--------------- QuickDiag | g3n-h@ckm@n | V5_01.11.19.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 22/11/2019 22:30:32 Updated 01/11/2019 | 14:35 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC-05:00) Bogota, Lima, Quito, Rio Branco [Administrator (Administrator)] - [DESKTOP-VLRG9GS] (S-1-5-21-2749115185-1036825132-4071773075-500) System: Microsoft Windows 10 Pro N - - (10.0.18363) - BuildType: Multiprocessor Free - OSLanguage: 1033 (0409) -> (1909) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Pro N|C:\WINDOWS|\Device\Harddisk0\Partition4 Boot : Normal boot PC: H110M-M.2 - Gigabyte Technology Co., Ltd. - IdNumber: Default string - UUID: 03D502E0-045E-05F0-5206-0A0700080009 Processor : X64 - 3504 Mhz - Intel(R) Core(TM) i5-7600 CPU @ 3.50GHz F24 - en|US|iso8859-1 - American Megatrends Inc. - S/N: Default string - F24 - ALASKA - 1072009 CoreTemp : 29.8 Celsius ----------| Xspeed ---------- | SoundDevice Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0887&SUBSYS_1458A182&REV_1003\4&11D6FE01&0&0001 NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0084&SUBSYS_38426265&REV_1001\5&2E3C62C4&0&0001 ---------- | Video NVIDIA GeForce GTX 1060 6GB - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_71164464ccd46ae5\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_71164464ccd46ae5\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_71164464ccd46ae5\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_71164464ccd46ae5\nvldumdx.dll - PNPDeviceID: PCI\VEN_10DE&DEV_1C03&SUBSYS_62653842&REV_A1\4&22817009&0&0008 - AdapterCompatibility: NVIDIA - RAM: -1048576 Inegrated Video Chipset DeviceName: NVIDIA GeForce GTX 1060 6GB - DriverVersion: 26.21.14.4108 - SpecificationVersion: 1025 ---------- | Codecs C:\WINDOWS\system32\MSYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSVIDC32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39424 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSRLE32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSG711.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 26056 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\IYUV_32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34808 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\IMAADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36920 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSGSM32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42600 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\TSBYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK ---------- | Memory Pagefile = Total (MB) : 10315 | Free (MB) : 6053 Virtual = Total (MB) : 4194 | Free (MB) : 3903 Physical Memory (MB) -------------------- Total: 8153 Available: 5319 Cached: 5334 Free: 879 Kernel Memory (MB) ------------------ Paged: 588 Nonpaged: 290 System ------ Handles: 52942 Processes: 132 Threads: 1629 ---------- | Drives C:\ -> [Fixed] | [] | Total : 80.02 Go | Free : 52.97 Go -> NTFS (SSD) D:\ -> [Fixed] | [] | Total : 142.92 Go | Free : 12.18 Go -> NTFS (SSD) Drive: 0 Cylinders: 29185 Tracks per Cylinder: 255 Sectors per Track: 63 Bytes per Sector: 512 Total Space: 240057409536 bytes ---------- | Windows updates - Activation - License W.A.T : :) Test 1 : Windows Is Activated Volume License ---------- | Browsers IE : 11.0.18362.1 (© Microsoft Corporation.) Default : "C:\Program Files\Internet Explorer\iexplore.exe" ---------- | FlashPlayer FlashPlayer ActiveX : 32.0.0.255 ---------- | Security AS : FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 344 | [Owner : SYSTEM | Parent : 4(System) | ?????] - (.Microsoft Corporation - Windows Session Manager.) - (10.0.18362.329) = C:\Windows\System32\smss.exe [09/09/2019 12:45:48] CPU Usage:0 % 568 | [Owner : SYSTEM | Parent : 440() | ?????] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.18362.1) = C:\Windows\System32\csrss.exe [18/03/2019 23:44:24] CPU Usage:0 % 660 | [Owner : SYSTEM | Parent : 440() | ?????] - (.Microsoft Corporation - Windows Start-Up Application.) - (10.0.18362.387) = C:\Windows\System32\wininit.exe [22/11/2019 01:21:59] CPU Usage:0 % 668 | [Owner : SYSTEM | Parent : 652() | ?????] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.18362.1) = C:\Windows\System32\csrss.exe [18/03/2019 23:44:24] CPU Usage:0 % 732 | [Owner : SYSTEM | Parent : 660(wininit.exe) | ?????] - (.Microsoft Corporation - Services and Controller app.) - (10.0.18362.387) = C:\Windows\System32\services.exe [22/11/2019 01:22:00] CPU Usage:0 % 752 | [Owner : SYSTEM | Parent : 660(wininit.exe) | 14.84 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.18362.1) = C:\Windows\System32\lsass.exe [18/03/2019 23:44:24] CPU Usage:0 % 824 | [Owner : SYSTEM | Parent : 652() | 2.93 Mo] - (.Microsoft Corporation - Windows Logon Application.) - (10.0.18362.449) = C:\Windows\System32\winlogon.exe [22/11/2019 01:22:01] CPU Usage:0 % 936 | [Owner : SYSTEM | Parent : 732(services.exe) | 0.96 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 960 | [Owner : SYSTEM | Parent : 732(services.exe) | 16.64 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 984 | [Owner : UMFD-0 | Parent : 660(wininit.exe) | 1.04 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.18362.476) = C:\Windows\System32\fontdrvhost.exe [22/11/2019 01:22:00] CPU Usage:0 % 992 | [Owner : UMFD-1 | Parent : 824(winlogon.exe) | 11.55 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.18362.476) = C:\Windows\System32\fontdrvhost.exe [22/11/2019 01:22:00] CPU Usage:0 % 392 | [Owner : NETWORK SERVICE | Parent : 732(services.exe) | 12.54 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 876 | [Owner : SYSTEM | Parent : 732(services.exe) | 3.01 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 1040 | [Owner : DWM-1 | Parent : 824(winlogon.exe) | 48.22 Mo] - (.Microsoft Corporation - Desktop Window Manager.) - (10.0.18362.387) = C:\Windows\System32\dwm.exe [22/11/2019 01:21:57] CPU Usage:0 % 1160 | [Owner : SYSTEM | Parent : 732(services.exe) | 5.03 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 1208 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 4.49 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 1240 | [Owner : SYSTEM | Parent : 732(services.exe) | 8.42 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 1248 | [Owner : SYSTEM | Parent : 732(services.exe) | 1.22 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 1312 | [Owner : SYSTEM | Parent : 732(services.exe) | 5.83 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 1408 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 14.14 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 1456 | [Owner : SYSTEM | Parent : 732(services.exe) | 6.1 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 1480 | [Owner : SYSTEM | Parent : 732(services.exe) | 5.68 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.19.2693.9990) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [22/11/2019 17:00:56] CPU Usage:0 % 1560 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 4.2 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 1592 | [Owner : SYSTEM | Parent : 732(services.exe) | 5.7 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 1600 | [Owner : SYSTEM | Parent : 732(services.exe) | 1.36 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 1612 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 3.91 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 1680 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 2.28 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 1752 | [Owner : SYSTEM | Parent : 732(services.exe) | 2.04 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 1832 | [Owner : SYSTEM | Parent : 732(services.exe) | 2.51 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 1844 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 4.89 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 1888 | [Owner : NETWORK SERVICE | Parent : 732(services.exe) | 4.97 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 872 | [Owner : NETWORK SERVICE | Parent : 732(services.exe) | 4 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 1080 | [Owner : SYSTEM | Parent : 732(services.exe) | 19.14 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 1352 | [Owner : SYSTEM | Parent : 1480(NVDisplay.Container.exe) | 13.84 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.19.2693.9990) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [22/11/2019 17:00:56] CPU Usage:0 % 2104 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 4.72 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 2204 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 9.74 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 2296 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 3.13 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 2304 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 1.97 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 2328 | [Owner : SYSTEM | Parent : 732(services.exe) | 16.88 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 2416 | [Owner : SYSTEM | Parent : 960(svchost.exe) | 10.9 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.18362.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [18/03/2019 23:43:48] CPU Usage:0 % 2452 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 4.18 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 2552 | [Owner : SYSTEM | Parent : 732(services.exe) | 3.79 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 2660 | [Owner : SYSTEM | Parent : 732(services.exe) | 2.31 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 2764 | [Owner : SYSTEM | Parent : 732(services.exe) | 3.28 Mo] - (.Microsoft Corporation - Spooler SubSystem App.) - (10.0.18362.476) = C:\Windows\System32\spoolsv.exe [22/11/2019 01:21:46] CPU Usage:0 % 2816 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 13.86 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 2852 | [Owner : NETWORK SERVICE | Parent : 732(services.exe) | 2.43 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 2980 | [Owner : NETWORK SERVICE | Parent : 732(services.exe) | 26.12 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 2988 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 6.2 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 2996 | [Owner : SYSTEM | Parent : 732(services.exe) | 17.77 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 3004 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 21.36 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 3012 | [Owner : SYSTEM | Parent : 732(services.exe) | 4.1 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 3020 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 1.98 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 3052 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 2.25 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 2276 | [Owner : SYSTEM | Parent : 732(services.exe) | 2.56 Mo] - (.Realtek Semiconductor - Realtek HD Audio Universal Service.) - (1.0.191.1) = C:\Windows\System32\RtkAudUService64.exe [22/11/2019 01:29:41] CPU Usage:0 % 2352 | [Owner : SYSTEM | Parent : 732(services.exe) | 1.13 Mo] - (.Intel Corporation - Intel(R) Rapid Storage Technology Management Service.) - (17.7.0.1006) = C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_120314e52c04567c\RstMwService.exe [22/11/2019 16:19:06] CPU Usage:0 % 2872 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 1.25 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 3100 | [Owner : SYSTEM | Parent : 732(services.exe) | 2.48 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 3132 | [Owner : SYSTEM | Parent : 732(services.exe) | 1.7 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 3180 | [Owner : SYSTEM | Parent : 732(services.exe) | 13.7 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 3200 | [Owner : SYSTEM | Parent : 732(services.exe) | 15.2 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 3228 | [Owner : SYSTEM | Parent : 732(services.exe) | 30.19 Mo] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.18362.449) = C:\Windows\System32\SearchIndexer.exe [22/11/2019 01:21:51] CPU Usage:0 % 3484 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 1.19 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 3740 | [Owner : SYSTEM | Parent : 732(services.exe) | 2.8 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 4520 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 3.81 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 4660 | [Owner : Administrator | Parent : 1456(svchost.exe) | 26.09 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.18362.1) = C:\Windows\System32\sihost.exe [18/03/2019 23:43:59] CPU Usage:0 % 4680 | [Owner : Administrator | Parent : 732(services.exe) | 12.04 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 2628 | [Owner : Administrator | Parent : 732(services.exe) | 25.87 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 4748 | [Owner : Administrator | Parent : 1240(svchost.exe) | 20.63 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (10.0.18362.387) = C:\Windows\System32\taskhostw.exe [22/11/2019 01:21:58] CPU Usage:0 % 4892 | [Owner : SYSTEM | Parent : 732(services.exe) | 8.33 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 5096 | [Owner : SYSTEM | Parent : 732(services.exe) | 4.58 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 4484 | [Owner : Administrator | Parent : 5096(svchost.exe) | 33.08 Mo] - (.Microsoft Corporation - CTF Loader.) - (10.0.18362.1) = C:\Windows\System32\ctfmon.exe [18/03/2019 23:44:21] CPU Usage:0 % 5312 | [Owner : Administrator | Parent : 5284() | 100.94 Mo] - (.Microsoft Corporation - Windows Explorer.) - (10.0.18362.449) = C:\Windows\explorer.exe [22/11/2019 01:21:46] CPU Usage:0 % 5472 | [Owner : Administrator | Parent : 732(services.exe) | 15.77 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 5876 | [Owner : Administrator | Parent : 960(svchost.exe) | 54.57 Mo] - (.-.) - (0.0.0.0) = C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe [09/09/2019 12:45:39] CPU Usage:0 % 6080 | [Owner : Administrator | Parent : 960(svchost.exe) | 15.23 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [18/03/2019 23:43:51] CPU Usage:0 % 5180 | [Owner : Administrator | Parent : 960(svchost.exe) | 156.18 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.18362.418) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [22/11/2019 01:22:02] CPU Usage:0 % 5704 | [Owner : Administrator | Parent : 960(svchost.exe) | 50.44 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [18/03/2019 23:43:51] CPU Usage:0 % 6176 | [Owner : Administrator | Parent : 960(svchost.exe) | 26.76 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.18362.1) = C:\Windows\System32\ApplicationFrameHost.exe [18/03/2019 23:44:11] CPU Usage:0 % 6564 | [Owner : Administrator | Parent : 960(svchost.exe) | 45.08 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [18/03/2019 23:43:51] CPU Usage:0 % 3208 | [Owner : Administrator | Parent : 960(svchost.exe) | 13.82 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.18362.1) = C:\Windows\System32\dllhost.exe [18/03/2019 23:44:22] CPU Usage:0 % 3396 | [Owner : Administrator | Parent : 960(svchost.exe) | 58.12 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.18362.1) = C:\Windows\System32\smartscreen.exe [18/03/2019 23:43:51] CPU Usage:0 % 7184 | [Owner : Administrator | Parent : 960(svchost.exe) | 12.03 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [18/03/2019 23:43:51] CPU Usage:0 % 7956 | [Owner : Administrator | Parent : 960(svchost.exe) | 0.4 Mo] - (.Microsoft Corporation - Store.) - (11911.1001.9.0) = C:\Program Files\WindowsApps\microsoft.windowsstore_11911.1001.9.0_x64__8wekyb3d8bbwe\WinStore.App.exe [22/11/2019 03:03:34] CPU Usage:0 % 8076 | [Owner : Administrator | Parent : 960(svchost.exe) | 9.4 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [18/03/2019 23:43:51] CPU Usage:0 % 6880 | [Owner : SYSTEM | Parent : 732(services.exe) | 10.38 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 3248 | [Owner : NETWORK SERVICE | Parent : 732(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 5280 | [Owner : SYSTEM | Parent : 732(services.exe) | ?????] - (.Microsoft Corporation - System Guard Runtime Monitor Broker Service.) - (10.0.18362.1) = C:\Windows\System32\SgrmBroker.exe [18/03/2019 23:45:23] CPU Usage:0 % 6220 | [Owner : SYSTEM | Parent : 732(services.exe) | 21.07 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 976 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 1468 | [Owner : Administrator | Parent : 732(services.exe) | 25.02 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 4140 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 6.64 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 3148 | [Owner : SYSTEM | Parent : 732(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.18.1901.16384) = C:\Windows\System32\SecurityHealthService.exe [09/09/2019 12:45:49] CPU Usage:0 % 1608 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 9.96 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 2704 | [Owner : Administrator | Parent : 960(svchost.exe) | 97.74 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.18362.387) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [22/11/2019 01:21:58] CPU Usage:0 % 4392 | [Owner : Administrator | Parent : 960(svchost.exe) | 29.93 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [18/03/2019 23:43:51] CPU Usage:0 % 4776 | [Owner : Administrator | Parent : 960(svchost.exe) | 51.94 Mo] - (.Microsoft Corporation - WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe.) - (10.0.18362.329) = C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe [09/09/2019 12:45:41] CPU Usage:0 % 744 | [Owner : SYSTEM | Parent : 732(services.exe) | 23.52 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 8336 | [Owner : SYSTEM | Parent : 732(services.exe) | 5.84 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 5652 | [Owner : SYSTEM | Parent : 732(services.exe) | 11.86 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 5792 | [Owner : Administrator | Parent : 960(svchost.exe) | 15.85 Mo] - (.Microsoft Corporation - Windows Security Health Host.) - (4.18.1901.16384) = C:\Windows\System32\SecurityHealthHost.exe [09/09/2019 12:45:49] CPU Usage:0 % 10596 | [Owner : SYSTEM | Parent : 732(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.1910.4) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\MsMpEng.exe [22/11/2019 21:19:25] CPU Usage:0 % 8468 | [Owner : SYSTEM | Parent : 732(services.exe) | 8.93 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 9236 | [Owner : SYSTEM | Parent : 732(services.exe) | 10.63 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 8196 | [Owner : Administrator | Parent : 960(svchost.exe) | 17.18 Mo] - (.Microsoft Corporation - System Settings Broker.) - (10.0.18362.1) = C:\Windows\System32\SystemSettingsBroker.exe [18/03/2019 23:43:42] CPU Usage:0 % 5040 | [Owner : SYSTEM | Parent : 732(services.exe) | 11.16 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 9404 | [Owner : SYSTEM | Parent : 732(services.exe) | 11.47 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 10000 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 12.55 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 4036 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 32.18 Mo] - (.Microsoft Corporation - SMSvcHost.exe.) - (3.0.4506.9140) = C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [09/09/2019 12:41:37] CPU Usage:0 % 10316 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 25.31 Mo] - (.Microsoft Corporation - SMSvcHost.exe.) - (4.8.3752.0) = C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [18/03/2019 23:59:16] CPU Usage:0 % 7268 | [Owner : SYSTEM | Parent : 732(services.exe) | 6.89 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 9140 | [Owner : LOCAL SERVICE | Parent : 2204(svchost.exe) | 14.81 Mo] - (.Microsoft Corporation - Windows Audio Device Graph Isolation.) - (10.0.18362.449) = C:\Windows\System32\audiodg.exe [22/11/2019 01:21:45] CPU Usage:0 % 3896 | [Owner : SYSTEM | Parent : 732(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 10564 | [Owner : SYSTEM | Parent : 960(svchost.exe) | 17.87 Mo] - (.Microsoft Corporation - USO Core Worker Process.) - (10.0.18362.449) = C:\Windows\System32\usocoreworker.exe [22/11/2019 01:21:53] CPU Usage:0 % 6352 | [Owner : LOCAL SERVICE | Parent : 732(services.exe) | 8.96 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 1348 | [Owner : SYSTEM | Parent : 732(services.exe) | 42.34 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 4448 | [Owner : NETWORK SERVICE | Parent : 960(svchost.exe) | 8.23 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.18362.1) = C:\Windows\System32\dllhost.exe [18/03/2019 23:44:22] CPU Usage:0 % 10108 | [Owner : SYSTEM | Parent : 732(services.exe) | 5.86 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 10280 | [Owner : SYSTEM | Parent : 732(services.exe) | 5.51 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [18/03/2019 23:44:22] CPU Usage:0 % 9760 | [Owner : Administrator | Parent : 960(svchost.exe) | 78.61 Mo] - (.Microsoft Corporation - Microsoft Edge.) - (11.0.18362.476) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe [22/11/2019 01:21:43] CPU Usage:0 % 11180 | [Owner : Administrator | Parent : 960(svchost.exe) | 8.23 Mo] - (.Microsoft Corporation - Browser_Broker.) - (11.0.18362.267) = C:\Windows\System32\browser_broker.exe [09/09/2019 12:45:44] CPU Usage:0 % 5048 | [Owner : Administrator | Parent : 6564(RuntimeBroker.exe) | 15.44 Mo] - (.Microsoft Corporation - Microsoft Edge Web Platform.) - (11.0.18362.1) = C:\Windows\System32\MicrosoftEdgeSH.exe [18/03/2019 23:43:56] CPU Usage:0 % 8632 | [Owner : Administrator | Parent : 960(svchost.exe) | 136.07 Mo] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.18362.1) = C:\Windows\System32\MicrosoftEdgeCP.exe [18/03/2019 23:43:37] CPU Usage:0 % 5288 | [Owner : Administrator | Parent : 5312(explorer.exe) | 63.36 Mo] - (.SosVirus - QuickDiag.) - (1.11.19.1) = C:\Users\Administrator\Desktop\QuickDiag.exe [22/11/2019 22:30:15] CPU Usage:0 % 5216 | [Owner : NETWORK SERVICE | Parent : 960(svchost.exe) | 10.13 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.18362.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [18/03/2019 23:45:03] CPU Usage:0 % ---------- | Locked Applications ---------- | Policy Restrictions ---------- | Explorer.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\System32\UMPDC.dll (.NVIDIA Corporation.-.NVIDIA Driver Loader, Version 441.08.) - (26.21.14.4108) -- C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_71164464ccd46ae5\nvldumdx.dll (.NVIDIA Corporation.-.NVIDIA D3D10 Driver, Version 441.08.) - (26.21.14.4108) -- C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_71164464ccd46ae5\nvwgf2umx_cfg.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll (.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 441.08.) - (26.21.14.4108) -- C:\WINDOWS\SYSTEM32\nvapi64.dll (.NVIDIA Corporation.-.NVIDIA Display Shell Extension.) - (1.2.0.1) -- C:\WINDOWS\system32\nvshext.dll (.Malwarebytes.-.Malwarebytes.) - (3.0.0.79) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll (.Igor Pavlov.-.7-Zip Shell Extension.) - (19.0.0.0) -- C:\Program Files\7-Zip\7-zip.dll (.NVIDIA Corporation.-.NVIDIA Shell Extensions.) - (6.14.14.4108) -- C:\WINDOWS\system32\nv3dappshext.dll (.The ICU Project.-.ICU Combined Library.) - (63.1.0.0) -- C:\WINDOWS\SYSTEM32\icu.dll ---------- | Winlogon.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\System32\UMPDC.dll ---------- | svchost.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\System32\UMPDC.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.25.3.0) -- c:\windows\system32\winsqlite3.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\usocoreps.dll (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\FACEBOOTSTRAPADAPTER.DLL ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: NT AUTHORITY\LOCAL SERVICE OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: NT AUTHORITY\NETWORK SERVICE OneDrive - ("C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-2749115185-1036825132-4071773075-500\SOFTWARE\...\Run]) - User: DESKTOP-VLRG9GS\Administrator SecurityHealth - (%windir%\system32\SecurityHealthSystray.exe [HKLM\SOFTWARE\...\Run]) - User: Public RtkAudUService - ("C:\WINDOWS\System32\RtkAudUService64.exe" -background [HKLM\SOFTWARE\...\Run]) - User: Public WindowsDefender - ("%ProgramFiles%\Windows Defender\MSASCuiL.exe" [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-2749115185-1036825132-4071773075-500\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-2749115185-1036825132-4071773075-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "OneDrive"=0x010000007E996AE4AAA1D501 [HKU\S-1-5-21-2749115185-1036825132-4071773075-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "a"="D:\Windows Repair Portable 4.7.0_Portable\Tweaking.com - Windows Repair\Repair_Windows.exe"\1 "MRUList"=dcab "b"=C:\Windows\explorer.exe\1 "c"=msconfig\1 "d"=control\1 [HKU\S-1-5-21-2749115185-1036825132-4071773075-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"= "IsMRUEstablished"=4294967295 "LegacyDefaultPrinterMode"=4294967295 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%windir%\system32\SecurityHealthSystray.exe "RtkAudUService"="C:\WINDOWS\System32\RtkAudUService64.exe" -background "WindowsDefender"="%ProgramFiles%\Windows Defender\MSASCuiL.exe" [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x070000006BE24D1FA1A1D501 "RtkAudUService"=0x0300000008AEB21EA1A1D501 "WindowsDefender"=0x0100000071C33AE4AAA1D501 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D5A0FD21C9E426 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List OneDrive Standalone Update Task-S-1-5-21-2749115185-1036825132-4071773075-1001 OneDrive Standalone Update Task-S-1-5-21-2749115185-1036825132-4071773075-500 ---------- | Startings up registry ¦ Folder ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Hosts 127.0.0.1 localhost ---------- | Ping Pinging google.com [2800:3f0:4001:810::200e] with 32 bytes of data: Reply from 2800:3f0:4001:810::200e: time=69ms Reply from 2800:3f0:4001:810::200e: time=70ms Reply from 2800:3f0:4001:810::200e: time=69ms Reply from 2800:3f0:4001:810::200e: time=70ms Ping statistics for 2800:3f0:4001:810::200e: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 69ms, Maximum = 70ms, Average = 69ms ---------- | @ [HKU\S-1-5-21-2749115185-1036825132-4071773075-500\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=Once_Per_Session "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=C:\WINDOWS\system32\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "OperationalData"=13 "ImageStoreRandomFolder"=m686p5p "CompatibilityFlags"=0 "SearchBandMigrationVersion"=0 "FullScreen"=no "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2400000024000000440300007C020000 "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Start Page_TIMESTAMP"=0x1A97DB9AA2A1D501 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"= "IE10RunOnceLastShown"=0 "IE10RunOnceLastShown_TIMESTAMP"=0xD49B4BEEACA1D501 "IE10TourShown"=1 "IE10TourShownTime"=0x969A9C1980A1D501 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "AllowSavingHistory"=1 "ScriptDebugger_EnableHiddenTabs"=0 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "StatusBarWeb"=1 "HideNewEdgeButton"=1 "HideOpenWithEdgeInContextMenu"=0 "ShowApplicationGuardFirstRunExperienceFromIE"=1 "ForceGDIPlus"=0 "AlwaysShowMenus"=0 "ShutdownWaitForOnUnload"=0 "DNSPreresolution"=8 "SpellChecking"=1 "LangToolsBroker"={5bbd58bb-993e-4c17-8af6-3af8e908fca8} "DisablePasswordReveal"=0 "Check_Associations"=yes "EnableLeakDetectionInEdge"=0 "LastClosedWidth"=800 "LastClosedHeight"=600 "AllowPrinting"=1 "AllowMixedModePrintingInPDF"=0 "DisableRequiresActiveXPrompt"= "EnableGetHostEnvironmentValue"=1 "SuppressScriptDebuggerDialog"=0 "PredictedViewExpansion"=100 "PredictedViewChangeThreshold"=10 "PredictedViewChangeThresholdPaint"=10 "ContentLayerCacheExpansion"=300 "RenderingLoopMaxTime"=250 "NscSingleExpand"=0 "Error Dlg Displayed On Every Error"=no "Friendly http errors"=yes "CSS_Compat"=doctype "Expand Alt Text"=no "Display Inline Videos"=1 "Use Stylesheets"=1 "SmoothScroll"=1 "Show image placeholders"=0 "Disable Diagnostics Mode"=no "Move System Caret"=no "Enable AutoImageResize"=yes "UseThemes"=1 "UseHR"=0 "Q300829"=0 "Cleanup HTCs"=0 "XDomainRequest"=1 "DOMStorage"=1 "EnableAlternativeCodec"=yes "JScriptProfileCacheEventDelay"=5000 "HideLocalHostIP"=0 "CrossfadeMinTimeoutInMS"=30000 "CrossfadeMaxTimeoutInMS"=30000 "CrossfadeCurrentTimeoutInMS"=30000 "ScrollTimeoutInMS"=6000 "IsDrtTestRunning"=no "DisableFirstRunCustomize"=3 "IE10RunOncePerInstallCompleted"=0 "IE10RecommendedSettingsNo"=0 "IE11EdgeNotifyTime"=0x0000000000000000 "EdgeReminderURL"=http://go.microsoft.com/fwlink/?LinkId=838604 "EdgeReminderDuration"=31 "EdgeReminderRemainingCount"=6 "FrameTabWindow"=1 "AdminTabProcs"=1 "SessionMerging"=1 "FrameMerging"=1 "CPLaunch"=0 "HangRecovery"=1 "DesktopTransparentCoverWindowTime"=8 "TSEnable"=1 "Isolation"=PMIL "Isolation64Bit"=0 "IsolationImmersive"=PMEM "TabShutdownDelay"=60000 "NoUpdateCheck"=1 "Search Bar"=Preserve "MinIEEnabled"=1 "RefcountTracker"=0 "TabDragOnSingleProc"=0 "ForceBFCacheCandidacyPass"=0 "Fasterback"=1 "BackForwardInstrumentation"=0 "FormSuggest PW Ask"=yes "IsDRTRunning"=no "News Feed First Run Experience"=1 [HKU\S-1-5-21-2749115185-1036825132-4071773075-500\Software\Microsoft\Internet Explorer\TypedURLs] "url1"=https://go.microsoft.com/fwlink/p/?LinkId=255141 [HKU\S-1-5-21-2749115185-1036825132-4071773075-500\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "CertificateRevocation"=1 "ZonesSecurityUpgrade"=0x969A9C1980A1D501 "EnableNegotiate"=1 "MigrateProxy"=1 "AutoConfigProxy"=wininet.dll "ProxyEnable"=0 "WarnonZoneCrossing"=0 "UrlEncoding"=0 "PreventIgnoreCertErrors"=0 "EnableAutodial"=0 "NoNetAutodial"=0 "EnableHttp1_1"=1 "ProxyHttp1.1"=1 "EnableHTTP2"=1 "BackgroundConnections"=1 "SyncMode5"=4 "EmailName"=IEUser@ "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "EnableSSL3Fallback"=1 "EnablePunycode"=1 "ShowPunycode"=0 "CreateUriCacheSize"=80 "CoInternetCombineIUriCacheSize"=80 "SecurityIdIUriCacheSize"=30 "SpecialFoldersCacheSize"=8 "PrivDiscUiShown"=1 "WarnOnIntranet"=1 "UseSchannelDirectly"=0x01000000 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 "AutoConfigProxy"=wininet.dll "ProxyEnable"=0 [HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=https://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\WINDOWS\system32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "AllowSavingHistory"=1 "ScriptDebugger_EnableHiddenTabs"=0 "StatusBarWeb"=1 "HideNewEdgeButton"=1 "HideOpenWithEdgeInContextMenu"=0 "SearchBandMigrationVersion"=0 "ForceGDIPlus"=0 "AlwaysShowMenus"=0 "ShutdownWaitForOnUnload"=0 "DNSPreresolution"=8 "SpellChecking"=1 "LangToolsBroker"={5bbd58bb-993e-4c17-8af6-3af8e908fca8} "DisablePasswordReveal"=0 "Check_Associations"=yes "LastClosedWidth"=800 "LastClosedHeight"=600 "AllowPrinting"=1 "AllowMixedModePrintingInPDF"=0 "EnableGetHostEnvironmentValue"=1 "DEPOff"=0 "MaxRenderLine"=4000 "Use_DlgBox_Colors"=yes "Anchor Underline"=yes "Display Inline Images"=yes "Display Inline Videos"=1 "Play_Background_Sounds"=yes "Play_Animations"=yes "SmoothScroll"=1 "XMLHTTP"=1 "Show image placeholders"=0 "Disable Script Debugger"=yes "Disable Diagnostics Mode"=no "Enable AutoImageResize"=yes "XDomainRequest"=1 "DOMStorage"=1 "EnableAlternativeCodec"=yes "HideLocalHostIP"=0 "CrossfadeMinTimeoutInMS"=30000 "CrossfadeMaxTimeoutInMS"=30000 "CrossfadeCurrentTimeoutInMS"=30000 "ScrollTimeoutInMS"=6000 "DisableFirstRunCustomize"=0 "IE10RunOnceLastShown"=0 "IE10RunOnceLastShown_TIMESTAMP"=0x2C5F50EEACA1D501 "IE10RunOncePerInstallCompleted"=0 "IE10RecommendedSettingsNo"=0 "FrameTabWindow"=1 "AdminTabProcs"=1 "SessionMerging"=1 "FrameMerging"=1 "CPLaunch"=0 "HangRecovery"=1 "DesktopTransparentCoverWindowTime"=8 "TSEnable"=1 "Isolation"=PMIL "Isolation64Bit"=0 "IsolationImmersive"=PMEM "TabShutdownDelay"=60000 "TabProcGrowth"=Medium [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm "Compat"=res://mshtml.dll/compat.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\WINDOWS\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 "UrlEncoding"=0 "PreventIgnoreCertErrors"=0 "EnableHttp1_1"=1 "ProxyHttp1.1"=1 "EnableHTTP2"=1 "BackgroundConnections"=1 "EmailName"=IEUser@ "EnableSSL3Fallback"=1 "ShowPunycode"=0 "CreateUriCacheSize"=80 "CoInternetCombineIUriCacheSize"=80 "SecurityIdIUriCacheSize"=30 "SpecialFoldersCacheSize"=8 "DisableCachingOfSSLPages"=0 "SyncMode5"=4 [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 ---------- | Proxy ---------- | Notify ---------- | Execution FileExts ---------- | Browser Helper Objects ---------- | Chrome ---------- | Opera ---------- | Firefox ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.100.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{a01ac255-a527-45a6-b4f6-9144d8d0ea18}] "DhcpNameServer"=192.168.100.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{a01ac255-a527-45a6-b4f6-9144d8d0ea18}] "DhcpNameServer"=192.168.100.1 ---------- | Drives D: [03/11/2019 22:13:21] - |A| - (.Copyright © 2014 AVAST Software - Avast SecureLine VPN Setup .) - [21680064] - (5.5.522.0) - D:\avast_secureline_setup.exe [10/10/2019 12:45:43] - |A| - (.Copyright 2018 Google LLC - Google Update Setup.) - [1472056] - (1.3.35.302) - D:\ChromeSetup.exe [23/10/2019 02:29:23] - |A| - (.Copyright (c) 2017 Discord Inc. - Discord - https://discordapp.com/.) - [61370712] - (0.0.49.0) - D:\DiscordSetup.exe [17/10/2019 14:03:02] - |A| - (.Mozilla - Firefox.) - [49982064] - (18.5.0.0) - D:\Firefox Setup 69.0.3.exe [18/11/2019 00:19:46] - |A| - (.©1999-2018 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [2260480] - (14.11.2019.0) - D:\FRST64.exe [29/10/2019 19:02:17] - |A| - (.-.) - [8650880] - (4.0.1530.51496) - D:\GameCenterLoader_0c9f813a812a0ccc8c4a27b3ea9f17e3.exe [20/10/2019 15:27:05] - |A| - (.Copyright © 2011-2019 NVIDIA Corporation New - NVIDIA Package Launcher New.) - [121681576] - (1.0.10.0) - D:\GeForce_Experience_v3.20.0.118.exe [15/11/2019 05:20:58] - |A| - (.Copyright (C) 2015 Igor Jerosimić - Calculates SHA-1, MD5 and CRC32 hash for text or file.) - [187392] - (1.7.0.0) - D:\hasher_64bit.exe [26/10/2019 12:38:53] - |A| - (.Copyright © 1996-2019 Adobe - Adobe® Flash® Player Installer/Uninstaller 32.0 r0.) - [21320728] - (32.0.0.270) - D:\install_flash_player.exe [26/10/2019 12:39:26] - |A| - (. - K-Lite Mega Codec Pack Setup .) - [59825959] - (15.2.0.0) - D:\K-Lite_Codec_Pack_1520_Mega.exe [03/11/2019 09:54:18] - |A| - (. - .) - [17276616] - (4.1.100.1332) - D:\lgs510_x64.exe [22/10/2019 06:10:07] - |RA| - (.© 2017 Malwarebytes. - Malwarebytes .) - [66898088] - (3.8.3.2965) - D:\mb3-setup-consumer-3.8.3.2965-1.0.629-1.0.12995.exe [17/10/2019 11:06:37] - |A| - (.© Microsoft Corporation. - Windows 10 Setup.) - [19255000] - (10.0.18362.418) - D:\MediaCreationTool1903.exe [30/10/2019 15:02:04] - |A| - (. - ExitLag Setup .) - [15927864] - (0.0.0.0) - D:\SetupExitLag_v3109.exe [26/10/2019 08:57:39] - |A| - (.(c) 2019 Skype and/or Microsoft - Skype Setup.) - [68883560] - (8.53.0.85) - D:\Skype-8.53.0.85.exe [28/10/2019 08:06:53] - |A| - (.© Valve Corporation - Steam.) - [1573568] - (2.10.91.91) - D:\SteamSetup.exe [29/10/2019 22:38:45] - |A| - (.Copyright (C) 2005-2018 SUPERAntiSpyware - SUPERAntiSpyware Professional Setup.) - [42835824] - (8.0.0.1046) - D:\SUPERAntiSpywarePro.exe [12/11/2019 05:24:11] - |A| - (.Copyright (C) 2019 Yamicsoft - Windows 10 Manager Installer.) - [29749728] - (3.1.7.0) - D:\windows10manager.exe ---------- | C: [MD5.D41D8CD98F00B204E9800998ECF8427E] - [22/11/2019 01:35:48] - |ASH| - (.-.) - [3419910144] - (0.0.0.0) - C:\hiberfil.sys [MD5.D41D8CD98F00B204E9800998ECF8427E] - [22/11/2019 01:35:49] - |ASH| - (.-.) - [2013265920] - (0.0.0.0) - C:\pagefile.sys [MD5.E4A58AD90A2DEA54739867A57D47F8E1] - [22/11/2019 22:30:32] - |A| - (.-.) - [55988] - (0.0.0.0) - C:\QuickDiag.txt [MD5.D41D8CD98F00B204E9800998ECF8427E] - [22/11/2019 01:35:50] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys ---------- | C:\WINDOWS [MD5.B75D52E7DBEEF44A2C3324A2CE0272C9] - [18/03/2019 23:43:34] - |A| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [73216] - (10.0.18362.1) - C:\WINDOWS\bfsvc.exe [MD5.9C4532ED7E666937E1F164436EAE0689] - [22/11/2019 16:59:23] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [MD5.171F9CC24719E9FFA58AD13CE2D23429] - [22/11/2019 16:57:36] - |A| - (.-.) - [776] - (0.0.0.0) - C:\WINDOWS\DtcInstall.log [MD5.4E196CEA0C9C46A7D656C67E52E8C7C7] - [22/11/2019 01:21:46] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [4615616] - (10.0.18362.449) - C:\WINDOWS\explorer.exe [MD5.67094590E3D57130C587CD6D8AFB6597] - [22/11/2019 01:22:14] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [1059840] - (10.0.18362.449) - C:\WINDOWS\HelpPane.exe [MD5.DF73D52FDCE65F90A2E49EFB5248C77C] - [18/03/2019 23:45:30] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [18432] - (10.0.18362.1) - C:\WINDOWS\hh.exe [MD5.519C1BEC851A5F7E4D30ED614262DE03] - [22/11/2019 22:06:44] - |A| - (.-.) - [21961] - (0.0.0.0) - C:\WINDOWS\iis.log [MD5.23AF90D2355D8C83AA4567EF1763B467] - [18/03/2019 23:44:19] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [MD5.F1139811BBF61362915958806AD30211] - [18/03/2019 23:44:49] - |A| - (.© Microsoft Corporation. - Notepad.) - [181248] - (10.0.18362.1) - C:\WINDOWS\notepad.exe [MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [22/11/2019 17:00:56] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvContainerRecovery.bat [MD5.C7E9BB9DACA3F44E56AB5A805F98B31A] - [22/11/2019 20:44:30] - |A| - (.-.) - [5110] - (0.0.0.0) - C:\WINDOWS\PFRO.log [MD5.29409008DF22243BB320333F9FD5C060] - [18/03/2019 23:45:39] - |A| - (.© Microsoft Corporation. - Registry Editor.) - [358400] - (10.0.18362.1) - C:\WINDOWS\regedit.exe [MD5.0A680F14BDF67EFC2B13438F3A4AD0FF] - [22/11/2019 17:00:43] - |A| - (.-.) - [1018] - (0.0.0.0) - C:\WINDOWS\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [22/11/2019 17:00:43] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log [MD5.906E1DFC3A3A64D3452C5BA124AC9A4C] - [22/11/2019 01:21:46] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [132608] - (10.0.18362.476) - C:\WINDOWS\splwow64.exe [MD5.286A9EDB379DC3423A528B0864A0F111] - [22/11/2019 16:56:54] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [MD5.BC67755EBD59B2523C943F0D1A9982EF] - [18/03/2019 23:45:53] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [64512] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [MD5.CA2A8AF1DBAD0F31F9B33A2827DFBC16] - [22/11/2019 20:59:24] - |A| - (.-.) - [207] - (0.0.0.0) - C:\WINDOWS\tweaking.com-regbackup-DESKTOP-VLRG9GS-Windows-10-Pro-N-(64-bit).dat [MD5.23CF8138F49416231807E6DE371FB9E6] - [22/11/2019 16:56:54] - |A| - (.-.) - [92] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [18/03/2019 23:44:18] - |AH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [22/11/2019 17:03:09] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.CAA192BFDFB5F2A131EBD649B7062DE3] - [18/03/2019 23:45:53] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [11776] - (10.0.18362.1) - C:\WINDOWS\winhlp32.exe [MD5.1D27F61CC5D659247D2E0C111C5386DE] - [18/03/2019 23:45:46] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.18362.1) - C:\WINDOWS\write.exe ---------- | C:\WINDOWS\System32\GroupPolicy ---------- | Systemroot\Installer (Microsoft Files Whitelisted) ---------- | [Administrator] [22/11/2019 21:17:47] - |RD| - [298] - C:\Users\Administrator\3D Objects [22/11/2019 21:00:45] - |HD| - [789137605] - C:\Users\Administrator\AppData [22/11/2019 21:00:45] - |SHD| - [0] - C:\Users\Administrator\Application Data [22/11/2019 21:17:47] - |RD| - [412] - C:\Users\Administrator\Contacts [22/11/2019 21:00:45] - |SHD| - [0] - C:\Users\Administrator\Cookies [22/11/2019 21:00:45] - |RD| - [25697020] - C:\Users\Administrator\Desktop [22/11/2019 21:00:45] - |RD| - [402] - C:\Users\Administrator\Documents [22/11/2019 21:00:45] - |RD| - [11369338] - C:\Users\Administrator\Downloads [22/11/2019 21:00:45] - |RD| - [690] - C:\Users\Administrator\Favorites [22/11/2019 21:00:45] - |RD| - [1997] - C:\Users\Administrator\Links [22/11/2019 21:00:45] - |SHD| - [0] - C:\Users\Administrator\Local Settings [22/11/2019 21:36:05] - |HD| - [2647721] - C:\Users\Administrator\MicrosoftEdgeBackups [22/11/2019 21:00:45] - |RD| - [504] - C:\Users\Administrator\Music [22/11/2019 21:00:45] - |SHD| - [0] - C:\Users\Administrator\My Documents [22/11/2019 21:00:45] - |SHD| - [0] - C:\Users\Administrator\NetHood [22/11/2019 21:00:45] - |AH| - [1048576] - C:\Users\Administrator\NTUSER.DAT [22/11/2019 21:00:45] - |ASH| - [376832] - C:\Users\Administrator\ntuser.dat.LOG1 [22/11/2019 21:00:45] - |ASH| - [339968] - C:\Users\Administrator\ntuser.dat.LOG2 [22/11/2019 21:00:45] - |ASH| - [65536] - C:\Users\Administrator\NTUSER.DAT{734c7175-0d73-11ea-8463-e0d55ef0520a}.TM.blf [22/11/2019 21:00:45] - |ASH| - [524288] - C:\Users\Administrator\NTUSER.DAT{734c7175-0d73-11ea-8463-e0d55ef0520a}.TMContainer00000000000000000001.regtrans-ms [22/11/2019 21:00:45] - |ASH| - [524288] - C:\Users\Administrator\NTUSER.DAT{734c7175-0d73-11ea-8463-e0d55ef0520a}.TMContainer00000000000000000002.regtrans-ms [22/11/2019 21:00:45] - |SH| - [20] - C:\Users\Administrator\ntuser.ini [22/11/2019 21:18:59] - |RD| - [104] - C:\Users\Administrator\OneDrive [22/11/2019 21:00:45] - |RD| - [884] - C:\Users\Administrator\Pictures [22/11/2019 21:00:45] - |SHD| - [0] - C:\Users\Administrator\PrintHood [22/11/2019 21:00:45] - |SHD| - [0] - C:\Users\Administrator\Recent [22/11/2019 21:00:45] - |RD| - [282] - C:\Users\Administrator\Saved Games [22/11/2019 21:17:47] - |RD| - [1875] - C:\Users\Administrator\Searches [22/11/2019 21:00:45] - |SHD| - [0] - C:\Users\Administrator\SendTo [22/11/2019 21:00:45] - |SHD| - [0] - C:\Users\Administrator\Start Menu [22/11/2019 21:00:45] - |SHD| - [0] - C:\Users\Administrator\Templates [22/11/2019 21:00:45] - |RD| - [504] - C:\Users\Administrator\Videos ---------- | C:\ProgramData [22/11/2019 17:03:06] - |SHD| - [0] - C:\ProgramData\Application Data [22/11/2019 17:03:06] - |SHD| - [0] - C:\ProgramData\Desktop [22/11/2019 17:03:06] - |SHD| - [0] - C:\ProgramData\Documents [22/11/2019 20:37:20] - |A| - [19535] - C:\ProgramData\empty.ico [22/11/2019 21:37:05] - |D| - [31614761] - C:\ProgramData\Malwarebytes [22/11/2019 16:56:53] - |SD| - [709687114] - C:\ProgramData\Microsoft [22/11/2019 20:32:39] - |D| - [25] - C:\ProgramData\Microsoft OneDrive [22/11/2019 17:00:56] - |D| - [56757] - C:\ProgramData\NVIDIA [22/11/2019 17:00:55] - |D| - [122880] - C:\ProgramData\NVIDIA Corporation [22/11/2019 20:31:16] - |D| - [0] - C:\ProgramData\Packages [22/11/2019 16:56:53] - |D| - [1001] - C:\ProgramData\regid.1991-06.com.microsoft [22/11/2019 16:56:53] - |D| - [0] - C:\ProgramData\SoftwareDistribution [22/11/2019 17:03:06] - |SHD| - [0] - C:\ProgramData\Start Menu [22/11/2019 17:03:06] - |SHD| - [0] - C:\ProgramData\Templates [22/11/2019 16:56:53] - |D| - [7892] - C:\ProgramData\USOPrivate [22/11/2019 16:56:53] - |D| - [417792] - C:\ProgramData\USOShared ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [22/11/2019 16:56:54] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [22/11/2019 22:07:44] - |D| - [0] - C:\Program Files (x86)\Adware Removal Tool by TSA [22/11/2019 16:56:53] - |D| - [23459003] - C:\Program Files (x86)\Common Files [22/11/2019 16:56:54] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [22/11/2019 16:56:53] - |D| - [1983469] - C:\Program Files (x86)\Internet Explorer [22/11/2019 16:56:53] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET [22/11/2019 22:06:27] - |D| - [25757] - C:\Program Files (x86)\MSBuild [22/11/2019 17:00:56] - |D| - [700352] - C:\Program Files (x86)\NVIDIA Corporation [22/11/2019 16:58:29] - |D| - [36970241] - C:\Program Files (x86)\Reference Assemblies [22/11/2019 17:00:55] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [22/11/2019 16:56:53] - |D| - [1729040] - C:\Program Files (x86)\Windows Defender [22/11/2019 16:56:53] - |D| - [625664] - C:\Program Files (x86)\Windows Mail [22/11/2019 16:56:53] - |D| - [7441240] - C:\Program Files (x86)\Windows NT [22/11/2019 16:56:53] - |D| - [5269960] - C:\Program Files (x86)\Windows Photo Viewer [22/11/2019 16:56:53] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [22/11/2019 16:56:53] - |D| - [2237485] - C:\Program Files (x86)\WindowsPowerShell ---------- | C:\Program Files [22/11/2019 21:39:34] - |D| - [5204927] - C:\Program Files\7-Zip [22/11/2019 16:56:53] - |D| - [46117353] - C:\Program Files\Common Files [22/11/2019 16:56:54] - |ASH| - [174] - C:\Program Files\desktop.ini [22/11/2019 16:56:53] - |D| - [2644474] - C:\Program Files\Internet Explorer [22/11/2019 21:36:54] - |D| - [207841072] - C:\Program Files\Malwarebytes [22/11/2019 16:56:53] - |D| - [0] - C:\Program Files\ModifiableWindowsApps [22/11/2019 22:06:27] - |D| - [25757] - C:\Program Files\MSBuild [22/11/2019 17:00:52] - |D| - [194773266] - C:\Program Files\NVIDIA Corporation [22/11/2019 22:06:27] - |D| - [34633385] - C:\Program Files\Reference Assemblies [22/11/2019 21:00:46] - |HD| - [0] - C:\Program Files\Uninstall Information [22/11/2019 16:56:53] - |D| - [29562031] - C:\Program Files\Windows Defender [22/11/2019 16:56:53] - |D| - [16483104] - C:\Program Files\Windows Defender Advanced Threat Protection [22/11/2019 16:56:53] - |D| - [636416] - C:\Program Files\Windows Mail [22/11/2019 16:56:53] - |D| - [7777624] - C:\Program Files\Windows NT [22/11/2019 16:56:53] - |D| - [6087320] - C:\Program Files\Windows Photo Viewer [22/11/2019 16:56:53] - |D| - [110373] - C:\Program Files\Windows Security [22/11/2019 16:56:53] - |SHD| - [0] - C:\Program Files\Windows Sidebar [22/11/2019 16:56:53] - |HD| - [1503754852] - C:\Program Files\WindowsApps [22/11/2019 16:56:53] - |D| - [2530213] - C:\Program Files\WindowsPowerShell ---------- | Tasks [MD5.64EC80BAC1DC2193066B8246E5F35259] - [22/11/2019 20:57:06] - |A| - [214] - C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [22/11/2019 17:02:59] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.AF833190366198F425D8C914A31BE64B] - [22/11/2019 21:17:06] - |AH| - [304] - C:\WINDOWS\Tasks\User_Feed_Synchronization-{7E660896-5F4A-4531-8250-1982DEFF851F}.job [MD5.00000000000000000000000000000000] - [22/11/2019 16:56:53] - |D| - [567360] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.E77938A0021623E859EEE458A599C0F7] - [22/11/2019 20:33:20] - |A| - [3380] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2749115185-1036825132-4071773075-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.1BC6611DB10FA614F90A79EAA805D8C3] - [22/11/2019 21:19:00] - |A| - [3394] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2749115185-1036825132-4071773075-500 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.00000000000000000000000000000000] - [22/11/2019 16:56:53] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True ---------- | Installer ---------- | ADS ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ----------( EOF)---------- - 997 | 22:32:00