) - C:\WINDOWS\System32\HarmanAudioInterface.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [327.5 Ko] - C:\WINDOWS\System32\he-IL
[MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.contrast-white.png
[MD5.7F1E9502267F778F3A8139C35A352190] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.png
[MD5.202A07E4526B050E22624328E64E0470] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.contrast-white.png
[MD5.1892ACC10CAC009BCAC146AD650ABA58] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.png
[MD5.031713BFD5F30E63336D3CA5D2767BE9] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.contrast-white.png
[MD5.C1BD7976C99830E33A713D02374054EC] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.png
[MD5.D6906D226393F94E7D8B3B2AC1E41D94] - |N| - [12/04/2018 01:34:10] - (.-.) - [247.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\System32\hi-IN
[MD5.4CB8E69ADA9D1725CFD6ED9FCAF3C756] - |A| - [01/11/2018 01:33:14] - (.© 2018 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [369.6 Ko] - (0.8.8.85) - C:\WINDOWS\System32\HiFiDAX2API.dll
[MD5.1BC92F3C69DE7B9A2852663B4D377402] - |A| - [01/11/2018 01:34:14] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [397.02 Ko] - (1.6.1.53) - C:\WINDOWS\System32\HiFiDAX2APIPCLL.dll
[MD5.FFBC71132719BD842504A3D9C23C59ED] - |A| - [01/11/2018 01:34:14] - (.© Harman. - Audio by Harman APO.) - [352 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMClariFi.dll
[MD5.F237081E728B11237F90464380C6F772] - |A| - [01/11/2018 01:34:16] - (.© Harman. - Audio by Harman APO.) - [186.56 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMEQ.dll
[MD5.B2B927AF197BC43EEE470BC9C1BCC146] - |A| - [01/11/2018 01:34:16] - (.© Harman. - Audio by Harman APO.) - [186.56 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMEQ_Voice.dll
[MD5.F490B5C7C14374FE88DA6123AA9D3DCE] - |A| - [01/11/2018 01:34:16] - (.© Harman. - Audio by Harman APO.) - [199.16 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMHVS.dll
[MD5.15E1D176BAD54AE6283B6956B6A96122] - |A| - [01/11/2018 01:34:16] - (.© Harman. - Audio by Harman APO.) - [175.48 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMLimiter.dll
[MD5.58F1740F6D7C5431D1F9142E338C9121] - |A| - [01/11/2018 01:33:16] - (.?Harman. - Audio by Harman APO UI.) - [406.83 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMUI.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [335 Ko] - C:\WINDOWS\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [03/04/2016 14:46:27] - [0 Ko] - C:\WINDOWS\System32\hu
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [411 Ko] - C:\WINDOWS\System32\hu-HU
[MD5.E1712E7E7F912EC72EEDA318C3B25E25] - |N| - [12/04/2018 01:33:54] - (.-.) - [31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvSocket.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [27.5 Ko] - C:\WINDOWS\System32\hy-AM
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [160.64 Ko] - C:\WINDOWS\System32\hydrogen
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [5.36 Ko] - C:\WINDOWS\System32\ias
[MD5.A6529B401AD0A81124F54CCD04CDB9F6] - |A| - [01/11/2018 01:34:16] - (.Copyright (c) 2018, ICEpower a/s - ICEpower ICEsound APO.) - [863.84 Ko] - (1.0.0.39) - C:\WINDOWS\System32\ICEsoundAPO64.dll
[MD5.C6AC6E35D9B28E59E8612E35EEF78923] - |A| - [01/11/2018 01:14:28] - (.-.) - [197.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ICEsoundService.bin
[MD5.8F085579FC9202B3782536B557A5E7E1] - |A| - [01/11/2018 01:33:16] - (.Copyright (c) 2018, ICEpower a/s - ICEpower ICEsound APO service.) - [787.45 Ko] - (1.0.0.39) - C:\WINDOWS\System32\ICEsoundService64.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [36.27 Ko] - C:\WINDOWS\System32\icsxml
[MD5.CD591279F103D5E02F84ABD7ED450E57] - |N| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1848 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuin.dll
[MD5.4185EE055F39FD2D726A91E6A8A1A093] - |N| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1311.5 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuuc.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\System32\id-ID
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [27 Ko] - C:\WINDOWS\System32\ig-NG
[MD5.AB2D50B6F3C665B55C8E5A049D59E7CC] - |A| - [18/05/2016 08:18:24] - (.-.) - [5663.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igdclbif.bin
[MD5.D68CFBF223EB2B0CC7EAF61940C25BDC] - |A| - [18/05/2016 08:18:28] - (.Copyright (C) 2012-2015 - MDF(CM) Runtime DX11 Dynamic Link Library.) - [400.37 Ko] - (5.0.0.1133) - C:\WINDOWS\System32\igfx11cmrt64.dll
[MD5.E8F98FDC766AEFB0EAC4EC490694EA77] - |A| - [18/05/2016 08:18:28] - (.Copyright (C) 2010 - 2015 - MDF(CM) JIT Dynamic Link Library.) - [1523 Ko] - (5.0.0.1133) - C:\WINDOWS\System32\igfxcmjit64.dll
[MD5.A3DD07E4C4BEE6CFC2369245D0144ED2] - |A| - [18/05/2016 08:18:29] - (.Copyright (C) 2010 - 2015 - MDF(CM) Runtime Dynamic Link Library.) - [399.34 Ko] - (5.0.0.1133) - C:\WINDOWS\System32\igfxcmrt64.dll
[MD5.B3C180B612558C19629E768F4CE1BA5D] - |A| - [30/11/2016 08:33:42] - (.-.) - [265.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCPL.cpl
[MD5.AA35528CAF42327481F20E3F6303776D] - |A| - [18/05/2016 08:18:29] - (.-.) - [84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCUIServicePS.dll
[MD5.95B4678F53CF8A99B0AB5633C4478E64] - |A| - [18/05/2016 08:18:29] - (.-.) - [65.5 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLib.dll
[MD5.D6DFBE0CFCB12AAB4F0D1DCCE7162DE0] - |A| - [18/05/2016 08:18:29] - (.-.) - [76 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLibv2_0.dll
[MD5.03DE1512E98690F9A3413BC1FE2E0C63] - |A| - [18/05/2016 08:18:29] - (.-.) - [11.5 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILib.dll
[MD5.C30A6D006BFDC367F8B3EFBB1C9B7977] - |A| - [18/05/2016 08:18:29] - (.-.) - [11.5 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILibv2_0.dll
[MD5.037C9C315E0B8F784AF2CC5098A8C17E] - |A| - [18/05/2016 08:18:29] - (.-.) - [10 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLib.dll
[MD5.EC78BA8368C7C408B057BCA7DA0DEC2B] - |A| - [18/05/2016 08:18:29] - (.-.) - [10 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLibv2_0.dll
[MD5.303D8DEFF349152B7FDEABA8512B118A] - |A| - [18/05/2016 08:18:30] - (.-.) - [5 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLib.dll
[MD5.48D78F1D97DE2648F75CDB83E9991830] - |A| - [18/05/2016 08:18:30] - (.-.) - [5 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLibv2_0.dll
[MD5.F1AE13473E6B6C8C4FF2FE6689C8371C] - |A| - [18/05/2016 08:18:30] - (.-.) - [984.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxSDK.exe
[MD5.EC8DFEED86137795A660C07EECC0FC9A] - |A| - [18/05/2016 08:18:30] - (.-.) - [81.5 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLib.dll
[MD5.62C3AD4CFDEC4C123AEE09F966498F77] - |A| - [18/05/2016 08:18:30] - (.-.) - [92 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLibv2_0.dll
[MD5.02112BAC9497F6FAE72456EAE8A7765A] - |A| - [18/05/2016 08:18:30] - (.-.) - [375.12 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxTray.exe
[MD5.6C0F36ABFE80433B352FA7748ED887BF] - |A| - [18/05/2016 08:18:30] - (.-.) - [2748 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.cpa
[MD5.0D3AF85E1F169395885151038ADE9317] - |A| - [18/05/2016 08:18:30] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.vp
[MD5.A0D0A10C8DA1B00A2EE378357F72BA90] - |A| - [18/05/2016 08:18:30] - (.-.) - [39.37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64.vp
[MD5.7B929507BB2C2A3FBD2956EC3515364C] - |A| - [18/05/2016 08:18:30] - (.-.) - [40.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64_dev.vp
[MD5.1A8302994182D4FC003A71DC6D23EE81] - |A| - [18/05/2016 08:18:30] - (.-.) - [38.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64.vp
[MD5.38FA402460982FE9A071BEC11C58B0D3] - |A| - [18/05/2016 08:18:30] - (.-.) - [38.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64_dev.vp
[MD5.26526A63D35D8E4E19C46F920AAF48F2] - |A| - [18/05/2016 08:18:30] - (.-.) - [39.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64.vp
[MD5.9CD97189D5A5E409BBEC1B28A8AFD428] - |A| - [18/05/2016 08:18:30] - (.-.) - [39.97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64_dev.vp
[MD5.52EF5E741AC045DC4D1E313FADD53107] - |A| - [18/05/2016 08:18:30] - (.-.) - [4.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxs64.vp
[MD5.67B646C256190F118619C9D10AAE4B5C] - |N| - [12/04/2018 01:34:04] - (.-.) - [168 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll
[MD5.00000000000000000000000000000000] - |D| - [01/11/2016 00:48:53] - [2848.42 Ko] - C:\WINDOWS\System32\ihvmanager
[MD5.3ED204C864E5CC3C78D3DBB707D102D1] - |A| - [18/05/2016 08:18:31] - (.-.) - [394.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ImageStabilization.wmv
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [25221.12 Ko] - C:\WINDOWS\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\System32\inetsrv
[MD5.BB1480586B5C174900A1051CEB2B462F] - |N| - [12/04/2018 01:34:12] - (.-.) - [480.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [6671.5 Ko] - C:\WINDOWS\System32\InputMethod
[MD5.8DE9AE82152650C178BF1E24014E8503] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.contrast-white.png
[MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 15:35:54] - [14954.85 Ko] - C:\WINDOWS\System32\Intel
[MD5.48893B9A91CC100FD2F0625600D6A044] - |A| - [18/05/2016 08:18:31] - (.Copyright (C) 2015 - IntelCpHDCPSvc Executable.) - [590.12 Ko] - (1.0.0.1) - C:\WINDOWS\System32\IntelCpHDCPSvc.exe
[MD5.2AEB01E400F6625FDBDD577730EAFED6] - |A| - [30/11/2016 08:36:10] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [111.01 Ko] - (2.1.0.0) - C:\WINDOWS\System32\Intel_OpenCL_ICD64.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\System32\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\System32\is-IS
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [432.5 Ko] - C:\WINDOWS\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [319.56 Ko] - C:\WINDOWS\System32\ja-jp
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\System32\ka-GE
[MD5.8AB601D55CE5C9FA6B8FE147F0616D76] - |A| - [01/11/2016 00:47:41] - (.© Knowles Electronics. - Knowles HD Audio APO.) - [603.7 Ko] - (4.1105.6000.53) - C:\WINDOWS\System32\KAAPORT64.dll
[MD5.23AC7515B6D8A794BCC01B582F044078] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.contrast-white.png
[MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\System32\kk-KZ
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28 Ko] - C:\WINDOWS\System32\km-KH
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [31.5 Ko] - C:\WINDOWS\System32\kn-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [297 Ko] - C:\WINDOWS\System32\ko-KR
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\System32\kok-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\System32\ku-Arab-IQ
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\System32\ky-KG
[MD5.9451D4436E2EA67EB33FCC764E4AABED] - |N| - [14/11/2018 00:05:24] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LaptopPlugInToastImg.gif
[MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |N| - [12/04/2018 01:34:04] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [33 Ko] - C:\WINDOWS\System32\lb-LU
[MD5.4F5120E44845A78D5920D2F0BDE0340F] - |N| - [12/04/2018 19:03:19] - (.-.) - [1953 Ko] - (2.6.4.0) - C:\WINDOWS\System32\libcrypto.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [559.86 Ko] - C:\WINDOWS\System32\Licenses
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [27 Ko] - C:\WINDOWS\System32\lo-LA
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [459.94 Ko] - C:\WINDOWS\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [333 Ko] - C:\WINDOWS\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [331.5 Ko] - C:\WINDOWS\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [30096.04 Ko] - C:\WINDOWS\System32\Macromed
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync
[MD5.AEA14D8302A7D16E6EA87D1902D9F583] - |A| - [01/11/2016 00:47:41] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [322.82 Ko] - (2.2.9.0) - C:\WINDOWS\System32\MaxxAudioAPO20.dll
[MD5.1C4E46C22DFE90DCF00C0F150FB91C47] - |A| - [01/11/2016 00:47:41] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [662.3 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxAudioAPO30.dll
[MD5.394999A1CC3EF884C72AAB98F4088BB1] - |A| - [01/11/2016 00:47:41] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1137.05 Ko] - (4.5.8.0) - C:\WINDOWS\System32\MaxxAudioAPO4064.dll
[MD5.363B091F6CEC26BD99F54CDCA58D338F] - |A| - [01/11/2016 00:47:41] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1183.44 Ko] - (5.6.5.0) - C:\WINDOWS\System32\MaxxAudioAPO5064.dll
[MD5.B7A93AD901C9A0DA7A339CA03B059701] - |A| - [01/11/2016 00:47:41] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1387.8 Ko] - (6.1.17.0) - C:\WINDOWS\System32\MaxxAudioAPO6064.dll
[MD5.E2B42DEEE7E422D34AF1B5224A7D549F] - |A| - [01/11/2016 00:47:41] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [2757.11 Ko] - (7.0.10.0) - C:\WINDOWS\System32\MaxxAudioAPO7064.dll
[MD5.402BBD61ED52291022A8070738435EAC] - |A| - [01/11/2016 00:47:41] - (.Copyright (C) 2010-2013 - MaxxAudio APO Shell.) - [909.79 Ko] - (4.10.8.0) - C:\WINDOWS\System32\MaxxAudioAPOShell64.dll
[MD5.7EE6CB3F9F2E28A02C4CC9E85375A2D8] - |A| - [01/11/2016 00:47:41] - (.Copyright © 1996-2014 -.) - [2002.13 Ko] - (4.1.1.0) - C:\WINDOWS\System32\MaxxAudioEQ64.dll
[MD5.7D9929F2D7FD04D7ED4F4C2843EC3256] - |A| - [01/11/2016 00:47:41] - (.Copyright © 1996-2013 -.) - [13727.79 Ko] - (4.4.10.0) - C:\WINDOWS\System32\MaxxAudioRealtek64.dll
[MD5.6EA78E8C67580A74EB1E60A2ED90003A] - |A| - [01/11/2016 00:47:42] - (.© Waves Audio Ltd. - MaxxSpeech APO.) - [1291.66 Ko] - (1.1.4.0) - C:\WINDOWS\System32\MaxxSpeechAPO64.dll
[MD5.4C6A4049A3BE4DFCE3D4A4980269FA5E] - |A| - [01/11/2016 00:47:42] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [974.64 Ko] - (2.6.2.0) - C:\WINDOWS\System32\MaxxVoiceAPO2064.dll
[MD5.62E978D965EE25A5F3FFE2025B3E1A1C] - |A| - [01/11/2016 00:47:42] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12813.24 Ko] - (3.1.14.0) - C:\WINDOWS\System32\MaxxVoiceAPO3064.dll
[MD5.7F02267308BEE7B0194B21212C0D31FF] - |A| - [01/11/2016 00:47:42] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12682.16 Ko] - (4.0.19.0) - C:\WINDOWS\System32\MaxxVoiceAPO4064.dll
[MD5.BE79D07140F104938FBD4524745DDC23] - |A| - [01/11/2016 00:47:42] - (.© Waves Audio Ltd. - MaxxVolumeSD APO.) - [661.8 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxVolumeSDAPO.dll
[MD5.3DCF07F29FFC6A20F14E05C20D3621F7] - |N| - [13/03/2019 16:20:56] - (.-.) - [791.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE
[MD5.F23EB28468FC8B62AF941308EC30387F] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.contrast-white.png
[MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.png
[MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |N| - [12/04/2018 01:34:04] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin
[MD5.D225B2044789A6059344503C1AE33347] - |N| - [12/04/2018 01:34:29] - (.-.) - [3.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mmc.exe.config
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\System32\mn-MN
[MD5.B43E43FFFDD0F06A6925C7C89594042B] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.contrast-white.png
[MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\System32\mr-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 18:35:30] - [0 Ko] - C:\WINDOWS\System32\MRT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\System32\ms-MY
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [4180.28 Ko] - C:\WINDOWS\System32\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [31 Ko] - C:\WINDOWS\System32\mt-MT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [6 Ko] - C:\WINDOWS\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [34.35 Ko] - C:\WINDOWS\System32\my-mm
[MD5.777FDA2DB87DE207DD3FFA2570A49EF0] - |A| - [01/11/2016 00:47:42] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5165.97 Ko] - (6.3.9600.17231) - C:\WINDOWS\System32\NAHIMICAPOlfx.dll
[MD5.53A7F93BAEDFF5DF62E36C1EEC4B64A4] - |A| - [01/11/2016 00:47:42] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO Settings Communication Dll.) - [980.34 Ko] - (1.0.0.14866) - C:\WINDOWS\System32\NahimicAPONSControl.dll
[MD5.CE45B194226CEA3E17BFE10E7CAC4A71] - |A| - [01/11/2016 00:47:42] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5641.3 Ko] - (6.3.9600.16384) - C:\WINDOWS\System32\NAHIMICV2apo.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [393.5 Ko] - C:\WINDOWS\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\System32\NDF
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [31.5 Ko] - C:\WINDOWS\System32\ne-NP
[MD5.B52FA68804EE31D5EAAB0C1E4508CA31] - |A| - [13/07/2019 15:35:20] - (.-.) - [32.69 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log
[MD5.C146E873B22C3B300B21A859FE66C27A] - |N| - [12/04/2018 01:34:39] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [51 Ko] - C:\WINDOWS\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [422.5 Ko] - C:\WINDOWS\System32\nl-NL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\System32\nn-NO
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\System32\nso-ZA
[MD5.00000000000000000000000000000000] - |SD| - [13/07/2019 14:38:42] - [3781.5 Ko] - C:\WINDOWS\System32\Nui
[MD5.842C5617FAB46F23FBDB581312743BF7] - |A| - [13/07/2019 15:36:56] - (.-.) - [8172.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvcoproc.bin
[MD5.2C8BDEE2D6D5CC898EC6202AEB87AB77] - |A| - [09/10/2018 17:00:28] - (.-.) - [46.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvinfo.pb
[MD5.1C52C7C2E7DE4ADB265C35F8ACA40C01] - |A| - [01/11/2016 00:44:52] - (.-.) - [108.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NvRtmpStreamer64.dll
[MD5.1F8E72D18D9DF680D0E0E5AA10ECA760] - |A| - [13/07/2019 14:38:46] - (.-.) - [16.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml
[MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png
[MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png
[MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [25970.33 Ko] - C:\WINDOWS\System32\oobe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [3834.5 Ko] - C:\WINDOWS\System32\OpenSSH
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32.5 Ko] - C:\WINDOWS\System32\or-IN
[MD5.459FB33AA2114A28C5932FEAA115B072] - |N| - [12/04/2018 01:34:04] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\System32\pa-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\System32\pa-IN
[MD5.874B0871DA3EC061D1BF30423C1E165B] - |N| - [12/04/2018 01:34:43] - (.-.) - [48.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerceptionSimulationInput.exe
[MD5.5FEA7F1CC1047DEB3C2C2FB685E6F507] - |A| - [03/04/2016 14:39:57] - (.-.) - [152.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc005.dat
[MD5.D947BC1AC3802CA65BBBEE5CAF556F2D] - |A| - [13/07/2019 14:40:22] - (.-.) - [130.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat
[MD5.3078E2B9C413847E007E4D2C850CDB33] - |A| - [03/04/2016 14:47:02] - (.-.) - [169.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00E.dat
[MD5.EBE29F603BC16B8B5ECF3FE7BEF969C5] - |A| - [03/04/2016 14:33:17] - (.-.) - [159.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc015.dat
[MD5.AD4F9756147EF295FDA522DE30C80EE8] - |A| - [03/04/2016 14:39:57] - (.-.) - [37.78 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd005.dat
[MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [13/07/2019 14:40:22] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat
[MD5.F11FC85B93C67E12873A011719582A12] - |A| - [03/04/2016 14:47:02] - (.-.) - [49.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00E.dat
[MD5.89AC0EC2EB702024F2BD0ADEB3C29F77] - |A| - [03/04/2016 14:33:17] - (.-.) - [40.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd015.dat
[MD5.63990CE2BC78A6BD5BC83DA38551187B] - |A| - [03/04/2016 14:39:57] - (.-.) - [740.63 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh005.dat
[MD5.7C7BFF9F305EB1E65D9F66591ED9380D] - |A| - [13/07/2019 14:40:22] - (.-.) - [684.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat
[MD5.F03718650A4589423B65E67BC60FDF3E] - |A| - [03/04/2016 14:47:02] - (.-.) - [750.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00E.dat
[MD5.732AF51D43513F6CEE4CB0F5F4CF337C] - |A| - [03/04/2016 14:33:17] - (.-.) - [806.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh015.dat
[MD5.AF174727B8B43A6E1A860C0283DC406F] - |A| - [03/04/2016 06:19:22] - (.-.) - [818.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI
[MD5.79D34E3B62076D4C875C748F5BE71ECA] - |N| - [12/04/2018 01:34:02] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.contrast-white.png
[MD5.4D9495349D00D9AD907F227FF51F289F] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [03/04/2016 14:32:45] - [0 Ko] - C:\WINDOWS\System32\pl
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [420 Ko] - C:\WINDOWS\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [681.5 Ko] - C:\WINDOWS\System32\PointOfService
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:41:58] - [553.03 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\System32\ProximityToast
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\System32\prs-AF
[MD5.007893E8374C766471239EB291BA8C17] - |N| - [12/04/2018 01:34:40] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [422 Ko] - C:\WINDOWS\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [417.5 Ko] - C:\WINDOWS\System32\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32.5 Ko] - C:\WINDOWS\System32\quc-Latn-GT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\System32\quz-PE
[MD5.2D92991EB0E274CD83325948F6B89FE1] - |A| - [01/11/2018 01:34:20] - (.©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [136.59 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEA64A.dll
[MD5.4509296FF3492F5C61BB89BE9146B00E] - |A| - [01/11/2018 01:34:20] - (.©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [442.75 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EED64A.dll
[MD5.A65ED44399FAD238441A02BE0E27DDA0] - |A| - [01/11/2018 01:34:22] - (.©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [88.16 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEG64A.dll
[MD5.2A4F2B66D4A76635ECB2B8208F8857D2] - |A| - [01/11/2018 01:34:22] - (.©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [153.76 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEL64A.dll
[MD5.EFF5A2202197716168A4CDD94B52CA2E] - |A| - [01/11/2018 01:33:20] - (.©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [7010.31 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEP64A.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [23.75 Ko] - C:\WINDOWS\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\System32\RasToast
[MD5.5BBEA6A833CAE2CAB5E400D757998BBF] - |N| - [04/06/2018 03:08:25] - (.-.) - [1907.5 Ko] - (1.0.1802.7001) - C:\WINDOWS\System32\rdpnano.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [1.04 Ko] - C:\WINDOWS\System32\Recovery
[MD5.826549DF7B1333179BA8CA939B12DAD3] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.contrast-white.png
[MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.png
[MD5.93915F385A4EED6C0FBEE364EA90CE56] - |N| - [12/04/2018 01:34:43] - (.-.) - [9.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList
[MD5.39A2449AFF6ABAD80B97EA7C7CEB3F8E] - |N| - [12/04/2018 01:34:43] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList
[MD5.831C579709F4761E4AB7053FCF4176EC] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png
[MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png
[MD5.831C579709F4761E4AB7053FCF4176EC] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0.07 Ko] - C:\WINDOWS\System32\restore
[MD5.C0021ECF4FE049EEFB694982DEB809A7] - |A| - [01/11/2016 00:38:54] - (.-.) - [16.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\results.xml
[MD5.EFB43DC16D08ED08DB57AE064B2CF0F5] - |A| - [01/11/2018 01:34:22] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [319.73 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll
[MD5.414178DD5C36154372C41270C9F7FDD1] - |A| - [01/11/2018 01:34:24] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [319.7 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll
[MD5.D7CFCE6811519582690065C21088E9A5] - |A| - [12/01/2018 14:38:43] - (.Copyright (C) 2014 - RtCRX.) - [82.5 Ko] - (1.11.9600.0) - C:\WINDOWS\System32\RtCRX64.dll
[MD5.A0051372ED692B6AF74A6C295F0B2090] - |A| - [01/11/2018 01:34:26] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [215.33 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll
[MD5.3134AEDB269D300383B584535FEBD7B3] - |A| - [01/11/2018 01:34:26] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [91.8 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll
[MD5.9A7DC7E4698686826FB94800A6885FAA] - |A| - [01/11/2018 01:34:26] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [113.91 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll
[MD5.7D7CE0502AFBD4A78E3DB56B9CD5CD43] - |A| - [01/11/2018 01:34:26] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [383.77 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll
[MD5.BA34CA469FE48B13922CD7A07A4A904A] - |N| - [10/10/2018 17:37:17] - (.-.) - [51.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\System32\rw-RW
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |N| - [12/04/2018 01:35:22] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml
[MD5.2F24BC74DCB28FE032C1596755385917] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png
[MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png
[MD5.2F24BC74DCB28FE032C1596755385917] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\System32\sd-Arab-PK
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |N| - [12/04/2018 01:34:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat
[MD5.9F2DE145A7782ED71A0A333C387BBA2C] - |A| - [01/11/2018 01:34:34] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFAPO.DLL.) - [86.38 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFAPO64.dll
[MD5.596C7E2E91F51E151417C933093F35BF] - |A| - [01/11/2018 01:34:34] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFCOM.DLL.) - [88.89 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFCOM64.dll
[MD5.77C85B8B01CED5823AEC47EA0CD52CA8] - |A| - [01/11/2018 01:34:36] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFNHK.DLL.) - [226.58 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFNHK64.dll
[MD5.4DFDCBEACBCCB129BAF98B55D13AE021] - |A| - [01/11/2018 01:34:38] - (.Copyright (C) 2018 DTS, Inc. - DTS Universal APO DLL.) - [971.47 Ko] - (3.5.17.0) - C:\WINDOWS\System32\sl3apo64.dll
[MD5.68400432B211A8358306F2AE8BB44590] - |A| - [01/11/2018 01:34:38] - (.Copyright (C) 2018 DTS, Inc. - DTS APO Controller DLL.) - [3338 Ko] - (3.5.17.0) - C:\WINDOWS\System32\slcnt64.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 15:35:20] - [21619.11 Ko] - C:\WINDOWS\System32\SleepStudy
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:41:59] - [45.92 Ko] - C:\WINDOWS\System32\slmgr
[MD5.A570B3CBC296E391966D48F3917C6EBD] - |A| - [01/11/2018 01:33:34] - (.TODO: (c) <Company name>. - TODO: <File description>.) - [260.39 Ko] - (1.0.0.1) - C:\WINDOWS\System32\slprp64.dll
[MD5.4C39B4DFAD8019747E00107555196EC6] - |A| - [01/11/2018 01:34:42] - (.Copyright (C) 2018 DTS, Inc. - DTS APO Technology DLL.) - [3055.58 Ko] - (3.5.17.0) - C:\WINDOWS\System32\sltech64.dll
[MD5.DAC275ABAAD2B689D7BB3685E4032072] - |N| - [12/04/2018 01:34:04] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:34:00] - [13633.02 Ko] - C:\WINDOWS\System32\SMI
[MD5.55121989BE7B289813D419BA0FDEE8B7] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png
[MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png
[MD5.55121989BE7B289813D419BA0FDEE8B7] - |N| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png
[MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |N| - [12/04/2018 01:34:02] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.contrast-white.png
[MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.png
[MD5.3C238A27DD48D63F21CBB8AE6E4210BD] - |N| - [12/04/2018 01:34:41] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [7404.9 Ko] - C:\WINDOWS\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [11725.15 Ko] - C:\WINDOWS\System32\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [30972.57 Ko] - C:\WINDOWS\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [15037.59 Ko] - C:\WINDOWS\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [23.61 Ko] - C:\WINDOWS\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\System32\sq-AL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-BA
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-RS
[MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\WINDOWS\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [337 Ko] - C:\WINDOWS\System32\sr-Latn-RS
[MD5.FFFBBA8446BB4CBF7FD229559ABA5DAC] - |A| - [01/11/2018 01:34:44] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRAPO.DLL.) - [456.31 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRAPO64.dll
[MD5.5BBAA111B0CDE56329E337FF0C7BEB4D] - |A| - [01/11/2018 01:34:44] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.26 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM.dll
[MD5.D95FF3E2B6ED9DA183C23D4EDEDBA46C] - |A| - [01/11/2018 01:34:44] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [372.59 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM64.dll
[MD5.2E00E08420875FAE0B173C6A34C2A575] - |N| - [04/06/2018 03:08:49] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat
[MD5.4FD560E994EDF0353835F3F9F506A62C] - |N| - [11/07/2018 15:01:51] - (.-.) - [57.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat
[MD5.A996DF0DC0B33854AFC77E4154BDCD8C] - |A| - [01/11/2018 01:34:46] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRRPTR.DLL.) - [1401.61 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRRPTR64.dll
[MD5.91031FE0DB5F0D7457EB8CC67086E781] - |A| - [01/11/2018 01:34:46] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [213.26 Ko] - (1.1.0.0) - C:\WINDOWS\System32\SRSHP64.dll
[MD5.BACE98530CE0DA6A59F4148D4D025DAC] - |A| - [01/11/2018 01:34:46] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [225.4 Ko] - (1.1.4.0) - C:\WINDOWS\System32\SRSTSH64.dll
[MD5.157ACEBB28937AF663D5F7DD5ED4869B] - |A| - [01/11/2018 01:34:46] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [528.54 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll
[MD5.87FC7BFD57579A4E5EC5E3EF646A7EA1] - |A| - [01/11/2018 01:34:46] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [170.95 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [26840 Ko] - C:\WINDOWS\System32\sru
[MD5.8A02EF186BDC952CA75EFA689EC4F275] - |N| - [12/04/2018 01:34:04] - (.-.) - [434 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [401.5 Ko] - C:\WINDOWS\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\System32\sw-KE
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [1401.26 Ko] - C:\WINDOWS\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [922.78 Ko] - C:\WINDOWS\System32\SystemResetPlatform
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [44.73 Ko] - C:\WINDOWS\System32\ta-in
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [10.73 Ko] - C:\WINDOWS\System32\ta-lk
[MD5.9CD66B93520B6DD13C71EAEF487D7899] - |N| - [12/04/2018 01:34:16] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [49 Ko] - (3.3.2.0) - C:\WINDOWS\System32\tar.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [583.4 Ko] - C:\WINDOWS\System32\Tasks
[MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [485.64 Ko] - C:\WINDOWS\System32\Tasks_Migrated
[MD5.AD6EA34C17105785BE012B0685835BD2] - |N| - [11/07/2019 09:58:51] - (.-.) - [1.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcbres.wim
[MD5.D602CA245CC6774A0981B607F0675609] - |N| - [12/04/2018 01:34:33] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\System32\te-IN
[MD5.925C58370F8BEF4EF421DECBF85E18F3] - |A| - [01/11/2018 01:34:52] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Audio Source Filtering APO.) - [832.27 Ko] - (2.1.1.0) - C:\WINDOWS\System32\tosasfapo64.dll
[MD5.7AA1EC2AB0876AE8B50E514D920F212F] - |A| - [01/11/2018 01:34:52] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Earphone Audio Enhancement APO.) - [436.82 Ko] - (2.1.0.0) - C:\WINDOWS\System32\toseaeapo64.dll
[MD5.25CA550521D57BFEE2B5BDA83BF10A83] - |A| - [01/11/2018 01:34:52] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Speaker Audio Enhancement APO.) - [1306.39 Ko] - (2.1.1.0) - C:\WINDOWS\System32\tossaeapo64.dll
[MD5.381D8CDEDD7C2D1ABF71A81B1C077B5A] - |A| - [01/11/2018 01:34:54] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Speaker Audio Enhancement Maximizer.) - [590.73 Ko] - (1.1.2.0) - C:\WINDOWS\System32\tossaemaxapo64.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [392.5 Ko] - C:\WINDOWS\System32\tr-TR
[MD5.B88B8D017386A00D7724519F475317A0] - |N| - [12/04/2018 01:34:44] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt
[MD5.2F05390B798363D51EBE65D6320CD45E] - |N| - [12/04/2018 01:34:44] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\System32\tt-RU
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28 Ko] - C:\WINDOWS\System32\ug-CN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [334.5 Ko] - C:\WINDOWS\System32\uk-UA
[MD5.00000000000000000000000000000000] - |SD| - [13/07/2019 14:38:42] - [2716.43 Ko] - C:\WINDOWS\System32\UNP
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\System32\ur-PK
[MD5.5B0D59652F66ABB715DC53C312B26BD0] - |N| - [12/04/2018 01:34:14] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UsbPmApi.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32 Ko] - C:\WINDOWS\System32\uz-Latn-UZ
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [31.5 Ko] - C:\WINDOWS\System32\vi-VN
[MD5.5A94CE1EC9A4902D34F240589F59299A] - |A| - [09/10/2018 17:00:28] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [955.38 Ko] - (1.1.82.0) - C:\WINDOWS\System32\vulkan-1-999-0-0-0.dll
[MD5.5A94CE1EC9A4902D34F240589F59299A] - |A| - [09/10/2018 17:00:28] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [955.38 Ko] - (1.1.82.0) - C:\WINDOWS\System32\vulkan-1.dll
[MD5.E92E68E800F9F6DBB05A81000BE75152] - |A| - [09/10/2018 17:00:28] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [261.91 Ko] - (1.1.82.0) - C:\WINDOWS\System32\vulkaninfo-1-999-0-0-0.exe
[MD5.E92E68E800F9F6DBB05A81000BE75152] - |A| - [09/10/2018 17:00:28] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [261.91 Ko] - (1.1.82.0) - C:\WINDOWS\System32\vulkaninfo.exe
[MD5.BA53D0938424F152E8EE6D936240F9D3] - |A| - [01/11/2016 00:47:43] - (.Copyright © 1996-2012 - General Library for Plug-Ins.) - [2061.13 Ko] - (4.4.5.0) - C:\WINDOWS\System32\WavesGUILib64.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [91149.7 Ko] - C:\WINDOWS\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:41:59] - [0 Ko] - C:\WINDOWS\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [105146.76 Ko] - C:\WINDOWS\System32\WDI
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |N| - [12/04/2018 01:34:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [44134.66 Ko] - C:\WINDOWS\System32\WinBioPlugIns
[MD5.9FB33FC28587B322B6563F73A8F0CBBD] - |N| - [12/04/2018 01:34:10] - (.-.) - [123 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [9825.83 Ko] - C:\WINDOWS\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [104056 Ko] - C:\WINDOWS\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [5569.42 Ko] - C:\WINDOWS\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:41:59] - [100.11 Ko] - C:\WINDOWS\System32\winrm
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [27.5 Ko] - C:\WINDOWS\System32\wo-SN
[MD5.C30C621748C66CE751B19B2788559A3E] - |N| - [12/04/2018 01:34:42] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png
[MD5.A853BF78DA5ED707FC4430FBEA74CC15] - |N| - [12/04/2018 01:34:02] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml
[MD5.DE198ABE13B6E663E60E006E17CF68B1] - |N| - [12/04/2018 01:34:06] - (.-.) - [79.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\System32\xh-ZA
[MD5.82C37C3E27020AF6C2E018E944284676] - |N| - [12/04/2018 01:34:49] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |N| - [12/04/2018 01:34:48] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |N| - [12/04/2018 01:34:59] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png
[MD5.DB71001FC261F6685BE410527DAE3942] - |N| - [12/04/2018 01:34:49] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [1900.9 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\SysWOW64\af-ZA
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [22 Ko] - C:\WINDOWS\SysWOW64\am-ET
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [326.5 Ko] - C:\WINDOWS\SysWOW64\ar-SA
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\SysWOW64\as-IN
[MD5.B8783941C7C420206B0E7F1DC28F27E4] - |A| - [01/11/2016 01:04:44] - (.-.) - [6.16 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\AsPowerCfg.log
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\SysWOW64\az-Latn-AZ
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\SysWOW64\be-BY
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [324 Ko] - C:\WINDOWS\SysWOW64\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bn-BD
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\SysWOW64\bn-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bs-Latn-BA
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\SysWOW64\ca-ES
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [31 Ko] - C:\WINDOWS\SysWOW64\ca-ES-valencia
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [23 Ko] - C:\WINDOWS\SysWOW64\chr-CHER-US
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [320.5 Ko] - C:\WINDOWS\SysWOW64\com
[MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |N| - [12/04/2018 01:34:46] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png
[MD5.00000000000000000000000000000000] - |SD| - [13/07/2019 14:38:42] - [205 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [7754.96 Ko] - C:\WINDOWS\SysWOW64\Dism
[MD5.F07442443E1BC5FA31EDCCA0AE819DA9] - |A| - [01/11/2016 00:44:49] - (.-.) - [8.92 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\Gms.log
[MD5.1E91815C329345AD54FE08BF7A98F749] - |N| - [12/04/2018 19:02:15] - (.Copyright (C) 2017 - Gracenote SDK component.) - [4073.5 Ko] - (3.10.5.5585) - C:\WINDOWS\SysWOW64\gnsdk_fp.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\SysWOW64\gu-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\SysWOW64\ha-Latn-NG
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [309.5 Ko] - C:\WINDOWS\SysWOW64\he-IL
[MD5.B4242227EAA6B910E3D0B985816DB2E7] - |N| - [12/04/2018 01:34:45] - (.-.) - [218 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\SysWOW64\hi-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [314.5 Ko] - C:\WINDOWS\SysWOW64\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [03/04/2016 14:46:29] - [0 Ko] - C:\WINDOWS\SysWOW64\hu
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [389.5 Ko] - C:\WINDOWS\SysWOW64\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [27.5 Ko] - C:\WINDOWS\SysWOW64\hy-AM
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml
[MD5.17F5D3282D520EB2EA7C488AA6C57438] - |N| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1594 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuin.dll
[MD5.A456E020684366A0DB0714ABFB1B5A2A] - |N| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1134 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\SysWOW64\id-ID
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [27 Ko] - C:\WINDOWS\SysWOW64\ig-NG
[MD5.9DDE110E76DD3D7FAA7282361069528E] - |N| - [12/04/2018 01:34:47] - (.-.) - [355.66 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [215.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield
[MD5.C72942631ECEB8BF2765F7444FDEF0F2] - |A| - [30/11/2016 08:36:06] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [102.01 Ko] - (2.1.0.0) - C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\SysWOW64\is-IS
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [410.5 Ko] - C:\WINDOWS\SysWOW64\it-IT
[MD5.CB111DA8FAFCD06EE732D2EEA7E5932B] - |A| - [30/11/2016 08:36:14] - (.-.) - [138.01 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libEGL.dll
[MD5.C77D17FBD6CE8FC4357539AE3B8EAF66] - |A| - [30/11/2016 08:36:16] - (.-.) - [99.01 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libGLESv1_CM.dll
[MD5.48162AC548DE03DAC9556C22AF8FD3EC] - |A| - [30/11/2016 08:36:20] - (.-.) - [109.52 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libGLESv2.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [559.86 Ko] - C:\WINDOWS\SysWOW64\Licenses
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [27 Ko] - C:\WINDOWS\SysWOW64\lo-LA
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [313 Ko] - C:\WINDOWS\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [311.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [24626.88 Ko] - C:\WINDOWS\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\SysWOW64\mi-NZ
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [2984.42 Ko] - C:\WINDOWS\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [827.4 Ko] - C:\WINDOWS\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\SysWOW64\mk-MK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32.5 Ko] - C:\WINDOWS\SysWOW64\ml-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\SysWOW64\mn-MN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\SysWOW64\mr-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\SysWOW64\ms-MY
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [31 Ko] - C:\WINDOWS\SysWOW64\mt-MT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [6 Ko] - C:\WINDOWS\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [374 Ko] - C:\WINDOWS\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [31.5 Ko] - C:\WINDOWS\SysWOW64\ne-NP
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [400.5 Ko] - C:\WINDOWS\SysWOW64\nl-NL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\SysWOW64\nn-NO
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\SysWOW64\nso-ZA
[MD5.00000000000000000000000000000000] - |SD| - [13/07/2019 14:38:42] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui
[MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |N| - [12/04/2018 01:34:02] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OneDrive.ico
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [678.8 Ko] - C:\WINDOWS\SysWOW64\oobe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32.5 Ko] - C:\WINDOWS\SysWOW64\or-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\SysWOW64\pa-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\SysWOW64\pa-IN
[MD5.00000000000000000000000000000000] - |D| - [03/04/2016 14:32:49] - [0 Ko] - C:\WINDOWS\SysWOW64\pl
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [397.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:41:59] - [553.21 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\SysWOW64\prs-AF
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [400.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [395.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32.5 Ko] - C:\WINDOWS\SysWOW64\quc-Latn-GT
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30.5 Ko] - C:\WINDOWS\SysWOW64\quz-PE
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\SysWOW64\restore
[MD5.5BBAA111B0CDE56329E337FF0C7BEB4D] - |A| - [01/11/2018 01:34:44] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.26 Ko] - (4.0.0.59) - C:\WINDOWS\SysWOW64\SRCOM.dll
[MD5.2E00E08420875FAE0B173C6A34C2A575] - |N| - [04/06/2018 03:08:59] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\SysWOW64\sru
[MD5.DC2DB04CA829CAD7910CE71263F68C90] - |N| - [12/04/2018 01:34:45] - (.-.) - [321.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [381.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29 Ko] - C:\WINDOWS\SysWOW64\sw-KE
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:41:59] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [34 Ko] - C:\WINDOWS\SysWOW64\ta-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\SysWOW64\te-IN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32 Ko] - C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [289.5 Ko] - C:\WINDOWS\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [22.5 Ko] - C:\WINDOWS\SysWOW64\ti-ET
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [27.5 Ko] - C:\WINDOWS\SysWOW64\tk-TM
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32.5 Ko] - C:\WINDOWS\SysWOW64\tn-ZA
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [372.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28.5 Ko] - C:\WINDOWS\SysWOW64\tt-RU
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [28 Ko] - C:\WINDOWS\SysWOW64\ug-CN
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [314 Ko] - C:\WINDOWS\SysWOW64\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\SysWOW64\ur-PK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [32 Ko] - C:\WINDOWS\SysWOW64\uz-Latn-UZ
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [31.5 Ko] - C:\WINDOWS\SysWOW64\vi-VN
[MD5.A4B4C733F9EA7908371B6A3485A3E9F1] - |A| - [09/10/2018 17:00:28] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [825.38 Ko] - (1.1.82.0) - C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
[MD5.A4B4C733F9EA7908371B6A3485A3E9F1] - |A| - [09/10/2018 17:00:28] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [825.38 Ko] - (1.1.82.0) - C:\WINDOWS\SysWOW64\vulkan-1.dll
[MD5.E58BD9E9234087D87826A69A746C7D8B] - |A| - [09/10/2018 17:00:28] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [237.88 Ko] - (1.1.82.0) - C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
[MD5.E58BD9E9234087D87826A69A746C7D8B] - |A| - [09/10/2018 17:00:28] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [237.88 Ko] - (1.1.82.0) - C:\WINDOWS\SysWOW64\vulkaninfo.exe
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [15621.64 Ko] - C:\WINDOWS\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:41:59] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN
[MD5.F8A04B2ADF9693ADF0D70B966CA4498E] - |N| - [12/04/2018 01:34:45] - (.-.) - [109 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [8871.87 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [5569.41 Ko] - C:\WINDOWS\SysWOW64\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:41:59] - [100.11 Ko] - C:\WINDOWS\SysWOW64\winrm
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [27.5 Ko] - C:\WINDOWS\SysWOW64\wo-SN
[MD5.62236256C14EBAB96F24E4F1D7049CA8] - |N| - [12/04/2018 01:34:45] - (.-.) - [54.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\SysWOW64\xh-ZA
[MD5.00000000000000000000000000000000] - |D| - [03/04/2016 14:32:50] - [0 Ko] - C:\WINDOWS\SysWOW64\XPSViewer
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [29.5 Ko] - C:\WINDOWS\SysWOW64\yo-NG
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [245.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\WINDOWS\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:38:42] - [240.5 Ko] - C:\WINDOWS\SysWOW64\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [13/07/2019 14:42:20] - [30 Ko] - C:\WINDOWS\SysWOW64\zu-ZA

---------- | [denni]

[13/07/2019 14:50:54] - |RD| - [298] - C:\Users\denni\3D Objects
[13/07/2019 14:47:40] - |HD| - [1093359741] - C:\Users\denni\AppData
[13/07/2019 14:50:54] - |RD| - [412] - C:\Users\denni\Contacts
[13/07/2019 14:47:40] - |RD| - [26759521] - C:\Users\denni\Desktop
[13/07/2019 14:47:40] - |RD| - [402] - C:\Users\denni\Documents
[13/07/2019 14:47:40] - |RD| - [66729251] - C:\Users\denni\Downloads
[13/07/2019 14:47:40] - |RD| - [833] - C:\Users\denni\Favorites
[13/07/2019 14:50:52] - |SHD| - [25308] - C:\Users\denni\IntelGraphicsProfiles
[13/07/2019 14:47:40] - |RD| - [1981] - C:\Users\denni\Links
[13/07/2019 14:51:17] - |HD| - [2631339] - C:\Users\denni\MicrosoftEdgeBackups
[13/07/2019 14:47:40] - |RD| - [504] - C:\Users\denni\Music
[13/07/2019 14:47:40] - |AH| - [1835008] - C:\Users\denni\NTUSER.DAT
[13/07/2019 14:47:40] - |ASH| - [229376] - C:\Users\denni\ntuser.dat.LOG1
[13/07/2019 14:47:40] - |ASH| - [501760] - C:\Users\denni\ntuser.dat.LOG2
[13/07/2019 14:47:40] - |ASH| - [65536] - C:\Users\denni\NTUSER.DAT{6de8c59b-a57b-11e9-9a13-704d7bbb609a}.TM.blf
[13/07/2019 14:47:40] - |ASH| - [524288] - C:\Users\denni\NTUSER.DAT{6de8c59b-a57b-11e9-9a13-704d7bbb609a}.TMContainer00000000000000000001.regtrans-ms
[13/07/2019 14:47:40] - |ASH| - [524288] - C:\Users\denni\NTUSER.DAT{6de8c59b-a57b-11e9-9a13-704d7bbb609a}.TMContainer00000000000000000002.regtrans-ms
[13/07/2019 14:47:40] - |SH| - [20] - C:\Users\denni\ntuser.ini
[13/07/2019 14:55:06] - |RD| - [96] - C:\Users\denni\OneDrive
[13/07/2019 14:47:40] - |RD| - [884] - C:\Users\denni\Pictures
[13/07/2019 14:47:40] - |RD| - [282] - C:\Users\denni\Saved Games
[13/07/2019 14:50:54] - |RD| - [1872] - C:\Users\denni\Searches
[13/07/2019 14:47:40] - |RD| - [694] - C:\Users\denni\Videos
[13/07/2019 14:47:40] - |D| - [1089057556] - C:\Users\denni\AppData\Local
[13/07/2019 14:47:40] - |D| - [190898] - C:\Users\denni\AppData\LocalLow
[13/07/2019 14:47:40] - |D| - [4111287] - C:\Users\denni\AppData\Roaming
[13/07/2019 15:34:14] - |D| - [3765577] - C:\Users\denni\AppData\Local\CEF
[13/07/2019 15:08:14] - |D| - [18898948] - C:\Users\denni\AppData\Local\Comms
[13/07/2019 14:50:51] - |D| - [2046] - C:\Users\denni\AppData\Local\ConnectedDevicesPlatform
[13/07/2019 14:53:01] - |D| - [40] - C:\Users\denni\AppData\Local\Crashpad
[13/07/2019 15:19:00] - |D| - [137032] - C:\Users\denni\AppData\Local\D3DSCache
[13/07/2019 14:53:51] - |D| - [700148645] - C:\Users\denni\AppData\Local\Google
[13/07/2019 16:29:02] - |AH| - [127730] - C:\Users\denni\AppData\Local\IconCache.db
[31/07/2019 09:03:00] - |D| - [776360] - C:\Users\denni\AppData\Local\mbam
[31/07/2019 09:02:42] - |D| - [235676] - C:\Users\denni\AppData\Local\mbamtray
[13/07/2019 14:47:40] - |D| - [92448998] - C:\Users\denni\AppData\Local\Microsoft
[13/07/2019 14:51:08] - |D| - [70882] - C:\Users\denni\AppData\Local\MicrosoftEdge
[13/07/2019 14:52:23] - |D| - [132002704] - C:\Users\denni\AppData\Local\NVIDIA
[13/07/2019 14:50:53] - |D| - [94224210] - C:\Users\denni\AppData\Local\Packages
[13/07/2019 14:52:33] - |D| - [0] - C:\Users\denni\AppData\Local\PlaceholderTileLogoFolder
[13/07/2019 15:09:53] - |D| - [0] - C:\Users\denni\AppData\Local\Programs
[13/07/2019 14:51:04] - |D| - [0] - C:\Users\denni\AppData\Local\Publishers
[13/07/2019 15:34:12] - |D| - [35190000] - C:\Users\denni\AppData\Local\Steam
[13/07/2019 14:47:40] - |D| - [11028708] - C:\Users\denni\AppData\Local\Temp
[13/07/2019 14:50:53] - |D| - [0] - C:\Users\denni\AppData\Local\VirtualStore
[13/07/2019 14:47:58] - |SD| - [190898] - C:\Users\denni\AppData\LocalLow\Microsoft
[13/07/2019 14:50:53] - |D| - [0] - C:\Users\denni\AppData\Roaming\Adobe
[13/07/2019 14:55:09] - |D| - [0] - C:\Users\denni\AppData\Roaming\Google
[13/07/2019 14:56:27] - |D| - [735] - C:\Users\denni\AppData\Roaming\Macromedia
[13/07/2019 14:47:40] - |SD| - [4110034] - C:\Users\denni\AppData\Roaming\Microsoft
[13/07/2019 14:52:16] - |A| - [184] - C:\Users\denni\AppData\Roaming\sp_data.sys
[13/07/2019 14:53:07] - |D| - [48] - C:\Users\denni\AppData\Roaming\WebStorage
[13/07/2019 15:13:35] - |D| - [286] - C:\Users\denni\AppData\Roaming\WildTangent
[13/07/2019 14:50:54] - |SH| - [174] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[13/07/2019 14:47:40] - |RD| - [20714] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[13/07/2019 14:47:40] - |RD| - [3888] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[13/07/2019 14:47:40] - |RD| - [2927] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[13/07/2019 14:50:54] - |RD| - [174] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[13/07/2019 14:47:40] - |SH| - [264] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[13/07/2019 14:47:40] - |D| - [170] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[13/07/2019 14:50:54] - |RD| - [174] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[13/07/2019 14:47:40] - |RD| - [3496] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[22/07/2019 18:43:21] - |A| - [1867] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
[13/07/2019 14:47:40] - |RD| - [7754] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[13/07/2019 14:50:54] - |SH| - [174] - C:\Users\denni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [Public]

[01/11/2016 00:33:55] - |RHD| - [196] - C:\Users\Public\AccountPictures
[30/10/2015 09:24:24] - |RHD| - [5578] - C:\Users\Public\Desktop
[13/07/2019 14:38:44] - |ASH| - [174] - C:\Users\Public\desktop.ini
[30/10/2015 09:24:24] - |RD| - [278] - C:\Users\Public\Documents
[30/10/2015 09:24:24] - |RD| - [174] - C:\Users\Public\Downloads
[13/07/2019 14:38:42] - |RHD| - [1135] - C:\Users\Public\Libraries
[30/10/2015 09:24:24] - |RD| - [380] - C:\Users\Public\Music
[13/07/2019 15:20:14] - |A| - [8192] - C:\Users\Public\NTUSER.DAT
[13/07/2019 15:20:14] - |ASH| - [8192] - C:\Users\Public\NTUSER.DAT.LOG1
[13/07/2019 15:20:14] - |ASH| - [0] - C:\Users\Public\NTUSER.DAT.LOG2
[13/07/2019 15:20:14] - |ASH| - [65536] - C:\Users\Public\NTUSER.DAT{5823dac9-a574-11e9-9a15-f0038c07fc30}.TM.blf
[13/07/2019 15:20:14] - |ASH| - [524288] - C:\Users\Public\NTUSER.DAT{5823dac9-a574-11e9-9a15-f0038c07fc30}.TMContainer00000000000000000001.regtrans-ms
[13/07/2019 15:20:14] - |ASH| - [524288] - C:\Users\Public\NTUSER.DAT{5823dac9-a574-11e9-9a15-f0038c07fc30}.TMContainer00000000000000000002.regtrans-ms
[30/10/2015 09:24:24] - |RD| - [380] - C:\Users\Public\Pictures
[30/10/2015 09:24:24] - |RD| - [380] - C:\Users\Public\Videos

---------- | C:\ProgramData

[13/07/2019 14:56:14] - |D| - [0] - C:\ProgramData\ASUS
[13/07/2019 14:52:15] - |D| - [3036] - C:\ProgramData\ASUS Smart Gesture
[03/04/2016 06:33:44] - |D| - [4065] - C:\ProgramData\ASUS WebStorage
[30/10/2015 09:24:24] - |D| - [0] - C:\ProgramData\Comms
[13/07/2019 15:36:26] - |AH| - [0] - C:\ProgramData\DP45977C.lfl
[01/11/2016 00:39:10] - |D| - [47443549] - C:\ProgramData\Intel
[03/04/2016 06:35:36] - |D| - [28501] - C:\ProgramData\Kingsoft
[01/11/2016 00:58:57] - |D| - [176] - C:\ProgramData\McAfee
[13/07/2019 14:38:42] - |SD| - [646660086] - C:\ProgramData\Microsoft
[01/11/2016 00:34:08] - |D| - [25] - C:\ProgramData\Microsoft OneDrive
[13/07/2019 15:36:45] - |D| - [72204] - C:\ProgramData\NVIDIA
[01/11/2016 00:43:51] - |D| - [4277014] - C:\ProgramData\NVIDIA Corporation
[03/04/2016 06:33:59] - |D| - [17729160] - C:\ProgramData\Package Cache
[13/07/2019 15:07:17] - |D| - [73728] - C:\ProgramData\Packages
[13/07/2019 14:38:42] - |D| - [999] - C:\ProgramData\regid.1991-06.com.microsoft
[13/07/2019 14:38:42] - |D| - [0] - C:\ProgramData\SoftwareDistribution
[13/07/2019 14:52:16] - |D| - [2] - C:\ProgramData\USBChargerPlus
[13/07/2019 14:38:42] - |D| - [19802] - C:\ProgramData\USOPrivate
[13/07/2019 15:37:48] - |D| - [798720] - C:\ProgramData\USOShared
[03/04/2016 06:33:44] - |D| - [4065] - C:\ProgramData\WebStorage
[03/04/2016 06:34:43] - |D| - [29759] - C:\ProgramData\WildTangent
[13/07/2019 14:38:42] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[13/07/2019 14:38:44] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[13/07/2019 14:38:42] - |RD| - [76584] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[13/07/2019 14:38:42] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[13/07/2019 14:38:42] - |RD| - [13071] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[13/07/2019 14:38:42] - |RD| - [21770] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[03/04/2016 06:33:45] - |D| - [7392] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[13/07/2019 16:13:53] - |D| - [4217] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloody
[13/07/2019 14:38:44] - |SH| - [530] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[03/04/2016 06:34:50] - |RD| - [95] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[13/07/2019 14:54:16] - |A| - [2315] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[01/11/2016 00:58:44] - |D| - [2685] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower
[12/04/2018 01:35:21] - |AS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[01/11/2016 00:38:14] - |A| - [724] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk
[13/07/2019 14:38:42] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[01/11/2016 00:44:52] - |D| - [1470] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[13/07/2019 15:36:28] - |D| - [2041] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
[13/07/2019 14:38:42] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
[13/07/2019 15:33:09] - |D| - [1110] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[13/07/2019 14:38:42] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[30/10/2015 20:19:04] - |RHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[13/07/2019 15:43:01] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[03/04/2016 06:35:42] - |D| - [11823] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[13/07/2019 14:38:44] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files (x86)

[01/08/2019 14:00:26] - |D| - [670] - C:\Program Files (x86)\Adware Removal Tool by TSA
[03/04/2016 06:33:28] - |D| - [115319531] - C:\Program Files (x86)\ASUS
[13/07/2019 16:13:10] - |D| - [99694183] - C:\Program Files (x86)\Bloody6
[13/07/2019 14:38:42] - |D| - [103177891] - C:\Program Files (x86)\Common Files
[13/07/2019 14:38:44] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[13/07/2019 14:53:54] - |D| - [481021973] - C:\Program Files (x86)\Google
[01/11/2016 00:58:43] - |D| - [7536023] - C:\Program Files (x86)\ICEpower
[01/11/2016 00:47:40] - |HD| - [123271158] - C:\Program Files (x86)\InstallShield Installation Information
[13/07/2019 15:36:19] - |D| - [37767097] - C:\Program Files (x86)\Intel
[13/07/2019 14:38:42] - |D| - [1996955] - C:\Program Files (x86)\Internet Explorer
[03/04/2016 06:35:09] - |D| - [414779362] - C:\Program Files (x86)\Kingsoft
[03/04/2016 06:35:38] - |D| - [0] - C:\Program Files (x86)\Microsoft Office
[13/07/2019 14:38:42] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET
[13/07/2019 14:42:19] - |D| - [25757] - C:\Program Files (x86)\MSBuild
[13/07/2019 15:36:44] - |D| - [222402390] - C:\Program Files (x86)\NVIDIA Corporation
[01/11/2016 00:48:53] - |D| - [7938801] - C:\Program Files (x86)\Qualcomm Atheros
[01/11/2016 00:47:40] - |D| - [164207892] - C:\Program Files (x86)\Realtek
[13/07/2019 14:42:19] - |D| - [36970241] - C:\Program Files (x86)\Reference Assemblies
[13/07/2019 15:33:08] - |D| - [24718044744] - C:\Program Files (x86)\Steam
[01/11/2016 00:47:40] - |HD| - [0] - C:\Program Files (x86)\Temp
[13/07/2019 15:36:44] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information
[13/07/2019 14:38:42] - |D| - [1774200] - C:\Program Files (x86)\Windows Defender
[13/07/2019 14:38:42] - |D| - [625664] - C:\Program Files (x86)\Windows Mail
[13/07/2019 14:42:19] - |D| - [3250631] - C:\Program Files (x86)\Windows Media Player
[13/07/2019 14:38:42] - |D| - [40328] - C:\Program Files (x86)\Windows Multimedia Platform
[13/07/2019 14:38:42] - |D| - [7441752] - C:\Program Files (x86)\windows nt
[13/07/2019 14:38:42] - |D| - [5366024] - C:\Program Files (x86)\Windows Photo Viewer
[13/07/2019 14:38:42] - |D| - [40328] - C:\Program Files (x86)\Windows Portable Devices
[13/07/2019 14:38:42] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[13/07/2019 14:38:42] - |D| - [2238461] - C:\Program Files (x86)\WindowsPowerShell

---------- | C:\Program Files

[01/11/2016 00:58:07] - |D| - [63664241] - C:\Program Files\AVAST Software
[13/07/2019 14:38:42] - |D| - [47591858] - C:\Program Files\Common Files
[13/07/2019 14:38:43] - |ASH| - [174] - C:\Program Files\desktop.ini
[01/11/2016 00:55:38] - |D| - [1049584] - C:\Program Files\DIFX
[13/07/2019 15:36:12] - |D| - [62774267] - C:\Program Files\Intel
[13/07/2019 14:38:42] - |D| - [2628774] - C:\Program Files\internet explorer
[01/11/2016 01:05:08] - |D| - [0] - C:\Program Files\Microsoft Office
[13/07/2019 14:42:19] - |D| - [25757] - C:\Program Files\MSBuild
[13/07/2019 15:36:37] - |D| - [713109136] - C:\Program Files\NVIDIA Corporation
[13/07/2019 15:36:20] - |D| - [57155832] - C:\Program Files\Realtek
[13/07/2019 14:42:19] - |D| - [34633385] - C:\Program Files\Reference Assemblies
[13/07/2019 18:34:43] - |D| - [10917521] - C:\Program Files\rempl
[03/04/2016 06:20:51] - |HD| - [0] - C:\Program Files\Uninstall Information
[14/07/2019 03:07:34] - |D| - [14879312] - C:\Program Files\UNP
[13/07/2019 14:38:42] - |D| - [19266227] - C:\Program Files\Windows Defender
[30/10/2015 20:19:04] - |D| - [0] - C:\Program Files\Windows Journal
[13/07/2019 14:38:42] - |D| - [635392] - C:\Program Files\Windows Mail
[13/07/2019 14:42:19] - |D| - [4774891] - C:\Program Files\Windows Media Player
[13/07/2019 14:38:42] - |D| - [46576] - C:\Program Files\Windows Multimedia Platform
[13/07/2019 14:38:42] - |D| - [7708504] - C:\Program Files\windows nt
[13/07/2019 14:38:42] - |D| - [6166280] - C:\Program Files\Windows Photo Viewer
[13/07/2019 14:38:42] - |D| - [46576] - C:\Program Files\Windows Portable Devices
[13/07/2019 14:38:42] - |D| - [106165] - C:\Program Files\Windows Security
[13/07/2019 14:38:42] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[13/07/2019 14:38:42] - |HD| - [3309020459] - C:\Program Files\WindowsApps
[13/07/2019 14:38:42] - |D| - [2656572] - C:\Program Files\WindowsPowerShell

---------- | C:\Program Files (x86)\Common Files

[01/11/2016 00:50:19] - |D| - [14352] - C:\Program Files (x86)\Common Files\Atheros
[13/07/2019 15:36:11] - |D| - [75340981] - C:\Program Files (x86)\Common Files\Intel
[13/07/2019 14:38:42] - |D| - [13970041] - C:\Program Files (x86)\Common Files\microsoft shared
[01/11/2016 00:39:12] - |D| - [204796] - C:\Program Files (x86)\Common Files\PostureAgent
[01/11/2016 00:48:51] - |D| - [55056] - C:\Program Files (x86)\Common Files\Qualcomm Atheros
[13/07/2019 14:38:42] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[13/07/2019 15:33:09] - |D| - [4079680] - C:\Program Files (x86)\Common Files\Steam
[13/07/2019 14:38:42] - |D| - [9510283] - C:\Program Files (x86)\Common Files\system

---------- | C:\Program Files\Common files

[13/07/2019 14:38:42] - |D| - [37161794] - C:\Program Files\Common files\microsoft shared
[01/11/2016 00:50:20] - |D| - [202327] - C:\Program Files\Common files\QCA_Bluetooth
[13/07/2019 14:38:42] - |D| - [2702] - C:\Program Files\Common files\Services
[13/07/2019 14:38:42] - |D| - [10225035] - C:\Program Files\Common files\system

---------- | Tasks

[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [13/07/2019 15:45:43] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT
[MD5.1CFA418A51BE926C89E2BE4AA048EB29] - [03/04/2016 06:35:41] - |A| - [424] - C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job
[MD5.E39393788501A3E8E362A6A0FE224B99] - [03/04/2016 06:35:40] - |A| - [424] - C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job
[MD5.00000000000000000000000000000000] - [13/07/2019 15:45:43] - |D| - [2468] - C:\WINDOWS\System32\Tasks\ASUS
[MD5.88BF4D72E48A5C7C3260EB6A5C56AEBB] - [13/07/2019 15:45:43] - |A| - [2862] - C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher : C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
[MD5.D5B85D0930BE440F5775D99A81316085] - [13/07/2019 15:45:43] - |A| - [2214] - C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON : C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
[MD5.00000000000000000000000000000000] - [13/07/2019 14:53:40] - |D| - [0] - C:\WINDOWS\System32\Tasks\ASUSTek Computer Inc
[MD5.AEDC8E22D7F58845F9132CC2B36C1E1A] - [13/07/2019 15:45:43] - |A| - [2924] - C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3 : "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe"
[MD5.A4C90D430197DE626B28A0D0B60C8981] - [13/07/2019 15:45:43] - |A| - [2214] - C:\WINDOWS\System32\Tasks\ATK Package A22126881260 : "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe"
[MD5.9488250E54C8C6CB42BC7E650A9E6942] - [13/07/2019 14:53:55] - |A| - [3332] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.3A84BB710C20E9041FF9E92319665F37] - [13/07/2019 14:53:55] - |A| - [3456] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] - [13/07/2019 15:45:43] - |D| - [0] - C:\WINDOWS\System32\Tasks\McAfee
[MD5.00000000000000000000000000000000] - [13/07/2019 14:38:42] - |D| - [567294] - C:\WINDOWS\System32\Tasks\Microsoft
[MD5.C4DEFE179456697578CC4A86444DE4F5] - [13/07/2019 15:45:43] - |A| - [2346] - C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice : "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe"
[MD5.DA27E11EE2F7EC8285002AF3E18F42A1] - [13/07/2019 15:45:43] - |A| - [2280] - C:\WINDOWS\System32\Tasks\RTKCPL : "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
[MD5.EB39FB5E4874764990E62CAFC34E5E55] - [13/07/2019 15:45:43] - |A| - [3004] - C:\WINDOWS\System32\Tasks\WpsNotifyTask_Administrator : C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsnotify.exe
[MD5.10A50D9A2F3F04472648B0383AE2112F] - [13/07/2019 15:45:43] - |A| - [3004] - C:\WINDOWS\System32\Tasks\WpsUpdateTask_Administrator : C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdate.exe
[MD5.00000000000000000000000000000000] - [13/07/2019 14:38:42] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"WiFiDirect-KM-Driver-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|[email protected],-37378|[email protected],-37890|[email protected],-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|[email protected],-37379|[email protected],-37891|[email protected],-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-In-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|[email protected],-37380|[email protected],-37892|[email protected],-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|[email protected],-37381|[email protected],-37893|[email protected],-36865|TTK2_27=WFDKmDriver|
"DeliveryOptimization-TCP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|[email protected]%systemroot%\system32\dosvc.dll,-102|[email protected]%systemroot%\system32\dosvc.dll,-104|[email protected]%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"DeliveryOptimization-UDP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|[email protected]%systemroot%\system32\dosvc.dll,-103|[email protected]%systemroot%\system32\dosvc.dll,-104|[email protected]%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"Netlogon-NamedPipe-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|[email protected],-1003|[email protected],-1006|[email protected],-1010|
"Netlogon-TCP-RPC-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|[email protected],-1008|[email protected],-1009|[email protected],-1010|
"WirelessDisplay-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|[email protected],-10200|[email protected],-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|[email protected],-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|[email protected],-10202|[email protected],-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|[email protected],-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|[email protected],-10204|[email protected],-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|[email protected],-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Infra-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|[email protected],-10206|[email protected],-10207|[email protected],-100|
"{F9E5BF9D-6A2B-4E5F-84A5-F778F173BE6D}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-219842481-2801163338-4081607194-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{C9F25067-49C5-44B5-9BC9-1924A707FE5A}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{D31D12E4-E260-4CA9-8CE6-C739FD01250B}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ|
"{6969CBD7-FAE7-490B-94C6-A41D44E20D69}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{EE0BC692-1C94-4690-9EAD-014CE321418E}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ|
"{ADCFD631-3E1D-4750-B33E-8EEDB5B8D0DC}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ|
"{6ECF1B94-8522-4904-8FFF-89594F5D0B3A}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Candy Crush Friends|Desc=Candy Crush Friends|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-2434645666-2532177092-3042203602-619713399-428220933-2149260498-1813168567|EmbedCtxt=Candy Crush Friends|Platform=2:6:2|Platform2=GTEQ|
"{2E114F06-D829-49E0-8D45-FE1F3013EF5F}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=MyASUS-Service Center|Desc=MyASUS-Service Center|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-545957056-798866350-1522785379-2444689802-67236901-3270837419-2293412403|EmbedCtxt=MyASUS-Service Center|Platform=2:6:2|Platform2=GTEQ|
"{B91E65E2-1B85-44A1-BF96-00C0EDC70CA9}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
"{98351FBF-238D-4902-91C7-D1119253FA5A}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
"{1F0C1C5E-84BC-4443-B31A-76D9B3CA160D}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ|
"{6A83DF8A-AED1-4DE0-BB12-8D9DC9E7716F}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ|
"{F51FFA6B-9BE7-4061-9C40-527FA37DE721}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ|
"{1C0C75EC-1556-447D-8DD8-3AC2F32042A8}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox gaming overlay|Desc=Xbox gaming overlay|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox gaming overlay|Platform=2:6:2|Platform2=GTEQ|
"{A7CD97CE-1DAB-428C-AB66-479FF2F6618E}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ|
"{D7F498F6-86E8-420C-ACB3-B7A843BEAF8B}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{15901265-ED1B-4FEC-BB5D-33AB0415B924}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=TripAdvisor Hotels Flights Restaurants|Desc=TripAdvisor Hotels Flights Restaurants|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-3043548224-2235967549-1382791125-3168413616-1702302935-4247438294-2497735402|EmbedCtxt=TripAdvisor Hotels Flights Restaurants|Platform=2:6:2|Platform2=GTEQ|
"{D4D5E900-3F0C-44B9-89B2-4BEA1EC34F56}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Candy Crush Saga|Desc=Candy Crush Saga|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-2599857031-3789198952-3515498744-3120614410-3826243417-3816649221-455961092|EmbedCtxt=Candy Crush Saga|Platform=2:6:2|Platform2=GTEQ|
"{6F4B626F-F837-4758-B96C-47E766C558ED}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Pravidlo pre prichádzajúce prenosy pre prehliadač Google Chrome, ktoré povoľuje prenos dát mDNS.|EmbedCtxt=Google Chrome|
"{1790C8F9-6C0F-4CA0-99EE-B4F8FA38C071}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|[email protected]{king.com.BubbleWitch3Saga_5.8.4.0_x86__kgqvnymyfvs32?ms-resource://king.com.BubbleWitch3Saga/Resources/AppName}|[email protected]{king.com.BubbleWitch3Saga_5.8.4.0_x86__kgqvnymyfvs32?ms-resource://king.com.BubbleWitch3Saga/Resources/AppName}|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-2480992608-1527340332-3131305588-448447103-1026586663-3117074242-2125591980|[email protected]{king.com.BubbleWitch3Saga_5.8.4.0_x86__kgqvnymyfvs32?ms-resource://king.com.BubbleWitch3Saga/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ|
"{C1F16B6A-23D5-4339-AB15-20139A142ECA}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{09D9EA35-A94B-433D-8E9A-7AF71B58FC29}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{24581E2C-7DB7-4DD5-B204-82822979F399}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
"{B3FC647E-429A-4D05-B6C8-EC8B648EF921}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
"{61E7EA99-DEC8-49D0-88E0-D28B82381271}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|[email protected]{MAGIX.MusicMakerJam_3.0.0.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|[email protected]{MAGIX.MusicMakerJam_3.0.0.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-914775309-424825794-3355368112-487557154-2084386389-537045334-2498513562|[email protected]{MAGIX.MusicMakerJam_3.0.0.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|Platform=2:6:2|Platform2=GTEQ|
"{75970A91-3A16-440F-BF3B-083886ED7000}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|[email protected]{MAGIX.MusicMakerJam_3.0.0.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|[email protected]{MAGIX.MusicMakerJam_3.0.0.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-914775309-424825794-3355368112-487557154-2084386389-537045334-2498513562|[email protected]{MAGIX.MusicMakerJam_3.0.0.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{4845CC40-1506-42EA-82B9-D2BC24EE9A66}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar Plugin|Desc=Xbox Game Bar Plugin|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game Bar Plugin|Platform=2:6:2|Platform2=GTEQ|
"{9A0D96FC-A65D-481F-9869-84ABAF77B7FF}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=4371-4379|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.449.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}|
"{BC331252-4B94-40A5-913D-99920B0BD3A7}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=4381-4389|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.449.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}|
"{79E193FA-8BF7-4B63-B4E7-EFE4C9D77C12}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=8088|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.449.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}|
"{C76D90D7-0F84-494D-B4C1-F2CA97066EA7}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=8088|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.449.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}|
"{F1BB3FA9-E3FB-41CB-BA24-7E47AB045767}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=57621|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.449.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}|
"{07D1CC60-28D2-4081-8C28-38FF8A6B0CBC}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=57621-57631|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.449.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}|
"{423C5176-8E9D-4E16-ABF7-F098BF187F7C}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.449.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}|
"{EE9AE504-1D88-442B-A153-F6DDDEC2BA08}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.449.0_x86__zpdnekdrzrea0\Spotify.exe|Name=Spotify Music|Desc=Spotify Music|EmbedCtxt={78E1CD88-49E3-476E-B926-580E596AD309}|
"{C4294457-6291-4EFF-B582-CD3F3583A091}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Spotify Music|Desc=Spotify Music|LUOwn=S-1-5-21-1430618548-964272824-186209200-1001|AppPkgId=S-1-15-2-557819504-3144503769-3460048582-2468406004-2969798954-3397036932-4166026031|EmbedCtxt=Spotify Music|Platform=2:6:2|Platform2=GTEQ|





---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{24A0C840-2C3D-4410-8236-8B40816C7B90}] : (aswVmm) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3f966bd9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) [] -> @oem58.inf,%ClassName%;Android Phone
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{502EB68B-57B4-4FEE-9890-18F2D8AD1E3E}] : (mfencbdc) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs)
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c3077fcd-9c3c-482f-9317-460712f23efd}] : (DPTF) [] -> @oem78.inf,%ClassName%;Intel(R) Dynamic Platform and Thermal Framework
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[08/05/2015 12:07:06] - (1.0.6.1) - (ASUSTek Computer Inc. - ATK WMIACPI Utility) - C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
[09/10/2018 17:00:28] - (25.21.14.1616) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 416.16) - C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_24fa95e729ecaade\nvlddmkm.sys
[12/01/2018 14:38:55] - (12.0.0.312) - (Qualcomm Atheros, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys
[12/01/2018 14:38:02] - (1.0.0.7) - (ASUS - HID minidriver for ASUS Wireless Radio Control) - C:\WINDOWS\System32\drivers\AsRadioControl.sys
[09/10/2018 17:00:28] - (4.8.3.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\WINDOWS\system32\drivers\nvvad64v.sys
[12/01/2018 14:38:44] - (10.0.15063.31236) - (Realsil Semiconductor Corporation - RTS USB READER Driver) - C:\WINDOWS\system32\Drivers\RtsUer.sys
[12/01/2018 14:39:14] - (10.0.0.312) - (Qualcomm - Qualcomm BtFilter Driver) - C:\WINDOWS\system32\DRIVERS\btfilter.sys
[08/05/2015 12:49:58] - (1.0.9.1) - (ASUS - Memory mapping Driver) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - iaStorA (@oem1.inf,%iaStorA.DeviceDesc%;Intel(R) Chipset SATA/PCIe RST Premium Controller) -> System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) -> System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - ItSas35i () -> System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas35i () -> System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) -> system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> system32\drivers\wd\WdBoot.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> system32\drivers\wd\WdFilter.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - afunix (afunix) -> \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ATKWMIACPIIO (ATKWMIACPI Driver) -> \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - ASMMAP64 (ASMMAP64) -> \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)


---------- | Uninstall (Whitelist)

[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{30E935B2-0DAC-455E-AC76-3C8504DC3D18}] : (Intel(R) Serial IO.-.Intel Corporation) -> MsiExec.exe /I{30E935B2-0DAC-455E-AC76-3C8504DC3D18}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3241744A-BA36-41F0-B4AA-EF3946D00632}] : (.-.) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3DF3AC42-174D-4915-9ED2-448AD4338B83}] : (Intel(R) ME UninstallLegacy.-.Intel Corporation) -> MsiExec.exe /I{3DF3AC42-174D-4915-9ED2-448AD4338B83}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{62260D0F-633D-4B77-B394-BB57DF7223D9}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{62260D0F-633D-4B77-B394-BB57DF7223D9}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7D84E343-A23D-451C-B123-0195B2D903A6}] : (Intel® Trusted Connect Service Client.-.Intel Corporation) -> MsiExec.exe /I{7D84E343-A23D-451C-B123-0195B2D903A6}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8E2CA9DC-9975-468F-90CF-C740109DD2B8}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /I{8E2CA9DC-9975-468F-90CF-C740109DD2B8}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Ovládací panel NVIDIA 416.16.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus] : (NVIDIA Optimus Update 2.8.1.21.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (NVIDIA Update 2.8.1.21.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer] : (NVIDIA LED Visualizer 1.0.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (SHIELD Streaming.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService] : (NVIDIA GeForce Experience Service.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service] : (NVIDIA Network Service.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog] : (NVIDIA Display Watchdog Plugin.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer] : (NVIDIA Display Session Container.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] : (NVIDIA ShadowPlay 2.8.1.21.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] : (SHIELD Wireless Controller Driver.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 1.2.31.-.NVIDIA Corporation) ->
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{EA30CEC3-9CC5-4C80-AE8E-209A6F894961}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{EA30CEC3-9CC5-4C80-AE8E-209A6F894961}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) ->
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0969AF05-4FF6-4C00-9406-43599238DE0D}] : (ASUS Splendid Video Enhancement Technology.-.ASUS) -> MsiExec.exe /X{0969AF05-4FF6-4C00-9406-43599238DE0D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4B230374-6475-4A73-BA6E-41015E9C5013}] : (Intel® Security Assist.-.Intel Corporation) -> MsiExec.exe /I{4B230374-6475-4A73-BA6E-41015E9C5013}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}] : (ASUS Smart Gesture.-.ASUS) -> MsiExec.exe /I{4D3286A6-F6AB-498A-82A4-E4F040529F3D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}] : (AudioWizard.-.ICEpower a/s) -> MsiExec.exe /X{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}] : (.-.) ->
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google LLC) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8D6B05E0-F457-408C-9D13-549334D8FAE1}] : (Device Setup.-.ASUSTek Computer Inc.) -> MsiExec.exe /I{8D6B05E0-F457-408C-9D13-549334D8FAE1}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8F21291E-0444-4B1D-B9F9-4370A73E346D}] : (WinFlash.-.ASUS) -> MsiExec.exe /X{8F21291E-0444-4B1D-B9F9-4370A73E346D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}] : (ASUS Device Activation.-.ASUSTeK COMPUTER INC.) -> MsiExec.exe /X{9C4B0706-9F9A-47BF-B417-0A111FC52B04}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}] : (ATK Package.-.ASUS) -> MsiExec.exe /X{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}

---------- | Ports


---------- | Installer

[HKCR\Installer\Products\0E50B6D8754FC804D9314539438DAF1E] : Device Setup -> C:\windows\Installer\{8D6B05E0-F457-408C-9D13-549334D8FAE1}\_6FEFF9B68218417F98F549.exe
[HKCR\Installer\Products\24CA3FD3D4715194E92D44A84D33B838] : Intel(R) ME UninstallLegacy
[HKCR\Installer\Products\2A077E75FAB2AAC4AB3ADB98E622453D] : AudioWizard -> C:\Windows\Installer\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\2B539E03CAD0E554CA67C35840CDD381] : Intel(R) Serial IO
[HKCR\Installer\Products\343E48D7D32AC1541B3210592B9D306A] : Intel® Trusted Connect Service Client
[HKCR\Installer\Products\3CEC03AE5CC908C4EAE802A9F6989416] : Intel(R) Management Engine Components
[HKCR\Installer\Products\473032B4574637A4ABE61410E5C90531] : Intel® Security Assist -> C:\Windows\Installer\{4B230374-6475-4A73-BA6E-41015E9C5013}\isa.ico
[HKCR\Installer\Products\4B8898265AF36AE4AB3AAD46F07681DB] : -> C:\Windows\Installer\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\50FA96906FF400C4496034952983EDD0] : ASUS Splendid Video Enhancement Technology -> C:\Windows\Installer\{0969AF05-4FF6-4C00-9406-43599238DE0D}\_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\6070B4C9A9F9FB744B71A011F15CB240] : ASUS Device Activation -> C:\WINDOWS\Installer\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}\MyIcon
[HKCR\Installer\Products\6A6823D4BA6FA894284A4E0F0425F9D3] : ASUS Smart Gesture -> C:\Windows\Installer\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}\_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\75B373813CF4A1B4593B7A5ECD5A777F] : Qualcomm Atheros Setup -> C:\Windows\Installer\{18373B57-4FC3-4B1A-95B3-A7E5DCA577F7}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\76E045AFC590B1A479ABD445D7CEA94F] : ASUS Live Update -> C:\WINDOWS\Installer\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}\MyIcon2
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
[HKCR\Installer\Products\A86BF41F88196304DAD00D45CBC92919] : Update for Windows 10 for x64-based Systems (KB4023057)
[HKCR\Installer\Products\CD9AC2E85799F86409FC7C0401D92D8B] : Intel(R) Chipset Device Software
[HKCR\Installer\Products\E19212F84440D1B49B9F34077AE343D6] : WinFlash -> C:\Windows\Installer\{8F21291E-0444-4B1D-B9F9-4370A73E346D}\MyIcon
[HKCR\Installer\Products\E339C5BAD7C503D43B41C9384AB949EB] : ATK Package -> C:\Windows\Installer\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}\_6FEFF9B68218417F98F549.exe
[HKCR\Installer\Products\F0D06226D33677B43B49BB75FD27329D] : Intel(R) Management Engine Components

---------- | Drives


---------- | MBR


64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
------------

Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
------------

Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet
------------

Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
------------

Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
------------

Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
------------

Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
------------

Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
------------

Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
------------

Názov chybujúcej aplikácie: AUDIODG.EXE, verzia: 10.0.17134.829, časová značka: 0x9ed7383d
Názov chybujúceho modulu: ICEsoundAPO64.dll, verzia: 1.0.0.39, časová značka: 0x5bd6e5e4
Kód výnimky: 0xc0000005
Odstup chyby: 0x000000000003cda7
Identifikácia chybujúceho procesu: 0x1df8
Čas spustenia chybujúcej aplikácie: 0x01d5448ae9960942
Cesta chybujúcej aplikácie: C:\WINDOWS\system32\AUDIODG.EXE
Cesta chybujúceho modulu: C:\WINDOWS\system32\ICEsoundAPO64.dll
Identifikácia hlásenia: 76fd7589-054a-49ba-8b63-9a8799a8f934
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:
------------

Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
------------

Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
------------

Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
------------

Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
------------

Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
------------

Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
------------

Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
------------

Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
------------

Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
------------


----------( EOF)---------- - 3574 | 14:29:47
 

depor99

PCHF Member
PCHF Member
Jul 31, 2019
7
0
27
I'd replace Adblock ................... Ublock Origin.

=============================================================================

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.




Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2019
Ran by denni (01-08-2019 14:36:30) Run:1
Running from C:\Users\denni\Desktop
Loaded Profiles: denni (Available Profiles: denni)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
Closeprocesses:
CreateRestorePoint:
Emptytemp:
HKU\S-1-5-21-1430618548-964272824-186209200-1001\...\Run: [utweb] => "C:\Users\denni\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-16] (Google LLC -> Google LLC)
Task: {7E90FE39-4E88-4665-B0E3-C6C40A5D4C5E} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdate.exe
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2670b808-8c92-4106-b1e6-d42996d50301}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a4770a48-bbb9-4051-8148-596b9b597b3c}: [DhcpNameServer] 192.168.1.1
CHR Extension: (Safe Torrent Scanner) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2019-07-24]
CHR Extension: (Avast Online Security) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-18]
CHR Extension: (Platby Internetov�ho obchodu Chrome) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-07-13]
CHR Extension: (Chrome Media Router) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-13]
VirusTotal: C:\WINDOWS\System32\drivers\usb2ser.sys
VirusTotal: C:\Users\denni\AppData\Roaming\sp_data.sys
Folder: C:\Program Files\rempl
C:\WINDOWS\System32\Tasks\McAfee
C:\WINDOWS\System32\Tasks\Update Checker
C:\Program Files\AVAST Software
C:\Users\denni\AppData\Roaming\uTorrent Web
HKU\S-1-5-21-1430618548-964272824-186209200-1001\...\StartupApproved\Run: => "utweb"
CustomCLSID: HKU\S-1-5-21-1430618548-964272824-186209200-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\denni\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1430618548-964272824-186209200-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\denni\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1430618548-964272824-186209200-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\denni\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
C:\WINDOWS\system32\drivers\etc\hosts
Hosts:
FirewallRules: [{E44394D9-F177-4026-9175-B58BFA58771D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{D0E9727B-B821-423C-B878-CE1C50B2583F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
RemoveProxy:
CMD: ipconfig /flushdns
end
*****************

Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\CurrentVersion\Run\\utweb" => removed successfully
HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7E90FE39-4E88-4665-B0E3-C6C40A5D4C5E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E90FE39-4E88-4665-B0E3-C6C40A5D4C5E}" => not found
"C:\WINDOWS\System32\Tasks\Update Checker" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Checker" => not found
C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => moved successfully
C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => moved successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2670b808-8c92-4106-b1e6-d42996d50301}\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a4770a48-bbb9-4051-8148-596b9b597b3c}\\DhcpNameServer" => removed successfully
CHR Extension: (Safe Torrent Scanner) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2019-07-24] => Error: No automatic fix found for this entry.
CHR Extension: (Avast Online Security) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-18] => Error: No automatic fix found for this entry.
CHR Extension: (Platby Internetov�ho obchodu Chrome) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-07-13] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-13] => Error: No automatic fix found for this entry.
VirusTotal: C:\WINDOWS\System32\drivers\usb2ser.sys => https://www.virustotal.com/file/67aeb01b5d4e6ca8c669efb12a7876a378cea4cae2810dd790d2dac5f07d6e52/analysis/1560564266/
VirusTotal: C:\Users\denni\AppData\Roaming\sp_data.sys => https://www.virustotal.com/file/86c91c40b5356f3695864bdd5affe9219a253556b4f8b959349ec87e29c1013a/analysis/1553612607/

========================= Folder: C:\Program Files\rempl ========================

2019-06-10 18:25 - 2019-06-10 18:25 - 000014529 ____A [69863F99A270FAD13311BC8967DA81B9] () C:\Program Files\rempl\CTAC.json
2019-06-10 18:25 - 2019-06-10 18:25 - 000092664 ____A [C8C3B8FB878CE29B75A69219ABFF4CCF] (Microsoft Corporation) C:\Program Files\rempl\disktoast.exe
2019-06-10 18:25 - 2019-06-10 18:25 - 000076984 ____A [A7851A05E83F42F741A804320C485083] (Microsoft Corporation) C:\Program Files\rempl\osrrb.exe
2019-06-11 11:40 - 2019-06-11 11:40 - 000672264 ____A [FE046F9D2BF9953D034AAE366F345780] (Microsoft Corporation) C:\Program Files\rempl\reminthndlers.dll
2019-06-10 18:25 - 2019-06-10 18:25 - 000003798 ____A [07A602072D5C4506BAF905A3BAEB7C53] () C:\Program Files\rempl\rempl.xml
2019-06-11 11:36 - 2019-06-11 11:36 - 000352056 ____A [5FD6FF1A5D473F4BD98A714A59AC4421] (Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
2019-06-11 11:38 - 2019-06-11 11:38 - 001152008 ____A [66E0D6DB8D5EEFF25F728127D0C9DFE0] (Microsoft Corporation) C:\Program Files\rempl\sedplugins.dll
2019-06-11 11:37 - 2019-06-11 11:37 - 000363016 ____A [124009E4B5315846108B0B102546FA53] (Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
2019-06-10 18:25 - 2019-06-10 18:25 - 000034696 ____A [CFF38DAC2D884B3A493DD74D8053E684] () C:\Program Files\rempl\ServiceStackHardening.Inf
2019-06-11 11:38 - 2019-06-11 11:38 - 000552760 ____A [DB23D5FF9D13738D13469590D8541A07] (Microsoft Corporation) C:\Program Files\rempl\strgsnsaddons.dll
2019-06-10 18:25 - 2019-06-10 18:25 - 000000570 ____A [DF28BE0DF05E1F12A22F72902F25360C] () C:\Program Files\rempl\toastlogo.png
2019-07-13 18:34 - 2019-08-01 13:52 - 000000000 ____D [00000000000000000000000000000000] () C:\Program Files\rempl\Logs
2019-07-28 16:45 - 2019-08-01 13:50 - 000196608 ____A [06DF4987A0F2711AD3523691C8CF7B1F] () C:\Program Files\rempl\Logs\LauncherRemediation.002.etl
2019-07-28 16:45 - 2019-07-30 22:52 - 000131072 ____A [5C2F2954DF08D81AFC0A97ED506DCB47] () C:\Program Files\rempl\Logs\LauncherRemediation.003.etl
2019-07-28 16:45 - 2019-07-29 18:17 - 000065536 ____A [08C54DD034965B0DB8204474B0AFD8E9] () C:\Program Files\rempl\Logs\LauncherRemediation.004.etl
2019-07-28 16:45 - 2019-07-29 15:45 - 000131072 ____A [318B5752B6C841E197DAEC2B00E4D26C] () C:\Program Files\rempl\Logs\LauncherRemediation.005.etl
2019-07-28 16:45 - 2019-07-29 11:45 - 000131072 ____A [DF9A9A90C230D3CF1FDCB208470F644C] () C:\Program Files\rempl\Logs\LauncherRemediation.006.etl
2019-07-28 16:45 - 2019-07-28 23:32 - 000131072 ____A [99097FB7D75D56F196D9C87323E04BF6] () C:\Program Files\rempl\Logs\LauncherRemediation.007.etl
2019-07-28 16:45 - 2019-07-28 21:00 - 000131072 ____A [265F4001C72AC1EA57C75B0AFB12857B] () C:\Program Files\rempl\Logs\LauncherRemediation.008.etl
2019-07-28 16:45 - 2019-07-28 18:53 - 000131072 ____A [FBA89771D882F871A63555D460621D76] () C:\Program Files\rempl\Logs\LauncherRemediation.009.etl
2019-07-28 16:45 - 2019-07-28 16:45 - 000131072 ____A [262E01E0225703B74518639BAD1E956D] () C:\Program Files\rempl\Logs\LauncherRemediation.010.etl
2019-07-28 16:45 - 2019-08-01 13:50 - 001638400 ____A [4B15F7E4B0D7FF51F6776A877B31F4FF] () C:\Program Files\rempl\Logs\Remediation.002.etl
2019-07-28 16:45 - 2019-07-30 22:52 - 000851968 ____A [1AA7EFAB77D95DC773A6E8C0B0351EFE] () C:\Program Files\rempl\Logs\Remediation.003.etl
2019-07-28 16:45 - 2019-07-29 18:17 - 000917504 ____A [5BCBFFAA582439145B16DC96332A9A38] () C:\Program Files\rempl\Logs\Remediation.004.etl
2019-07-28 16:45 - 2019-07-29 15:45 - 000131072 ____A [DB65AA53EE18E0C99FF04430EB331A54] () C:\Program Files\rempl\Logs\Remediation.005.etl
2019-07-28 16:45 - 2019-07-29 11:45 - 000131072 ____A [5DE0CD6E412CDD8F4714185EEE29507D] () C:\Program Files\rempl\Logs\Remediation.006.etl
2019-07-28 16:45 - 2019-07-28 23:32 - 000131072 ____A [73A2EE0AFF75900E141F27721FF4716F] () C:\Program Files\rempl\Logs\Remediation.007.etl
2019-07-28 16:45 - 2019-07-28 21:00 - 000131072 ____A [8772B844560CCC72076F4F9ECAF9E29D] () C:\Program Files\rempl\Logs\Remediation.008.etl
2019-07-28 16:45 - 2019-07-28 18:53 - 000131072 ____A [F39A5F60815DC5F855C9AB6AAA445008] () C:\Program Files\rempl\Logs\Remediation.009.etl
2019-07-28 16:45 - 2019-07-28 16:45 - 000131072 ____A [0D422670BDC8F414DF886E81154A532C] () C:\Program Files\rempl\Logs\Remediation.010.etl
2019-07-13 18:34 - 2019-08-01 13:52 - 000131072 _____ [80E13018C7200531FF13E51A5B035E65] () C:\Program Files\rempl\Logs\ServiceRemediation.001.etl
2019-07-13 18:34 - 2019-08-01 13:50 - 000327680 ____A [F4548B39287D51D80D5941D269C51F2B] () C:\Program Files\rempl\Logs\ServiceRemediation.002.etl
2019-07-13 18:34 - 2019-07-30 22:54 - 000131072 ____A [F8175EE5110204D33A9C61D851314732] () C:\Program Files\rempl\Logs\ServiceRemediation.003.etl
2019-07-13 18:34 - 2019-07-30 22:52 - 000196608 ____A [C5CED67E20CACD8E76452840410C85DC] () C:\Program Files\rempl\Logs\ServiceRemediation.004.etl
2019-07-13 18:34 - 2019-07-22 14:24 - 000524288 ____A [8D69140206155DDA6451C604B19D3DB0] () C:\Program Files\rempl\Logs\ServiceRemediation.005.etl
2019-07-13 18:34 - 2019-07-22 14:21 - 000393216 ____A [F6685A7F7A444B91F741AADFAE577D66] () C:\Program Files\rempl\Logs\ServiceRemediation.006.etl
2019-07-13 18:34 - 2019-07-18 12:41 - 000196608 ____A [FEA7A590D2A83ABC0660B56D596A16B0] () C:\Program Files\rempl\Logs\ServiceRemediation.007.etl
2019-07-13 18:34 - 2019-07-16 18:00 - 000131072 ____A [364BE3081DF9CDC11AACA9E1611CD80B] () C:\Program Files\rempl\Logs\ServiceRemediation.008.etl
2019-07-13 18:34 - 2019-07-16 17:56 - 000327680 ____A [008EE666FE6AA55AA0501721F374E098] () C:\Program Files\rempl\Logs\ServiceRemediation.009.etl

====== End of Folder: ======

C:\WINDOWS\System32\Tasks\McAfee => moved successfully
"C:\WINDOWS\System32\Tasks\Update Checker" => not found
C:\Program Files\AVAST Software => moved successfully
"C:\Users\denni\AppData\Roaming\uTorrent Web" => not found
"HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\utweb" => removed successfully
"HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\utweb" => not found
HKU\S-1-5-21-1430618548-964272824-186209200-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-1430618548-964272824-186209200-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-1430618548-964272824-186209200-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MBAMService => removed successfully
C:\WINDOWS\system32\drivers\etc\hosts => moved successfully
Hosts restored successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E44394D9-F177-4026-9175-B58BFA58771D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D0E9727B-B821-423C-B878-CE1C50B2583F}" => removed successfully

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 7408656 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27682306 B
Java, Flash, Steam htmlcache => 22943617 B
Windows/system/drivers => 154197 B
Edge => 732628 B
Chrome => 426057016 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1752 B
LocalService => 0 B
NetworkService => 50342 B
NetworkService => 0 B
denni => 13365018 B

RecycleBin => 0 B
EmptyTemp: => 475.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:37:27 ====
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,394
551
Quick Diag Fix.


Right click on Quick Diag Run as Admin.
Copy the content of the code box below to your clipboard.
Click on the S within the User Interface of the program.
Then click on Script.
Allow completion.
Post the log created in your next reply.

Code:
Reg::
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Chromium]
[HKLM\Software\McAfee]
[HKLM\Software\WOW6432Node\Chromium]
[HKLM\Software\WOW6432Node\McAfee]
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\Software\Microsoft\Windows\CurrentVersion\Run]|"utweb"
[HKU\S-1-5-21-1430618548-964272824-186209200-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]|"utweb"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]|"WebStorage"


File::
C:\Users\denni\AppData\Roaming\uTorrent Web
C:\Program Files\AVAST Software
C:\Program Files\mcafee
C:\Users\denni\AppData\Roaming\uTorrent
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki 
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
C:\Users\denni\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki
C:\Users\denni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
C:\ProgramData\McAfee
C:\Program Files\AVAST Software
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job
C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job
C:\WINDOWS\System32\Tasks\McAfee
C:\WINDOWS\System32\Tasks\WpsNotifyTask_Administrator
C:\WINDOWS\System32\Tasks\WpsUpdateTask_Administrator 



Task:: 
<ASUS Smart Gesture Launcher>
<ASUS Splendid ACMON>
<ATK Package 36D18D69AFC3>
<ATK Package A22126881260>
<GoogleUpdateTaskMachineCore>
<GoogleUpdateTaskMachineUA>
<RtHDVBg_ListenToDevice>
<RTKCPL>
<WpsNotifyTask_Administrator>
<WpsUpdateTask_Administrator>

CMD::
rd /s /q C:\WINDOWS\Temp\*
del /f /q C:\WINDOWS\Temp\*
sc delete diagtrack
sc delete dwmappushservice
###


Clean::
Yes





===============================================================

Download ResetBrowser To your desktop.

  • Now close all open browsers.
  • Right click and run as administrator.
  • Click on Reset Chrome. -- Allow completion.
  • Now re-run speed test and see if there is an improvement.
===========================================================
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,394
551
Hello, please give us an update. If there is no reply within 48 hours, this thread will be closed.
 

depor99

PCHF Member
PCHF Member
Jul 31, 2019
7
0
27
Hello, I am so sorry I was abroad. The problem si solved. But I have new problem my toolbar of windows on bottom of screen is not reacting at any action lika turn off notebook etc, and I have to turn off my pc using ctrl+alt+delete and then turn off there. But it is not so big problem, rather not get that annoying ads... But could advice me how to avoid my problem what I had the first?
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,394
551
Do not open any emails that you do not know where they are from. Don't click on any ads and watch what you download you should be fine. If you do decide to download something check it at virus total before opening it on your machine.

I'd use unchecky to make sure that nothing you download comes with anything extra.
Also, Ublock Origin to enjoy ad free browsing.

Ublock origin Chrome.
Ublock Origin FireFox.
Ublock Origin Opera.


Add an extra layer of defense on your machine with this.


I'm going to mark this one as solved, as far as the other issue you will need to start a thread in the windows 10 area.

===============================================================================================

Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
 
Status
Not open for further replies.