===== SpyHunter 4.24.3.4750 Support Log ===== ================= GENERAL INFORMATION ================= Operating system: Window 10.0 Internet explorer: 9.11.14393.0 Safe mode: 0 User name: LAPTOP-52KHQPMH\Rafa³ Product ID: 0E7506A663922B44711CBB7E047A1DA4 ================= PROCESSES ================= [Process] smss.exe [Modules]: [Process] csrss.exe [Modules]: [Process] csrss.exe [Modules]: [Process] wininit.exe [Modules]: [Process] winlogon.exe [Modules]: [Process] services.exe [Modules]: [Process] lsass.exe [Modules]: [Process] svchost.exe MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Modules]: [Process] svchost.exe MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Modules]: [Process] dwm.exe [Modules]: [Process] svchost.exe MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Modules]: [Process] svchost.exe MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Modules]: [Process] svchost.exe MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Modules]: [Process] svchost.exe MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Modules]: [Process] svchost.exe MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Modules]: [Process] dasHost.exe [Modules]: [Process] igfxCUIService.exe MD5: 9a79817b982c77eee85e38bcbc4b9416 Size: 350704 Path: %WINDIR%\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe [Modules]: [Process] svchost.exe MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Modules]: [Process] WUDFHost.exe [Modules]: [Process] rundll32.exe MD5: 111474c61232202b5b588d2b512cbb25 Size: 61952 Path: %WINDIR%\System32\rundll32.exe [Modules]: [Process] svchost.exe MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Modules]: [Process] svchost.exe MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Modules]: [Process] svchost.exe MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Modules]: [Process] svchost.exe MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Modules]: [Process] spoolsv.exe [Modules]: [Process] svchost.exe MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Modules]: [Process] NvStreamService.exe MD5: a8213bf32d2e75add362e118ad164749 Size: 2522680 Path: %SystemDrive%\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [Modules]: [Process] OfficeClickToRun.exe MD5: e3cb15c66c3dadce7e2ff8a00b920799 Size: 3019968 Path: %SystemDrive%\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [Modules]: [Process] mbbService.exe MD5: 1f608ceaea01fa7f1089c11b8d9c0b61 Size: 237424 Path: %ALLUSERSPROFILE%\MobileBrServ\mbbService.exe [Modules]: MD5: 1f608ceaea01fa7f1089c11b8d9c0b61 Size: 237424 Path: %ALLUSERSPROFILE%\MobileBrServ\mbbService.exe MD5: aa3b16977532312a378b532db494b653 Size: 1572768 Path: %WINDIR%\SYSTEM32\ntdll.dll MD5: 956db4b52f2ce6365ade6b5d2d74a267 Size: 616048 Path: %WINDIR%\System32\KERNEL32.DLL MD5: 0ee20a5c53e3d00b06fc9ddf0b27abe0 Size: 1705976 Path: %WINDIR%\System32\KERNELBASE.dll MD5: 4bec594a3d4aeafac400d88f7e328c7b Size: 1435896 Path: %WINDIR%\System32\USER32.dll MD5: 9d8f7bd41657b515dd46c7bf90a26cdb Size: 79536 Path: %WINDIR%\System32\win32u.dll MD5: a38bcc4df4da792c71f6fba54299f893 Size: 170960 Path: %WINDIR%\System32\GDI32.dll MD5: 1abaa0d5438ae8f680d5f744f6f1548b Size: 1414728 Path: %WINDIR%\System32\gdi32full.dll MD5: 876577374f31702acc9e8584db453c9b Size: 482392 Path: %WINDIR%\System32\ADVAPI32.dll MD5: 2b3053473d66ad4c34e05b4ab4a9636e Size: 773168 Path: %WINDIR%\System32\msvcrt.dll MD5: ed839824e2d0cde4544276df61bb9868 Size: 255168 Path: %WINDIR%\System32\sechost.dll MD5: 056e20bf43207e95a92d38b539656e3e Size: 790760 Path: %WINDIR%\System32\RPCRT4.dll MD5: 1a8e7650017f0bc9ad12a6861b5119ed Size: 117240 Path: %WINDIR%\System32\SspiCli.dll MD5: 3d4308bac53b881b16d9bd1006abdc65 Size: 31528 Path: %WINDIR%\System32\CRYPTBASE.dll MD5: dbb08db2f47433858c6606484f5fe545 Size: 367208 Path: %WINDIR%\System32\bcryptPrimitives.dll MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll MD5: 90a1cd387f9cb30f86d34b88bfcd83a1 Size: 213848 Path: %WINDIR%\System32\cfgmgr32.dll MD5: 181fe38c3fe164fbfc1a5a8399ccc2da Size: 27360 Path: %WINDIR%\SYSTEM32\VERSION.dll MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\System32\windows.storage.dll MD5: 09fb1e45c38939b300140f01d14d0e6a Size: 2166752 Path: %WINDIR%\System32\combase.dll MD5: 2e0694a49824cf82c1972020db227d8c Size: 918304 Path: %WINDIR%\System32\ucrtbase.dll MD5: a6f22ca344fd1b7d75d49ecc718693c8 Size: 275832 Path: %WINDIR%\System32\powrprof.dll MD5: d9af3498fa5fe659c8f65408fdbf3990 Size: 284056 Path: %WINDIR%\System32\shlwapi.dll MD5: 845fd176fad495db046400ac93747976 Size: 43416 Path: %WINDIR%\System32\kernel.appcore.dll MD5: 9ba6a3849fc8a5b34944135de5263035 Size: 549088 Path: %WINDIR%\System32\shcore.dll MD5: ca6447ddca724f0c5c0cafde184efe64 Size: 54752 Path: %WINDIR%\System32\profapi.dll MD5: b4afcaa856c58fab35c6b6dcf802e420 Size: 4268368 Path: %WINDIR%\System32\SETUPAPI.dll MD5: eb27fe8770bb56d2ba9c9c29f1ab07da Size: 94568 Path: %WINDIR%\SYSTEM32\USERENV.dll MD5: 37589bb48e6ab032bd67bc21e4e92d4f Size: 184416 Path: %WINDIR%\SYSTEM32\IPHLPAPI.DLL MD5: a1c818c3666dc5d95c40f36ef7b70685 Size: 132232 Path: %WINDIR%\SYSTEM32\DEVOBJ.dll MD5: a818f21b0e11ee3156e1330e7749b71d Size: 272720 Path: %WINDIR%\System32\WINTRUST.dll MD5: 5e8336c79be0c2f1080b575e434dd0e4 Size: 49080 Path: %WINDIR%\System32\MSASN1.dll MD5: 5d52820bcf597eac5b109d1494b149ba Size: 1556712 Path: %WINDIR%\System32\CRYPT32.dll MD5: bc36aaf42722db03d8aab9f17b6c6ad9 Size: 20152 Path: %WINDIR%\System32\NSI.dll MD5: cf0766d323fb5bdd661fd9dd81708860 Size: 63488 Path: %WINDIR%\SYSTEM32\dhcpcsvc.DLL MD5: 7a262815259f912431813fef6c2f8e0b Size: 402352 Path: %WINDIR%\System32\WS2_32.dll [Process] NVDisplay.Container.exe MD5: 2328568ee63439a4a11f9dc0692e5527 Size: 458176 Path: %SystemDrive%\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [Modules]: [Process] AdminService.exe [Modules]: [Process] avp.exe MD5: 03b45c52179e8dae51a0f685c30d06d6 Size: 241544 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [Modules]: MD5: 03b45c52179e8dae51a0f685c30d06d6 Size: 241544 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe MD5: aa3b16977532312a378b532db494b653 Size: 1572768 Path: %WINDIR%\SYSTEM32\ntdll.dll MD5: 956db4b52f2ce6365ade6b5d2d74a267 Size: 616048 Path: %WINDIR%\System32\KERNEL32.DLL MD5: 0ee20a5c53e3d00b06fc9ddf0b27abe0 Size: 1705976 Path: %WINDIR%\System32\KERNELBASE.dll MD5: 876577374f31702acc9e8584db453c9b Size: 482392 Path: %WINDIR%\System32\ADVAPI32.dll MD5: 2b3053473d66ad4c34e05b4ab4a9636e Size: 773168 Path: %WINDIR%\System32\msvcrt.dll MD5: ed839824e2d0cde4544276df61bb9868 Size: 255168 Path: %WINDIR%\System32\sechost.dll MD5: 056e20bf43207e95a92d38b539656e3e Size: 790760 Path: %WINDIR%\System32\RPCRT4.dll MD5: 1a8e7650017f0bc9ad12a6861b5119ed Size: 117240 Path: %WINDIR%\System32\SspiCli.dll MD5: 3d4308bac53b881b16d9bd1006abdc65 Size: 31528 Path: %WINDIR%\System32\CRYPTBASE.dll MD5: dbb08db2f47433858c6606484f5fe545 Size: 367208 Path: %WINDIR%\System32\bcryptPrimitives.dll MD5: 348bbea1d2bec8545ea94d4843b21987 Size: 172632 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ushata.dll MD5: 4bec594a3d4aeafac400d88f7e328c7b Size: 1435896 Path: %WINDIR%\System32\USER32.dll MD5: 181fe38c3fe164fbfc1a5a8399ccc2da Size: 27360 Path: %WINDIR%\SYSTEM32\VERSION.dll MD5: 9d8f7bd41657b515dd46c7bf90a26cdb Size: 79536 Path: %WINDIR%\System32\win32u.dll MD5: a38bcc4df4da792c71f6fba54299f893 Size: 170960 Path: %WINDIR%\System32\GDI32.dll MD5: 1abaa0d5438ae8f680d5f744f6f1548b Size: 1414728 Path: %WINDIR%\System32\gdi32full.dll MD5: 0808104137cb6c1150a508691b6616a4 Size: 961192 Path: %WINDIR%\System32\ole32.dll MD5: 09fb1e45c38939b300140f01d14d0e6a Size: 2166752 Path: %WINDIR%\System32\combase.dll MD5: 2e0694a49824cf82c1972020db227d8c Size: 918304 Path: %WINDIR%\System32\ucrtbase.dll MD5: 41ef67375937a8fd7793c0314e320a9d Size: 207480 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\product_info.dll MD5: f0546ac68ba65f3c73f319c256cd5c72 Size: 85360 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpservice.dll MD5: 0e37fbfa79d349d672456923ec5fbbe3 Size: 773968 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\MSVCR100.dll MD5: bc83108b18756547013ed443b8cdb31b Size: 421200 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\MSVCP100.dll MD5: 845fd176fad495db046400ac93747976 Size: 43416 Path: %WINDIR%\System32\kernel.appcore.dll MD5: 90a1cd387f9cb30f86d34b88bfcd83a1 Size: 213848 Path: %WINDIR%\System32\cfgmgr32.dll MD5: 20f94b39c6fddde805e3d42dd1f217d3 Size: 861504 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpmain.dll MD5: 6d95c6266d85ea039fd2843f81fabd93 Size: 18432 Path: %WINDIR%\SYSTEM32\FLTLIB.DLL MD5: a6f22ca344fd1b7d75d49ecc718693c8 Size: 275832 Path: %WINDIR%\System32\powrprof.dll MD5: 45a916a97a898d9ba9f5f30658cb33ef Size: 312272 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\DumpWriter.dll MD5: 7b73fc5ad82af0fb84212106455e0d48 Size: 17048 Path: %WINDIR%\System32\PSAPI.DLL MD5: eb27fe8770bb56d2ba9c9c29f1ab07da Size: 94568 Path: %WINDIR%\SYSTEM32\USERENV.dll MD5: ca6447ddca724f0c5c0cafde184efe64 Size: 54752 Path: %WINDIR%\System32\profapi.dll MD5: 24337596076711fa682d9b09db85863f Size: 2919384 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\instrumental_services.dll MD5: 55d5450c85c0a0de8f2a22f2c0c816ae Size: 53216 Path: %WINDIR%\SYSTEM32\WTSAPI32.dll MD5: 57579fb647d45f6287d2c78bf3ce7a23 Size: 557520 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\dblite.dll MD5: 8aec2240f4faa92ca12f2dcc8abcd8b2 Size: 357224 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\prremote.DLL MD5: 7a262815259f912431813fef6c2f8e0b Size: 402352 Path: %WINDIR%\System32\WS2_32.dll MD5: 245fef3e4016ef7e18f82cf0329dc540 Size: 337880 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\prcore.dll MD5: d9af3498fa5fe659c8f65408fdbf3990 Size: 284056 Path: %WINDIR%\System32\shlwapi.dll MD5: b06f090cb632925bb2ed424c27df1594 Size: 153048 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\nfio.ppl MD5: cb843952e1fc6965d608cdbc06bcb142 Size: 40912 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\fsdrvplg.ppl MD5: be34149fb013fca19318a8feb67ff5e8 Size: 147408 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\fssync.dll MD5: a818f21b0e11ee3156e1330e7749b71d Size: 272720 Path: %WINDIR%\System32\WINTRUST.dll MD5: 5e8336c79be0c2f1080b575e434dd0e4 Size: 49080 Path: %WINDIR%\System32\MSASN1.dll MD5: 5d52820bcf597eac5b109d1494b149ba Size: 1556712 Path: %WINDIR%\System32\CRYPT32.dll MD5: cd51fe428282db6d916aac46ef3a40ce Size: 45520 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\winreg.ppl MD5: cf7308d27a2b2851249a7ce892017305 Size: 154432 Path: %WINDIR%\SYSTEM32\ntmarta.dll MD5: ec17c566f088a9c44c4aa9051c482004 Size: 43616 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\pxstub.ppl MD5: 93860b9eb93be36d5f1931f956a40a23 Size: 1424480 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\params.ppl MD5: 2e0a86ba6c2fef58a04446d0e8805f92 Size: 920936 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\app_core_legacy.dll MD5: 7a2d25fbc9d615898baa56897088ae1b Size: 429008 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\content_filtering_meta.dll MD5: bbe446bab5ccd555a75a9d925ad7b7f8 Size: 274384 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ac_meta.dll MD5: 74fe11e3a943677daca5d810f148d282 Size: 109664 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\backup_facade_metainfo.dll MD5: f7def5def30e66cf4cff64bb4e1aea6d Size: 171952 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\crypto_provider_meta.dll MD5: 6541324477510aed23ec2b7e8fb03d77 Size: 2425440 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\product_metainfo.dll MD5: 8faab9f278f371557648866c36be61ca Size: 73680 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\cf_engines_meta.dll MD5: 7c516156d1e95b53692b2453abbe1125 Size: 145872 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\sw_meta.dll MD5: d78f94ac95bb8c877452c670e7134a6b Size: 221648 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\plugins_meta.dll MD5: eac90f7f824172c26ef79a3b4c21a125 Size: 91600 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\bi_meta.dll MD5: 2c3eb829545fe1874d7d14111ea9dfd6 Size: 99968 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\system_interceptors_meta.dll MD5: 49bc261b033c99386b8b75802e22a3f4 Size: 261760 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ckahum.dll MD5: 2931917d54a35a8f7bfc6b222e7122b7 Size: 68624 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ckahrule.dll MD5: 5488bfb3e04c21f832a8bf5362a91286 Size: 55824 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ckahcomm.dll MD5: ca5717481bab3aa498601c9f661e6a8a Size: 48088 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\thpimpl.ppl MD5: d37ddc1c27c0eec0e9e500d7008e02d9 Size: 88528 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\propmap.ppl MD5: 0f23e15632c06aa7381226b79c30b43e Size: 299944 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\tm.ppl MD5: 797b68fbf17fac2ee57c157232354aca Size: 73168 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\dtreg.ppl MD5: 44f84cd974127b5cd626e59f604bff1b Size: 8131680 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\bl.ppl MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\System32\windows.storage.dll MD5: 9ba6a3849fc8a5b34944135de5263035 Size: 549088 Path: %WINDIR%\System32\shcore.dll MD5: 9d861c150f7bb4df5e2c6fdb3dd78010 Size: 601712 Path: %WINDIR%\System32\OLEAUT32.dll MD5: 8dd0eab4f85b2fea280677b117785b15 Size: 498408 Path: %WINDIR%\System32\msvcp_win.dll MD5: 58419702924c68ee2d11c2c0c5e2187d Size: 147552 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\wmihlpr.ppl MD5: 56a379c81e560a3936b3dcaf7252b339 Size: 28688 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\regmap.ppl MD5: 233dfe39942e7e68ee80e4fc9484aeed Size: 286160 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\storage.dll MD5: 5a92260c913cafd1e0f1494ec7ba8e4d Size: 441808 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\acassembler.dll MD5: 368aa6c24dde39bffdb780a56472b7f1 Size: 1773696 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\system_interceptors.dll MD5: b4afcaa856c58fab35c6b6dcf802e420 Size: 4268368 Path: %WINDIR%\System32\SETUPAPI.dll MD5: ace201d14a0f44f5634d178fd117d8cd Size: 23552 Path: %WINDIR%\SYSTEM32\Secur32.dll MD5: 039f872b9e944d6588d144fe08b79a82 Size: 69232 Path: %WINDIR%\SYSTEM32\NETAPI32.dll MD5: a612555310b7f2a688fa57c7c10615bc Size: 36680 Path: %WINDIR%\SYSTEM32\NETUTILS.DLL MD5: f67dfb27aace637bea56d3eb0726b943 Size: 68608 Path: %WINDIR%\SYSTEM32\SAMCLI.DLL MD5: bac752354eab2c70a53843659a440862 Size: 40528 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\cbi.dll MD5: 8726ca220e8c19c00c642e75f44c04f3 Size: 1133416 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avs_eka.dll MD5: cb8c2aa16b277ad0b932d65a311efcb3 Size: 1643504 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\crypto_ssl.dll MD5: 770c1528b78cc7b2bbf0af74cef0c201 Size: 58368 Path: %WINDIR%\SYSTEM32\wkscli.dll MD5: c041ed5ce66bedfa0ceac973c8e5dac5 Size: 106896 Path: %WINDIR%\SYSTEM32\bcrypt.dll MD5: ddb56b83b18735f13fd1cbef877e9db0 Size: 75920 Path: %WINDIR%\SYSTEM32\srvcli.dll MD5: 0ce6aff79009aeec169c9a75b7567d30 Size: 68720 Path: %WINDIR%\SYSTEM32\CRYPTSP.dll MD5: 9a03702c5ebbc4761770bae67764b219 Size: 184416 Path: %WINDIR%\system32\rsaenh.dll MD5: b11021ee599ac089125044e56bdcbf03 Size: 518096 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\threats_disinfection.dll MD5: 5303fa8bf338a30b76999f9d2e6ac4f4 Size: 392144 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\am_facade.dll MD5: 503e441c06541adeee3f77a575eb6e72 Size: 542680 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\localization_manager.dll MD5: 9744253f3d1544b76a83ab0442ca46f0 Size: 66000 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\qb.ppl MD5: 0091dbaa7a65e43eecc9b3729c021879 Size: 2129024 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\traffic_processing.dll MD5: 0a8a67b428b54f09fcfe2b2b57e4ca17 Size: 1379800 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ksn_facade.dll MD5: 7c51463a22bb94c5dbff7e88c538044c Size: 167896 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\reportdb.ppl MD5: b8c44e0e00d241a8ad6b08c01099626d Size: 52688 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\schedule.ppl MD5: a97242d28ae6a1e58be47790a397dc92 Size: 29136 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\timer.ppl MD5: 51c89fd297c916cf684741a9747d1954 Size: 38928 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\report.ppl MD5: c411de999f0b1bfc549e31b57558197e Size: 632680 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\processmonitor.dll MD5: 43e7f46e3cb0c5c1abd9eb1ab7ed218c Size: 168472 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\application_categorizer.dll MD5: 824ee1361cc2d6706a23617d1a988e97 Size: 312784 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FileCategorizer.dll MD5: c5ba024bb9f4e372c15ecb5ba62f025d Size: 164816 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\sax_xml_parser.dll MD5: 74261d485681a12aff1ad517fd0ef200 Size: 257248 Path: %WINDIR%\SYSTEM32\WINSTA.dll MD5: af02d2ab29ad41fef8ecb1b9b214a4eb Size: 448360 Path: %ALLUSERSPROFILE%\Kaspersky Lab\AVP17.0.0\Bases\Cache\uds.dll.000000000006d768-01d2c035965e5601-01d2c0353f6d840c MD5: a8d4b39045543ef545868747c12c281a Size: 109928 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\self_defence.dll MD5: 148d6f98e9e1eaf841edfb254f33e651 Size: 101840 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\integrity_control.dll MD5: 8c5674dfc3aeb36eca46c32ef3dabf3f Size: 877656 Path: %ALLUSERSPROFILE%\Kaspersky Lab\AVP17.0.0\Bases\Cache\avengine.dll.8c5674dfc3aeb36eca46c32ef3dabf3f MD5: d2f2c6f3779d27c8fa0ff66eadbd0677 Size: 630272 Path: %ALLUSERSPROFILE%\Kaspersky Lab\AVP17.0.0\Bases\Cache\intctrl.kdl.0000000000099e00-01d2c035744c494a-01d2c035607b1ec2 MD5: b4b6357d9f12514b354b995a4ad561a0 Size: 164864 Path: %WINDIR%\system32\netprofm.dll MD5: ea6fa3fee0753e5578da45bd1dbe3b31 Size: 898000 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\plugins_facade.dll MD5: 37589bb48e6ab032bd67bc21e4e92d4f Size: 184416 Path: %WINDIR%\SYSTEM32\IPHLPAPI.DLL MD5: a7656a54ff1af47fd1718b7372a61bad Size: 85968 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avstream_monitor.dll MD5: 3cc083257ccbac3a5da661e2dafe020a Size: 1119888 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\hips.ppl MD5: 40bf419027268a538af7ceff4108efaf Size: 354768 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\oas.ppl MD5: ce087e839e26d441438632fe25f4dbb4 Size: 717640 Path: %ALLUSERSPROFILE%\Kaspersky Lab\AVP17.0.0\Bases\Cache\kavbase.kdl.ce087e839e26d441438632fe25f4dbb4 MD5: 8e6958813b6faaff8a6ee9f2a7040299 Size: 306016 Path: %WINDIR%\system32\mswsock.dll MD5: 69d3bef59176c44c43be51405d375190 Size: 1114240 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\bi_facade.dll MD5: 8dcb2a2962767abc9b94ac1bc1a670bf Size: 313568 Path: %WINDIR%\SYSTEM32\Wlanapi.dll MD5: 39b23843fda32b66f4f65e223a3c163f Size: 35280 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\volenum.ppl MD5: 3e545bc58b98d99625b9da54f8287a67 Size: 568784 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\application_investigator.dll MD5: 87d1e3eb90a316f1fd6dd60a2457189a Size: 528360 Path: %WINDIR%\System32\clbcatq.dll MD5: d5025ffab1f1f88836d30fcd5e9e9dec Size: 26576 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\dmap.ppl MD5: b93be5dab6abf457c90d1d7e8b607fcb Size: 20992 Path: %WINDIR%\System32\npmproxy.dll MD5: c4332772988b3f86524a925790738b64 Size: 452736 Path: %ALLUSERSPROFILE%\Kaspersky Lab\AVP17.0.0\Bases\Cache\wlengine.dll.000000000006e880-01d2c03595d201df-01d2c03540e59cbe MD5: aa86dc342b4ed1c1f839c3bc8aea64b1 Size: 497416 Path: %WINDIR%\SYSTEM32\DNSAPI.dll MD5: bc36aaf42722db03d8aab9f17b6c6ad9 Size: 20152 Path: %WINDIR%\System32\NSI.dll MD5: 8a581a8ee691fd046af2af51f2de9f02 Size: 57344 Path: %WINDIR%\SYSTEM32\dhcpcsvc6.DLL MD5: bf9c66e5614e392fa1255a90046d3275 Size: 636928 Path: %WINDIR%\SYSTEM32\winhttp.dll MD5: cf0766d323fb5bdd661fd9dd81708860 Size: 63488 Path: %WINDIR%\SYSTEM32\dhcpcsvc.DLL MD5: 53965fb6de57c0e2abae5f1870888d44 Size: 26848 Path: %WINDIR%\SYSTEM32\WINNSI.DLL MD5: df275c9659ed8215695b572a8ce17fbc Size: 50176 Path: %WINDIR%\SYSTEM32\ondemandconnroutehelper.dll MD5: 49f66601f196554bc9b36310ce84f011 Size: 13312 Path: %WINDIR%\System32\rasadhlp.dll MD5: b34502122c342ca5b79c5d31aec743e0 Size: 2448232 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\cf_facade.dll MD5: 88361d785cac3baae192703e3754d03a Size: 969744 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\icuuc40.dll MD5: b94a753e5f2ed54dd34ddc76f42ea532 Size: 2969104 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\icudt40.dll MD5: ef5d263145407bf2e5a148f3b048e3b4 Size: 499048 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\cf_engines.dll MD5: 91603b1dcbfa4f442b53c87300e13ab4 Size: 865232 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll MD5: 82b77e33d5173e97d923cdcbc439ff28 Size: 51728 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\icuio40.dll MD5: f2d90f823a91d4e4bc2c07a6aa6e1e77 Size: 1073168 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\icuin40.dll MD5: ba22c7afe02e09916c5664e1dd98a879 Size: 279040 Path: %WINDIR%\System32\fwpuclnt.dll MD5: 390e89b590bf63eebf88abc15078a198 Size: 55808 Path: %WINDIR%\system32\napinsp.dll MD5: 3f0f179c20f3633d2ec06774430ba831 Size: 70656 Path: %WINDIR%\system32\pnrpnsp.dll MD5: dc36b937a621db86954c64167c126362 Size: 1585248 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\safe_banking.dll MD5: a8c6fcb5a946ab8a9553f43529dfda9a Size: 65024 Path: %WINDIR%\system32\NLAapi.dll MD5: 6b408458867bf3b61f363c0eb423f87f Size: 24064 Path: %WINDIR%\System32\winrnr.dll MD5: 453c23668fd9f3b8720379ad2b0ea5cf Size: 51712 Path: %WINDIR%\System32\wshbth.dll MD5: c5c8ceb789fa5d81f149b69a158ba287 Size: 81360 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\winevent_interceptor_controller.dll MD5: 9e5d2569250bc5bc12bdaf42e758cc4e Size: 534376 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\traffic_processing_external.dll MD5: 4dd8ca4e32ba9a815122a7d6187ebcf9 Size: 1787998 Path: %ALLUSERSPROFILE%\Kaspersky Lab\AVP17.0.0\Bases\Cache\klavemu.kdl.4dd8ca4e32ba9a815122a7d6187ebcf9 MD5: e6611ce520b7473d308c2ab7b8112c49 Size: 416862 Path: %ALLUSERSPROFILE%\Kaspersky Lab\AVP17.0.0\Bases\Cache\kjim.kdl.e6611ce520b7473d308c2ab7b8112c49 MD5: 1fa83667910e2ba5469073d2902332bc Size: 150110 Path: %ALLUSERSPROFILE%\Kaspersky Lab\AVP17.0.0\Bases\Cache\sys_critical_obj.dll.1fa83667910e2ba5469073d2902332bc MD5: c8c301b72334d018b1f08fdc68c0321b Size: 37192 Path: %WINDIR%\SYSTEM32\tbs.DLL MD5: 69a2169e9b8a13e8d6211d2d978100cc Size: 1375456 Path: %WINDIR%\SYSTEM32\propsys.DLL MD5: 0f1e9d98cc524190e9b045908e6bc1f6 Size: 2560 Path: %WINDIR%\SYSTEM32\sfc.DLL MD5: 94c93f32b21eb2da6aff2c264b17e623 Size: 43520 Path: %WINDIR%\SYSTEM32\sfc_os.DLL MD5: 4265c28b61b27c44c2d9afa75bdfa336 Size: 215134 Path: %ALLUSERSPROFILE%\Kaspersky Lab\AVP17.0.0\Bases\Cache\mark.kdl.4265c28b61b27c44c2d9afa75bdfa336 MD5: d6af48daa0074e100bbbfeb8e137a2be Size: 127070 Path: %ALLUSERSPROFILE%\Kaspersky Lab\AVP17.0.0\Bases\Cache\arkmon.kdl.d6af48daa0074e100bbbfeb8e137a2be MD5: cebd78204611367e4f3e47c4b253141d Size: 538206 Path: %ALLUSERSPROFILE%\Kaspersky Lab\AVP17.0.0\Bases\Cache\qscan.kdl.cebd78204611367e4f3e47c4b253141d MD5: a2868453b062e0de0b1e2dc5267a334c Size: 276062 Path: %ALLUSERSPROFILE%\Kaspersky Lab\AVP17.0.0\Bases\Cache\kavsys.kdl.a2868453b062e0de0b1e2dc5267a334c MD5: d86ad86b05274e6386976fe42a7ba7c0 Size: 3689984 Path: %WINDIR%\SYSTEM32\msi.dll MD5: 04f9d3ff00967995ec9f06f0bf96c622 Size: 362848 Path: %WINDIR%\System32\coml2.dll MD5: 25335383bc43aacdcd22836a3e732bdc Size: 86232 Path: %WINDIR%\SYSTEM32\mpr.dll MD5: 85ceceb4b3569cc2b237df3fe5dfea8f Size: 117342 Path: %ALLUSERSPROFILE%\Kaspersky Lab\AVP17.0.0\Bases\Cache\swmon.kdl.000000000001ca5e-01d2c035949d311a-01d2c0356786f96a MD5: 6219a99c26658cdf126e7fa53c709241 Size: 112120 Path: %WINDIR%\SYSTEM32\gpapi.dll MD5: a041f36a6d4f24d3e1daa1c20c26ecdf Size: 49616 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\wdiskio.ppl MD5: 93b7c9dfe4fc0c13b50e7201ac77f992 Size: 162398 Path: %ALLUSERSPROFILE%\Kaspersky Lab\AVP17.0.0\Bases\Cache\swmon_drv.kdl.0000000000027a5e-01d2c03594bad787-01d2c03568ad560d MD5: 0e874792ff73e37ad88f47be222e1d59 Size: 134656 Path: %WINDIR%\System32\cryptnet.dll MD5: 1531cabd322fd581495998750481a396 Size: 164816 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\netwatch.ppl MD5: 4330af6614f053dd11985fe6ac037c7d Size: 565248 Path: %WINDIR%\SYSTEM32\rasapi32.dll MD5: 5fa2f260361fc794573481f9ec54b03f Size: 86016 Path: %WINDIR%\SYSTEM32\rasman.dll MD5: 118ff3066cadbc6c18a87c7ec11c0083 Size: 367104 Path: %WINDIR%\System32\FirewallAPI.dll MD5: 04ae50f972c88cd349e1b316d24de386 Size: 127488 Path: %WINDIR%\System32\fwbase.dll MD5: 4ca5e2f905d30f523106394ad84c3d3d Size: 116176 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\crpthlpr.ppl MD5: 0da78554a450d3f26c66612c83bd7b1c Size: 1313640 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\licensing_product_facade.dll MD5: ed30055b216b7a2857a091a6ff41ab94 Size: 1852368 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\updater_facade.dll MD5: 28f64da5c012d0a537a2d231f20e1c32 Size: 1674600 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ucp_agent.dll MD5: 17f68882050748862f113f430512a0cf Size: 542208 Path: %WINDIR%\System32\Windows.Networking.Connectivity.dll MD5: 55bacf94d15a66b2066fc6fd716c049d Size: 67112 Path: %WINDIR%\System32\wwapi.dll MD5: 02f57688fbda667df92a749a3f7ff28e Size: 274384 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\am_patch_management.dll MD5: d87ea5b6cfa55faf232fb987d719246b Size: 846560 Path: %WINDIR%\System32\WinTypes.dll MD5: 85cdd8d6d842b9140dee7e7347cfe49a Size: 99328 Path: %WINDIR%\System32\wcmapi.dll MD5: 3880361de2c511c7c5735b91016c4862 Size: 84664 Path: %WINDIR%\System32\RMCLIENT.dll MD5: 87108bad1371e114df46193d403e09e1 Size: 714192 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\uninstallation_assistant.dll MD5: d5b2b308267c645863204f286209d6ee Size: 120784 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ekasyswatch.dll MD5: a8538fcc9b5571475410e16eb12084d3 Size: 393680 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\cf_dnt.dll MD5: 43e676ea933bd814995f1754e7463630 Size: 601552 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\antispam.ppl MD5: 752d8a748d03fc7bb4a6ae71eec2e2a0 Size: 103888 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ahids.ppl MD5: ba0821a7abd72f9e529633b23e0df126 Size: 1284190 Path: %ALLUSERSPROFILE%\Kaspersky Lab\AVP17.0.0\Bases\Cache\klavasyswatch.dll.000000000013985e-01d2c03593da9a6c-01d2c035404d2a8b MD5: 2cdb8e874f0950ea17a7135427b4f07d Size: 135376 Path: %WINDIR%\SYSTEM32\WINMM.dll MD5: dcdf6a9e619644e12c74457a8a3c1e1b Size: 131208 Path: %WINDIR%\SYSTEM32\WINMMBASE.dll MD5: ea666739b5f804b4ba67bb03d0f6c1ee Size: 1159528 Path: %ALLUSERSPROFILE%\Kaspersky Lab\AVP17.0.0\Bases\Cache\heurap.dll.ea666739b5f804b4ba67bb03d0f6c1ee MD5: e7e5a4b7fceb7caf5bb1c75d43c6acbc Size: 806672 Path: %ALLUSERSPROFILE%\Kaspersky Lab\AVP17.0.0\Bases\Cache\dnt_engine.dll.00000000000c4f10-01d2c0357278ea9b-01d2c0354225faa0 MD5: 5074a8deea39fb50dd34f2f726a1468a Size: 89040 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\swpragueplugin.dll MD5: ee3a2911a89cfca2b0ed923d16905d83 Size: 561064 Path: %ALLUSERSPROFILE%\Kaspersky Lab\AVP17.0.0\Bases\Cache\apuhttps.dll.ee3a2911a89cfca2b0ed923d16905d83 MD5: 7ae2415510db9f71a6d8add8dbe98aff Size: 498648 Path: %ALLUSERSPROFILE%\Kaspersky Lab\AVP17.0.0\Bases\Cache\pdm.kdl.0000000000079bd8-01d2c0359429a0bc-01d2c0356d417522 MD5: f6f5b32d0808d7b7dc30d6ce30fbb0e2 Size: 58840 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ndetect.ppl MD5: db182bcb4448fbc74e68b313838a64b4 Size: 196424 Path: %ALLUSERSPROFILE%\Kaspersky Lab\AVP17.0.0\Bases\Cache\vlns.kdl.db182bcb4448fbc74e68b313838a64b4 MD5: 2f9c4b53d80a8ec9d34fd482cb1d0bd3 Size: 2121568 Path: %WINDIR%\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171\Comctl32.dll MD5: 4db1f3203905b0722dbfbaea1b5ef48c Size: 466392 Path: %ALLUSERSPROFILE%\Kaspersky Lab\AVP17.0.0\Bases\Cache\bsshlp2.kdl.4db1f3203905b0722dbfbaea1b5ef48c MD5: 1505ab59ee13f539a01afd0a5100e8bb Size: 265312 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\installation_assistant.dll MD5: 3771cc8b586f6e953073e07735c46d98 Size: 86016 Path: %WINDIR%\SYSTEM32\SAMLIB.dll MD5: 6be1dae295eadf4a058f83c164a27089 Size: 42496 Path: %WINDIR%\SYSTEM32\cscapi.dll MD5: 15d85d9c2560d7b456a9b51ba619b807 Size: 167520 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\browser_integration.dll MD5: bfcfb0177935e235b1febade3694839d Size: 93984 Path: %WINDIR%\System32\imagehlp.dll MD5: cf8ba70ab56e5f0a09986625548648ad Size: 369246 Path: %ALLUSERSPROFILE%\Kaspersky Lab\AVP17.0.0\Bases\Cache\pbs.kdl.cf8ba70ab56e5f0a09986625548648ad MD5: 003274de008d272c16c80d726845c23c Size: 35328 Path: %WINDIR%\system32\wbem\wbemprox.dll MD5: f306c8d60c75d48bbe039ea69280bb6f Size: 391168 Path: %WINDIR%\SYSTEM32\wbemcomn.dll MD5: 75b865ad79ecea39f566f4ee82b8ec07 Size: 48640 Path: %WINDIR%\system32\wbem\wbemsvc.dll MD5: fba861ef9ae6f64ca375eea558d3149b Size: 779776 Path: %WINDIR%\system32\wbem\fastprox.dll MD5: 6d1a29096e54589362357cdf0ba1e9e9 Size: 581120 Path: %WINDIR%\system32\apphelp.dll MD5: 19d8119776943ed31455c54472dbfafc Size: 33792 Path: %WINDIR%\SYSTEM32\LINKINFO.dll MD5: f3a8a5b3cc9b2a6ed0b1f12a64c05398 Size: 27600 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\hashmd5.ppl MD5: 83d8a4e04f99c5fd749d34cc4b970a0e Size: 9216 Path: %WINDIR%\SYSTEM32\shfolder.dll MD5: befed197ae9153766f7304650368f3d8 Size: 461312 Path: %WINDIR%\SYSTEM32\webio.dll [Process] svchost.exe MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Modules]: [Process] svchost.exe MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Modules]: [Process] nvxdsync.exe MD5: 93a49f8ecc625ee8fd3bfc3c5feb8d47 Size: 1285568 Path: %SystemDrive%\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [Modules]: [Process] sihost.exe [Modules]: [Process] PresentationFontCache.exe MD5: 59241194dbdf30a2b4029e402f377900 Size: 43696 Path: %WINDIR%\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [Modules]: [Process] explorer.exe MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe [Modules]: [Process] nvtray.exe MD5: 6d9b10e0e92c87a34f9c78e60bb250bc Size: 2456632 Path: %SystemDrive%\Program Files\NVIDIA Corporation\Display\nvtray.exe [Modules]: [Process] NvStreamNetworkService.exe MD5: e6a64322eb213aeacbb61584aa6fb032 Size: 3634232 Path: %SystemDrive%\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [Modules]: [Process] taskhostw.exe [Modules]: [Process] igfxEM.exe MD5: 0bec3ed565c42e4b72978f0b7a521258 Size: 531952 Path: %WINDIR%\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxEM.exe [Modules]: [Process] NvStreamUserAgent.exe MD5: 6aa800365ea5a95f4459cced9346f605 Size: 21332536 Path: %SystemDrive%\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe [Modules]: [Process] conhost.exe [Modules]: [Process] ShellExperienceHost.exe MD5: 7850d58ee55539b703ea883d375d2d70 Size: 1653600 Path: %WINDIR%\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [Modules]: [Process] SearchIndexer.exe MD5: b13b953abe94ae209f0812995de1fc19 Size: 773120 Path: %WINDIR%\System32\SearchIndexer.exe [Modules]: [Process] SearchUI.exe MD5: ebc4935445ca5a3d4d898076642ec618 Size: 10652512 Path: %WINDIR%\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [Modules]: [Process] RuntimeBroker.exe [Modules]: [Process] NvBackend.exe MD5: be586b5d1d73e1f07ed5aaddefbcaa47 Size: 2398776 Path: %PROGRAMFILES%\NVIDIA Corporation\Update Core\NvBackend.exe [Modules]: MD5: be586b5d1d73e1f07ed5aaddefbcaa47 Size: 2398776 Path: %PROGRAMFILES%\NVIDIA Corporation\Update Core\NvBackend.exe MD5: aa3b16977532312a378b532db494b653 Size: 1572768 Path: %WINDIR%\SYSTEM32\ntdll.dll MD5: 956db4b52f2ce6365ade6b5d2d74a267 Size: 616048 Path: %WINDIR%\System32\KERNEL32.DLL MD5: 0ee20a5c53e3d00b06fc9ddf0b27abe0 Size: 1705976 Path: %WINDIR%\System32\KERNELBASE.dll MD5: 7a262815259f912431813fef6c2f8e0b Size: 402352 Path: %WINDIR%\System32\WS2_32.dll MD5: ed839824e2d0cde4544276df61bb9868 Size: 255168 Path: %WINDIR%\System32\sechost.dll MD5: 056e20bf43207e95a92d38b539656e3e Size: 790760 Path: %WINDIR%\System32\RPCRT4.dll MD5: 37589bb48e6ab032bd67bc21e4e92d4f Size: 184416 Path: %WINDIR%\SYSTEM32\IPHLPAPI.DLL MD5: 1a8e7650017f0bc9ad12a6861b5119ed Size: 117240 Path: %WINDIR%\System32\SspiCli.dll MD5: 3d4308bac53b881b16d9bd1006abdc65 Size: 31528 Path: %WINDIR%\System32\CRYPTBASE.dll MD5: dbb08db2f47433858c6606484f5fe545 Size: 367208 Path: %WINDIR%\System32\bcryptPrimitives.dll MD5: 4bec594a3d4aeafac400d88f7e328c7b Size: 1435896 Path: %WINDIR%\System32\USER32.dll MD5: 9d8f7bd41657b515dd46c7bf90a26cdb Size: 79536 Path: %WINDIR%\System32\win32u.dll MD5: a38bcc4df4da792c71f6fba54299f893 Size: 170960 Path: %WINDIR%\System32\GDI32.dll MD5: 1abaa0d5438ae8f680d5f744f6f1548b Size: 1414728 Path: %WINDIR%\System32\gdi32full.dll MD5: 876577374f31702acc9e8584db453c9b Size: 482392 Path: %WINDIR%\System32\ADVAPI32.dll MD5: 2b3053473d66ad4c34e05b4ab4a9636e Size: 773168 Path: %WINDIR%\System32\msvcrt.dll MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll MD5: 90a1cd387f9cb30f86d34b88bfcd83a1 Size: 213848 Path: %WINDIR%\System32\cfgmgr32.dll MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\System32\windows.storage.dll MD5: 09fb1e45c38939b300140f01d14d0e6a Size: 2166752 Path: %WINDIR%\System32\combase.dll MD5: 2e0694a49824cf82c1972020db227d8c Size: 918304 Path: %WINDIR%\System32\ucrtbase.dll MD5: a6f22ca344fd1b7d75d49ecc718693c8 Size: 275832 Path: %WINDIR%\System32\powrprof.dll MD5: d9af3498fa5fe659c8f65408fdbf3990 Size: 284056 Path: %WINDIR%\System32\shlwapi.dll MD5: 845fd176fad495db046400ac93747976 Size: 43416 Path: %WINDIR%\System32\kernel.appcore.dll MD5: 9ba6a3849fc8a5b34944135de5263035 Size: 549088 Path: %WINDIR%\System32\shcore.dll MD5: ca6447ddca724f0c5c0cafde184efe64 Size: 54752 Path: %WINDIR%\System32\profapi.dll MD5: b4afcaa856c58fab35c6b6dcf802e420 Size: 4268368 Path: %WINDIR%\System32\SETUPAPI.dll MD5: 0808104137cb6c1150a508691b6616a4 Size: 961192 Path: %WINDIR%\System32\ole32.dll MD5: 181fe38c3fe164fbfc1a5a8399ccc2da Size: 27360 Path: %WINDIR%\SYSTEM32\VERSION.dll MD5: 9d861c150f7bb4df5e2c6fdb3dd78010 Size: 601712 Path: %WINDIR%\System32\OLEAUT32.dll MD5: bf9c66e5614e392fa1255a90046d3275 Size: 636928 Path: %WINDIR%\SYSTEM32\winhttp.dll MD5: 8dd0eab4f85b2fea280677b117785b15 Size: 498408 Path: %WINDIR%\System32\msvcp_win.dll MD5: cc950cd469949f05ac43e98fa80b39fc Size: 20536 Path: %PROGRAMFILES%\NVIDIA Corporation\Update Core\detoured.dll MD5: 203f58ba41b48a59d6a047e0233db422 Size: 144632 Path: %WINDIR%\System32\IMM32.DLL MD5: cf7308d27a2b2851249a7ce892017305 Size: 154432 Path: %WINDIR%\SYSTEM32\ntmarta.dll MD5: 3b83c49b5a250a95183dcbbb384b45f4 Size: 457728 Path: %WINDIR%\system32\uxtheme.dll MD5: 4c8949c02fb00a66327be21f44515b87 Size: 1260784 Path: %WINDIR%\System32\MSCTF.dll MD5: a839b2cf099c3f328e6d369e29b14e02 Size: 113504 Path: %WINDIR%\system32\dwmapi.dll MD5: 0ce6aff79009aeec169c9a75b7567d30 Size: 68720 Path: %WINDIR%\SYSTEM32\CRYPTSP.dll MD5: 9a03702c5ebbc4761770bae67764b219 Size: 184416 Path: %WINDIR%\system32\rsaenh.dll MD5: c041ed5ce66bedfa0ceac973c8e5dac5 Size: 106896 Path: %WINDIR%\SYSTEM32\bcrypt.dll MD5: 8e6958813b6faaff8a6ee9f2a7040299 Size: 306016 Path: %WINDIR%\system32\mswsock.dll [Process] RAVBg64.exe MD5: c75bef5e0aa96799e8ad5e363009c125 Size: 1483264 Path: %SystemDrive%\Program Files\Realtek\Audio\HDA\RAVBg64.exe [Modules]: [Process] RAVCpl64.exe MD5: 88fc2108f110c7b91a44d9865d63b67e Size: 16781824 Path: %SystemDrive%\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [Modules]: [Process] LiveTuner2.exe MD5: c1fd98dec4c671b515e474d9389327e9 Size: 4164944 Path: %PROGRAMFILES%\Ashampoo\Ashampoo WinOptimizer 14\LiveTuner2.exe [Modules]: MD5: c1fd98dec4c671b515e474d9389327e9 Size: 4164944 Path: %PROGRAMFILES%\Ashampoo\Ashampoo WinOptimizer 14\LiveTuner2.exe MD5: aa3b16977532312a378b532db494b653 Size: 1572768 Path: %WINDIR%\SYSTEM32\ntdll.dll MD5: 956db4b52f2ce6365ade6b5d2d74a267 Size: 616048 Path: %WINDIR%\System32\KERNEL32.DLL MD5: 0ee20a5c53e3d00b06fc9ddf0b27abe0 Size: 1705976 Path: %WINDIR%\System32\KERNELBASE.dll MD5: 9d861c150f7bb4df5e2c6fdb3dd78010 Size: 601712 Path: %WINDIR%\System32\OLEAUT32.dll MD5: 8dd0eab4f85b2fea280677b117785b15 Size: 498408 Path: %WINDIR%\System32\msvcp_win.dll MD5: 2e0694a49824cf82c1972020db227d8c Size: 918304 Path: %WINDIR%\System32\ucrtbase.dll MD5: 09fb1e45c38939b300140f01d14d0e6a Size: 2166752 Path: %WINDIR%\System32\combase.dll MD5: 056e20bf43207e95a92d38b539656e3e Size: 790760 Path: %WINDIR%\System32\RPCRT4.dll MD5: 1a8e7650017f0bc9ad12a6861b5119ed Size: 117240 Path: %WINDIR%\System32\SspiCli.dll MD5: 3d4308bac53b881b16d9bd1006abdc65 Size: 31528 Path: %WINDIR%\System32\CRYPTBASE.dll MD5: dbb08db2f47433858c6606484f5fe545 Size: 367208 Path: %WINDIR%\System32\bcryptPrimitives.dll MD5: ed839824e2d0cde4544276df61bb9868 Size: 255168 Path: %WINDIR%\System32\sechost.dll MD5: 876577374f31702acc9e8584db453c9b Size: 482392 Path: %WINDIR%\System32\ADVAPI32.dll MD5: 2b3053473d66ad4c34e05b4ab4a9636e Size: 773168 Path: %WINDIR%\System32\msvcrt.dll MD5: 4bec594a3d4aeafac400d88f7e328c7b Size: 1435896 Path: %WINDIR%\System32\USER32.dll MD5: 9d8f7bd41657b515dd46c7bf90a26cdb Size: 79536 Path: %WINDIR%\System32\win32u.dll MD5: a38bcc4df4da792c71f6fba54299f893 Size: 170960 Path: %WINDIR%\System32\GDI32.dll MD5: 1abaa0d5438ae8f680d5f744f6f1548b Size: 1414728 Path: %WINDIR%\System32\gdi32full.dll MD5: 0808104137cb6c1150a508691b6616a4 Size: 961192 Path: %WINDIR%\System32\ole32.dll MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll MD5: 181fe38c3fe164fbfc1a5a8399ccc2da Size: 27360 Path: %WINDIR%\SYSTEM32\VERSION.dll MD5: db22bf6e188f54e592c1bbfbd4f79497 Size: 7168 Path: %WINDIR%\SYSTEM32\msimg32.dll MD5: 90a1cd387f9cb30f86d34b88bfcd83a1 Size: 213848 Path: %WINDIR%\System32\cfgmgr32.dll MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\System32\windows.storage.dll MD5: 2faa24d4c4fb0fbe8668f4553ac6a723 Size: 90624 Path: %WINDIR%\SYSTEM32\olepro32.dll MD5: a6f22ca344fd1b7d75d49ecc718693c8 Size: 275832 Path: %WINDIR%\System32\powrprof.dll MD5: d9af3498fa5fe659c8f65408fdbf3990 Size: 284056 Path: %WINDIR%\System32\shlwapi.dll MD5: 845fd176fad495db046400ac93747976 Size: 43416 Path: %WINDIR%\System32\kernel.appcore.dll MD5: 9ba6a3849fc8a5b34944135de5263035 Size: 549088 Path: %WINDIR%\System32\shcore.dll MD5: ca6447ddca724f0c5c0cafde184efe64 Size: 54752 Path: %WINDIR%\System32\profapi.dll MD5: 3b0c16c02ad9a6c70240280fc03ac60a Size: 2483200 Path: %WINDIR%\SYSTEM32\wininet.dll MD5: 053b12d5d2e45a7e01e43f008552620c Size: 912896 Path: %WINDIR%\System32\comdlg32.dll MD5: 2f9c4b53d80a8ec9d34fd482cb1d0bd3 Size: 2121568 Path: %WINDIR%\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171\Comctl32.dll MD5: 0f50c735247d0f82b48c4519ba7cbfc9 Size: 414208 Path: %WINDIR%\SYSTEM32\winspool.drv MD5: 2cdb8e874f0950ea17a7135427b4f07d Size: 135376 Path: %WINDIR%\SYSTEM32\WINMM.dll MD5: 82da778bc8882dca29066a1c6cd8bcca Size: 325120 Path: %WINDIR%\SYSTEM32\oleacc.dll MD5: 37d01fc6cbf24f96edf0a2e6a2f28b4c Size: 1456640 Path: %WINDIR%\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.953_none_baad48403594ab3f\gdiplus.dll MD5: dcdf6a9e619644e12c74457a8a3c1e1b Size: 131208 Path: %WINDIR%\SYSTEM32\WINMMBASE.dll MD5: c041ed5ce66bedfa0ceac973c8e5dac5 Size: 106896 Path: %WINDIR%\SYSTEM32\bcrypt.dll MD5: 203f58ba41b48a59d6a047e0233db422 Size: 144632 Path: %WINDIR%\System32\IMM32.DLL MD5: 3b83c49b5a250a95183dcbbb384b45f4 Size: 457728 Path: %WINDIR%\system32\uxtheme.dll MD5: 87d1e3eb90a316f1fd6dd60a2457189a Size: 528360 Path: %WINDIR%\System32\clbcatq.dll MD5: 69a2169e9b8a13e8d6211d2d978100cc Size: 1375456 Path: %WINDIR%\SYSTEM32\propsys.DLL MD5: 4c8949c02fb00a66327be21f44515b87 Size: 1260784 Path: %WINDIR%\System32\MSCTF.dll MD5: a839b2cf099c3f328e6d369e29b14e02 Size: 113504 Path: %WINDIR%\system32\dwmapi.dll MD5: cf7308d27a2b2851249a7ce892017305 Size: 154432 Path: %WINDIR%\SYSTEM32\ntmarta.dll [Process] jusched.exe MD5: 05335d3912effb2b038906dec3982b06 Size: 587288 Path: %COMMONPROGRAMFILES%\Java\Java Update\jusched.exe [Modules]: MD5: 05335d3912effb2b038906dec3982b06 Size: 587288 Path: %COMMONPROGRAMFILES%\Java\Java Update\jusched.exe MD5: aa3b16977532312a378b532db494b653 Size: 1572768 Path: %WINDIR%\SYSTEM32\ntdll.dll MD5: 956db4b52f2ce6365ade6b5d2d74a267 Size: 616048 Path: %WINDIR%\System32\KERNEL32.DLL MD5: 0ee20a5c53e3d00b06fc9ddf0b27abe0 Size: 1705976 Path: %WINDIR%\System32\KERNELBASE.dll MD5: 0808104137cb6c1150a508691b6616a4 Size: 961192 Path: %WINDIR%\System32\ole32.dll MD5: 09fb1e45c38939b300140f01d14d0e6a Size: 2166752 Path: %WINDIR%\System32\combase.dll MD5: 2e0694a49824cf82c1972020db227d8c Size: 918304 Path: %WINDIR%\System32\ucrtbase.dll MD5: 056e20bf43207e95a92d38b539656e3e Size: 790760 Path: %WINDIR%\System32\RPCRT4.dll MD5: 1a8e7650017f0bc9ad12a6861b5119ed Size: 117240 Path: %WINDIR%\System32\SspiCli.dll MD5: 3d4308bac53b881b16d9bd1006abdc65 Size: 31528 Path: %WINDIR%\System32\CRYPTBASE.dll MD5: dbb08db2f47433858c6606484f5fe545 Size: 367208 Path: %WINDIR%\System32\bcryptPrimitives.dll MD5: ed839824e2d0cde4544276df61bb9868 Size: 255168 Path: %WINDIR%\System32\sechost.dll MD5: a38bcc4df4da792c71f6fba54299f893 Size: 170960 Path: %WINDIR%\System32\GDI32.dll MD5: 1abaa0d5438ae8f680d5f744f6f1548b Size: 1414728 Path: %WINDIR%\System32\gdi32full.dll MD5: 4bec594a3d4aeafac400d88f7e328c7b Size: 1435896 Path: %WINDIR%\System32\USER32.dll MD5: 9d8f7bd41657b515dd46c7bf90a26cdb Size: 79536 Path: %WINDIR%\System32\win32u.dll MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll MD5: 2b3053473d66ad4c34e05b4ab4a9636e Size: 773168 Path: %WINDIR%\System32\msvcrt.dll MD5: 90a1cd387f9cb30f86d34b88bfcd83a1 Size: 213848 Path: %WINDIR%\System32\cfgmgr32.dll MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\System32\windows.storage.dll MD5: a6f22ca344fd1b7d75d49ecc718693c8 Size: 275832 Path: %WINDIR%\System32\powrprof.dll MD5: 876577374f31702acc9e8584db453c9b Size: 482392 Path: %WINDIR%\System32\ADVAPI32.dll MD5: d9af3498fa5fe659c8f65408fdbf3990 Size: 284056 Path: %WINDIR%\System32\shlwapi.dll MD5: 845fd176fad495db046400ac93747976 Size: 43416 Path: %WINDIR%\System32\kernel.appcore.dll MD5: 9ba6a3849fc8a5b34944135de5263035 Size: 549088 Path: %WINDIR%\System32\shcore.dll MD5: ca6447ddca724f0c5c0cafde184efe64 Size: 54752 Path: %WINDIR%\System32\profapi.dll MD5: 9d861c150f7bb4df5e2c6fdb3dd78010 Size: 601712 Path: %WINDIR%\System32\OLEAUT32.dll MD5: 8dd0eab4f85b2fea280677b117785b15 Size: 498408 Path: %WINDIR%\System32\msvcp_win.dll MD5: 3b0c16c02ad9a6c70240280fc03ac60a Size: 2483200 Path: %WINDIR%\SYSTEM32\wininet.dll MD5: 5d52820bcf597eac5b109d1494b149ba Size: 1556712 Path: %WINDIR%\System32\CRYPT32.dll MD5: 181fe38c3fe164fbfc1a5a8399ccc2da Size: 27360 Path: %WINDIR%\SYSTEM32\VERSION.dll MD5: 5e8336c79be0c2f1080b575e434dd0e4 Size: 49080 Path: %WINDIR%\System32\MSASN1.dll MD5: d86ad86b05274e6386976fe42a7ba7c0 Size: 3689984 Path: %WINDIR%\SYSTEM32\msi.dll MD5: c041ed5ce66bedfa0ceac973c8e5dac5 Size: 106896 Path: %WINDIR%\SYSTEM32\bcrypt.dll MD5: 203f58ba41b48a59d6a047e0233db422 Size: 144632 Path: %WINDIR%\System32\IMM32.DLL MD5: 3b83c49b5a250a95183dcbbb384b45f4 Size: 457728 Path: %WINDIR%\system32\uxtheme.dll MD5: d204c988115dd69889e3c0172e92bcff Size: 13312 Path: %WINDIR%\SYSTEM32\DPAPI.dll [Process] avpui.exe MD5: e14f3c1c1833a0bb3b639d1bd5f55bf5 Size: 223704 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe [Modules]: MD5: e14f3c1c1833a0bb3b639d1bd5f55bf5 Size: 223704 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe MD5: aa3b16977532312a378b532db494b653 Size: 1572768 Path: %WINDIR%\SYSTEM32\ntdll.dll MD5: 956db4b52f2ce6365ade6b5d2d74a267 Size: 616048 Path: %WINDIR%\System32\KERNEL32.DLL MD5: 0ee20a5c53e3d00b06fc9ddf0b27abe0 Size: 1705976 Path: %WINDIR%\System32\KERNELBASE.dll MD5: 2582aa6c1f88d34b37b7f82d790d232e Size: 338432 Path: %WINDIR%\SYSTEM32\mscoree.dll MD5: 348bbea1d2bec8545ea94d4843b21987 Size: 172632 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ushata.dll MD5: 4bec594a3d4aeafac400d88f7e328c7b Size: 1435896 Path: %WINDIR%\System32\USER32.dll MD5: 181fe38c3fe164fbfc1a5a8399ccc2da Size: 27360 Path: %WINDIR%\SYSTEM32\VERSION.dll MD5: 9d8f7bd41657b515dd46c7bf90a26cdb Size: 79536 Path: %WINDIR%\System32\win32u.dll MD5: a38bcc4df4da792c71f6fba54299f893 Size: 170960 Path: %WINDIR%\System32\GDI32.dll MD5: 2b3053473d66ad4c34e05b4ab4a9636e Size: 773168 Path: %WINDIR%\System32\msvcrt.dll MD5: 1abaa0d5438ae8f680d5f744f6f1548b Size: 1414728 Path: %WINDIR%\System32\gdi32full.dll MD5: 876577374f31702acc9e8584db453c9b Size: 482392 Path: %WINDIR%\System32\ADVAPI32.dll MD5: ed839824e2d0cde4544276df61bb9868 Size: 255168 Path: %WINDIR%\System32\sechost.dll MD5: 056e20bf43207e95a92d38b539656e3e Size: 790760 Path: %WINDIR%\System32\RPCRT4.dll MD5: 1a8e7650017f0bc9ad12a6861b5119ed Size: 117240 Path: %WINDIR%\System32\SspiCli.dll MD5: 3d4308bac53b881b16d9bd1006abdc65 Size: 31528 Path: %WINDIR%\System32\CRYPTBASE.dll MD5: dbb08db2f47433858c6606484f5fe545 Size: 367208 Path: %WINDIR%\System32\bcryptPrimitives.dll MD5: 0808104137cb6c1150a508691b6616a4 Size: 961192 Path: %WINDIR%\System32\ole32.dll MD5: 09fb1e45c38939b300140f01d14d0e6a Size: 2166752 Path: %WINDIR%\System32\combase.dll MD5: 2e0694a49824cf82c1972020db227d8c Size: 918304 Path: %WINDIR%\System32\ucrtbase.dll MD5: 203f58ba41b48a59d6a047e0233db422 Size: 144632 Path: %WINDIR%\System32\IMM32.DLL MD5: 0487cfc8ab4470573d6e268c20bbe29c Size: 511656 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll MD5: 845fd176fad495db046400ac93747976 Size: 43416 Path: %WINDIR%\System32\kernel.appcore.dll MD5: 4cf6dc9eb4b1ead6415945b794f9dd08 Size: 7200912 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\clr.dll MD5: d9af3498fa5fe659c8f65408fdbf3990 Size: 284056 Path: %WINDIR%\System32\shlwapi.dll MD5: 856da04454a75cf6e7453d53cd90a29d Size: 987848 Path: %WINDIR%\SYSTEM32\MSVCR120_CLR0400.dll MD5: 096856c40cb4b7a8c218dceea83e789b Size: 2784256 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpuimain.dll MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll MD5: eb27fe8770bb56d2ba9c9c29f1ab07da Size: 94568 Path: %WINDIR%\SYSTEM32\USERENV.dll MD5: 6d95c6266d85ea039fd2843f81fabd93 Size: 18432 Path: %WINDIR%\SYSTEM32\FLTLIB.DLL MD5: ca6447ddca724f0c5c0cafde184efe64 Size: 54752 Path: %WINDIR%\System32\profapi.dll MD5: 90a1cd387f9cb30f86d34b88bfcd83a1 Size: 213848 Path: %WINDIR%\System32\cfgmgr32.dll MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\System32\windows.storage.dll MD5: a6f22ca344fd1b7d75d49ecc718693c8 Size: 275832 Path: %WINDIR%\System32\powrprof.dll MD5: 9ba6a3849fc8a5b34944135de5263035 Size: 549088 Path: %WINDIR%\System32\shcore.dll MD5: 9d861c150f7bb4df5e2c6fdb3dd78010 Size: 601712 Path: %WINDIR%\System32\OLEAUT32.dll MD5: 8dd0eab4f85b2fea280677b117785b15 Size: 498408 Path: %WINDIR%\System32\msvcp_win.dll MD5: 0e37fbfa79d349d672456923ec5fbbe3 Size: 773968 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\MSVCR100.dll MD5: bc83108b18756547013ed443b8cdb31b Size: 421200 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\MSVCP100.dll MD5: 8aec2240f4faa92ca12f2dcc8abcd8b2 Size: 357224 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\prremote.DLL MD5: 7a262815259f912431813fef6c2f8e0b Size: 402352 Path: %WINDIR%\System32\WS2_32.dll MD5: 245fef3e4016ef7e18f82cf0329dc540 Size: 337880 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\prcore.dll MD5: cf7308d27a2b2851249a7ce892017305 Size: 154432 Path: %WINDIR%\SYSTEM32\ntmarta.dll MD5: cd51fe428282db6d916aac46ef3a40ce Size: 45520 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\winreg.ppl MD5: ec17c566f088a9c44c4aa9051c482004 Size: 43616 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\pxstub.ppl MD5: 93860b9eb93be36d5f1931f956a40a23 Size: 1424480 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\params.ppl MD5: 41ef67375937a8fd7793c0314e320a9d Size: 207480 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\product_info.dll MD5: 45a916a97a898d9ba9f5f30658cb33ef Size: 312272 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\DumpWriter.dll MD5: 7b73fc5ad82af0fb84212106455e0d48 Size: 17048 Path: %WINDIR%\System32\PSAPI.DLL MD5: 24337596076711fa682d9b09db85863f Size: 2919384 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\instrumental_services.dll MD5: 55d5450c85c0a0de8f2a22f2c0c816ae Size: 53216 Path: %WINDIR%\SYSTEM32\WTSAPI32.dll MD5: 57579fb647d45f6287d2c78bf3ce7a23 Size: 557520 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\dblite.dll MD5: d4ff6ae1c7fed7e6b7b14b8e309bf4f9 Size: 683984 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kl_service.dll MD5: 3b83c49b5a250a95183dcbbb384b45f4 Size: 457728 Path: %WINDIR%\system32\uxtheme.dll MD5: 4c8949c02fb00a66327be21f44515b87 Size: 1260784 Path: %WINDIR%\System32\MSCTF.dll MD5: a839b2cf099c3f328e6d369e29b14e02 Size: 113504 Path: %WINDIR%\system32\dwmapi.dll MD5: f0546ac68ba65f3c73f319c256cd5c72 Size: 85360 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpservice.dll MD5: 6541324477510aed23ec2b7e8fb03d77 Size: 2425440 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\product_metainfo.dll MD5: bbe446bab5ccd555a75a9d925ad7b7f8 Size: 274384 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ac_meta.dll MD5: 74fe11e3a943677daca5d810f148d282 Size: 109664 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\backup_facade_metainfo.dll MD5: 7c516156d1e95b53692b2453abbe1125 Size: 145872 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\sw_meta.dll MD5: 87d1e3eb90a316f1fd6dd60a2457189a Size: 528360 Path: %WINDIR%\System32\clbcatq.dll MD5: 893145106ab68e239e41ddf7f509c374 Size: 422400 Path: %WINDIR%\System32\twinapi.dll MD5: 8efd22fbcf5eefae0757e8a07d0b0ef0 Size: 591456 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\KasperskyLab.Kis.UI.Loader.dll MD5: ea0330099996ab67a26a737b5d10c53a Size: 521368 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\clrjit.dll MD5: c041ed5ce66bedfa0ceac973c8e5dac5 Size: 106896 Path: %WINDIR%\SYSTEM32\bcrypt.dll MD5: 5c91464f76a59d1417cd39dfd9f0a314 Size: 3389616 Path: %WINDIR%\Microsoft.Net\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll MD5: 5d52820bcf597eac5b109d1494b149ba Size: 1556712 Path: %WINDIR%\System32\CRYPT32.dll MD5: 5e8336c79be0c2f1080b575e434dd0e4 Size: 49080 Path: %WINDIR%\System32\MSASN1.dll MD5: 1d0451b5bc0414f227328090e9a44f2d Size: 307408 Path: %WINDIR%\Microsoft.Net\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll MD5: 0ce6aff79009aeec169c9a75b7567d30 Size: 68720 Path: %WINDIR%\SYSTEM32\CRYPTSP.dll MD5: 9a03702c5ebbc4761770bae67764b219 Size: 184416 Path: %WINDIR%\system32\rsaenh.dll MD5: 89489a92fa61e2f44085693e4d574485 Size: 2003968 Path: %WINDIR%\SYSTEM32\dwrite.dll MD5: a062f901127b9a5dcfaa13fa40f9bfdc Size: 1759928 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll MD5: 8475f60041a240d45a579d3e24b21d9e Size: 826600 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll MD5: 8d6a04c65c3d6b2c2435985a06e46549 Size: 6679648 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\KasperskyLab.Platform.NativeInterop.dll MD5: bc677d7e44be0349d9888693f3ece437 Size: 1600000 Path: %WINDIR%\SYSTEM32\urlmon.dll MD5: 6ecccd4830cce0ea1297ad7832d7607c Size: 2262776 Path: %WINDIR%\SYSTEM32\iertutil.dll MD5: d78f94ac95bb8c877452c670e7134a6b Size: 221648 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\plugins_meta.dll MD5: 2c3eb829545fe1874d7d14111ea9dfd6 Size: 99968 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\system_interceptors_meta.dll MD5: 90084fc1f40d78f7e6cce6fe87d1c084 Size: 107984 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\instrumental_meta.DLL MD5: eac90f7f824172c26ef79a3b4c21a125 Size: 91600 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\bi_meta.dll MD5: 7a2d25fbc9d615898baa56897088ae1b Size: 429008 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\content_filtering_meta.dll MD5: c4cc4a62263172d541afea71c1ce460a Size: 81568 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll MD5: 7531d3f8dc93ccbcc29e012286260a60 Size: 947384 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll MD5: 74261d485681a12aff1ad517fd0ef200 Size: 257248 Path: %WINDIR%\SYSTEM32\WINSTA.dll MD5: a15f20d38cd348f09f94c6cfc9c4ddf3 Size: 1504056 Path: %WINDIR%\SYSTEM32\WindowsCodecs.dll MD5: 17c406d38c3989ff3bdb17d08c1991ce Size: 1425000 Path: %WINDIR%\SYSTEM32\d3d9.dll MD5: 6d8cce1d84f8f0c21b4ef3c8f2510a71 Size: 93750576 Path: %WINDIR%\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igdumdim32.dll MD5: b4afcaa856c58fab35c6b6dcf802e420 Size: 4268368 Path: %WINDIR%\System32\SETUPAPI.dll MD5: 7d1cee0aec344815661c8c45cefc1643 Size: 257536 Path: %WINDIR%\system32\dataexchange.dll MD5: bbf3f91d31efdff383e2365d3b84961e Size: 2277288 Path: %WINDIR%\system32\d3d11.dll MD5: 15c27a751b2da417d6f9948369e8cb90 Size: 1122344 Path: %WINDIR%\system32\dcomp.dll MD5: 72620b8273b8cae75101f83b0dbabdf1 Size: 524776 Path: %WINDIR%\system32\dxgi.dll MD5: 5345f26bf489743968d9feca375a2d48 Size: 975744 Path: %WINDIR%\system32\twinapi.appcore.dll MD5: 2e0765561ac0715d03b2eaf4ace62c5e Size: 93184 Path: %WINDIR%\system32\msctfui.dll MD5: 87be502e7b1d3705783c366ed0cba9f7 Size: 1357824 Path: %WINDIR%\SYSTEM32\UIAutomationCore.dll MD5: b45f4a37ccb2eb5e33be5d019b630dfd Size: 524776 Path: %WINDIR%\SYSTEM32\sxs.dll MD5: 2cdb8e874f0950ea17a7135427b4f07d Size: 135376 Path: %WINDIR%\SYSTEM32\WINMM.dll MD5: dcdf6a9e619644e12c74457a8a3c1e1b Size: 131208 Path: %WINDIR%\SYSTEM32\WINMMBASE.dll MD5: ac6a5c25cde65cdf226b0067f32f6869 Size: 274384 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\vkbd.dll MD5: d87ea5b6cfa55faf232fb987d719246b Size: 846560 Path: %WINDIR%\System32\WinTypes.dll MD5: 4b9fc4732c9faa863bf98e20d39f7ac5 Size: 713216 Path: %WINDIR%\System32\wpnapps.dll MD5: 7d4814b02f8844302f29644a1b79765d Size: 185400 Path: %WINDIR%\System32\XmlLite.dll MD5: 3880361de2c511c7c5735b91016c4862 Size: 84664 Path: %WINDIR%\System32\RMCLIENT.dll MD5: 22db034ad0d37d70be6e33c73a84671b Size: 50176 Path: %WINDIR%\SYSTEM32\usermgrcli.dll MD5: 22fe3b3c5e3613fc5c7fd65bf2a69077 Size: 224768 Path: %WINDIR%\SYSTEM32\activeds.dll MD5: 5aa1848a07f46deefafa8e1a67cd57e4 Size: 219136 Path: %WINDIR%\SYSTEM32\adsldpc.dll MD5: 68e80b8d811c8967fb9a9a6cc263b77c Size: 310272 Path: %WINDIR%\System32\WLDAP32.dll MD5: 3abd5b02d5268b4340dbb10c17534fdf Size: 291328 Path: %WINDIR%\system32\adsnt.dll MD5: ddb56b83b18735f13fd1cbef877e9db0 Size: 75920 Path: %WINDIR%\SYSTEM32\srvcli.dll MD5: a612555310b7f2a688fa57c7c10615bc Size: 36680 Path: %WINDIR%\SYSTEM32\NETUTILS.DLL MD5: f67dfb27aace637bea56d3eb0726b943 Size: 68608 Path: %WINDIR%\SYSTEM32\SAMCLI.DLL MD5: 770c1528b78cc7b2bbf0af74cef0c201 Size: 58368 Path: %WINDIR%\SYSTEM32\wkscli.dll MD5: 25335383bc43aacdcd22836a3e732bdc Size: 86232 Path: %WINDIR%\SYSTEM32\mpr.dll MD5: 81c7b22f0f718bb85df58ef9e8c9d7c8 Size: 183864 Path: %WINDIR%\system32\logoncli.dll MD5: 306a17d84e1aa7ed96e4df63270b0bf7 Size: 24840 Path: %WINDIR%\system32\DSROLE.dll MD5: 0f50c735247d0f82b48c4519ba7cbfc9 Size: 414208 Path: %WINDIR%\SYSTEM32\winspool.drv MD5: 393271a08d846d39a863df963d148040 Size: 43520 Path: %WINDIR%\system32\browcli.dll MD5: 039f872b9e944d6588d144fe08b79a82 Size: 69232 Path: %WINDIR%\SYSTEM32\NETAPI32.dll MD5: d204c988115dd69889e3c0172e92bcff Size: 13312 Path: %WINDIR%\SYSTEM32\DPAPI.dll MD5: 6be1dae295eadf4a058f83c164a27089 Size: 42496 Path: %WINDIR%\SYSTEM32\cscapi.dll MD5: 3771cc8b586f6e953073e07735c46d98 Size: 86016 Path: %WINDIR%\SYSTEM32\SAMLIB.dll MD5: 69a2169e9b8a13e8d6211d2d978100cc Size: 1375456 Path: %WINDIR%\SYSTEM32\propsys.DLL MD5: bc00c6f4e771d0c71d677d87a9897753 Size: 328520 Path: %WINDIR%\System32\Bcp47Langs.dll MD5: 19d8119776943ed31455c54472dbfafc Size: 33792 Path: %WINDIR%\SYSTEM32\LINKINFO.dll MD5: b14ec96f7a15decf967560e981e592c8 Size: 772608 Path: %WINDIR%\System32\ntshrui.dll MD5: e4d6665e9431acacad9095c826fad69d Size: 184832 Path: %WINDIR%\SYSTEM32\authz.dll MD5: aa86dc342b4ed1c1f839c3bc8aea64b1 Size: 497416 Path: %WINDIR%\SYSTEM32\DNSAPI.dll MD5: bc36aaf42722db03d8aab9f17b6c6ad9 Size: 20152 Path: %WINDIR%\System32\NSI.dll MD5: 37589bb48e6ab032bd67bc21e4e92d4f Size: 184416 Path: %WINDIR%\SYSTEM32\IPHLPAPI.DLL MD5: 37d01fc6cbf24f96edf0a2e6a2f28b4c Size: 1456640 Path: %WINDIR%\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.953_none_baad48403594ab3f\gdiplus.dll MD5: 2f9c4b53d80a8ec9d34fd482cb1d0bd3 Size: 2121568 Path: %WINDIR%\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171\Comctl32.dll MD5: 3b0c16c02ad9a6c70240280fc03ac60a Size: 2483200 Path: %WINDIR%\SYSTEM32\wininet.dll MD5: df275c9659ed8215695b572a8ce17fbc Size: 50176 Path: %WINDIR%\SYSTEM32\ondemandconnroutehelper.dll MD5: bf9c66e5614e392fa1255a90046d3275 Size: 636928 Path: %WINDIR%\SYSTEM32\winhttp.dll MD5: 8e6958813b6faaff8a6ee9f2a7040299 Size: 306016 Path: %WINDIR%\system32\mswsock.dll MD5: 53965fb6de57c0e2abae5f1870888d44 Size: 26848 Path: %WINDIR%\SYSTEM32\WINNSI.DLL MD5: 8a581a8ee691fd046af2af51f2de9f02 Size: 57344 Path: %WINDIR%\SYSTEM32\dhcpcsvc6.DLL MD5: cf0766d323fb5bdd661fd9dd81708860 Size: 63488 Path: %WINDIR%\SYSTEM32\dhcpcsvc.DLL [Process] DashlaneUpgradeService.exe MD5: bbb7b78348e84b302bd478f345ff6313 Size: 82968 Path: %PROGRAMFILES%\Dashlane\Upgrade\DashlaneUpgradeService.exe [Modules]: MD5: bbb7b78348e84b302bd478f345ff6313 Size: 82968 Path: %PROGRAMFILES%\Dashlane\Upgrade\DashlaneUpgradeService.exe MD5: aa3b16977532312a378b532db494b653 Size: 1572768 Path: %WINDIR%\SYSTEM32\ntdll.dll MD5: 2582aa6c1f88d34b37b7f82d790d232e Size: 338432 Path: %WINDIR%\SYSTEM32\mscoree.dll MD5: 956db4b52f2ce6365ade6b5d2d74a267 Size: 616048 Path: %WINDIR%\System32\KERNEL32.DLL MD5: 0ee20a5c53e3d00b06fc9ddf0b27abe0 Size: 1705976 Path: %WINDIR%\System32\KERNELBASE.dll MD5: 876577374f31702acc9e8584db453c9b Size: 482392 Path: %WINDIR%\System32\ADVAPI32.dll MD5: 2b3053473d66ad4c34e05b4ab4a9636e Size: 773168 Path: %WINDIR%\System32\msvcrt.dll MD5: ed839824e2d0cde4544276df61bb9868 Size: 255168 Path: %WINDIR%\System32\sechost.dll MD5: 056e20bf43207e95a92d38b539656e3e Size: 790760 Path: %WINDIR%\System32\RPCRT4.dll MD5: 1a8e7650017f0bc9ad12a6861b5119ed Size: 117240 Path: %WINDIR%\System32\SspiCli.dll MD5: 3d4308bac53b881b16d9bd1006abdc65 Size: 31528 Path: %WINDIR%\System32\CRYPTBASE.dll MD5: dbb08db2f47433858c6606484f5fe545 Size: 367208 Path: %WINDIR%\System32\bcryptPrimitives.dll MD5: 0487cfc8ab4470573d6e268c20bbe29c Size: 511656 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll MD5: d9af3498fa5fe659c8f65408fdbf3990 Size: 284056 Path: %WINDIR%\System32\shlwapi.dll MD5: 09fb1e45c38939b300140f01d14d0e6a Size: 2166752 Path: %WINDIR%\System32\combase.dll MD5: 2e0694a49824cf82c1972020db227d8c Size: 918304 Path: %WINDIR%\System32\ucrtbase.dll MD5: a38bcc4df4da792c71f6fba54299f893 Size: 170960 Path: %WINDIR%\System32\GDI32.dll MD5: 1abaa0d5438ae8f680d5f744f6f1548b Size: 1414728 Path: %WINDIR%\System32\gdi32full.dll MD5: 4bec594a3d4aeafac400d88f7e328c7b Size: 1435896 Path: %WINDIR%\System32\USER32.dll MD5: 9d8f7bd41657b515dd46c7bf90a26cdb Size: 79536 Path: %WINDIR%\System32\win32u.dll MD5: 845fd176fad495db046400ac93747976 Size: 43416 Path: %WINDIR%\System32\kernel.appcore.dll MD5: 181fe38c3fe164fbfc1a5a8399ccc2da Size: 27360 Path: %WINDIR%\SYSTEM32\VERSION.dll MD5: 4cf6dc9eb4b1ead6415945b794f9dd08 Size: 7200912 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\clr.dll MD5: 856da04454a75cf6e7453d53cd90a29d Size: 987848 Path: %WINDIR%\SYSTEM32\MSVCR120_CLR0400.dll MD5: cfd9f42036b8cb100244464c852caae5 Size: 19611824 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\mscorlib\f06d35cdb58e63c8a25f1658f23fd20d\mscorlib.ni.dll MD5: 0808104137cb6c1150a508691b6616a4 Size: 961192 Path: %WINDIR%\System32\ole32.dll MD5: ea0330099996ab67a26a737b5d10c53a Size: 521368 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\clrjit.dll MD5: 9d861c150f7bb4df5e2c6fdb3dd78010 Size: 601712 Path: %WINDIR%\System32\OLEAUT32.dll MD5: 8dd0eab4f85b2fea280677b117785b15 Size: 498408 Path: %WINDIR%\System32\msvcp_win.dll MD5: 897fc7c6aa44f5ebf88139492f41e46a Size: 10266112 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System\6d712bf5f07ce74d9e2d31a443dea9c2\System.ni.dll MD5: 273cbfe9600b19be1b402fbf65f1fc9a Size: 1161728 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Management\4979591369179732bf744077fdf32393\System.Management.ni.dll MD5: aff82f8dc43ed198c9022e267908384a Size: 136368 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\wminet_utils.dll MD5: 87d1e3eb90a316f1fd6dd60a2457189a Size: 528360 Path: %WINDIR%\System32\clbcatq.dll MD5: 6ae34de520137f17f0474a7fe88e0f30 Size: 99328 Path: %WINDIR%\system32\wbem\wmiutils.dll MD5: f306c8d60c75d48bbe039ea69280bb6f Size: 391168 Path: %WINDIR%\SYSTEM32\wbemcomn.dll MD5: 7a262815259f912431813fef6c2f8e0b Size: 402352 Path: %WINDIR%\System32\WS2_32.dll MD5: c041ed5ce66bedfa0ceac973c8e5dac5 Size: 106896 Path: %WINDIR%\SYSTEM32\bcrypt.dll MD5: 003274de008d272c16c80d726845c23c Size: 35328 Path: %WINDIR%\system32\wbem\wbemprox.dll MD5: 75b865ad79ecea39f566f4ee82b8ec07 Size: 48640 Path: %WINDIR%\system32\wbem\wbemsvc.dll MD5: fba861ef9ae6f64ca375eea558d3149b Size: 779776 Path: %WINDIR%\system32\wbem\fastprox.dll MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll MD5: 90a1cd387f9cb30f86d34b88bfcd83a1 Size: 213848 Path: %WINDIR%\System32\cfgmgr32.dll MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\System32\windows.storage.dll MD5: a6f22ca344fd1b7d75d49ecc718693c8 Size: 275832 Path: %WINDIR%\System32\powrprof.dll MD5: 9ba6a3849fc8a5b34944135de5263035 Size: 549088 Path: %WINDIR%\System32\shcore.dll MD5: ca6447ddca724f0c5c0cafde184efe64 Size: 54752 Path: %WINDIR%\System32\profapi.dll MD5: 45f542e6ddc2861ff2d6e1c16e05a4e1 Size: 7464448 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Core\561bcb2835dc3d4de610397aebd07edc\System.Core.ni.dll MD5: e044642fa1d7b8281043a72e8c48848e Size: 7456768 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Xml\cfff018936a7c6348cb7ea98d432343a\System.Xml.ni.dll MD5: 6aa8f4f94e189c3c0180f727fd416200 Size: 978432 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Configuration\69bc7c6c084baf2d2ffd6871c726e266\System.Configuration.ni.dll MD5: 55d5450c85c0a0de8f2a22f2c0c816ae Size: 53216 Path: %WINDIR%\SYSTEM32\WTSAPI32.dll MD5: 74261d485681a12aff1ad517fd0ef200 Size: 257248 Path: %WINDIR%\SYSTEM32\WINSTA.dll MD5: efcb7c573f098c14d2ab942bbd975288 Size: 4063232 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\WindowsBase\b87bf6675b253eeea9d7a1af759d1d9b\WindowsBase.ni.dll MD5: 0ce6aff79009aeec169c9a75b7567d30 Size: 68720 Path: %WINDIR%\SYSTEM32\CRYPTSP.dll MD5: 9a03702c5ebbc4761770bae67764b219 Size: 184416 Path: %WINDIR%\system32\rsaenh.dll MD5: 8475f60041a240d45a579d3e24b21d9e Size: 826600 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll MD5: 335ac1219f7d96f63aeaa91ec2ab5921 Size: 11620352 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\PresentationCore\0e3670b79a0d3cf62dffca3403010d44\PresentationCore.ni.dll MD5: 9f07efbdc014fe4320c8ffff95b64c84 Size: 19717632 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\4dc943422734eeb6a7a7ce0345166474\System.ServiceModel.ni.dll MD5: ba58a54807721bca2c0333734a7e3793 Size: 2804224 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\d5101c374cd436c6638bd68d3e681438\System.Runtime.Serialization.ni.dll MD5: 6f16ecbfe851a13c6621b9e5564ff9b7 Size: 117760 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\943d4750188e5fc4bc8ffafc650c682c\SMDiagnostics.ni.dll MD5: 5ab088b00039b6aaa580ce860bf5d01c Size: 787456 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\99171e979288f3f0f52c7fb7c789ecae\System.ServiceModel.Internals.ni.dll MD5: 3579b71786a388b1d6ce39b00ee0d4f3 Size: 19470848 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\5fa817daff10898645f2a4f4514bee62\PresentationFramework.ni.dll MD5: d8f9722b3c626d8bba0cbab1d315fc56 Size: 1878528 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Xaml\1b30fcb579bbaad955474f384a20d978\System.Xaml.ni.dll MD5: 89489a92fa61e2f44085693e4d574485 Size: 2003968 Path: %WINDIR%\SYSTEM32\dwrite.dll MD5: a062f901127b9a5dcfaa13fa40f9bfdc Size: 1759928 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll MD5: 00e6c5488aee5eb0add050b4fc9db989 Size: 2960896 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c87d51d36a70907111a22c8c9e8556f4\System.IdentityModel.ni.dll MD5: 4330af6614f053dd11985fe6ac037c7d Size: 565248 Path: %WINDIR%\SYSTEM32\rasapi32.dll MD5: 5fa2f260361fc794573481f9ec54b03f Size: 86016 Path: %WINDIR%\SYSTEM32\rasman.dll MD5: 75f454350913a941f1488a6200220d86 Size: 51712 Path: %WINDIR%\SYSTEM32\rtutils.dll MD5: 8e6958813b6faaff8a6ee9f2a7040299 Size: 306016 Path: %WINDIR%\system32\mswsock.dll MD5: bf9c66e5614e392fa1255a90046d3275 Size: 636928 Path: %WINDIR%\SYSTEM32\winhttp.dll MD5: df275c9659ed8215695b572a8ce17fbc Size: 50176 Path: %WINDIR%\SYSTEM32\ondemandconnroutehelper.dll MD5: 37589bb48e6ab032bd67bc21e4e92d4f Size: 184416 Path: %WINDIR%\SYSTEM32\IPHLPAPI.DLL MD5: bc36aaf42722db03d8aab9f17b6c6ad9 Size: 20152 Path: %WINDIR%\System32\NSI.dll MD5: 8a581a8ee691fd046af2af51f2de9f02 Size: 57344 Path: %WINDIR%\SYSTEM32\dhcpcsvc6.DLL MD5: cf0766d323fb5bdd661fd9dd81708860 Size: 63488 Path: %WINDIR%\SYSTEM32\dhcpcsvc.DLL MD5: aa86dc342b4ed1c1f839c3bc8aea64b1 Size: 497416 Path: %WINDIR%\SYSTEM32\DNSAPI.dll MD5: 53965fb6de57c0e2abae5f1870888d44 Size: 26848 Path: %WINDIR%\SYSTEM32\WINNSI.DLL MD5: 49f66601f196554bc9b36310ce84f011 Size: 13312 Path: %WINDIR%\System32\rasadhlp.dll MD5: ba22c7afe02e09916c5664e1dd98a879 Size: 279040 Path: %WINDIR%\System32\fwpuclnt.dll MD5: 7b73fc5ad82af0fb84212106455e0d48 Size: 17048 Path: %WINDIR%\System32\PSAPI.DLL MD5: ace201d14a0f44f5634d178fd117d8cd Size: 23552 Path: %WINDIR%\SYSTEM32\Secur32.dll MD5: f4ad3cb9de0b7047f9e1502f147aed65 Size: 389632 Path: %WINDIR%\System32\schannel.dll MD5: 5d52820bcf597eac5b109d1494b149ba Size: 1556712 Path: %WINDIR%\System32\CRYPT32.dll MD5: 5e8336c79be0c2f1080b575e434dd0e4 Size: 49080 Path: %WINDIR%\System32\MSASN1.dll MD5: 4f374782286ded5127d350cedbc2849e Size: 52224 Path: %WINDIR%\SYSTEM32\mskeyprotect.dll MD5: f2cae3c03d4eb93f9dc22d2d6e3d91cd Size: 120384 Path: %WINDIR%\SYSTEM32\ncrypt.dll MD5: cda0441be02bb525b159b3949d9dc67d Size: 173008 Path: %WINDIR%\SYSTEM32\NTASN1.dll MD5: 5ca2520bcb004c8180b7afa45e879417 Size: 104808 Path: %WINDIR%\system32\ncryptsslp.dll MD5: 62753b5ec375791f1033bed8ef6e06ba Size: 517632 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Net.Http\3eb2ab6d74a9d40ac970fb755a29c55e\System.Net.Http.ni.dll MD5: eb27fe8770bb56d2ba9c9c29f1ab07da Size: 94568 Path: %WINDIR%\SYSTEM32\USERENV.dll [Process] IAStorIcon.exe MD5: 9874356db0bcd26a6868f10fa4a4ff93 Size: 322472 Path: %SystemDrive%\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [Modules]: MD5: 9874356db0bcd26a6868f10fa4a4ff93 Size: 322472 Path: %SystemDrive%\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe MD5: aa3b16977532312a378b532db494b653 Size: 1572768 Path: %WINDIR%\SYSTEM32\ntdll.dll MD5: 2582aa6c1f88d34b37b7f82d790d232e Size: 338432 Path: %WINDIR%\SYSTEM32\mscoree.dll MD5: 956db4b52f2ce6365ade6b5d2d74a267 Size: 616048 Path: %WINDIR%\System32\KERNEL32.DLL MD5: 0ee20a5c53e3d00b06fc9ddf0b27abe0 Size: 1705976 Path: %WINDIR%\System32\KERNELBASE.dll MD5: 6d1a29096e54589362357cdf0ba1e9e9 Size: 581120 Path: %WINDIR%\system32\apphelp.dll MD5: 944b0d82e29d972e770cb7a5bcb60158 Size: 331776 Path: %WINDIR%\AppPatch\AcLayers.DLL MD5: 2b3053473d66ad4c34e05b4ab4a9636e Size: 773168 Path: %WINDIR%\System32\msvcrt.dll MD5: 4bec594a3d4aeafac400d88f7e328c7b Size: 1435896 Path: %WINDIR%\System32\USER32.dll MD5: 9d8f7bd41657b515dd46c7bf90a26cdb Size: 79536 Path: %WINDIR%\System32\win32u.dll MD5: a38bcc4df4da792c71f6fba54299f893 Size: 170960 Path: %WINDIR%\System32\GDI32.dll MD5: 1abaa0d5438ae8f680d5f744f6f1548b Size: 1414728 Path: %WINDIR%\System32\gdi32full.dll MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll MD5: 90a1cd387f9cb30f86d34b88bfcd83a1 Size: 213848 Path: %WINDIR%\System32\cfgmgr32.dll MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\System32\windows.storage.dll MD5: 09fb1e45c38939b300140f01d14d0e6a Size: 2166752 Path: %WINDIR%\System32\combase.dll MD5: 2e0694a49824cf82c1972020db227d8c Size: 918304 Path: %WINDIR%\System32\ucrtbase.dll MD5: 056e20bf43207e95a92d38b539656e3e Size: 790760 Path: %WINDIR%\System32\RPCRT4.dll MD5: 1a8e7650017f0bc9ad12a6861b5119ed Size: 117240 Path: %WINDIR%\System32\SspiCli.dll MD5: 3d4308bac53b881b16d9bd1006abdc65 Size: 31528 Path: %WINDIR%\System32\CRYPTBASE.dll MD5: dbb08db2f47433858c6606484f5fe545 Size: 367208 Path: %WINDIR%\System32\bcryptPrimitives.dll MD5: ed839824e2d0cde4544276df61bb9868 Size: 255168 Path: %WINDIR%\System32\sechost.dll MD5: a6f22ca344fd1b7d75d49ecc718693c8 Size: 275832 Path: %WINDIR%\System32\powrprof.dll MD5: 876577374f31702acc9e8584db453c9b Size: 482392 Path: %WINDIR%\System32\ADVAPI32.dll MD5: d9af3498fa5fe659c8f65408fdbf3990 Size: 284056 Path: %WINDIR%\System32\shlwapi.dll MD5: 845fd176fad495db046400ac93747976 Size: 43416 Path: %WINDIR%\System32\kernel.appcore.dll MD5: 9ba6a3849fc8a5b34944135de5263035 Size: 549088 Path: %WINDIR%\System32\shcore.dll MD5: ca6447ddca724f0c5c0cafde184efe64 Size: 54752 Path: %WINDIR%\System32\profapi.dll MD5: 9d861c150f7bb4df5e2c6fdb3dd78010 Size: 601712 Path: %WINDIR%\System32\OLEAUT32.dll MD5: 8dd0eab4f85b2fea280677b117785b15 Size: 498408 Path: %WINDIR%\System32\msvcp_win.dll MD5: b4afcaa856c58fab35c6b6dcf802e420 Size: 4268368 Path: %WINDIR%\System32\SETUPAPI.dll MD5: 25335383bc43aacdcd22836a3e732bdc Size: 86232 Path: %WINDIR%\SYSTEM32\mpr.dll MD5: 0f1e9d98cc524190e9b045908e6bc1f6 Size: 2560 Path: %WINDIR%\SYSTEM32\sfc.DLL MD5: 0f50c735247d0f82b48c4519ba7cbfc9 Size: 414208 Path: %WINDIR%\SYSTEM32\winspool.drv MD5: c041ed5ce66bedfa0ceac973c8e5dac5 Size: 106896 Path: %WINDIR%\SYSTEM32\bcrypt.dll MD5: 94c93f32b21eb2da6aff2c264b17e623 Size: 43520 Path: %WINDIR%\SYSTEM32\sfc_os.DLL MD5: 203f58ba41b48a59d6a047e0233db422 Size: 144632 Path: %WINDIR%\System32\IMM32.DLL MD5: 0487cfc8ab4470573d6e268c20bbe29c Size: 511656 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll MD5: 181fe38c3fe164fbfc1a5a8399ccc2da Size: 27360 Path: %WINDIR%\SYSTEM32\VERSION.dll MD5: 4cf6dc9eb4b1ead6415945b794f9dd08 Size: 7200912 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\clr.dll MD5: 856da04454a75cf6e7453d53cd90a29d Size: 987848 Path: %WINDIR%\SYSTEM32\MSVCR120_CLR0400.dll MD5: cfd9f42036b8cb100244464c852caae5 Size: 19611824 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\mscorlib\f06d35cdb58e63c8a25f1658f23fd20d\mscorlib.ni.dll MD5: 0808104137cb6c1150a508691b6616a4 Size: 961192 Path: %WINDIR%\System32\ole32.dll MD5: 3b83c49b5a250a95183dcbbb384b45f4 Size: 457728 Path: %WINDIR%\system32\uxtheme.dll MD5: ea0330099996ab67a26a737b5d10c53a Size: 521368 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\clrjit.dll MD5: 0ce6aff79009aeec169c9a75b7567d30 Size: 68720 Path: %WINDIR%\SYSTEM32\CRYPTSP.dll MD5: 9a03702c5ebbc4761770bae67764b219 Size: 184416 Path: %WINDIR%\system32\rsaenh.dll MD5: 897fc7c6aa44f5ebf88139492f41e46a Size: 10266112 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System\6d712bf5f07ce74d9e2d31a443dea9c2\System.ni.dll MD5: 28a452a9f4a46eddd016c0da6cc3606b Size: 1626112 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Drawing\058e016628ca385ecca0589255c71bce\System.Drawing.ni.dll MD5: 00f60e7925c9d30427e83362c9dcb643 Size: 12992512 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\68f0c8b24547a1eeafc998eb2b2522e0\System.Windows.Forms.ni.dll MD5: 45f542e6ddc2861ff2d6e1c16e05a4e1 Size: 7464448 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Core\561bcb2835dc3d4de610397aebd07edc\System.Core.ni.dll MD5: 6aa8f4f94e189c3c0180f727fd416200 Size: 978432 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Configuration\69bc7c6c084baf2d2ffd6871c726e266\System.Configuration.ni.dll MD5: e044642fa1d7b8281043a72e8c48848e Size: 7456768 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Xml\cfff018936a7c6348cb7ea98d432343a\System.Xml.ni.dll MD5: 0e86a451c2bf6dd8c550309845473f13 Size: 596832 Path: %WINDIR%\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_5507ded2cb4f7f4c\comctl32.dll MD5: 4c8949c02fb00a66327be21f44515b87 Size: 1260784 Path: %WINDIR%\System32\MSCTF.dll MD5: a839b2cf099c3f328e6d369e29b14e02 Size: 113504 Path: %WINDIR%\system32\dwmapi.dll MD5: 9f07efbdc014fe4320c8ffff95b64c84 Size: 19717632 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\4dc943422734eeb6a7a7ce0345166474\System.ServiceModel.ni.dll MD5: 6f16ecbfe851a13c6621b9e5564ff9b7 Size: 117760 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\943d4750188e5fc4bc8ffafc650c682c\SMDiagnostics.ni.dll MD5: 5ab088b00039b6aaa580ce860bf5d01c Size: 787456 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\99171e979288f3f0f52c7fb7c789ecae\System.ServiceModel.Internals.ni.dll MD5: ba58a54807721bca2c0333734a7e3793 Size: 2804224 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\d5101c374cd436c6638bd68d3e681438\System.Runtime.Serialization.ni.dll MD5: cd463e27c1aa1cc7457964e4e256384e Size: 431616 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Serv30e99c02#\8d73e46db3173f6c07b0a8f711b7f026\System.ServiceModel.Channels.ni.dll MD5: 0a377bae80b4dca2172e74ab5e8a40f9 Size: 1103360 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\7db7e6cb625250635ffe2d4b82978ab4\System.ServiceModel.Web.ni.dll MD5: 00e6c5488aee5eb0add050b4fc9db989 Size: 2960896 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c87d51d36a70907111a22c8c9e8556f4\System.IdentityModel.ni.dll MD5: 37d01fc6cbf24f96edf0a2e6a2f28b4c Size: 1456640 Path: %WINDIR%\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.953_none_baad48403594ab3f\gdiplus.dll MD5: 89489a92fa61e2f44085693e4d574485 Size: 2003968 Path: %WINDIR%\SYSTEM32\dwrite.dll MD5: a15f20d38cd348f09f94c6cfc9c4ddf3 Size: 1504056 Path: %WINDIR%\SYSTEM32\WindowsCodecs.dll MD5: d8f9722b3c626d8bba0cbab1d315fc56 Size: 1878528 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Xaml\1b30fcb579bbaad955474f384a20d978\System.Xaml.ni.dll MD5: 7531d3f8dc93ccbcc29e012286260a60 Size: 947384 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll MD5: ace201d14a0f44f5634d178fd117d8cd Size: 23552 Path: %WINDIR%\SYSTEM32\Secur32.dll MD5: bbfb3487bc2ba17dd45311d3b764c771 Size: 341344 Path: %WINDIR%\System32\msv1_0.DLL MD5: cdbcb3105d8c0b6fc891de71a98cdd51 Size: 33616 Path: %WINDIR%\SYSTEM32\NtlmShared.dll MD5: 9f19603d45bed1b2f8f44630b2421a7d Size: 60968 Path: %WINDIR%\SYSTEM32\cryptdll.dll [Process] jhi_service.exe MD5: 50e156d426d494eb9f429a55bed837c9 Size: 209184 Path: %PROGRAMFILES%\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [Modules]: MD5: 50e156d426d494eb9f429a55bed837c9 Size: 209184 Path: %PROGRAMFILES%\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe MD5: aa3b16977532312a378b532db494b653 Size: 1572768 Path: %WINDIR%\SYSTEM32\ntdll.dll MD5: 956db4b52f2ce6365ade6b5d2d74a267 Size: 616048 Path: %WINDIR%\System32\KERNEL32.DLL MD5: 0ee20a5c53e3d00b06fc9ddf0b27abe0 Size: 1705976 Path: %WINDIR%\System32\KERNELBASE.dll MD5: 4bec594a3d4aeafac400d88f7e328c7b Size: 1435896 Path: %WINDIR%\System32\USER32.dll MD5: 9d8f7bd41657b515dd46c7bf90a26cdb Size: 79536 Path: %WINDIR%\System32\win32u.dll MD5: a38bcc4df4da792c71f6fba54299f893 Size: 170960 Path: %WINDIR%\System32\GDI32.dll MD5: 1abaa0d5438ae8f680d5f744f6f1548b Size: 1414728 Path: %WINDIR%\System32\gdi32full.dll MD5: 876577374f31702acc9e8584db453c9b Size: 482392 Path: %WINDIR%\System32\ADVAPI32.dll MD5: 2b3053473d66ad4c34e05b4ab4a9636e Size: 773168 Path: %WINDIR%\System32\msvcrt.dll MD5: ed839824e2d0cde4544276df61bb9868 Size: 255168 Path: %WINDIR%\System32\sechost.dll MD5: 056e20bf43207e95a92d38b539656e3e Size: 790760 Path: %WINDIR%\System32\RPCRT4.dll MD5: 1a8e7650017f0bc9ad12a6861b5119ed Size: 117240 Path: %WINDIR%\System32\SspiCli.dll MD5: 3d4308bac53b881b16d9bd1006abdc65 Size: 31528 Path: %WINDIR%\System32\CRYPTBASE.dll MD5: dbb08db2f47433858c6606484f5fe545 Size: 367208 Path: %WINDIR%\System32\bcryptPrimitives.dll MD5: 0808104137cb6c1150a508691b6616a4 Size: 961192 Path: %WINDIR%\System32\ole32.dll MD5: 09fb1e45c38939b300140f01d14d0e6a Size: 2166752 Path: %WINDIR%\System32\combase.dll MD5: 2e0694a49824cf82c1972020db227d8c Size: 918304 Path: %WINDIR%\System32\ucrtbase.dll MD5: 9d861c150f7bb4df5e2c6fdb3dd78010 Size: 601712 Path: %WINDIR%\System32\OLEAUT32.dll MD5: 8dd0eab4f85b2fea280677b117785b15 Size: 498408 Path: %WINDIR%\System32\msvcp_win.dll MD5: 034ccadc1c073e4216e9466b720f9849 Size: 970912 Path: %WINDIR%\SYSTEM32\MSVCR120.dll MD5: fd5cabbe52272bd76007b68186ebaf00 Size: 455328 Path: %WINDIR%\SYSTEM32\MSVCP120.dll MD5: 7a262815259f912431813fef6c2f8e0b Size: 402352 Path: %WINDIR%\System32\WS2_32.dll MD5: 8e6958813b6faaff8a6ee9f2a7040299 Size: 306016 Path: %WINDIR%\system32\mswsock.dll MD5: aa86dc342b4ed1c1f839c3bc8aea64b1 Size: 497416 Path: %WINDIR%\SYSTEM32\DNSAPI.dll MD5: bc36aaf42722db03d8aab9f17b6c6ad9 Size: 20152 Path: %WINDIR%\System32\NSI.dll MD5: 37589bb48e6ab032bd67bc21e4e92d4f Size: 184416 Path: %WINDIR%\SYSTEM32\IPHLPAPI.DLL MD5: 49f66601f196554bc9b36310ce84f011 Size: 13312 Path: %WINDIR%\System32\rasadhlp.dll MD5: ba22c7afe02e09916c5664e1dd98a879 Size: 279040 Path: %WINDIR%\System32\fwpuclnt.dll MD5: c041ed5ce66bedfa0ceac973c8e5dac5 Size: 106896 Path: %WINDIR%\SYSTEM32\bcrypt.dll [Process] ksde.exe MD5: eff5ea6088db81c6ef6edcda5ee79909 Size: 241544 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [Modules]: MD5: eff5ea6088db81c6ef6edcda5ee79909 Size: 241544 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe MD5: aa3b16977532312a378b532db494b653 Size: 1572768 Path: %WINDIR%\SYSTEM32\ntdll.dll MD5: 956db4b52f2ce6365ade6b5d2d74a267 Size: 616048 Path: %WINDIR%\System32\KERNEL32.DLL MD5: 0ee20a5c53e3d00b06fc9ddf0b27abe0 Size: 1705976 Path: %WINDIR%\System32\KERNELBASE.dll MD5: 876577374f31702acc9e8584db453c9b Size: 482392 Path: %WINDIR%\System32\ADVAPI32.dll MD5: 2b3053473d66ad4c34e05b4ab4a9636e Size: 773168 Path: %WINDIR%\System32\msvcrt.dll MD5: ed839824e2d0cde4544276df61bb9868 Size: 255168 Path: %WINDIR%\System32\sechost.dll MD5: 056e20bf43207e95a92d38b539656e3e Size: 790760 Path: %WINDIR%\System32\RPCRT4.dll MD5: 1a8e7650017f0bc9ad12a6861b5119ed Size: 117240 Path: %WINDIR%\System32\SspiCli.dll MD5: 3d4308bac53b881b16d9bd1006abdc65 Size: 31528 Path: %WINDIR%\System32\CRYPTBASE.dll MD5: dbb08db2f47433858c6606484f5fe545 Size: 367208 Path: %WINDIR%\System32\bcryptPrimitives.dll MD5: 348bbea1d2bec8545ea94d4843b21987 Size: 172632 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\ushata.dll MD5: 4bec594a3d4aeafac400d88f7e328c7b Size: 1435896 Path: %WINDIR%\System32\USER32.dll MD5: 9d8f7bd41657b515dd46c7bf90a26cdb Size: 79536 Path: %WINDIR%\System32\win32u.dll MD5: 181fe38c3fe164fbfc1a5a8399ccc2da Size: 27360 Path: %WINDIR%\SYSTEM32\VERSION.dll MD5: a38bcc4df4da792c71f6fba54299f893 Size: 170960 Path: %WINDIR%\System32\GDI32.dll MD5: 1abaa0d5438ae8f680d5f744f6f1548b Size: 1414728 Path: %WINDIR%\System32\gdi32full.dll MD5: 0808104137cb6c1150a508691b6616a4 Size: 961192 Path: %WINDIR%\System32\ole32.dll MD5: 09fb1e45c38939b300140f01d14d0e6a Size: 2166752 Path: %WINDIR%\System32\combase.dll MD5: 2e0694a49824cf82c1972020db227d8c Size: 918304 Path: %WINDIR%\System32\ucrtbase.dll MD5: b3e72ee73ba5438cb2c72f1be34ec561 Size: 230304 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\product_info.dll MD5: f0546ac68ba65f3c73f319c256cd5c72 Size: 85360 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\avpservice.dll MD5: bc83108b18756547013ed443b8cdb31b Size: 421200 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\MSVCP100.dll MD5: 0e37fbfa79d349d672456923ec5fbbe3 Size: 773968 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\MSVCR100.dll MD5: 845fd176fad495db046400ac93747976 Size: 43416 Path: %WINDIR%\System32\kernel.appcore.dll MD5: 90a1cd387f9cb30f86d34b88bfcd83a1 Size: 213848 Path: %WINDIR%\System32\cfgmgr32.dll MD5: 20f94b39c6fddde805e3d42dd1f217d3 Size: 861504 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\avpmain.dll MD5: 6d95c6266d85ea039fd2843f81fabd93 Size: 18432 Path: %WINDIR%\SYSTEM32\FLTLIB.DLL MD5: a6f22ca344fd1b7d75d49ecc718693c8 Size: 275832 Path: %WINDIR%\System32\powrprof.dll MD5: 45a916a97a898d9ba9f5f30658cb33ef Size: 312272 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\DumpWriter.dll MD5: 7b73fc5ad82af0fb84212106455e0d48 Size: 17048 Path: %WINDIR%\System32\PSAPI.DLL MD5: eb27fe8770bb56d2ba9c9c29f1ab07da Size: 94568 Path: %WINDIR%\SYSTEM32\USERENV.dll MD5: ca6447ddca724f0c5c0cafde184efe64 Size: 54752 Path: %WINDIR%\System32\profapi.dll MD5: 24337596076711fa682d9b09db85863f Size: 2919384 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\instrumental_services.dll MD5: 55d5450c85c0a0de8f2a22f2c0c816ae Size: 53216 Path: %WINDIR%\SYSTEM32\WTSAPI32.dll MD5: 57579fb647d45f6287d2c78bf3ce7a23 Size: 557520 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\dblite.dll MD5: 8aec2240f4faa92ca12f2dcc8abcd8b2 Size: 357224 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\prremote.DLL MD5: 7a262815259f912431813fef6c2f8e0b Size: 402352 Path: %WINDIR%\System32\WS2_32.dll MD5: 245fef3e4016ef7e18f82cf0329dc540 Size: 337880 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\prcore.dll MD5: d9af3498fa5fe659c8f65408fdbf3990 Size: 284056 Path: %WINDIR%\System32\shlwapi.dll MD5: b06f090cb632925bb2ed424c27df1594 Size: 153048 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\nfio.ppl MD5: cd51fe428282db6d916aac46ef3a40ce Size: 45520 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\winreg.ppl MD5: cf7308d27a2b2851249a7ce892017305 Size: 154432 Path: %WINDIR%\SYSTEM32\ntmarta.dll MD5: ec17c566f088a9c44c4aa9051c482004 Size: 43616 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\pxstub.ppl MD5: 93860b9eb93be36d5f1931f956a40a23 Size: 1424480 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\params.ppl MD5: 2e0a86ba6c2fef58a04446d0e8805f92 Size: 920936 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\app_core_legacy.dll MD5: 6541324477510aed23ec2b7e8fb03d77 Size: 2425440 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\product_metainfo.dll MD5: ca5717481bab3aa498601c9f661e6a8a Size: 48088 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\thpimpl.ppl MD5: d37ddc1c27c0eec0e9e500d7008e02d9 Size: 88528 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\propmap.ppl MD5: 0f23e15632c06aa7381226b79c30b43e Size: 299944 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\tm.ppl MD5: 797b68fbf17fac2ee57c157232354aca Size: 73168 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\dtreg.ppl MD5: 339447769f57c7042337652251b5ea91 Size: 2229344 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\bl_ksde.ppl MD5: 56a379c81e560a3936b3dcaf7252b339 Size: 28688 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\regmap.ppl MD5: 233dfe39942e7e68ee80e4fc9484aeed Size: 286160 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\storage.dll MD5: 7eddbd311ba9243895f138cd5485e699 Size: 40528 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\cbi.dll MD5: 7c51463a22bb94c5dbff7e88c538044c Size: 167896 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\reportdb.ppl MD5: 5d52820bcf597eac5b109d1494b149ba Size: 1556712 Path: %WINDIR%\System32\CRYPT32.dll MD5: 5e8336c79be0c2f1080b575e434dd0e4 Size: 49080 Path: %WINDIR%\System32\MSASN1.dll MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\System32\windows.storage.dll MD5: 9ba6a3849fc8a5b34944135de5263035 Size: 549088 Path: %WINDIR%\System32\shcore.dll MD5: b8c44e0e00d241a8ad6b08c01099626d Size: 52688 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\schedule.ppl MD5: a97242d28ae6a1e58be47790a397dc92 Size: 29136 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\timer.ppl MD5: 28f64da5c012d0a537a2d231f20e1c32 Size: 1674600 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\ucp_agent.dll MD5: cb8c2aa16b277ad0b932d65a311efcb3 Size: 1643504 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\crypto_ssl.dll MD5: 37589bb48e6ab032bd67bc21e4e92d4f Size: 184416 Path: %WINDIR%\SYSTEM32\IPHLPAPI.DLL MD5: c041ed5ce66bedfa0ceac973c8e5dac5 Size: 106896 Path: %WINDIR%\SYSTEM32\bcrypt.dll MD5: 0ce6aff79009aeec169c9a75b7567d30 Size: 68720 Path: %WINDIR%\SYSTEM32\CRYPTSP.dll MD5: 9a03702c5ebbc4761770bae67764b219 Size: 184416 Path: %WINDIR%\system32\rsaenh.dll MD5: 87d1e3eb90a316f1fd6dd60a2457189a Size: 528360 Path: %WINDIR%\System32\clbcatq.dll MD5: 003274de008d272c16c80d726845c23c Size: 35328 Path: %WINDIR%\system32\wbem\wbemprox.dll MD5: f306c8d60c75d48bbe039ea69280bb6f Size: 391168 Path: %WINDIR%\SYSTEM32\wbemcomn.dll MD5: 9d861c150f7bb4df5e2c6fdb3dd78010 Size: 601712 Path: %WINDIR%\System32\OLEAUT32.dll MD5: 8dd0eab4f85b2fea280677b117785b15 Size: 498408 Path: %WINDIR%\System32\msvcp_win.dll MD5: 75b865ad79ecea39f566f4ee82b8ec07 Size: 48640 Path: %WINDIR%\system32\wbem\wbemsvc.dll MD5: fba861ef9ae6f64ca375eea558d3149b Size: 779776 Path: %WINDIR%\system32\wbem\fastprox.dll MD5: bf9c66e5614e392fa1255a90046d3275 Size: 636928 Path: %WINDIR%\SYSTEM32\winhttp.dll MD5: df275c9659ed8215695b572a8ce17fbc Size: 50176 Path: %WINDIR%\SYSTEM32\ondemandconnroutehelper.dll MD5: bc36aaf42722db03d8aab9f17b6c6ad9 Size: 20152 Path: %WINDIR%\System32\NSI.dll MD5: 8e6958813b6faaff8a6ee9f2a7040299 Size: 306016 Path: %WINDIR%\system32\mswsock.dll MD5: 8a581a8ee691fd046af2af51f2de9f02 Size: 57344 Path: %WINDIR%\SYSTEM32\dhcpcsvc6.DLL MD5: aa86dc342b4ed1c1f839c3bc8aea64b1 Size: 497416 Path: %WINDIR%\SYSTEM32\DNSAPI.dll MD5: cf0766d323fb5bdd661fd9dd81708860 Size: 63488 Path: %WINDIR%\SYSTEM32\dhcpcsvc.DLL MD5: ace201d14a0f44f5634d178fd117d8cd Size: 23552 Path: %WINDIR%\SYSTEM32\Secur32.dll MD5: 49f66601f196554bc9b36310ce84f011 Size: 13312 Path: %WINDIR%\System32\rasadhlp.dll MD5: 0a8a67b428b54f09fcfe2b2b57e4ca17 Size: 1379800 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksn_facade.dll MD5: b4b6357d9f12514b354b995a4ad561a0 Size: 164864 Path: %WINDIR%\system32\netprofm.dll MD5: b93be5dab6abf457c90d1d7e8b607fcb Size: 20992 Path: %WINDIR%\System32\npmproxy.dll MD5: 74261d485681a12aff1ad517fd0ef200 Size: 257248 Path: %WINDIR%\SYSTEM32\WINSTA.dll MD5: ba22c7afe02e09916c5664e1dd98a879 Size: 279040 Path: %WINDIR%\System32\fwpuclnt.dll MD5: 8dcb2a2962767abc9b94ac1bc1a670bf Size: 313568 Path: %WINDIR%\SYSTEM32\Wlanapi.dll MD5: f6f5b32d0808d7b7dc30d6ce30fbb0e2 Size: 58840 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\ndetect.ppl MD5: 4330af6614f053dd11985fe6ac037c7d Size: 565248 Path: %WINDIR%\SYSTEM32\rasapi32.dll MD5: 5fa2f260361fc794573481f9ec54b03f Size: 86016 Path: %WINDIR%\SYSTEM32\rasman.dll MD5: d86ad86b05274e6386976fe42a7ba7c0 Size: 3689984 Path: %WINDIR%\SYSTEM32\msi.dll MD5: 2f9c4b53d80a8ec9d34fd482cb1d0bd3 Size: 2121568 Path: %WINDIR%\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171\Comctl32.dll MD5: 04f9d3ff00967995ec9f06f0bf96c622 Size: 362848 Path: %WINDIR%\System32\coml2.dll MD5: 53965fb6de57c0e2abae5f1870888d44 Size: 26848 Path: %WINDIR%\SYSTEM32\WINNSI.DLL MD5: 41ef67375937a8fd7793c0314e320a9d Size: 207480 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\product_info.dll MD5: 78999cba9ab96123ef27d16f70056794 Size: 204760 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\remote_eka_prague_loader.dll MD5: 8aec2240f4faa92ca12f2dcc8abcd8b2 Size: 357224 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\prremote.DLL MD5: 245fef3e4016ef7e18f82cf0329dc540 Size: 337880 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\prcore.dll MD5: d4ff6ae1c7fed7e6b7b14b8e309bf4f9 Size: 683984 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kl_service.dll MD5: ec17c566f088a9c44c4aa9051c482004 Size: 43616 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\pxstub.ppl MD5: 93860b9eb93be36d5f1931f956a40a23 Size: 1424480 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\params.ppl MD5: 6541324477510aed23ec2b7e8fb03d77 Size: 2425440 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\product_metainfo.dll [Process] svchost.exe MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Modules]: [Process] LMS.exe MD5: cfbf8ec48688652b9a709370b1e50315 Size: 415520 Path: %PROGRAMFILES%\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [Modules]: MD5: cfbf8ec48688652b9a709370b1e50315 Size: 415520 Path: %PROGRAMFILES%\Intel\Intel(R) Management Engine Components\LMS\LMS.exe MD5: aa3b16977532312a378b532db494b653 Size: 1572768 Path: %WINDIR%\SYSTEM32\ntdll.dll MD5: 956db4b52f2ce6365ade6b5d2d74a267 Size: 616048 Path: %WINDIR%\System32\KERNEL32.DLL MD5: 0ee20a5c53e3d00b06fc9ddf0b27abe0 Size: 1705976 Path: %WINDIR%\System32\KERNELBASE.dll MD5: 876577374f31702acc9e8584db453c9b Size: 482392 Path: %WINDIR%\System32\ADVAPI32.dll MD5: 2b3053473d66ad4c34e05b4ab4a9636e Size: 773168 Path: %WINDIR%\System32\msvcrt.dll MD5: 7bc233f49c60b2fc6869b05318c02d64 Size: 16384 Path: %WINDIR%\SYSTEM32\WSOCK32.dll MD5: ed839824e2d0cde4544276df61bb9868 Size: 255168 Path: %WINDIR%\System32\sechost.dll MD5: 7a262815259f912431813fef6c2f8e0b Size: 402352 Path: %WINDIR%\System32\WS2_32.dll MD5: 056e20bf43207e95a92d38b539656e3e Size: 790760 Path: %WINDIR%\System32\RPCRT4.dll MD5: 1a8e7650017f0bc9ad12a6861b5119ed Size: 117240 Path: %WINDIR%\System32\SspiCli.dll MD5: 3d4308bac53b881b16d9bd1006abdc65 Size: 31528 Path: %WINDIR%\System32\CRYPTBASE.dll MD5: dbb08db2f47433858c6606484f5fe545 Size: 367208 Path: %WINDIR%\System32\bcryptPrimitives.dll MD5: 4bec594a3d4aeafac400d88f7e328c7b Size: 1435896 Path: %WINDIR%\System32\USER32.dll MD5: 9d8f7bd41657b515dd46c7bf90a26cdb Size: 79536 Path: %WINDIR%\System32\win32u.dll MD5: a38bcc4df4da792c71f6fba54299f893 Size: 170960 Path: %WINDIR%\System32\GDI32.dll MD5: 1abaa0d5438ae8f680d5f744f6f1548b Size: 1414728 Path: %WINDIR%\System32\gdi32full.dll MD5: 0808104137cb6c1150a508691b6616a4 Size: 961192 Path: %WINDIR%\System32\ole32.dll MD5: 09fb1e45c38939b300140f01d14d0e6a Size: 2166752 Path: %WINDIR%\System32\combase.dll MD5: 2e0694a49824cf82c1972020db227d8c Size: 918304 Path: %WINDIR%\System32\ucrtbase.dll MD5: 181fe38c3fe164fbfc1a5a8399ccc2da Size: 27360 Path: %WINDIR%\SYSTEM32\VERSION.dll MD5: 244e11a5c556e0fbae2d58ae4c7a5887 Size: 1243936 Path: %PROGRAMFILES%\Intel\Intel(R) Management Engine Components\LMS\ACE.dll MD5: c6f12b1fdba8a6c7dd4ac271013c9aee Size: 1207072 Path: %PROGRAMFILES%\Intel\Intel(R) Management Engine Components\LMS\WsmanClient.dll MD5: 9d861c150f7bb4df5e2c6fdb3dd78010 Size: 601712 Path: %WINDIR%\System32\OLEAUT32.dll MD5: 8dd0eab4f85b2fea280677b117785b15 Size: 498408 Path: %WINDIR%\System32\msvcp_win.dll MD5: 5d52820bcf597eac5b109d1494b149ba Size: 1556712 Path: %WINDIR%\System32\CRYPT32.dll MD5: 5e8336c79be0c2f1080b575e434dd0e4 Size: 49080 Path: %WINDIR%\System32\MSASN1.dll MD5: b4afcaa856c58fab35c6b6dcf802e420 Size: 4268368 Path: %WINDIR%\System32\SETUPAPI.dll MD5: 4df9d25352e07ce2666226146fe4b44b Size: 152864 Path: %PROGRAMFILES%\Intel\Intel(R) Management Engine Components\LMS\StatusEventHandler.dll MD5: 90a1cd387f9cb30f86d34b88bfcd83a1 Size: 213848 Path: %WINDIR%\System32\cfgmgr32.dll MD5: a818f21b0e11ee3156e1330e7749b71d Size: 272720 Path: %WINDIR%\System32\WINTRUST.dll MD5: 48041e2b36087a0fa8d5584acd4a310b Size: 90912 Path: %PROGRAMFILES%\Intel\Intel(R) Management Engine Components\LMS\Common.dll MD5: d5876c30d18e09b38ba92a95c5bcade8 Size: 141088 Path: %PROGRAMFILES%\Intel\Intel(R) Management Engine Components\LMS\GmsCommon.dll MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\System32\windows.storage.dll MD5: e3c817f7fe44cc870ecdbcbc3ea36132 Size: 421200 Path: %WINDIR%\SYSTEM32\MSVCP100.dll MD5: a6f22ca344fd1b7d75d49ecc718693c8 Size: 275832 Path: %WINDIR%\System32\powrprof.dll MD5: d9af3498fa5fe659c8f65408fdbf3990 Size: 284056 Path: %WINDIR%\System32\shlwapi.dll MD5: bf38660a9125935658cfa3e53fdc7d65 Size: 773968 Path: %WINDIR%\SYSTEM32\MSVCR100.dll MD5: 845fd176fad495db046400ac93747976 Size: 43416 Path: %WINDIR%\System32\kernel.appcore.dll MD5: 9ba6a3849fc8a5b34944135de5263035 Size: 549088 Path: %WINDIR%\System32\shcore.dll MD5: ca6447ddca724f0c5c0cafde184efe64 Size: 54752 Path: %WINDIR%\System32\profapi.dll MD5: bf9c66e5614e392fa1255a90046d3275 Size: 636928 Path: %WINDIR%\SYSTEM32\winhttp.dll MD5: 37589bb48e6ab032bd67bc21e4e92d4f Size: 184416 Path: %WINDIR%\SYSTEM32\IPHLPAPI.DLL MD5: 8e6958813b6faaff8a6ee9f2a7040299 Size: 306016 Path: %WINDIR%\system32\mswsock.dll MD5: 039f872b9e944d6588d144fe08b79a82 Size: 69232 Path: %WINDIR%\SYSTEM32\NETAPI32.dll MD5: 87d1e3eb90a316f1fd6dd60a2457189a Size: 528360 Path: %WINDIR%\System32\clbcatq.dll MD5: bfcfb0177935e235b1febade3694839d Size: 93984 Path: %WINDIR%\System32\imagehlp.dll MD5: 0ce6aff79009aeec169c9a75b7567d30 Size: 68720 Path: %WINDIR%\SYSTEM32\CRYPTSP.dll MD5: 9a03702c5ebbc4761770bae67764b219 Size: 184416 Path: %WINDIR%\system32\rsaenh.dll MD5: c041ed5ce66bedfa0ceac973c8e5dac5 Size: 106896 Path: %WINDIR%\SYSTEM32\bcrypt.dll MD5: 6219a99c26658cdf126e7fa53c709241 Size: 112120 Path: %WINDIR%\SYSTEM32\gpapi.dll MD5: 0e874792ff73e37ad88f47be222e1d59 Size: 134656 Path: %WINDIR%\System32\cryptnet.dll MD5: 7e07c27d40a3e3a79cde42bcb70be118 Size: 170784 Path: %PROGRAMFILES%\Intel\Intel(R) Management Engine Components\LMS\CONFIGURATOR.dll MD5: a1c818c3666dc5d95c40f36ef7b70685 Size: 132232 Path: %WINDIR%\SYSTEM32\DEVOBJ.dll [Process] ksdeui.exe MD5: bdb3d8437752ebcd11db04082b1fe8a5 Size: 480216 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe [Modules]: MD5: bdb3d8437752ebcd11db04082b1fe8a5 Size: 480216 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe MD5: aa3b16977532312a378b532db494b653 Size: 1572768 Path: %WINDIR%\SYSTEM32\ntdll.dll MD5: 956db4b52f2ce6365ade6b5d2d74a267 Size: 616048 Path: %WINDIR%\System32\KERNEL32.DLL MD5: 0ee20a5c53e3d00b06fc9ddf0b27abe0 Size: 1705976 Path: %WINDIR%\System32\KERNELBASE.dll MD5: 348bbea1d2bec8545ea94d4843b21987 Size: 172632 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\ushata.dll MD5: 4bec594a3d4aeafac400d88f7e328c7b Size: 1435896 Path: %WINDIR%\System32\USER32.dll MD5: 9d8f7bd41657b515dd46c7bf90a26cdb Size: 79536 Path: %WINDIR%\System32\win32u.dll MD5: 181fe38c3fe164fbfc1a5a8399ccc2da Size: 27360 Path: %WINDIR%\SYSTEM32\VERSION.dll MD5: a38bcc4df4da792c71f6fba54299f893 Size: 170960 Path: %WINDIR%\System32\GDI32.dll MD5: 2b3053473d66ad4c34e05b4ab4a9636e Size: 773168 Path: %WINDIR%\System32\msvcrt.dll MD5: 1abaa0d5438ae8f680d5f744f6f1548b Size: 1414728 Path: %WINDIR%\System32\gdi32full.dll MD5: 876577374f31702acc9e8584db453c9b Size: 482392 Path: %WINDIR%\System32\ADVAPI32.dll MD5: ed839824e2d0cde4544276df61bb9868 Size: 255168 Path: %WINDIR%\System32\sechost.dll MD5: 056e20bf43207e95a92d38b539656e3e Size: 790760 Path: %WINDIR%\System32\RPCRT4.dll MD5: 1a8e7650017f0bc9ad12a6861b5119ed Size: 117240 Path: %WINDIR%\System32\SspiCli.dll MD5: 3d4308bac53b881b16d9bd1006abdc65 Size: 31528 Path: %WINDIR%\System32\CRYPTBASE.dll MD5: dbb08db2f47433858c6606484f5fe545 Size: 367208 Path: %WINDIR%\System32\bcryptPrimitives.dll MD5: 0808104137cb6c1150a508691b6616a4 Size: 961192 Path: %WINDIR%\System32\ole32.dll MD5: 09fb1e45c38939b300140f01d14d0e6a Size: 2166752 Path: %WINDIR%\System32\combase.dll MD5: 2e0694a49824cf82c1972020db227d8c Size: 918304 Path: %WINDIR%\System32\ucrtbase.dll MD5: 203f58ba41b48a59d6a047e0233db422 Size: 144632 Path: %WINDIR%\System32\IMM32.DLL MD5: 2582aa6c1f88d34b37b7f82d790d232e Size: 338432 Path: %WINDIR%\SYSTEM32\mscoree.dll MD5: 0487cfc8ab4470573d6e268c20bbe29c Size: 511656 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll MD5: 845fd176fad495db046400ac93747976 Size: 43416 Path: %WINDIR%\System32\kernel.appcore.dll MD5: 4cf6dc9eb4b1ead6415945b794f9dd08 Size: 7200912 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\clr.dll MD5: d9af3498fa5fe659c8f65408fdbf3990 Size: 284056 Path: %WINDIR%\System32\shlwapi.dll MD5: 856da04454a75cf6e7453d53cd90a29d Size: 987848 Path: %WINDIR%\SYSTEM32\MSVCR120_CLR0400.dll MD5: e0ba64172dbcc6f3b35d0cbef9e7f2c0 Size: 1205944 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeuimain.dll MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll MD5: 6d95c6266d85ea039fd2843f81fabd93 Size: 18432 Path: %WINDIR%\SYSTEM32\FLTLIB.DLL MD5: eb27fe8770bb56d2ba9c9c29f1ab07da Size: 94568 Path: %WINDIR%\SYSTEM32\USERENV.dll MD5: 90a1cd387f9cb30f86d34b88bfcd83a1 Size: 213848 Path: %WINDIR%\System32\cfgmgr32.dll MD5: ca6447ddca724f0c5c0cafde184efe64 Size: 54752 Path: %WINDIR%\System32\profapi.dll MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\System32\windows.storage.dll MD5: a6f22ca344fd1b7d75d49ecc718693c8 Size: 275832 Path: %WINDIR%\System32\powrprof.dll MD5: 9ba6a3849fc8a5b34944135de5263035 Size: 549088 Path: %WINDIR%\System32\shcore.dll MD5: bc83108b18756547013ed443b8cdb31b Size: 421200 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\MSVCP100.dll MD5: 0e37fbfa79d349d672456923ec5fbbe3 Size: 773968 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\MSVCR100.dll MD5: 8aec2240f4faa92ca12f2dcc8abcd8b2 Size: 357224 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\prremote.DLL MD5: 7a262815259f912431813fef6c2f8e0b Size: 402352 Path: %WINDIR%\System32\WS2_32.dll MD5: 245fef3e4016ef7e18f82cf0329dc540 Size: 337880 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\prcore.dll MD5: cf7308d27a2b2851249a7ce892017305 Size: 154432 Path: %WINDIR%\SYSTEM32\ntmarta.dll MD5: cd51fe428282db6d916aac46ef3a40ce Size: 45520 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\winreg.ppl MD5: ec17c566f088a9c44c4aa9051c482004 Size: 43616 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\pxstub.ppl MD5: 93860b9eb93be36d5f1931f956a40a23 Size: 1424480 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\params.ppl MD5: b3e72ee73ba5438cb2c72f1be34ec561 Size: 230304 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\product_info.dll MD5: 45a916a97a898d9ba9f5f30658cb33ef Size: 312272 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\DumpWriter.dll MD5: 7b73fc5ad82af0fb84212106455e0d48 Size: 17048 Path: %WINDIR%\System32\PSAPI.DLL MD5: 24337596076711fa682d9b09db85863f Size: 2919384 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\instrumental_services.dll MD5: 55d5450c85c0a0de8f2a22f2c0c816ae Size: 53216 Path: %WINDIR%\SYSTEM32\WTSAPI32.dll MD5: 57579fb647d45f6287d2c78bf3ce7a23 Size: 557520 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\dblite.dll MD5: d4ff6ae1c7fed7e6b7b14b8e309bf4f9 Size: 683984 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\kl_service.DLL MD5: 3b83c49b5a250a95183dcbbb384b45f4 Size: 457728 Path: %WINDIR%\system32\uxtheme.dll MD5: 4c8949c02fb00a66327be21f44515b87 Size: 1260784 Path: %WINDIR%\System32\MSCTF.dll MD5: 9d861c150f7bb4df5e2c6fdb3dd78010 Size: 601712 Path: %WINDIR%\System32\OLEAUT32.dll MD5: 8dd0eab4f85b2fea280677b117785b15 Size: 498408 Path: %WINDIR%\System32\msvcp_win.dll MD5: a839b2cf099c3f328e6d369e29b14e02 Size: 113504 Path: %WINDIR%\system32\dwmapi.dll MD5: 2e0a86ba6c2fef58a04446d0e8805f92 Size: 920936 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\app_core_legacy.dll MD5: 6541324477510aed23ec2b7e8fb03d77 Size: 2425440 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\product_metainfo.dll MD5: f0546ac68ba65f3c73f319c256cd5c72 Size: 85360 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\avpservice.dll MD5: 052a1d0d82b1bc749d4d6d2e565b397a Size: 135704 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\KasperskyLab.Ksde.UI.Loader.dll MD5: ea0330099996ab67a26a737b5d10c53a Size: 521368 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\clrjit.dll MD5: c041ed5ce66bedfa0ceac973c8e5dac5 Size: 106896 Path: %WINDIR%\SYSTEM32\bcrypt.dll MD5: 0ce6aff79009aeec169c9a75b7567d30 Size: 68720 Path: %WINDIR%\SYSTEM32\CRYPTSP.dll MD5: 9a03702c5ebbc4761770bae67764b219 Size: 184416 Path: %WINDIR%\system32\rsaenh.dll MD5: 89489a92fa61e2f44085693e4d574485 Size: 2003968 Path: %WINDIR%\SYSTEM32\dwrite.dll MD5: a062f901127b9a5dcfaa13fa40f9bfdc Size: 1759928 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll MD5: 8475f60041a240d45a579d3e24b21d9e Size: 826600 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll MD5: 47673771f6f3d52d13321193f0a7d1aa Size: 1359456 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\KasperskyLab.Ksde.NativeInterop.dll MD5: 87d1e3eb90a316f1fd6dd60a2457189a Size: 528360 Path: %WINDIR%\System32\clbcatq.dll MD5: 7531d3f8dc93ccbcc29e012286260a60 Size: 947384 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll MD5: 17c406d38c3989ff3bdb17d08c1991ce Size: 1425000 Path: %WINDIR%\SYSTEM32\d3d9.dll MD5: 6d8cce1d84f8f0c21b4ef3c8f2510a71 Size: 93750576 Path: %WINDIR%\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igdumdim32.dll MD5: b4afcaa856c58fab35c6b6dcf802e420 Size: 4268368 Path: %WINDIR%\System32\SETUPAPI.dll MD5: bc677d7e44be0349d9888693f3ece437 Size: 1600000 Path: %WINDIR%\SYSTEM32\urlmon.dll MD5: 6ecccd4830cce0ea1297ad7832d7607c Size: 2262776 Path: %WINDIR%\SYSTEM32\iertutil.dll MD5: a15f20d38cd348f09f94c6cfc9c4ddf3 Size: 1504056 Path: %WINDIR%\SYSTEM32\WindowsCodecs.dll MD5: 5345f26bf489743968d9feca375a2d48 Size: 975744 Path: %WINDIR%\system32\twinapi.appcore.dll MD5: d87ea5b6cfa55faf232fb987d719246b Size: 846560 Path: %WINDIR%\System32\WinTypes.dll MD5: 4b9fc4732c9faa863bf98e20d39f7ac5 Size: 713216 Path: %WINDIR%\System32\wpnapps.dll MD5: 3880361de2c511c7c5735b91016c4862 Size: 84664 Path: %WINDIR%\System32\RMCLIENT.dll MD5: 7d4814b02f8844302f29644a1b79765d Size: 185400 Path: %WINDIR%\System32\XmlLite.dll MD5: 22db034ad0d37d70be6e33c73a84671b Size: 50176 Path: %WINDIR%\SYSTEM32\usermgrcli.dll MD5: ff147c0cc605e0540973ffb631a4bcf2 Size: 1980768 Path: %WINDIR%\System32\msxml6.dll MD5: b45f4a37ccb2eb5e33be5d019b630dfd Size: 524776 Path: %WINDIR%\SYSTEM32\sxs.dll [Process] LiveTunerService.exe MD5: 79bc1b53d405ef546d3b809c6d1699ed Size: 257872 Path: %PROGRAMFILES%\Ashampoo\Ashampoo WinOptimizer 14\LiveTunerService.exe [Modules]: MD5: 79bc1b53d405ef546d3b809c6d1699ed Size: 257872 Path: %PROGRAMFILES%\Ashampoo\Ashampoo WinOptimizer 14\LiveTunerService.exe MD5: aa3b16977532312a378b532db494b653 Size: 1572768 Path: %WINDIR%\SYSTEM32\ntdll.dll MD5: 956db4b52f2ce6365ade6b5d2d74a267 Size: 616048 Path: %WINDIR%\System32\KERNEL32.DLL MD5: 0ee20a5c53e3d00b06fc9ddf0b27abe0 Size: 1705976 Path: %WINDIR%\System32\KERNELBASE.dll MD5: 4bec594a3d4aeafac400d88f7e328c7b Size: 1435896 Path: %WINDIR%\System32\USER32.dll MD5: 9d8f7bd41657b515dd46c7bf90a26cdb Size: 79536 Path: %WINDIR%\System32\win32u.dll MD5: a38bcc4df4da792c71f6fba54299f893 Size: 170960 Path: %WINDIR%\System32\GDI32.dll MD5: 1abaa0d5438ae8f680d5f744f6f1548b Size: 1414728 Path: %WINDIR%\System32\gdi32full.dll MD5: 876577374f31702acc9e8584db453c9b Size: 482392 Path: %WINDIR%\System32\ADVAPI32.dll MD5: 2b3053473d66ad4c34e05b4ab4a9636e Size: 773168 Path: %WINDIR%\System32\msvcrt.dll MD5: ed839824e2d0cde4544276df61bb9868 Size: 255168 Path: %WINDIR%\System32\sechost.dll MD5: 056e20bf43207e95a92d38b539656e3e Size: 790760 Path: %WINDIR%\System32\RPCRT4.dll MD5: 1a8e7650017f0bc9ad12a6861b5119ed Size: 117240 Path: %WINDIR%\System32\SspiCli.dll MD5: 3d4308bac53b881b16d9bd1006abdc65 Size: 31528 Path: %WINDIR%\System32\CRYPTBASE.dll MD5: dbb08db2f47433858c6606484f5fe545 Size: 367208 Path: %WINDIR%\System32\bcryptPrimitives.dll MD5: 0808104137cb6c1150a508691b6616a4 Size: 961192 Path: %WINDIR%\System32\ole32.dll MD5: 09fb1e45c38939b300140f01d14d0e6a Size: 2166752 Path: %WINDIR%\System32\combase.dll MD5: 2e0694a49824cf82c1972020db227d8c Size: 918304 Path: %WINDIR%\System32\ucrtbase.dll MD5: 9d861c150f7bb4df5e2c6fdb3dd78010 Size: 601712 Path: %WINDIR%\System32\OLEAUT32.dll MD5: 8dd0eab4f85b2fea280677b117785b15 Size: 498408 Path: %WINDIR%\System32\msvcp_win.dll MD5: 7b73fc5ad82af0fb84212106455e0d48 Size: 17048 Path: %WINDIR%\System32\PSAPI.DLL MD5: 845fd176fad495db046400ac93747976 Size: 43416 Path: %WINDIR%\System32\kernel.appcore.dll MD5: cf7308d27a2b2851249a7ce892017305 Size: 154432 Path: %WINDIR%\SYSTEM32\ntmarta.dll [Process] Memory Compression [Modules]: [Process] ApplicationFrameHost.exe [Modules]: [Process] SystemSettings.exe MD5: a91f621a8a0de91fae53d3051303809b Size: 83704 Path: %WINDIR%\ImmersiveControlPanel\SystemSettings.exe [Modules]: [Process] WmiPrvSE.exe MD5: b05a4ceada4d64d8c0207c4d0b599624 Size: 416768 Path: %WINDIR%\syswow64\wbem\WmiPrvSE.exe [Modules]: MD5: b05a4ceada4d64d8c0207c4d0b599624 Size: 416768 Path: %WINDIR%\syswow64\wbem\WmiPrvSE.exe MD5: aa3b16977532312a378b532db494b653 Size: 1572768 Path: %WINDIR%\SYSTEM32\ntdll.dll MD5: 956db4b52f2ce6365ade6b5d2d74a267 Size: 616048 Path: %WINDIR%\System32\KERNEL32.DLL MD5: 0ee20a5c53e3d00b06fc9ddf0b27abe0 Size: 1705976 Path: %WINDIR%\System32\KERNELBASE.dll MD5: 2b3053473d66ad4c34e05b4ab4a9636e Size: 773168 Path: %WINDIR%\System32\msvcrt.dll MD5: fba861ef9ae6f64ca375eea558d3149b Size: 779776 Path: %WINDIR%\system32\wbem\fastprox.dll MD5: 84a9dc42e3079cc1f07966fa036bb00e Size: 55296 Path: %WINDIR%\SYSTEM32\NCObjAPI.DLL MD5: f306c8d60c75d48bbe039ea69280bb6f Size: 391168 Path: %WINDIR%\SYSTEM32\wbemcomn.dll MD5: 09fb1e45c38939b300140f01d14d0e6a Size: 2166752 Path: %WINDIR%\System32\combase.dll MD5: 7a262815259f912431813fef6c2f8e0b Size: 402352 Path: %WINDIR%\System32\WS2_32.dll MD5: c041ed5ce66bedfa0ceac973c8e5dac5 Size: 106896 Path: %WINDIR%\SYSTEM32\bcrypt.dll MD5: 2e0694a49824cf82c1972020db227d8c Size: 918304 Path: %WINDIR%\System32\ucrtbase.dll MD5: ed839824e2d0cde4544276df61bb9868 Size: 255168 Path: %WINDIR%\System32\sechost.dll MD5: 056e20bf43207e95a92d38b539656e3e Size: 790760 Path: %WINDIR%\System32\RPCRT4.dll MD5: 1a8e7650017f0bc9ad12a6861b5119ed Size: 117240 Path: %WINDIR%\System32\SspiCli.dll MD5: 3d4308bac53b881b16d9bd1006abdc65 Size: 31528 Path: %WINDIR%\System32\CRYPTBASE.dll MD5: dbb08db2f47433858c6606484f5fe545 Size: 367208 Path: %WINDIR%\System32\bcryptPrimitives.dll MD5: 876577374f31702acc9e8584db453c9b Size: 482392 Path: %WINDIR%\System32\ADVAPI32.dll MD5: 4bec594a3d4aeafac400d88f7e328c7b Size: 1435896 Path: %WINDIR%\System32\USER32.dll MD5: 9d8f7bd41657b515dd46c7bf90a26cdb Size: 79536 Path: %WINDIR%\System32\win32u.dll MD5: a38bcc4df4da792c71f6fba54299f893 Size: 170960 Path: %WINDIR%\System32\GDI32.dll MD5: 1abaa0d5438ae8f680d5f744f6f1548b Size: 1414728 Path: %WINDIR%\System32\gdi32full.dll MD5: 845fd176fad495db046400ac93747976 Size: 43416 Path: %WINDIR%\System32\kernel.appcore.dll MD5: 87d1e3eb90a316f1fd6dd60a2457189a Size: 528360 Path: %WINDIR%\System32\clbcatq.dll MD5: 9d861c150f7bb4df5e2c6fdb3dd78010 Size: 601712 Path: %WINDIR%\System32\OLEAUT32.dll MD5: 8dd0eab4f85b2fea280677b117785b15 Size: 498408 Path: %WINDIR%\System32\msvcp_win.dll MD5: 75b865ad79ecea39f566f4ee82b8ec07 Size: 48640 Path: %WINDIR%\system32\wbem\wbemsvc.dll MD5: 6ae34de520137f17f0474a7fe88e0f30 Size: 99328 Path: %WINDIR%\system32\wbem\wmiutils.dll MD5: 8de2bd969738c7a09b65bb00ce90dc02 Size: 20992 Path: %WINDIR%\System32\delegatorprovider.dll MD5: 4feb654e5fa74b089bdd1776dea4e7eb Size: 20480 Path: %WINDIR%\SYSTEM32\storagewmi_passthru.dll [Process] CCleaner64.exe MD5: 8aa4a3119b2df4ffaad39a98f4764e47 Size: 8912088 Path: %SystemDrive%\Program Files\CCleaner\CCleaner64.exe [Modules]: [Process] unsecapp.exe [Modules]: [Process] WmiPrvSE.exe MD5: b05a4ceada4d64d8c0207c4d0b599624 Size: 416768 Path: %WINDIR%\System32\wbem\WmiPrvSE.exe [Modules]: [Process] isa.exe MD5: aad556b0e8033f5fbdf1bf396f843eaa Size: 335872 Path: %PROGRAMFILES%\Intel\Intel(R) Security Assist\isa.exe [Modules]: MD5: aad556b0e8033f5fbdf1bf396f843eaa Size: 335872 Path: %PROGRAMFILES%\Intel\Intel(R) Security Assist\isa.exe MD5: aa3b16977532312a378b532db494b653 Size: 1572768 Path: %WINDIR%\SYSTEM32\ntdll.dll MD5: 2582aa6c1f88d34b37b7f82d790d232e Size: 338432 Path: %WINDIR%\SYSTEM32\mscoree.dll MD5: 956db4b52f2ce6365ade6b5d2d74a267 Size: 616048 Path: %WINDIR%\System32\KERNEL32.DLL MD5: 0ee20a5c53e3d00b06fc9ddf0b27abe0 Size: 1705976 Path: %WINDIR%\System32\KERNELBASE.dll MD5: 876577374f31702acc9e8584db453c9b Size: 482392 Path: %WINDIR%\System32\ADVAPI32.dll MD5: 2b3053473d66ad4c34e05b4ab4a9636e Size: 773168 Path: %WINDIR%\System32\msvcrt.dll MD5: ed839824e2d0cde4544276df61bb9868 Size: 255168 Path: %WINDIR%\System32\sechost.dll MD5: 056e20bf43207e95a92d38b539656e3e Size: 790760 Path: %WINDIR%\System32\RPCRT4.dll MD5: 1a8e7650017f0bc9ad12a6861b5119ed Size: 117240 Path: %WINDIR%\System32\SspiCli.dll MD5: 3d4308bac53b881b16d9bd1006abdc65 Size: 31528 Path: %WINDIR%\System32\CRYPTBASE.dll MD5: dbb08db2f47433858c6606484f5fe545 Size: 367208 Path: %WINDIR%\System32\bcryptPrimitives.dll MD5: 0487cfc8ab4470573d6e268c20bbe29c Size: 511656 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll MD5: d9af3498fa5fe659c8f65408fdbf3990 Size: 284056 Path: %WINDIR%\System32\shlwapi.dll MD5: 09fb1e45c38939b300140f01d14d0e6a Size: 2166752 Path: %WINDIR%\System32\combase.dll MD5: 2e0694a49824cf82c1972020db227d8c Size: 918304 Path: %WINDIR%\System32\ucrtbase.dll MD5: a38bcc4df4da792c71f6fba54299f893 Size: 170960 Path: %WINDIR%\System32\GDI32.dll MD5: 1abaa0d5438ae8f680d5f744f6f1548b Size: 1414728 Path: %WINDIR%\System32\gdi32full.dll MD5: 4bec594a3d4aeafac400d88f7e328c7b Size: 1435896 Path: %WINDIR%\System32\USER32.dll MD5: 9d8f7bd41657b515dd46c7bf90a26cdb Size: 79536 Path: %WINDIR%\System32\win32u.dll MD5: 845fd176fad495db046400ac93747976 Size: 43416 Path: %WINDIR%\System32\kernel.appcore.dll MD5: 181fe38c3fe164fbfc1a5a8399ccc2da Size: 27360 Path: %WINDIR%\SYSTEM32\VERSION.dll MD5: 4cf6dc9eb4b1ead6415945b794f9dd08 Size: 7200912 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\clr.dll MD5: 856da04454a75cf6e7453d53cd90a29d Size: 987848 Path: %WINDIR%\SYSTEM32\MSVCR120_CLR0400.dll MD5: cfd9f42036b8cb100244464c852caae5 Size: 19611824 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\mscorlib\f06d35cdb58e63c8a25f1658f23fd20d\mscorlib.ni.dll MD5: 0808104137cb6c1150a508691b6616a4 Size: 961192 Path: %WINDIR%\System32\ole32.dll MD5: ea0330099996ab67a26a737b5d10c53a Size: 521368 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\clrjit.dll MD5: 9d861c150f7bb4df5e2c6fdb3dd78010 Size: 601712 Path: %WINDIR%\System32\OLEAUT32.dll MD5: 8dd0eab4f85b2fea280677b117785b15 Size: 498408 Path: %WINDIR%\System32\msvcp_win.dll MD5: 897fc7c6aa44f5ebf88139492f41e46a Size: 10266112 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System\6d712bf5f07ce74d9e2d31a443dea9c2\System.ni.dll MD5: 28a452a9f4a46eddd016c0da6cc3606b Size: 1626112 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Drawing\058e016628ca385ecca0589255c71bce\System.Drawing.ni.dll MD5: 00f60e7925c9d30427e83362c9dcb643 Size: 12992512 Path: %WINDIR%\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\68f0c8b24547a1eeafc998eb2b2522e0\System.Windows.Forms.ni.dll MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll MD5: 90a1cd387f9cb30f86d34b88bfcd83a1 Size: 213848 Path: %WINDIR%\System32\cfgmgr32.dll MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\System32\windows.storage.dll MD5: a6f22ca344fd1b7d75d49ecc718693c8 Size: 275832 Path: %WINDIR%\System32\powrprof.dll MD5: 9ba6a3849fc8a5b34944135de5263035 Size: 549088 Path: %WINDIR%\System32\shcore.dll MD5: ca6447ddca724f0c5c0cafde184efe64 Size: 54752 Path: %WINDIR%\System32\profapi.dll [Process] firefox.exe MD5: 3dab9632c789a1895760e641d747b4ef Size: 517064 Path: %SystemDrive%\Programy\firefox\firefox.exe [Modules]: MD5: 3dab9632c789a1895760e641d747b4ef Size: 517064 Path: %SystemDrive%\Programy\firefox\firefox.exe MD5: aa3b16977532312a378b532db494b653 Size: 1572768 Path: %WINDIR%\SYSTEM32\ntdll.dll MD5: 956db4b52f2ce6365ade6b5d2d74a267 Size: 616048 Path: %WINDIR%\System32\KERNEL32.DLL MD5: 0ee20a5c53e3d00b06fc9ddf0b27abe0 Size: 1705976 Path: %WINDIR%\System32\KERNELBASE.dll MD5: 876577374f31702acc9e8584db453c9b Size: 482392 Path: %WINDIR%\System32\ADVAPI32.dll MD5: 21d5ded66ccb26b858ca235afcb6826c Size: 124360 Path: %SystemDrive%\Programy\firefox\mozglue.dll MD5: 2b3053473d66ad4c34e05b4ab4a9636e Size: 773168 Path: %WINDIR%\System32\msvcrt.dll MD5: ed839824e2d0cde4544276df61bb9868 Size: 255168 Path: %WINDIR%\System32\sechost.dll MD5: 2e0694a49824cf82c1972020db227d8c Size: 918304 Path: %WINDIR%\System32\ucrtbase.dll MD5: 056e20bf43207e95a92d38b539656e3e Size: 790760 Path: %WINDIR%\System32\RPCRT4.dll MD5: 181fe38c3fe164fbfc1a5a8399ccc2da Size: 27360 Path: %WINDIR%\SYSTEM32\VERSION.dll MD5: 1a8e7650017f0bc9ad12a6861b5119ed Size: 117240 Path: %WINDIR%\System32\SspiCli.dll MD5: 529408e2c123d00d4cc2bebcc8479566 Size: 1220608 Path: %WINDIR%\SYSTEM32\dbghelp.dll MD5: d25c3ff7a4cbbffc7c9fff4f659051ce Size: 440120 Path: %SystemDrive%\Programy\firefox\MSVCP140.dll MD5: 3d4308bac53b881b16d9bd1006abdc65 Size: 31528 Path: %WINDIR%\System32\CRYPTBASE.dll MD5: dbb08db2f47433858c6606484f5fe545 Size: 367208 Path: %WINDIR%\System32\bcryptPrimitives.dll MD5: a2523ea6950e248cbdf18c9ea1a844f6 Size: 83784 Path: %SystemDrive%\Programy\firefox\VCRUNTIME140.dll MD5: 11218c9f81404a51d1eb6b56ba60f9ab Size: 22720 Path: %SystemDrive%\Programy\firefox\api-ms-win-crt-runtime-l1-1-0.dll MD5: e65f76759251845fa1e6a3cf41b5f231 Size: 24256 Path: %SystemDrive%\Programy\firefox\api-ms-win-crt-string-l1-1-0.dll MD5: cb4e401ce4fc657ccebb85f96840cc8b Size: 18624 Path: %SystemDrive%\Programy\firefox\api-ms-win-crt-heap-l1-1-0.dll MD5: d67520bff673cab4b2ed1af12de37a1f Size: 24256 Path: %SystemDrive%\Programy\firefox\api-ms-win-crt-stdio-l1-1-0.dll MD5: bc0be695e63548171105c57d2e9b98e7 Size: 22208 Path: %SystemDrive%\Programy\firefox\api-ms-win-crt-convert-l1-1-0.dll MD5: 49a69484b524c6f9fd641e015dd15154 Size: 28864 Path: %SystemDrive%\Programy\firefox\api-ms-win-crt-math-l1-1-0.dll MD5: 07ba5f40c64134e5749df0e8cfee082e Size: 20160 Path: %SystemDrive%\Programy\firefox\api-ms-win-crt-filesystem-l1-1-0.dll MD5: 6bfbf95b7253f32a77bacdf119b678f3 Size: 18624 Path: %SystemDrive%\Programy\firefox\api-ms-win-crt-environment-l1-1-0.dll MD5: 1622347a34eba068916713cf28f46b67 Size: 20672 Path: %SystemDrive%\Programy\firefox\api-ms-win-crt-time-l1-1-0.dll MD5: f7af6bb63229721005c8ac85dc86f5c2 Size: 18624 Path: %SystemDrive%\Programy\firefox\api-ms-win-crt-utility-l1-1-0.dll MD5: 66f65b59dff2f8927dc3c8045d8c3a0a Size: 25792 Path: %SystemDrive%\Programy\firefox\api-ms-win-crt-multibyte-l1-1-0.dll MD5: 0a8509c223118caa12f80844d3a42b37 Size: 1222600 Path: %SystemDrive%\Programy\firefox\nss3.dll MD5: 7bc233f49c60b2fc6869b05318c02d64 Size: 16384 Path: %WINDIR%\SYSTEM32\WSOCK32.dll MD5: 2cdb8e874f0950ea17a7135427b4f07d Size: 135376 Path: %WINDIR%\SYSTEM32\WINMM.dll MD5: 7a262815259f912431813fef6c2f8e0b Size: 402352 Path: %WINDIR%\System32\WS2_32.dll MD5: dcdf6a9e619644e12c74457a8a3c1e1b Size: 131208 Path: %WINDIR%\SYSTEM32\WINMMBASE.dll MD5: 90a1cd387f9cb30f86d34b88bfcd83a1 Size: 213848 Path: %WINDIR%\System32\cfgmgr32.dll MD5: 59ff1c05b5221107f1f0cd576e0efd18 Size: 52168 Path: %SystemDrive%\Programy\firefox\lgpllibs.dll MD5: b53d96644f5774fe29ba8bb12d6e5f66 Size: 18624 Path: %SystemDrive%\Programy\firefox\api-ms-win-crt-locale-l1-1-0.dll MD5: 7baa763e23a922e3f664d5b89bf6f800 Size: 51669960 Path: %SystemDrive%\Programy\firefox\xul.dll MD5: 4bec594a3d4aeafac400d88f7e328c7b Size: 1435896 Path: %WINDIR%\System32\USER32.dll MD5: 9d8f7bd41657b515dd46c7bf90a26cdb Size: 79536 Path: %WINDIR%\System32\win32u.dll MD5: a38bcc4df4da792c71f6fba54299f893 Size: 170960 Path: %WINDIR%\System32\GDI32.dll MD5: 1abaa0d5438ae8f680d5f744f6f1548b Size: 1414728 Path: %WINDIR%\System32\gdi32full.dll MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\System32\windows.storage.dll MD5: 09fb1e45c38939b300140f01d14d0e6a Size: 2166752 Path: %WINDIR%\System32\combase.dll MD5: a6f22ca344fd1b7d75d49ecc718693c8 Size: 275832 Path: %WINDIR%\System32\powrprof.dll MD5: d9af3498fa5fe659c8f65408fdbf3990 Size: 284056 Path: %WINDIR%\System32\shlwapi.dll MD5: 845fd176fad495db046400ac93747976 Size: 43416 Path: %WINDIR%\System32\kernel.appcore.dll MD5: 9ba6a3849fc8a5b34944135de5263035 Size: 549088 Path: %WINDIR%\System32\shcore.dll MD5: ca6447ddca724f0c5c0cafde184efe64 Size: 54752 Path: %WINDIR%\System32\profapi.dll MD5: 0808104137cb6c1150a508691b6616a4 Size: 961192 Path: %WINDIR%\System32\ole32.dll MD5: 1f5d8a8444319a9e8a1b20dde8771b86 Size: 78336 Path: %WINDIR%\SYSTEM32\USP10.dll MD5: 5d52820bcf597eac5b109d1494b149ba Size: 1556712 Path: %WINDIR%\System32\CRYPT32.dll MD5: 5e8336c79be0c2f1080b575e434dd0e4 Size: 49080 Path: %WINDIR%\System32\MSASN1.dll MD5: 37589bb48e6ab032bd67bc21e4e92d4f Size: 184416 Path: %WINDIR%\SYSTEM32\IPHLPAPI.DLL MD5: 203f58ba41b48a59d6a047e0233db422 Size: 144632 Path: %WINDIR%\System32\IMM32.DLL MD5: db22bf6e188f54e592c1bbfbd4f79497 Size: 7168 Path: %WINDIR%\SYSTEM32\msimg32.dll MD5: b4afcaa856c58fab35c6b6dcf802e420 Size: 4268368 Path: %WINDIR%\System32\SETUPAPI.dll MD5: 3b83c49b5a250a95183dcbbb384b45f4 Size: 457728 Path: %WINDIR%\system32\uxtheme.dll MD5: a818f21b0e11ee3156e1330e7749b71d Size: 272720 Path: %WINDIR%\System32\WINTRUST.dll MD5: 9d861c150f7bb4df5e2c6fdb3dd78010 Size: 601712 Path: %WINDIR%\System32\OLEAUT32.dll MD5: 55d5450c85c0a0de8f2a22f2c0c816ae Size: 53216 Path: %WINDIR%\SYSTEM32\WTSAPI32.dll MD5: 8dd0eab4f85b2fea280677b117785b15 Size: 498408 Path: %WINDIR%\System32\msvcp_win.dll MD5: 748c272726fbc78aa29381d110fb5252 Size: 262656 Path: %WINDIR%\SYSTEM32\pdh.dll MD5: 48b4e14571bea9ebefbf44d01dce24b7 Size: 386000 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\inproc_agent.dll MD5: a839b2cf099c3f328e6d369e29b14e02 Size: 113504 Path: %WINDIR%\system32\dwmapi.dll MD5: cf7308d27a2b2851249a7ce892017305 Size: 154432 Path: %WINDIR%\SYSTEM32\ntmarta.dll MD5: 89489a92fa61e2f44085693e4d574485 Size: 2003968 Path: %WINDIR%\SYSTEM32\dwrite.dll MD5: f9e3229224fec57a53f5b2a4b21942e0 Size: 135680 Path: %WINDIR%\SYSTEM32\dbgcore.DLL MD5: 87d1e3eb90a316f1fd6dd60a2457189a Size: 528360 Path: %WINDIR%\System32\clbcatq.dll MD5: 69a2169e9b8a13e8d6211d2d978100cc Size: 1375456 Path: %WINDIR%\SYSTEM32\propsys.DLL MD5: 4c8949c02fb00a66327be21f44515b87 Size: 1260784 Path: %WINDIR%\System32\MSCTF.dll MD5: aa86dc342b4ed1c1f839c3bc8aea64b1 Size: 497416 Path: %WINDIR%\SYSTEM32\DNSAPI.dll MD5: bc36aaf42722db03d8aab9f17b6c6ad9 Size: 20152 Path: %WINDIR%\System32\NSI.dll MD5: 8e6958813b6faaff8a6ee9f2a7040299 Size: 306016 Path: %WINDIR%\system32\mswsock.dll MD5: 003274de008d272c16c80d726845c23c Size: 35328 Path: %WINDIR%\system32\wbem\wbemprox.dll MD5: f306c8d60c75d48bbe039ea69280bb6f Size: 391168 Path: %WINDIR%\SYSTEM32\wbemcomn.dll MD5: c041ed5ce66bedfa0ceac973c8e5dac5 Size: 106896 Path: %WINDIR%\SYSTEM32\bcrypt.dll MD5: 75b865ad79ecea39f566f4ee82b8ec07 Size: 48640 Path: %WINDIR%\system32\wbem\wbemsvc.dll MD5: fba861ef9ae6f64ca375eea558d3149b Size: 779776 Path: %WINDIR%\system32\wbem\fastprox.dll MD5: 390e89b590bf63eebf88abc15078a198 Size: 55808 Path: %WINDIR%\system32\napinsp.dll MD5: 3f0f179c20f3633d2ec06774430ba831 Size: 70656 Path: %WINDIR%\system32\pnrpnsp.dll MD5: a8c6fcb5a946ab8a9553f43529dfda9a Size: 65024 Path: %WINDIR%\system32\NLAapi.dll MD5: 6b408458867bf3b61f363c0eb423f87f Size: 24064 Path: %WINDIR%\System32\winrnr.dll MD5: 453c23668fd9f3b8720379ad2b0ea5cf Size: 51712 Path: %WINDIR%\System32\wshbth.dll MD5: 7f5f2cdf3d783270356c8dafee274ce6 Size: 146888 Path: %SystemDrive%\Programy\firefox\softokn3.dll MD5: dcdae1770760d252c04b03e7bc132b90 Size: 93640 Path: %SystemDrive%\Programy\firefox\nssdbm3.dll MD5: 58990db17424f3335b39db4850a6547e Size: 319944 Path: %SystemDrive%\Programy\firefox\freebl3.dll MD5: 4621ed762cf90bbd3937a1497808822a Size: 414152 Path: %SystemDrive%\Programy\firefox\nssckbi.dll MD5: a1c818c3666dc5d95c40f36ef7b70685 Size: 132232 Path: %WINDIR%\SYSTEM32\DEVOBJ.dll MD5: bbf3f91d31efdff383e2365d3b84961e Size: 2277288 Path: %WINDIR%\system32\d3d11.dll MD5: 72620b8273b8cae75101f83b0dbabdf1 Size: 524776 Path: %WINDIR%\system32\dxgi.dll MD5: b3e45ebefb2e7d335753e9024653c585 Size: 17491544 Path: %WINDIR%\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igd10iumd32.dll MD5: f2cae3c03d4eb93f9dc22d2d6e3d91cd Size: 120384 Path: %WINDIR%\SYSTEM32\ncrypt.dll MD5: cda0441be02bb525b159b3949d9dc67d Size: 173008 Path: %WINDIR%\SYSTEM32\NTASN1.dll MD5: 5a9da467afa81047c4a9526794918f21 Size: 16067216 Path: %WINDIR%\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igc32.dll MD5: 86f3dd8105ea18131bad4a145f31b668 Size: 5061120 Path: %WINDIR%\SYSTEM32\d2d1.dll MD5: 7d4814b02f8844302f29644a1b79765d Size: 185400 Path: %WINDIR%\System32\XmlLite.dll MD5: d304a5d47c78b5e37ba064a7df631396 Size: 526336 Path: %WINDIR%\SYSTEM32\mscms.dll MD5: eb27fe8770bb56d2ba9c9c29f1ab07da Size: 94568 Path: %WINDIR%\SYSTEM32\USERENV.dll MD5: 74261d485681a12aff1ad517fd0ef200 Size: 257248 Path: %WINDIR%\SYSTEM32\WINSTA.dll MD5: 7d1cee0aec344815661c8c45cefc1643 Size: 257536 Path: %WINDIR%\system32\dataexchange.dll MD5: 15c27a751b2da417d6f9948369e8cb90 Size: 1122344 Path: %WINDIR%\system32\dcomp.dll MD5: 5345f26bf489743968d9feca375a2d48 Size: 975744 Path: %WINDIR%\system32\twinapi.appcore.dll MD5: 22df1cd3f5941981b33794cf0fab0f18 Size: 352760 Path: %WINDIR%\System32\MMDevApi.dll MD5: 9ad25ad61cf912b5c77c13e89d5ef511 Size: 484584 Path: %WINDIR%\SYSTEM32\AUDIOSES.DLL MD5: d87ea5b6cfa55faf232fb987d719246b Size: 846560 Path: %WINDIR%\System32\WinTypes.dll MD5: 3b0c16c02ad9a6c70240280fc03ac60a Size: 2483200 Path: %WINDIR%\SYSTEM32\wininet.dll MD5: 6ecccd4830cce0ea1297ad7832d7607c Size: 2262776 Path: %WINDIR%\SYSTEM32\iertutil.dll MD5: df275c9659ed8215695b572a8ce17fbc Size: 50176 Path: %WINDIR%\SYSTEM32\ondemandconnroutehelper.dll MD5: bf9c66e5614e392fa1255a90046d3275 Size: 636928 Path: %WINDIR%\SYSTEM32\winhttp.dll MD5: 53965fb6de57c0e2abae5f1870888d44 Size: 26848 Path: %WINDIR%\SYSTEM32\WINNSI.DLL MD5: 893145106ab68e239e41ddf7f509c374 Size: 422400 Path: %WINDIR%\System32\twinapi.dll MD5: 49f66601f196554bc9b36310ce84f011 Size: 13312 Path: %WINDIR%\System32\rasadhlp.dll MD5: ba22c7afe02e09916c5664e1dd98a879 Size: 279040 Path: %WINDIR%\System32\fwpuclnt.dll MD5: 86e65dfb2d09c5faa08f067277277bcb Size: 4423680 Path: %WINDIR%\system32\explorerframe.dll MD5: 7b73fc5ad82af0fb84212106455e0d48 Size: 17048 Path: %WINDIR%\System32\PSAPI.DLL MD5: 0ce6aff79009aeec169c9a75b7567d30 Size: 68720 Path: %WINDIR%\SYSTEM32\CRYPTSP.dll MD5: 9a03702c5ebbc4761770bae67764b219 Size: 184416 Path: %WINDIR%\system32\rsaenh.dll MD5: 12ec02a8bbf929b903b68fe22b6f3abf Size: 124480 Path: %WINDIR%\SYSTEM32\Cabinet.dll MD5: 9ebaed03837667c2b68f8620e4bac696 Size: 155080 Path: %SystemDrive%\Programy\firefox\mozavutil.dll MD5: 51b6d58870fd4a2c48a932d02cdeb5d6 Size: 1448904 Path: %SystemDrive%\Programy\firefox\mozavcodec.dll MD5: c64e7793bdffb6eacd7d0a9bed56fa11 Size: 1123912 Path: %WINDIR%\system32\mfplat.dll MD5: 5bc2d871eb445a70eb762ece7c574bbd Size: 152416 Path: %WINDIR%\SYSTEM32\RTWorkQ.DLL MD5: 6f2b000603057fa71ce532eb63da11c5 Size: 530480 Path: %WINDIR%\system32\mf.dll MD5: 3e26ca9b5ccd4c04506c0109bede3b36 Size: 114720 Path: %WINDIR%\system32\dxva2.dll MD5: 39f8bff90afee99232bf5bd60a3ddbaa Size: 640976 Path: %WINDIR%\system32\evr.dll MD5: 60009a9d6b55655b7dc63353bc93b72e Size: 455040 Path: %WINDIR%\System32\MSAudDecMFT.dll MD5: 8bcbf263a1a513a6d5041c42b0fbaedf Size: 1088264 Path: %WINDIR%\System32\mfperfhelper.dll MD5: 5d692ffb8357d929f018b3faf9f7f985 Size: 2206496 Path: %WINDIR%\System32\msmpeg2vdec.dll MD5: 19d8119776943ed31455c54472dbfafc Size: 33792 Path: %WINDIR%\SYSTEM32\LINKINFO.dll MD5: b14ec96f7a15decf967560e981e592c8 Size: 772608 Path: %WINDIR%\System32\ntshrui.dll MD5: ddb56b83b18735f13fd1cbef877e9db0 Size: 75920 Path: %WINDIR%\SYSTEM32\srvcli.dll MD5: 6be1dae295eadf4a058f83c164a27089 Size: 42496 Path: %WINDIR%\SYSTEM32\cscapi.dll MD5: 9a3e79e1fd37790c14b7e1ef9450d515 Size: 1564160 Path: %WINDIR%\System32\quartz.dll MD5: b691ffefda6936fd8306cdd69a92f13c Size: 139264 Path: %WINDIR%\System32\qasf.dll MD5: fc38c4d4b0e4bb94820c6a9ae261054a Size: 28936 Path: %WINDIR%\System32\msdmo.dll MD5: 1180638333d2e68dd722a4a4b3dc5612 Size: 2231288 Path: %WINDIR%\System32\WMVCore.DLL MD5: 8e134087e2283309059a22ad3ef86b04 Size: 273232 Path: %WINDIR%\System32\WMASF.DLL MD5: f2c1efb3cbeea035419cc9b4001a39e8 Size: 98632 Path: %WINDIR%\System32\mp3dmod.dll MD5: 5ea0c7bd6ad71763c1706b838a231add Size: 299520 Path: %WINDIR%\system32\Ninput.dll MD5: d6911fb5a858012045c64d40d44dfe77 Size: 232448 Path: %WINDIR%\SYSTEM32\edputil.dll [Process] SpyHunter4.exe MD5: 7d552063bca795d842ec755141b75c6e Size: 8193192 Path: %SystemDrive%\Program Files\SpyHunter\SpyHunter4.exe [Modules]: MD5: 7d552063bca795d842ec755141b75c6e Size: 8193192 Path: %SystemDrive%\Program Files\SpyHunter\SpyHunter4.exe MD5: aa3b16977532312a378b532db494b653 Size: 1572768 Path: %WINDIR%\SYSTEM32\ntdll.dll MD5: 956db4b52f2ce6365ade6b5d2d74a267 Size: 616048 Path: %WINDIR%\System32\KERNEL32.DLL MD5: 0ee20a5c53e3d00b06fc9ddf0b27abe0 Size: 1705976 Path: %WINDIR%\System32\KERNELBASE.dll MD5: 68e80b8d811c8967fb9a9a6cc263b77c Size: 310272 Path: %WINDIR%\System32\WLDAP32.dll MD5: 2e0694a49824cf82c1972020db227d8c Size: 918304 Path: %WINDIR%\System32\ucrtbase.dll MD5: 7a262815259f912431813fef6c2f8e0b Size: 402352 Path: %WINDIR%\System32\WS2_32.dll MD5: ed839824e2d0cde4544276df61bb9868 Size: 255168 Path: %WINDIR%\System32\sechost.dll MD5: 056e20bf43207e95a92d38b539656e3e Size: 790760 Path: %WINDIR%\System32\RPCRT4.dll MD5: 1a8e7650017f0bc9ad12a6861b5119ed Size: 117240 Path: %WINDIR%\System32\SspiCli.dll MD5: 3d4308bac53b881b16d9bd1006abdc65 Size: 31528 Path: %WINDIR%\System32\CRYPTBASE.dll MD5: dbb08db2f47433858c6606484f5fe545 Size: 367208 Path: %WINDIR%\System32\bcryptPrimitives.dll MD5: 4bec594a3d4aeafac400d88f7e328c7b Size: 1435896 Path: %WINDIR%\System32\USER32.dll MD5: 9d8f7bd41657b515dd46c7bf90a26cdb Size: 79536 Path: %WINDIR%\System32\win32u.dll MD5: a38bcc4df4da792c71f6fba54299f893 Size: 170960 Path: %WINDIR%\System32\GDI32.dll MD5: 1abaa0d5438ae8f680d5f744f6f1548b Size: 1414728 Path: %WINDIR%\System32\gdi32full.dll MD5: 053b12d5d2e45a7e01e43f008552620c Size: 912896 Path: %WINDIR%\System32\comdlg32.dll MD5: 2b3053473d66ad4c34e05b4ab4a9636e Size: 773168 Path: %WINDIR%\System32\msvcrt.dll MD5: 09fb1e45c38939b300140f01d14d0e6a Size: 2166752 Path: %WINDIR%\System32\combase.dll MD5: 9ba6a3849fc8a5b34944135de5263035 Size: 549088 Path: %WINDIR%\System32\shcore.dll MD5: d9af3498fa5fe659c8f65408fdbf3990 Size: 284056 Path: %WINDIR%\System32\shlwapi.dll MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll MD5: ed3282502e6b3b6c74ddbfd5b5102a73 Size: 355496 Path: %SystemDrive%\Program Files\SpyHunter\Common.dll MD5: 90a1cd387f9cb30f86d34b88bfcd83a1 Size: 213848 Path: %WINDIR%\System32\cfgmgr32.dll MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\System32\windows.storage.dll MD5: a6f22ca344fd1b7d75d49ecc718693c8 Size: 275832 Path: %WINDIR%\System32\powrprof.dll MD5: 876577374f31702acc9e8584db453c9b Size: 482392 Path: %WINDIR%\System32\ADVAPI32.dll MD5: 845fd176fad495db046400ac93747976 Size: 43416 Path: %WINDIR%\System32\kernel.appcore.dll MD5: ca6447ddca724f0c5c0cafde184efe64 Size: 54752 Path: %WINDIR%\System32\profapi.dll MD5: 9d861c150f7bb4df5e2c6fdb3dd78010 Size: 601712 Path: %WINDIR%\System32\OLEAUT32.dll MD5: 0808104137cb6c1150a508691b6616a4 Size: 961192 Path: %WINDIR%\System32\ole32.dll MD5: 8dd0eab4f85b2fea280677b117785b15 Size: 498408 Path: %WINDIR%\System32\msvcp_win.dll MD5: 7b73fc5ad82af0fb84212106455e0d48 Size: 17048 Path: %WINDIR%\System32\PSAPI.DLL MD5: 7d22fd890acea0c24f2ed2a40bf32552 Size: 4417704 Path: %SystemDrive%\Program Files\SpyHunter\ShScanner.dll MD5: a818f21b0e11ee3156e1330e7749b71d Size: 272720 Path: %WINDIR%\System32\WINTRUST.dll MD5: 5e8336c79be0c2f1080b575e434dd0e4 Size: 49080 Path: %WINDIR%\System32\MSASN1.dll MD5: 5d52820bcf597eac5b109d1494b149ba Size: 1556712 Path: %WINDIR%\System32\CRYPT32.dll MD5: ba03793eb5474ec4f4560615f57352f1 Size: 928936 Path: %SystemDrive%\Program Files\SpyHunter\Defman.dll MD5: 7e455eba50fbe067852d034e4e45ff27 Size: 842920 Path: %SystemDrive%\Program Files\SpyHunter\ExecutionGuard.dll MD5: 37589bb48e6ab032bd67bc21e4e92d4f Size: 184416 Path: %WINDIR%\SYSTEM32\IPHLPAPI.DLL MD5: 2f9c4b53d80a8ec9d34fd482cb1d0bd3 Size: 2121568 Path: %WINDIR%\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171\Comctl32.dll MD5: db22bf6e188f54e592c1bbfbd4f79497 Size: 7168 Path: %WINDIR%\SYSTEM32\msimg32.dll MD5: 181fe38c3fe164fbfc1a5a8399ccc2da Size: 27360 Path: %WINDIR%\SYSTEM32\VERSION.dll MD5: 3b0c16c02ad9a6c70240280fc03ac60a Size: 2483200 Path: %WINDIR%\SYSTEM32\wininet.dll MD5: 37d01fc6cbf24f96edf0a2e6a2f28b4c Size: 1456640 Path: %WINDIR%\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.953_none_baad48403594ab3f\gdiplus.dll MD5: 203f58ba41b48a59d6a047e0233db422 Size: 144632 Path: %WINDIR%\System32\IMM32.DLL MD5: 3b83c49b5a250a95183dcbbb384b45f4 Size: 457728 Path: %WINDIR%\system32\uxtheme.dll MD5: 8b3765d5135a105f4ad1b2582717b493 Size: 515072 Path: %WINDIR%\SYSTEM32\RICHED20.DLL MD5: 1f5d8a8444319a9e8a1b20dde8771b86 Size: 78336 Path: %WINDIR%\SYSTEM32\USP10.dll MD5: b2911deddf06ca1ab66c810eb98aa503 Size: 185856 Path: %WINDIR%\SYSTEM32\msls31.dll MD5: f5e60d35bf9ce8a395e720fbbdb97b10 Size: 2740224 Path: %WINDIR%\SYSTEM32\msftedit.dll MD5: 4c8949c02fb00a66327be21f44515b87 Size: 1260784 Path: %WINDIR%\System32\MSCTF.dll MD5: a839b2cf099c3f328e6d369e29b14e02 Size: 113504 Path: %WINDIR%\system32\dwmapi.dll MD5: bc36aaf42722db03d8aab9f17b6c6ad9 Size: 20152 Path: %WINDIR%\System32\NSI.dll MD5: cf0766d323fb5bdd661fd9dd81708860 Size: 63488 Path: %WINDIR%\SYSTEM32\dhcpcsvc.DLL MD5: 8a581a8ee691fd046af2af51f2de9f02 Size: 57344 Path: %WINDIR%\SYSTEM32\dhcpcsvc6.DLL MD5: aa86dc342b4ed1c1f839c3bc8aea64b1 Size: 497416 Path: %WINDIR%\SYSTEM32\DNSAPI.dll MD5: 53965fb6de57c0e2abae5f1870888d44 Size: 26848 Path: %WINDIR%\SYSTEM32\WINNSI.DLL MD5: a15f20d38cd348f09f94c6cfc9c4ddf3 Size: 1504056 Path: %WINDIR%\SYSTEM32\WindowsCodecs.dll MD5: 87d1e3eb90a316f1fd6dd60a2457189a Size: 528360 Path: %WINDIR%\System32\clbcatq.dll MD5: 20b7e458b112b3b511db03ba0d00817f Size: 223744 Path: %WINDIR%\System32\mstask.dll MD5: 861c98897fef6408b328ff1f4cc161c2 Size: 566600 Path: %WINDIR%\System32\taskschd.dll MD5: 89489a92fa61e2f44085693e4d574485 Size: 2003968 Path: %WINDIR%\SYSTEM32\dwrite.dll MD5: 8e6958813b6faaff8a6ee9f2a7040299 Size: 306016 Path: %WINDIR%\system32\mswsock.dll MD5: ba22c7afe02e09916c5664e1dd98a879 Size: 279040 Path: %WINDIR%\System32\fwpuclnt.dll MD5: c041ed5ce66bedfa0ceac973c8e5dac5 Size: 106896 Path: %WINDIR%\SYSTEM32\bcrypt.dll MD5: 49f66601f196554bc9b36310ce84f011 Size: 13312 Path: %WINDIR%\System32\rasadhlp.dll MD5: 69a2169e9b8a13e8d6211d2d978100cc Size: 1375456 Path: %WINDIR%\SYSTEM32\propsys.DLL MD5: 303fef67dd454e2cdef67849cb0872bc Size: 248992 Path: %WINDIR%\SYSTEM32\policymanager.dll MD5: 051823779007d43954589f44c3ab7b9e Size: 415256 Path: %WINDIR%\SYSTEM32\msvcp110_win.dll MD5: a3c9a12d3b208557eb69d7bc3b2e1eaa Size: 869848 Path: %WINDIR%\SYSTEM32\MrmCoreR.dll MD5: 6ecccd4830cce0ea1297ad7832d7607c Size: 2262776 Path: %WINDIR%\SYSTEM32\iertutil.dll MD5: 6d1a29096e54589362357cdf0ba1e9e9 Size: 581120 Path: %WINDIR%\system32\apphelp.dll MD5: 49e148f0fb59d9c65466f253ae64d762 Size: 256512 Path: %WINDIR%\System32\thumbcache.dll MD5: 0ce6aff79009aeec169c9a75b7567d30 Size: 68720 Path: %WINDIR%\SYSTEM32\CRYPTSP.dll MD5: 9a03702c5ebbc4761770bae67764b219 Size: 184416 Path: %WINDIR%\system32\rsaenh.dll MD5: 6219a99c26658cdf126e7fa53c709241 Size: 112120 Path: %WINDIR%\SYSTEM32\gpapi.dll MD5: bfcfb0177935e235b1febade3694839d Size: 93984 Path: %WINDIR%\System32\imagehlp.dll MD5: 0e874792ff73e37ad88f47be222e1d59 Size: 134656 Path: %WINDIR%\System32\cryptnet.dll MD5: 7d4814b02f8844302f29644a1b79765d Size: 185400 Path: %WINDIR%\System32\XmlLite.dll MD5: 003274de008d272c16c80d726845c23c Size: 35328 Path: %WINDIR%\system32\wbem\wbemprox.dll MD5: f306c8d60c75d48bbe039ea69280bb6f Size: 391168 Path: %WINDIR%\SYSTEM32\wbemcomn.dll MD5: 75b865ad79ecea39f566f4ee82b8ec07 Size: 48640 Path: %WINDIR%\system32\wbem\wbemsvc.dll MD5: fba861ef9ae6f64ca375eea558d3149b Size: 779776 Path: %WINDIR%\system32\wbem\fastprox.dll MD5: 74261d485681a12aff1ad517fd0ef200 Size: 257248 Path: %WINDIR%\SYSTEM32\WINSTA.dll MD5: 2582aa6c1f88d34b37b7f82d790d232e Size: 338432 Path: %WINDIR%\SYSTEM32\mscoree.dll MD5: 0487cfc8ab4470573d6e268c20bbe29c Size: 511656 Path: %WINDIR%\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll MD5: 92f9b0231eaa8e9cd8112a6860cc2fb2 Size: 116888 Path: %WINDIR%\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll MD5: 26a95438c2d0e0c41b73d19400f4c2db Size: 626688 Path: %WINDIR%\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\MSVCR80.dll MD5: 0c1b681f6844c9a3b927223cbd74551a Size: 16528 Path: %WINDIR%\Microsoft.NET\Framework\v2.0.50727\Fusion.dll MD5: 22e9113ea0d1d8252314f23bad16dd36 Size: 24720 Path: %WINDIR%\Microsoft.NET\Framework\v2.0.50727\culture.dll MD5: 107095302121f4c6651d5ae4851b37b1 Size: 93848 Path: %WINDIR%\Microsoft.NET\Framework\v2.0.50727\pl\ShFusRes.dll MD5: 14ea7bf1b0b052193cef4527ed20a2d0 Size: 248832 Path: %WINDIR%\System32\dlnashext.dll MD5: e7e58b3b6dc2f2b8107f05dcaaa4c77e Size: 343040 Path: %WINDIR%\System32\PlayToDevice.dll MD5: 4fe46b3cd310664f540e4712103570e1 Size: 90624 Path: %WINDIR%\System32\DevDispItemProvider.dll MD5: 22df1cd3f5941981b33794cf0fab0f18 Size: 352760 Path: %WINDIR%\System32\MMDevApi.dll MD5: a1c818c3666dc5d95c40f36ef7b70685 Size: 132232 Path: %WINDIR%\SYSTEM32\DEVOBJ.dll MD5: c4a555ca3962b4ddbe3c7547df2bf2d3 Size: 2002944 Path: %WINDIR%\system32\wpdshext.dll MD5: f11c6ca5f48960815a0dc94221ff4d2a Size: 1576448 Path: %WINDIR%\System32\ActXPrxy.dll MD5: bf9c66e5614e392fa1255a90046d3275 Size: 636928 Path: %WINDIR%\SYSTEM32\winhttp.dll MD5: df275c9659ed8215695b572a8ce17fbc Size: 50176 Path: %WINDIR%\SYSTEM32\ondemandconnroutehelper.dll MD5: befed197ae9153766f7304650368f3d8 Size: 461312 Path: %WINDIR%\SYSTEM32\webio.dll [Process] dllhost.exe MD5: 6046950fc9ca5b7a7e084c189658dacb Size: 19808 Path: %WINDIR%\System32\dllhost.exe [Modules]: [Process] notepad.exe MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe [Modules]: ================= SERVICES ================= Name: AJRouter DisplayName: UsA?uga routera AllJoyn Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: ALG DisplayName: UsA?uga bramy warstwy aplikacji Flags: 1 : 16 : 3 : 1 Name: AppIDSvc DisplayName: ToA1samoA?Ä? aplikacji Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: Appinfo DisplayName: Informacje o aplikacji Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: AppReadiness DisplayName: Przygotowywanie aplikacji Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: AppXSvc DisplayName: AppX Deployment Service (AppXSVC) Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: AtherosSvc DisplayName: AtherosSvc Flags: 4 : 16 : 2 : 0 Name: AudioEndpointBuilder DisplayName: Konstruktor punktA3w koA?cowych audio systemu Windows Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: Audiosrv DisplayName: Windows Audio Flags: 4 : 16 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: AVP17.0.0 DisplayName: UsA?uga Kaspersky Anti-Virus 17.0.0 Flags: 4 : 16 : 2 : 1 MD5: 03b45c52179e8dae51a0f685c30d06d6 Size: 241544 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe Name: AxInstSV DisplayName: Instalator kontrolek ActiveX (AxInstSV) Flags: 1 : 32 : 4 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: BDESVC DisplayName: UsA?uga szyfrowania dyskA3w funkcjÄ? BitLocker Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: BFE DisplayName: Podstawowy aparat filtrowania Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: BITS DisplayName: UsA?uga inteligentnego transferu w tle Flags: 1 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: BrokerInfrastructure DisplayName: UsA?uga infrastruktury zadaA? w tle Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: Browser DisplayName: PrzeglÄ?darka komputera Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: BthHFSrv DisplayName: UsA?uga obsA?ugi urzÄ?dzeA? gA?oA?nomA3wiÄ?cych Bluetooth Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: bthserv DisplayName: UsA?uga obsA?ugi Bluetooth Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: CDPSvc DisplayName: UsA?uga platformy podA?Ä?czonych urzÄ?dzeA? Flags: 1 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: CertPropSvc DisplayName: Propagacja certyfikatu Flags: 1 : 32 : 4 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: ClickToRunSvc DisplayName: Microsoft Office Click-to-Run Service Flags: 4 : 16 : 2 : 1 MD5: e3cb15c66c3dadce7e2ff8a00b920799 Size: 3019968 Path: %SystemDrive%\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Name: ClipSVC DisplayName: UsA?uga licencjonowania klienta (ClipSVC) Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: COMSysApp DisplayName: Aplikacja systemowa modelu COM+ Flags: 1 : 16 : 3 : 1 MD5: 6046950fc9ca5b7a7e084c189658dacb Size: 19808 Path: %WINDIR%\System32\dllhost.exe Name: CoreMessagingRegistrar DisplayName: CoreMessaging Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: cphs DisplayName: Intel(R) Content Protection HECI Service Flags: 1 : 16 : 3 : 1 MD5: 3e4e6f0aad15a93ec0b1c80b78025283 Size: 310256 Path: %WINDIR%\system32\driverstore\filerepository\igdlh64.inf_amd64_82119d956c80af5a\intelcphecisvc.exe Name: cplspcon DisplayName: Intel(R) Content Protection HDCP Service Flags: 1 : 16 : 3 : 1 MD5: d6353de55fc11f06e33e4ec8d7a20dc8 Size: 488944 Path: %WINDIR%\system32\driverstore\filerepository\igdlh64.inf_amd64_82119d956c80af5a\intelcphdcpsvc.exe Name: CryptSvc DisplayName: UsA?ugi kryptograficzne Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: Dashlane Upgrade Service DisplayName: Dashlane Upgrade Service Flags: 4 : 16 : 2 : 1 MD5: bbb7b78348e84b302bd478f345ff6313 Size: 82968 Path: %PROGRAMFILES%\Dashlane\Upgrade\DashlaneUpgradeService.exe Name: DcomLaunch DisplayName: Program uruchamiajÄ?cy proces serwera DCOM Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: DcpSvc DisplayName: DataCollectionPublishingService Flags: 1 : 32 : 3 : 0 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: defragsvc DisplayName: Optymalizowanie dyskA3w Flags: 1 : 16 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: DeviceAssociationService DisplayName: UsA?uga kojarzenia urzÄ?dzeA? Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: DeviceInstall DisplayName: UsA?uga instalacji urzÄ?dzeA? Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: DevQueryBroker DisplayName: Broker wykrywania w tle zapytaA? dotyczÄ?cych urzÄ?dzeA? Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: Dhcp DisplayName: Klient DHCP Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: diagnosticshub.standardcollector.service DisplayName: Standardowa usA?uga kolektora centrum diagnostycznego firmy Microsoft (R) Flags: 1 : 16 : 3 : 1 Name: DiagTrack DisplayName: A?rodowiska i telemetria poA?Ä?czonego uA1ytkownika Flags: 1 : 16 : 4 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: DmEnrollmentSvc DisplayName: UsA?uga rejestracji zarzÄ?dzania urzÄ?dzeniami Flags: 1 : 16 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: dmwappushservice DisplayName: dmwappushsvc Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: Dnscache DisplayName: Klient DNS Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: DoSvc DisplayName: Optymalizacja dostarczania Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: dot3svc DisplayName: Automatyczna konfiguracja sieci przewodowej Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: DPS DisplayName: UsA?uga zasad diagnostyki Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: DsmSvc DisplayName: MenedA1er konfiguracji urzÄ?dzeA? Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: DsSvc DisplayName: UsA?uga udostÄ?pniania danych Flags: 1 : 32 : 3 : 0 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: EapHost DisplayName: ProtokA3A? uwierzytelniania rozszerzonego (EAP) Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: EFS DisplayName: System szyfrowania plikA3w (EFS) Flags: 1 : 32 : 3 : 1 Name: embeddedmode DisplayName: Tryb osadzony Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: EntAppSvc DisplayName: UsA?uga zarzÄ?dzania aplikacjami w przedsiÄ?biorstwach Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: EventLog DisplayName: Dziennik zdarzeA? Windows Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: EventSystem DisplayName: System zdarzeA? COM+ Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: Fax DisplayName: Faks Flags: 1 : 16 : 3 : 1 Name: fdPHost DisplayName: Host dostawcy odnajdowania funkcji Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: FDResPub DisplayName: Publikacja zasobA3w odnajdowania funkcji Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: fhsvc DisplayName: UsA?uga historii plikA3w Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: FontCache DisplayName: UsA?ug systemu Windows buforowania czcionek Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: FontCache3.0.0.0 DisplayName: UsA?uga buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0 Flags: 4 : 16 : 3 : 1 MD5: 59241194dbdf30a2b4029e402f377900 Size: 43696 Path: %WINDIR%\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe Name: FrameServer DisplayName: Serwer klatek kamer systemu Windows Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: gpsvc DisplayName: Klient zasad grupy Flags: 1 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: hidserv DisplayName: UsA?uga urzÄ?dzeA? interfejsu HID Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: HomeGroupListener DisplayName: UsA?uga nasA?uchujÄ?ca grup domowych Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: HomeGroupProvider DisplayName: Dostawca grupy domowej Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: HvHost DisplayName: UsA?uga hosta funkcji HV Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: IAStorDataMgrSvc DisplayName: Intel(R) Rapid Storage Technology Flags: 1 : 16 : 2 : 0 MD5: 0592ad7665975da67cd3524587479fab Size: 18856 Path: %SystemDrive%\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe Name: icssvc DisplayName: UsA?uga hotspotu mobilnego systemu Windows Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: igfxCUIService2.0.0.0 DisplayName: Intel(R) HD Graphics Control Panel Service Flags: 4 : 16 : 2 : 1 MD5: 9a79817b982c77eee85e38bcbc4b9416 Size: 350704 Path: %WINDIR%\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe Name: IKEEXT DisplayName: ModuA?y obsA?ugi kluczy IPsec IKE i AuthIP Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: Intel(R) Capability Licensing Service TCP IP Interface DisplayName: Intel(R) Capability Licensing Service TCP IP Interface Flags: 1 : 16 : 3 : 0 MD5: 99e6484c1c98047e41e18c7d32dc9667 Size: 976848 Path: %SystemDrive%\program files\intel\icls client\socketheciserver.exe Name: Intel(R) Security Assist DisplayName: Intel(R) Security Assist Flags: 4 : 16 : 3 : 1 MD5: aad556b0e8033f5fbdf1bf396f843eaa Size: 335872 Path: %PROGRAMFILES%\Intel\Intel(R) Security Assist\isa.exe Name: IntelSSTSvc DisplayName: Intel SST Parameter Service Flags: 1 : 16 : 2 : 1 Name: iphlpsvc DisplayName: Pomoc IP Flags: 1 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: irmon DisplayName: UsA?uga monitora podczerwieni Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: isaHelperSvc DisplayName: Intel(R) Security Assist Helper Flags: 1 : 16 : 2 : 1 MD5: 1ee06f61addade7dd0270fddd6050777 Size: 8704 Path: %PROGRAMFILES%\intel\intel(r) security assist\isahelperservice.exe Name: jhi_service DisplayName: Intel(R) Dynamic Application Loader Host Interface Service Flags: 4 : 16 : 2 : 0 MD5: 50e156d426d494eb9f429a55bed837c9 Size: 209184 Path: %PROGRAMFILES%\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe Name: KeyIso DisplayName: Izolacja klucza CNG Flags: 4 : 32 : 3 : 1 Name: klvssbrigde64 DisplayName: klvssbrigde64 Flags: 1 : 16 : 3 : 1 MD5: d7f0b46844565e2ed68ac99af0f4263f Size: 77328 Path: %PROGRAMFILES%\kaspersky lab\kaspersky internet security 17.0.0\x64\vssbridge64.exe Name: KSDE1.0.0 DisplayName: UsA?uga Kaspersky Secure Connection 1.0.0 Flags: 4 : 16 : 2 : 1 MD5: eff5ea6088db81c6ef6edcda5ee79909 Size: 241544 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe Name: KtmRm DisplayName: UsA?uga KTMRM dla usA?ugi Koordynator transakcji rozproszonych Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: LanmanServer DisplayName: Serwer Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: LanmanWorkstation DisplayName: Stacja robocza Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: lfsvc DisplayName: UsA?uga geolokalizacji Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: LicenseManager DisplayName: UsA?uga MenedA1era licencji systemu Windows Flags: 1 : 32 : 3 : 0 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: lltdsvc DisplayName: Mapowanie z odnajdywaniem topologii warstwy linku Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: lmhosts DisplayName: Pomoc TCP/IP NetBIOS Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: LMS DisplayName: Intel(R) Management and Security Application Local Management Service Flags: 4 : 16 : 2 : 1 MD5: cfbf8ec48688652b9a709370b1e50315 Size: 415520 Path: %PROGRAMFILES%\Intel\Intel(R) Management Engine Components\LMS\LMS.exe Name: LSM DisplayName: MenedA1er sesji lokalnej Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: MapsBroker DisplayName: MenedA1er pobranych map Flags: 1 : 16 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: Mobile Broadband HL Service DisplayName: Mobile Broadband HL Service Flags: 4 : 272 : 2 : 1 MD5: 1f608ceaea01fa7f1089c11b8d9c0b61 Size: 237424 Path: %ALLUSERSPROFILE%\MobileBrServ\mbbService.exe Name: MozillaMaintenance DisplayName: Mozilla Maintenance Service Flags: 1 : 16 : 3 : 1 MD5: 4235b16e8c2e277eecb9bfd4579c428e Size: 173512 Path: %PROGRAMFILES%\mozilla maintenance service\maintenanceservice.exe Name: MpsSvc DisplayName: Zapora systemu Windows Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: MSDTC DisplayName: Koordynator transakcji rozproszonych Flags: 1 : 16 : 3 : 1 Name: MSiSCSI DisplayName: UsA?uga inicjatora iSCSI firmy Microsoft Flags: 1 : 32 : 4 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: msiserver DisplayName: Instalator Windows Flags: 1 : 16 : 3 : 1 MD5: 9d69473a54b200870a407b0e7103ee28 Size: 58368 Path: %WINDIR%\system32\msiexec.exe Name: NcaSvc DisplayName: Asystent A?Ä?cznoA?ci sieciowej Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: NcbService DisplayName: Broker poA?Ä?czeA? sieciowych Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: NcdAutoSetup DisplayName: Autokonfiguracja urzÄ?dzeA? podA?Ä?czonych do sieci Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: Netlogon DisplayName: Netlogon Flags: 1 : 32 : 4 : 1 Name: Netman DisplayName: PoA?Ä?czenia sieciowe Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: netprofm DisplayName: UsA?uga listy sieci Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: NetSetupSvc DisplayName: UsA?uga konfiguracji sieci Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: NetTcpPortSharing DisplayName: UsA?uga udostÄ?pniania portA3w Net.Tcp Flags: 1 : 32 : 3 : 1 MD5: efa857e2b0cc7c9dfef48a2187b910f7 Size: 136360 Path: %WINDIR%\microsoft.net\framework64\v4.0.30319\smsvchost.exe Name: NgcCtnrSvc DisplayName: Kontener usA?ugi Microsoft Passport Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: NgcSvc DisplayName: Microsoft Passport Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: NlaSvc DisplayName: Rozpoznawanie lokalizacji w sieci Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: nsi DisplayName: UsA?uga interfejsu magazynu sieciowego Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: NVDisplay.ContainerLocalSystem DisplayName: NVIDIA Display Container LS Flags: 4 : 16 : 2 : 0 MD5: 2328568ee63439a4a11f9dc0692e5527 Size: 458176 Path: %SystemDrive%\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe MD5: 728fd270c0cab60ccebda43933b49999 Size: 2722 Path: %ALLUSERSPROFILE%\nvidia\nvdisplay.containerlocalsystem.log Name: NvStreamNetworkSvc DisplayName: NVIDIA Streamer Network Service Flags: 4 : 16 : 3 : 0 MD5: e6a64322eb213aeacbb61584aa6fb032 Size: 3634232 Path: %SystemDrive%\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe Name: NvStreamSvc DisplayName: NVIDIA Streamer Service Flags: 4 : 16 : 2 : 0 MD5: a8213bf32d2e75add362e118ad164749 Size: 2522680 Path: %SystemDrive%\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe Name: ose DisplayName: Office Source Engine Flags: 1 : 16 : 3 : 1 MD5: 55aff77d3dace7adce146e70f4691979 Size: 209088 Path: %COMMONPROGRAMFILES%\microsoft shared\source engine\ose.exe Name: p2pimsvc DisplayName: MenedA1er toA1samoA?ci sieci rA3wnorzÄ?dnej Flags: 1 : 32 : 4 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: p2psvc DisplayName: Grupowanie sieci rA3wnorzÄ?dnej Flags: 1 : 32 : 4 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: PcaSvc DisplayName: UsA?uga Asystent zgodnoA?ci programA3w Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: PerfHost DisplayName: Host biblioteki DLL licznikA3w wydajnoA?ci Flags: 1 : 16 : 3 : 1 MD5: cb5343ff52a702a9acfaae6be972fe09 Size: 21504 Path: %WINDIR%\syswow64\perfhost.exe Name: PhoneSvc DisplayName: UsA?uga telefoniczna Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: pla DisplayName: Dzienniki wydajnoA?ci i &alerty Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: PlugPlay DisplayName: Plug and Play Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: PNRPAutoReg DisplayName: UsA?uga publikowania nazw komputerA3w PNRP Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: PNRPsvc DisplayName: ProtokA3A? rozpoznawania nazw rA3wnorzÄ?dnych Flags: 1 : 32 : 4 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: PolicyAgent DisplayName: Agent zasad IPsec Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: Power DisplayName: Zasilanie Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: PrintNotify DisplayName: Rozszerzenia i powiadomienia drukarek Flags: 1 : 288 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: ProfSvc DisplayName: UsA?uga profilA3w uA1ytkownikA3w Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: QWAVE DisplayName: Quality Windows Audio Video Experience Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: RasAuto DisplayName: MenedA1er autopoA?Ä?czenia dostÄ?pu zdalnego Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: RasMan DisplayName: MenedA1er poA?Ä?czeA? usA?ugi DostÄ?p zdalny Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: RemoteAccess DisplayName: Routing i dostÄ?p zdalny Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: RemoteRegistry DisplayName: Rejestr zdalny Flags: 1 : 32 : 4 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: RetailDemo DisplayName: UsA?uga trybu pokazowego Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: RmSvc DisplayName: UsA?uga zarzÄ?dzania radiem Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: RpcEptMapper DisplayName: Program mapowania punktA3w koA?cowych wywoA?aA? RPC Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: RpcLocator DisplayName: Lokalizator usA?ugi zdalnego wywoA?ania procedury (RPC) Flags: 1 : 16 : 3 : 1 Name: RpcSs DisplayName: Zdalne wywoA?ywanie procedur (RPC) Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: SamSs DisplayName: MenedA1er kont zabezpieczeA? Flags: 4 : 32 : 2 : 1 Name: SCardSvr DisplayName: Karta inteligentna Flags: 1 : 32 : 4 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: ScDeviceEnum DisplayName: UsA?uga wyliczania urzÄ?dzeA? karty inteligentnej Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: Schedule DisplayName: Harmonogram zadaA? Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: SCPolicySvc DisplayName: Zasady usuwania karty inteligentnej Flags: 1 : 32 : 4 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: SDRSVC DisplayName: Kopia zapasowa systemu Windows Flags: 1 : 16 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: seclogon DisplayName: Logowanie pomocnicze Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: SENS DisplayName: UsA?uga powiadamiania o zdarzeniach systemowych Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: SensorDataService DisplayName: UsA?uga danych czujnikA3w Flags: 1 : 16 : 3 : 1 Name: SensorService DisplayName: UsA?uga czujnikA3w Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: SensrSvc DisplayName: UsA?uga monitorowania czujnikA3w Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: SessionEnv DisplayName: MenedA1er konfiguracji usA?ug pulpitu zdalnego Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: SharedAccess DisplayName: UdostÄ?pnianie poA?Ä?czenia internetowego (ICS) Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: ShellHWDetection DisplayName: Wykrywanie sprzÄ?tu powA?oki Flags: 4 : 32 : 2 : 0 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: shpamsvc DisplayName: Shared PC Account Manager Flags: 1 : 32 : 4 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: smphost DisplayName: Miejsca do magazynowania firmy Microsoft ā?? SMP Flags: 1 : 16 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: SmsRouter DisplayName: UsA?uga routera SMS systemu Microsoft Windows. Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: SNMPTRAP DisplayName: SNMP Trap Flags: 1 : 16 : 4 : 1 Name: Spooler DisplayName: Bufor wydruku Flags: 4 : 272 : 2 : 1 Name: sppsvc DisplayName: Ochrona oprogramowania Flags: 1 : 16 : 2 : 1 Name: SpyHunter 4 Service DisplayName: SpyHunter 4 Service Flags: 1 : 16 : 2 : 1 MD5: c1c42195839b65739f7ceeb062b9705c Size: 665768 Path: %SystemDrive%\program files\spyhunter\sh4service.exe Name: SSDPSRV DisplayName: Odnajdywanie SSDP Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: SstpSvc DisplayName: UsA?uga ProtokA3A? SSTP Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: StateRepository DisplayName: UsA?uga repozytorium stanA3w Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: stisvc DisplayName: Windows Image Acquisition (WIA) Flags: 4 : 16 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: StorSvc DisplayName: UsA?uga magazynu Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: svsvc DisplayName: Weryfikator punktowy Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: swprv DisplayName: Dostawca kopiowania w tle oprogramowania firmy Microsoft Flags: 1 : 16 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: SysMain DisplayName: WstÄ?pne A?adowanie do pamiÄ?ci Flags: 4 : 32 : 2 : 0 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: SystemEventsBroker DisplayName: Broker zdarzeA? systemowych Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: TabletInputService DisplayName: UsA?uga klawiatury dotykowej i panelu pisma rÄ?cznego Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: TapiSrv DisplayName: Telefonia Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: TermService DisplayName: UsA?ugi pulpitu zdalnego Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: Themes DisplayName: Kompozycje Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: TieringEngineService DisplayName: ZarzÄ?dzanie warstwami magazynowania Flags: 1 : 16 : 3 : 1 Name: tiledatamodelsvc DisplayName: Serwer modelu danych kafelkA3w Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: TimeBrokerSvc DisplayName: Broker czasu Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: TrkWks DisplayName: Klient A?ledzenia linkA3w rozproszonych Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: TrustedInstaller DisplayName: Instalator moduA?A3w systemu Windows Flags: 1 : 16 : 3 : 1 MD5: 09440fa30c020b4443391fafcf4876e3 Size: 122880 Path: %WINDIR%\servicing\trustedinstaller.exe Name: tzautoupdate DisplayName: Automatyczna aktualizacja strefy czasowej Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: UI0Detect DisplayName: Wykrywanie usA?ug interakcyjnych Flags: 1 : 272 : 3 : 1 Name: UmRdpService DisplayName: Przekierowanie portu trybu uA1ytkownika usA?ug pulpitu zdalnego Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: upnphost DisplayName: Host urzÄ?dzenia UPnP Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: UserManager DisplayName: MenedA1er uA1ytkownikA3w Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: UsoSvc DisplayName: UsA?uga koordynatora aktualizacji dla usA?ugi Windows Update Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: VaultSvc DisplayName: MenedA1er poA?wiadczeA? Flags: 4 : 32 : 3 : 1 Name: vds DisplayName: Dysk wirtualny Flags: 1 : 16 : 3 : 1 Name: vmicguestinterface DisplayName: Interfejs usA?ugi goA?cia funkcji Hyper-V Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: vmicheartbeat DisplayName: UsA?uga pulsu funkcji Hyper-V Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: vmickvpexchange DisplayName: UsA?uga wymiany danych funkcji Hyper-V Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: vmicrdv DisplayName: UsA?uga wirtualizacji pulpitu zdalnego funkcji Hyper-V Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: vmicshutdown DisplayName: UsA?uga zamykania systemu goA?cia funkcji Hyper-V Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: vmictimesync DisplayName: UsA?uga synchronizacji czasu funkcji Hyper-V Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: vmicvmsession DisplayName: UsA?uga PowerShell Direct funkcji Hyper-V Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: vmicvss DisplayName: Obiekt A1Ä?dajÄ?cy usA?ugi kopiowania woluminA3w w tle funkcji Hyper-V Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: VSS DisplayName: Kopiowanie woluminA3w w tle Flags: 1 : 16 : 3 : 1 Name: W32Time DisplayName: Windows Time Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: WalletService DisplayName: UsA?uga portfela Flags: 1 : 32 : 3 : 0 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: wbengine DisplayName: UsA?uga Aparat kopii zapasowej na poziomie bloku Flags: 1 : 16 : 3 : 1 Name: WbioSrvc DisplayName: UsA?uga biometryczna systemu Windows Flags: 1 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: Wcmsvc DisplayName: MenedA1er poA?Ä?czeA? systemu Windows Flags: 4 : 16 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: wcncsvc DisplayName: PoA?Ä?cz teraz w systemie Windows ā?? Rejestrator konfiguracji Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: WdiServiceHost DisplayName: Host usA?ugi diagnostyki Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: WdiSystemHost DisplayName: Host systemu diagnostyki Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: WdNisSvc DisplayName: UsA?uga inspekcji sieci Windows Defender Flags: 1 : 16 : 3 : 1 MD5: 60425718c40e80a62f565fa2a65983a2 Size: 347328 Path: %SystemDrive%\program files\windows defender\nissrv.exe Name: WebClient DisplayName: WebClient Flags: 1 : 32 : 4 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: Wecsvc DisplayName: Kolektor zdarzeA? systemu Windows Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: WEPHOSTSVC DisplayName: UsA?uga hosta dostawcy szyfrowania systemu Windows Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: wercplsupport DisplayName: Pomoc techniczna panelu sterowania Raporty i rozwiÄ?zania problemA3w Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: WerSvc DisplayName: UsA?uga raportowania bA?Ä?dA3w systemu Windows Flags: 1 : 16 : 4 : 0 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: WiaRpc DisplayName: Zdarzenia pozyskiwania obrazA3w nieruchomych Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: WinDefend DisplayName: UsA?uga Windows Defender Flags: 1 : 16 : 3 : 1 MD5: 115087560348a8dfe67d28cdb1129acf Size: 103720 Path: %SystemDrive%\program files\windows defender\msmpeng.exe Name: WinHttpAutoProxySvc DisplayName: UsA?uga autowykrywania serwera proxy w sieci Web WinHTTP Flags: 1 : 32 : 4 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: Winmgmt DisplayName: Instrumentacja zarzÄ?dzania Windows Flags: 4 : 32 : 2 : 0 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: WinRM DisplayName: Zdalne zarzÄ?dzanie systemem Windows (WS-Management) Flags: 1 : 32 : 4 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: wisvc DisplayName: UsA?uga niejawnego programu testA3w systemu Windows Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: WlanSvc DisplayName: Autokonfiguracja sieci WLAN Flags: 4 : 16 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: wlidsvc DisplayName: Asystent logowania za pomocÄ? konta Microsoft Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: wmiApSrv DisplayName: Karta wydajnoA?ci WMI Flags: 1 : 16 : 3 : 1 Name: WMPNetworkSvc DisplayName: UsA?uga udostÄ?pniania w sieci programu Windows Media Player Flags: 1 : 16 : 3 : 1 MD5: b3f74e43a73504f3c1d2b10948e67ec4 Size: 1184256 Path: %SystemDrive%\program files\windows media player\wmpnetwk.exe Name: workfolderssvc DisplayName: Foldery robocze Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: WO_LiveService2 DisplayName: Ashampoo LiveTuner 2 Service Flags: 4 : 32 : 2 : 1 MD5: 79bc1b53d405ef546d3b809c6d1699ed Size: 257872 Path: %PROGRAMFILES%\Ashampoo\Ashampoo WinOptimizer 14\LiveTunerService.exe Name: WPDBusEnum DisplayName: UsA?uga moduA?u wyliczajÄ?cego urzÄ?dzenia przenoA?ne Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: WpnService DisplayName: UsA?uga systemu powiadomieA? WNS Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: wscsvc DisplayName: Centrum zabezpieczeA? Flags: 4 : 32 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: WSearch DisplayName: Windows Search Flags: 4 : 16 : 2 : 1 MD5: b13b953abe94ae209f0812995de1fc19 Size: 773120 Path: %WINDIR%\System32\SearchIndexer.exe Name: wuauserv DisplayName: Windows Update Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: wudfsvc DisplayName: Windows Driver Foundation ā?? User-mode Driver Framework Flags: 4 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: WwanSvc DisplayName: Automatyczne konfigurowanie bezprzewodowej sieci WAN Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: XblAuthManager DisplayName: MenedA1er autoryzacji Xbox Live Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: XblGameSave DisplayName: Zapisywanie gier Xbox Live Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: XboxNetApiSvc DisplayName: UsA?uga sieciowa Xbox Live Flags: 1 : 32 : 3 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: CDPUserSvc_39dc8 DisplayName: CDPUserSvc_39dc8 Flags: 1 : 224 : 2 : 1 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: MessagingService_39dc8 DisplayName: UsA?uga wiadomoA?ci_39dc8 Flags: 1 : 224 : 3 : 0 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: OneSyncSvc_39dc8 DisplayName: Synchronizuj hosta_39dc8 Flags: 4 : 224 : 2 : 0 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: PimIndexMaintenanceSvc_39dc8 DisplayName: Dane kontaktowe_39dc8 Flags: 1 : 224 : 3 : 0 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: UnistoreSvc_39dc8 DisplayName: Magazyn danych uA1ytkownika_39dc8 Flags: 1 : 224 : 3 : 0 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: UserDataSvc_39dc8 DisplayName: DostÄ?p do danych uA1ytkownika_39dc8 Flags: 1 : 224 : 3 : 0 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe Name: WpnUserService_39dc8 DisplayName: UsA?uga uA1ytkownika powiadomieA? WNS_39dc8 Flags: 1 : 224 : 3 : 0 MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe ================= FILES ================= MD5: 7220fad57a4b3d9d9755c51198cc0386 Size: 174 Path: %PUBLIC%\desktop.ini MD5: dc723b859dec1526568ad581aec334d5 Size: 174 Path: %PUBLIC%\Desktop\desktop.ini MD5: 6fc234ad3752e1267b34fb12bcd6718b Size: 20 Path: %USERPROFILE%\ntuser.ini MD5: 189df4249bba7e22e7d80d948b18327d Size: 446 Path: %USERPROFILE%\Desktop\desktop.ini MD5: 2db341606a8d0e39c81a95a64ed33c84 Size: 370 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini MD5: cd4243d1f6c195742c88369b20877b90 Size: 1244 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk MD5: 669a40f3e1bf2cd5366bd315820ca22e Size: 1476 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini MD5: 8e895c6f782c6f67d135699066df0042 Size: 1182 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk MD5: 9136ff59562e8d8baf6700b0686d7688 Size: 1114 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk MD5: eadc0bd065fea2360b2e39c2a1b5d1ef Size: 1164 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk MD5: 6d1bd92ada0969b1d47e14886e41e297 Size: 1215 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk MD5: c69bdf2729aa075cde5f761dfdb92303 Size: 1134 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk MD5: 7e91fac91dbf0362b3d5aa0ea87e9492 Size: 1096 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk MD5: 9a6636e79dca40b78b5b36f8d591c56d Size: 1114 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk MD5: 4f6c7327201feace952f9435b2eb1f46 Size: 85 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini MD5: 091e0b863720af624c745faa5275bd3b Size: 1096 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk MD5: 746e0116be3d573cedddbd48532cc9ab Size: 1347 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk MD5: d9116e545ee6ab58e29d25226fc65de3 Size: 1154 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk MD5: e91bf5e1954c74841b498b1f68d00a9e Size: 1122 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk MD5: 7f2e17bae8505a87323559d5dfafc563 Size: 1116 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk MD5: 4fdd90428e6b5d0959bf2725348980fe Size: 1164 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk MD5: b362d3861ef14448e1462bcc82d147dc Size: 2314 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini MD5: 984017c5e100f7245d3508df5f8c5adf Size: 1158 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk MD5: acd8f7e0b9a867a9bc4dd3543eba0bfb Size: 1116 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk MD5: ed938ddbeb9146cca587765834eb7d47 Size: 1168 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk MD5: c6d791e0501e767b3ff00d7dd4305e12 Size: 1144 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk MD5: 85bb4edf79ef114f125c0f0e4d054242 Size: 1140 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk MD5: 5a049ad3a1b951d5dc9004d552208b88 Size: 1140 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk MD5: e3670cc5fa7ebb8ecb7db012508bf03a Size: 1140 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk MD5: c6c01911427901e7367a63a4c5d102f5 Size: 1104 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk MD5: 5412b79b3e6b45697986aab4d1c02738 Size: 1108 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk MD5: 5c11b0e362d426fd6e99b07705ba4a48 Size: 1158 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk MD5: 13e50f3d0813db82852cece7025899d7 Size: 1116 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk MD5: 47e6fb296cfaef165f91f710d1380941 Size: 1114 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk MD5: 421a0ff495ce836d87fffe0c547ceec0 Size: 1132 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk MD5: 8685f09985dbaa7f952b0edb2fcffbdf Size: 1156 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk MD5: a3d6561bd11e13f5eae61320ebea1789 Size: 109 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12\desktop.ini MD5: 7790f8bf4fd26ed9a9cad381a6f7c66b Size: 796 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\desktop.ini MD5: 698880208293284e3bc9d522c85aabec Size: 107 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini MD5: b5fe3e5664ca3fb73acde52cedc62fd1 Size: 2349 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk MD5: 7ed2b085f872cc40ce72a4d58fea6966 Size: 114 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Intel\desktop.ini MD5: cac4d0f604168b35338f40b0fe08c453 Size: 170 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini MD5: 6d0d13a968394a956041dabf6bac276a Size: 2219 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk MD5: 20e370daad9a946411b647fee0c6d631 Size: 2199 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk MD5: 7f1698bab066b764a314a589d338daae Size: 174 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini MD5: 694cf5ff200e4b3247c0116f0fa93aff Size: 492 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini MD5: 2c30d84d4412195b95a803cca88ce15a Size: 1120 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk MD5: 669404407921e0bed3c537042ad73052 Size: 1058 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk MD5: f14e70fddaaaacde69256791cb07bd41 Size: 568 Path: %SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini MD5: c83cbd5f97a8e7b3d2e16d3a8b539e8f Size: 1106 Path: %SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk MD5: c740e5fb2fa17a182ac411982216c9b9 Size: 1108 Path: %SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk MD5: 96d2182f306ad9def78a9ed022f0e3a2 Size: 1106 Path: %SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk MD5: 352943a354c805885de016e9c9bad352 Size: 328 Path: %SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini MD5: ee27db3652032a3498c54a12407b0cb5 Size: 1158 Path: %SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk MD5: cac4d0f604168b35338f40b0fe08c453 Size: 170 Path: %SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini MD5: 9c82e435db86860edb5ced5f369bdfb3 Size: 1142 Path: %SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk MD5: 0201b6ab505029133290cc13cd74a92d Size: 992 Path: %SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini MD5: 3aa1d8d650944f797f80d23d67a2f335 Size: 218 Path: %SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini MD5: 7b782d03f87efe67699e7a86cf26d760 Size: 1274 Path: %SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk MD5: 07a234dd7152d3a096813cf7eec2716f Size: 1274 Path: %SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk MD5: f14e70fddaaaacde69256791cb07bd41 Size: 568 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini MD5: c83cbd5f97a8e7b3d2e16d3a8b539e8f Size: 1106 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk MD5: c740e5fb2fa17a182ac411982216c9b9 Size: 1108 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk MD5: 96d2182f306ad9def78a9ed022f0e3a2 Size: 1106 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk MD5: 3a2d5e6ceeb1bfc64e8b7fe7c1697bb6 Size: 448 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini MD5: ee27db3652032a3498c54a12407b0cb5 Size: 1158 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk MD5: 548b310fbc7a26d0b9da3a9f2d604a0c Size: 174 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini MD5: 17d5d0735deaa1fb4b41a7c406763c0a Size: 174 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\desktop.ini MD5: cac4d0f604168b35338f40b0fe08c453 Size: 170 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini MD5: 7f1698bab066b764a314a589d338daae Size: 174 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini MD5: 9c82e435db86860edb5ced5f369bdfb3 Size: 1142 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk MD5: 0201b6ab505029133290cc13cd74a92d Size: 992 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini MD5: 3aa1d8d650944f797f80d23d67a2f335 Size: 218 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini MD5: 7b782d03f87efe67699e7a86cf26d760 Size: 1274 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk MD5: 07a234dd7152d3a096813cf7eec2716f Size: 1274 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk MD5: 6c5860113032e66f4b26b1368b2664f4 Size: 987 Path: %PUBLIC%\Desktop\Ashampoo Burning Studio 6 FREE.lnk MD5: e9622367349b99831666a6035f5b3134 Size: 1013192 Path: %SystemDrive%\programy\ashampoo\ashampoo burning studio 6\burningstudio.exe MD5: a886707b196c32f99e45f86c76c115d5 Size: 869 Path: %PUBLIC%\Desktop\CCleaner.lnk MD5: 8aa4a3119b2df4ffaad39a98f4764e47 Size: 8912088 Path: %SystemDrive%\Program Files\CCleaner\CCleaner64.exe MD5: 2b2a6e82812910ea5e053656548ac8c4 Size: 876 Path: %PUBLIC%\Desktop\SpyHunter4.lnk MD5: 7d552063bca795d842ec755141b75c6e Size: 8193192 Path: %SystemDrive%\Program Files\SpyHunter\SpyHunter4.exe MD5: d9d503aab5ad525d3786b9709c6974ce Size: 1028 Path: %PUBLIC%\Desktop\TeamSpeak 3 Client.lnk MD5: 5e6cc633a89c670424fae6b96cc32a06 Size: 11479320 Path: %SystemDrive%\program files\teamspeak 3 client\ts3client_win64.exe MD5: bc89484921661a3d70707a60049ed2ce Size: 1499 Path: %USERPROFILE%\Desktop\1-Click-Optimizer (WO14).lnk MD5: 1c061a47bd19b46af4bd295df2d9f01a Size: 8816976 Path: %PROGRAMFILES%\ashampoo\ashampoo winoptimizer 14\wo14.exe MD5: f3c6501bb2391852141f1269bab69a8a Size: 1279 Path: %USERPROFILE%\Desktop\Ashampoo WinOptimizer 14.lnk MD5: 1c061a47bd19b46af4bd295df2d9f01a Size: 8816976 Path: %PROGRAMFILES%\ashampoo\ashampoo winoptimizer 14\wo14.exe MD5: 1cc5f259eebe0b015ea346181e2404e6 Size: 822 Path: %USERPROFILE%\Desktop\World of Tanks.lnk MD5: 1775b7e3ccd4bbeffb6a52624a145666 Size: 7807752 Path: %SystemDrive%\games\world_of_tanks\wotlauncher.exe MD5: a1289006763b2b83a7c29dd072325614 Size: 2444 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk MD5: c6c0fb57c61db83a7021286fdb1314c5 Size: 15422664 Path: %PROGRAMFILES%\microsoft office\root\office16\msaccess.exe MD5: e6e731db3342d7c9f3c9f77b39d1bb5e Size: 2150 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Acer\abPhoto.lnk MD5: 15e1ed8a95adc620d1ee717eee84b272 Size: 7814400 Path: %PROGRAMFILES%\acer\abphoto\abphoto.exe MD5: 50ca7677474fa146889af5816cb59301 Size: 1011 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 6\Ashampoo Burning Studio 6 FREE.lnk MD5: e9622367349b99831666a6035f5b3134 Size: 1013192 Path: %SystemDrive%\programy\ashampoo\ashampoo burning studio 6\burningstudio.exe MD5: e2fbbf8e16c3b368f464ae6a1e77de0a Size: 1140 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 6\Help.lnk MD5: fd3e7324509a201ff66a9118cf13dba5 Size: 688100 Path: %SystemDrive%\programy\ashampoo\ashampoo burning studio 6\lang\burningstudio-en-us.chm MD5: 4e6897b2c0bcc6cf8c6920e14606f051 Size: 987 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 6\Readme.lnk MD5: d88de4261282ecf19c1afd64620c749c Size: 6194 Path: %SystemDrive%\programy\ashampoo\ashampoo burning studio 6\readme_en.rtf MD5: acb031a3c272708351d4293b554cd6f8 Size: 1027 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 6\Uninstall Ashampoo Burning Studio 6 FREE.lnk MD5: 1ec5b04f0d6a00d20218e36d3e6a045d Size: 704336 Path: %SystemDrive%\programy\ashampoo\ashampoo burning studio 6\unins000.exe MD5: f060bbb9e12176ed2f20aa6a16867ad1 Size: 1303 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo WinOptimizer 14\Ashampoo WinOptimizer 14 .lnk MD5: 1c061a47bd19b46af4bd295df2d9f01a Size: 8816976 Path: %PROGRAMFILES%\ashampoo\ashampoo winoptimizer 14\wo14.exe MD5: 0fd4b4c31412520caff4ce3265bc729a Size: 887 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk MD5: 8aa4a3119b2df4ffaad39a98f4764e47 Size: 8912088 Path: %SystemDrive%\Program Files\CCleaner\CCleaner64.exe MD5: 3d57eb88e5f0b39dcadfa86e5ba90e9a Size: 2227 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12\CyberLink PowerDVD 12.lnk MD5: 0ffa697637e5199629670ebc34b57cad Size: 343480 Path: %PROGRAMFILES%\cyberlink\powerdvd12\pdvdlp.exe MD5: 45a3607331ddd56b06e76c52f50387b6 Size: 1052 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Daum\PotPlayer 64 bit\PotPlayer 64 bit.lnk MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe MD5: 7e2131da86e66ab031d52d6c8f97963d Size: 1016 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Daum\PotPlayer 64 bit\Uninstall Potplayer-64 bit.lnk MD5: 2802e81c71a6e482c1ccbe4dc057165b Size: 257029 Path: %SystemDrive%\program files\daum\potplayer\uninstall.exe MD5: 31a47bf1bc1bc47444ff7d6bbca87b2e Size: 2411 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe MD5: 714e92111d6a3dab46204ef7e5eb00dc Size: 2361 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Rapid Storage Technology.lnk MD5: ec8f214ccdb31623cfc3742e61372b2e Size: 674728 Path: %SystemDrive%\program files\intel\intel(r) rapid storage technology\iastorui.exe MD5: c3381117a8207225f354d0e7fac62ede Size: 1231 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Deinstalacja programu IObit Uninstaller.lnk MD5: 4fd55909f22bc4b1c1172c858ba2c37d Size: 1419 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\IObit Uninstaller.lnk MD5: a67fbe5bde1cc4d83c842833d612b2a4 Size: 2096 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk MD5: 0167c12856e6623489c1406401e24dc1 Size: 79936 Path: %SystemDrive%\program files\java\jre1.8.0_131\bin\javacpl.exe MD5: 4602f536ffde56bc25a8f730593add07 Size: 2114 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk MD5: 0167c12856e6623489c1406401e24dc1 Size: 79936 Path: %SystemDrive%\program files\java\jre1.8.0_131\bin\javacpl.exe MD5: 105c8c3144601a8e0486055bc6691143 Size: 2072 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk MD5: 0167c12856e6623489c1406401e24dc1 Size: 79936 Path: %SystemDrive%\program files\java\jre1.8.0_131\bin\javacpl.exe MD5: 4fdc152328467da95037f4e9a73d2dd3 Size: 2314 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Kaspersky Internet Security.lnk MD5: e14f3c1c1833a0bb3b639d1bd5f55bf5 Size: 223704 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe MD5: 1994c45fd3c913e9f47bb1c3591d999a Size: 1156 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Odinstaluj Kaspersky Internet Security.lnk MD5: 9d69473a54b200870a407b0e7103ee28 Size: 58368 Path: %WINDIR%\syswow64\msiexec.exe MD5: a8943a1d1aaf2e504de5fdb6b9a178e3 Size: 1910 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\OdwiedAo Kaspersky Lab w internecie.lnk MD5: 3654ffe70bef922ff406f58632e2fa57 Size: 49 Path: %PROGRAMFILES%\kaspersky lab\kaspersky internet security 17.0.0\kl.url MD5: 1c90ad7fdd55d5d9c800a9683611777a Size: 1430 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Umowa licencyjna.lnk MD5: e3427e56ccd55d4a3d517c7a8cabda1d Size: 43722 Path: %PROGRAMFILES%\kaspersky lab\kaspersky internet security 17.0.0\doc\pl\license.txt MD5: 3d9a2b6f992c7f642b77ed9311dfa3a3 Size: 1412 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection\Kaspersky Secure Connection.lnk MD5: bdb3d8437752ebcd11db04082b1fe8a5 Size: 480216 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe MD5: f1482e524d2a119d4d72bb541da0a729 Size: 1870 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection\My Kaspersky.lnk MD5: 431faab800bf84964cd9289cb6230b34 Size: 49 Path: %PROGRAMFILES%\kaspersky lab\kaspersky secure connection 1.0\kl.url MD5: 2e1192c1d990aa3c0e1f519d5741934e Size: 1411 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection\Umowa licencyjna.lnk MD5: e3427e56ccd55d4a3d517c7a8cabda1d Size: 43722 Path: %PROGRAMFILES%\kaspersky lab\kaspersky secure connection 1.0\doc\pl\license.txt MD5: 4a8ce797de88dc1884bb3229dd3fb77b Size: 1156 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection\UsuA? Kaspersky Secure Connection.lnk MD5: 9d69473a54b200870a407b0e7103ee28 Size: 58368 Path: %WINDIR%\syswow64\msiexec.exe MD5: bd6404ed1035c54c530eb0c86e2e0637 Size: 876 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk MD5: 3dab9632c789a1895760e641d747b4ef Size: 517064 Path: %SystemDrive%\Programy\firefox\firefox.exe MD5: 3840f2bd3985aad83378b9cc41b9da8c Size: 2645 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\NarzÄ?dzia pakietu Microsoft Office 2016\Office 2016 Upload Center.lnk MD5: 6a1c5489c760cffca5ebfcde97d4eb3c Size: 378560 Path: %PROGRAMFILES%\microsoft office\root\client\appvlp.exe MD5: 7b77df9515cb896527f075119914ff0d Size: 521416 Path: %PROGRAMFILES%\microsoft office\root\office16\msouc.exe MD5: 80268cd318a4ab2f901f69f7531bb298 Size: 2440 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\NarzÄ?dzia pakietu Microsoft Office 2016\Preferencje jÄ?zykowe pakietu Office 2016.lnk MD5: f8681732a22eeea7d0d71f219c87debd Size: 65728 Path: %PROGRAMFILES%\microsoft office\root\office16\setlang.exe MD5: dca5db33c1e3cc1d3336783eb7a926fa Size: 2447 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk MD5: f4186be26e9ca366e94e415d81c339d7 Size: 1906368 Path: %PROGRAMFILES%\microsoft office\root\office16\onenote.exe MD5: de59f6883a788e28cbfd860f9fbde12f Size: 2465 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk MD5: 48f7379a04bfef42aa6fddb1c3b5b32b Size: 25836224 Path: %PROGRAMFILES%\microsoft office\root\office16\outlook.exe MD5: e3e14a8e09edc378a66a16934853eefb Size: 2450 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe MD5: 6fe91f90c0623403f0e081364f11bc38 Size: 2401 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk MD5: 9ce8e0d257c53e13833d302130c67e2c Size: 10341056 Path: %PROGRAMFILES%\microsoft office\root\office16\mspub.exe MD5: e059a12f53cee556af346c9181a0bc32 Size: 894 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\SpyHunter4\SpyHunter4.lnk MD5: 7d552063bca795d842ec755141b75c6e Size: 8193192 Path: %SystemDrive%\Program Files\SpyHunter\SpyHunter4.exe MD5: e8f094872641f9fdb91447878380e811 Size: 1111 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\SpyHunter4\A?A¤A?A«Ä?AˆA1 SpyHunter4.lnk MD5: 2d1b62c2e21b5277b58e085343bfe149 Size: 147470 Path: %SystemDrive%\program files\spyhunter\A?A¤A?A«Ä?AˆA1 spyhunter.exe MD5: 1f5a23abdfd4d991dbd9a3789977c3ab Size: 990 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk MD5: 5e6cc633a89c670424fae6b96cc32a06 Size: 11479320 Path: %SystemDrive%\program files\teamspeak 3 client\ts3client_win64.exe MD5: 7296aee1a17b76349206677191058c86 Size: 1576 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe MD5: fee9ea85fc049198f3c65ace88520ed1 Size: 1068 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\WinRAR\Co nowego w ostatniej wersji.lnk MD5: 6df7cd7e3074a6ae49dc02299bd8da07 Size: 39961 Path: %SystemDrive%\program files\winrar\conowego.txt MD5: c34302680ae7f615531a0d53809e9b24 Size: 1037 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\WinRAR\PodrÄ?cznik RARa dla konsoli.lnk MD5: 51ef3c77d7d264dc7d6192dcfcd83164 Size: 108893 Path: %SystemDrive%\program files\winrar\rar.txt MD5: af6a95ab541a7a0e9c4b450e68152131 Size: 1056 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\WinRAR\Pomoc WinRARa.lnk MD5: 0423400fd3036b46d1350818d9fae03a Size: 346589 Path: %SystemDrive%\program files\winrar\winrar.chm MD5: e8df922c34c5021dc4f9544649a05cf1 Size: 1056 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk MD5: 15cc78351432c081e1203aa6b4b59da5 Size: 1558928 Path: %SystemDrive%\program files\winrar\winrar.exe MD5: fc38f0ea7437786bc6a8aa36feb289f3 Size: 2477 Path: %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe MD5: 6b9c9c4c85fca5d45f285d888f02b232 Size: 335 Path: %SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk MD5: 1d89a7f7f66d683c95d8eec0af1e82c3 Size: 405 Path: %SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk MD5: 11f07be3e4a152fa37f691b725a90c9c Size: 26217472 Path: %WINDIR%\system32\imageres.dll MD5: 541e2634f626b4215659a5a276f962fd Size: 815 Path: %SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk MD5: a91f621a8a0de91fae53d3051303809b Size: 83704 Path: %WINDIR%\ImmersiveControlPanel\SystemSettings.exe MD5: e60a7e278bc694076661117bb4b248f1 Size: 813 Path: %SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk MD5: a91f621a8a0de91fae53d3051303809b Size: 83704 Path: %WINDIR%\ImmersiveControlPanel\SystemSettings.exe MD5: f727cbb9351106b2dd46f3ef649f3176 Size: 407 Path: %SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe MD5: 092714663b52a05a502064c0b0d8bf63 Size: 409 Path: %SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll MD5: 510e4fa844bb11ea3f8d72c1139dfef3 Size: 2236 Path: %SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk MD5: 65d86c34814c02569e2ad53fd24e7f61 Size: 431616 Path: %WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe MD5: c0be19f80d148b348c3de21aa3b5b7f4 Size: 2236 Path: %SystemDrive%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk MD5: 65d86c34814c02569e2ad53fd24e7f61 Size: 431616 Path: %WINDIR%\system32\windowspowershell\v1.0\powershell.exe MD5: 14cd3e414cdfd55b670814860fcb2622 Size: 1323 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe MD5: 6f585537fabe0cee5ba75f55bf5d26a1 Size: 1333 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\MenedA1er HD Audio.lnk MD5: 88fc2108f110c7b91a44d9865d63b67e Size: 16781824 Path: %SystemDrive%\Program Files\Realtek\Audio\HDA\RAVCpl64.exe MD5: 1a438430012944aca8c89c1dcd56259d Size: 2411 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk MD5: fd9a7f99a09db266d0c1361b0accbd7e Size: 554176 Path: %LOCALAPPDATA%\microsoft\onedrive\onedrive.exe MD5: 6b9c9c4c85fca5d45f285d888f02b232 Size: 335 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk MD5: 1d89a7f7f66d683c95d8eec0af1e82c3 Size: 405 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk MD5: 11f07be3e4a152fa37f691b725a90c9c Size: 26217472 Path: %WINDIR%\system32\imageres.dll MD5: 541e2634f626b4215659a5a276f962fd Size: 815 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk MD5: a91f621a8a0de91fae53d3051303809b Size: 83704 Path: %WINDIR%\ImmersiveControlPanel\SystemSettings.exe MD5: e60a7e278bc694076661117bb4b248f1 Size: 813 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk MD5: a91f621a8a0de91fae53d3051303809b Size: 83704 Path: %WINDIR%\ImmersiveControlPanel\SystemSettings.exe MD5: f727cbb9351106b2dd46f3ef649f3176 Size: 407 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe MD5: 092714663b52a05a502064c0b0d8bf63 Size: 409 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll MD5: 510e4fa844bb11ea3f8d72c1139dfef3 Size: 2236 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk MD5: 65d86c34814c02569e2ad53fd24e7f61 Size: 431616 Path: %WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe MD5: c0be19f80d148b348c3de21aa3b5b7f4 Size: 2236 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk MD5: 65d86c34814c02569e2ad53fd24e7f61 Size: 431616 Path: %WINDIR%\system32\windowspowershell\v1.0\powershell.exe MD5: 44e762c45e37b2319ae32c01c50003ef Size: 1086 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\WinRAR\Co nowego w ostatniej wersji.lnk MD5: 6df7cd7e3074a6ae49dc02299bd8da07 Size: 39961 Path: %SystemDrive%\program files\winrar\conowego.txt MD5: 07347d4e63c61c473c343b6c8acd1a71 Size: 1055 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\WinRAR\PodrÄ?cznik RARa dla konsoli.lnk MD5: 51ef3c77d7d264dc7d6192dcfcd83164 Size: 108893 Path: %SystemDrive%\program files\winrar\rar.txt MD5: 7a38df1125a0606db3467dfcfd1c0932 Size: 1074 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\WinRAR\Pomoc WinRARa.lnk MD5: 0423400fd3036b46d1350818d9fae03a Size: 346589 Path: %SystemDrive%\program files\winrar\winrar.chm MD5: f5dd7f309f7dbf1bcb7d547a2919d683 Size: 1074 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk MD5: 15cc78351432c081e1203aa6b4b59da5 Size: 1558928 Path: %SystemDrive%\program files\winrar\winrar.exe MD5: 459cddf53b5e2a9fe7b5a2f01b1bd928 Size: 829 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\World of Tanks\Aktualizacje.lnk MD5: a1855a613ff60c8b4c2e17fc5da45330 Size: 61 Path: %SystemDrive%\games\world_of_tanks\readme.url MD5: 1fdb469993ece1cc9337dcade22c9f4b Size: 886 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\World of Tanks\Deinstalacja programu World of Tanks.lnk MD5: 8c1091ca3e080cb5295c13c9367b2c5f Size: 1198843 Path: %SystemDrive%\games\world_of_tanks\unins000.exe MD5: 21453cfcce3bc4671e47e52c39c7a70b Size: 817 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\World of Tanks\Encyklopedia.lnk MD5: f5c67de4cecfd14ddde4dbcde03fbfd3 Size: 66 Path: %SystemDrive%\games\world_of_tanks\wiki.url MD5: 9d6ed98006693cf8c8160dad427235d7 Size: 858 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\World of Tanks\Instrukcja.lnk MD5: e0ec0e01551625cb6194542eec3426d7 Size: 61 Path: %SystemDrive%\games\world_of_tanks\game_manual.url MD5: 0c131f8dcc7ec9406eb87acc37ee8cb1 Size: 834 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\World of Tanks\Strona oficjalna.lnk MD5: 7388d829c23f1b552db0bae9b7d317be Size: 51 Path: %SystemDrive%\games\world_of_tanks\website.url MD5: a54a286f8d5b7a382ed500ea2c0721ae Size: 858 Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\World of Tanks\World of Tanks.lnk MD5: 1775b7e3ccd4bbeffb6a52624a145666 Size: 7807752 Path: %SystemDrive%\games\world_of_tanks\wotlauncher.exe ================= LSP CHAINS ================= HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 [Value] LibraryPath [Data]: %SystemRoot%\system32\napinsp.dll MD5: 390e89b590bf63eebf88abc15078a198 Size: 55808 Path: %WINDIR%\system32\napinsp.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 [Value] LibraryPath [Data]: %SystemRoot%\system32\pnrpnsp.dll MD5: 3f0f179c20f3633d2ec06774430ba831 Size: 70656 Path: %WINDIR%\system32\pnrpnsp.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 [Value] LibraryPath [Data]: %SystemRoot%\system32\pnrpnsp.dll MD5: 3f0f179c20f3633d2ec06774430ba831 Size: 70656 Path: %WINDIR%\system32\pnrpnsp.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004 [Value] LibraryPath [Data]: %SystemRoot%\system32\NLAapi.dll MD5: a8c6fcb5a946ab8a9553f43529dfda9a Size: 65024 Path: %WINDIR%\system32\NLAapi.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005 [Value] LibraryPath [Data]: %SystemRoot%\System32\mswsock.dll MD5: 8e6958813b6faaff8a6ee9f2a7040299 Size: 306016 Path: %WINDIR%\system32\mswsock.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006 [Value] LibraryPath [Data]: %SystemRoot%\System32\winrnr.dll MD5: 6b408458867bf3b61f363c0eb423f87f Size: 24064 Path: %WINDIR%\System32\winrnr.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007 [Value] LibraryPath [Data]: %SystemRoot%\System32\wshbth.dll MD5: 453c23668fd9f3b8720379ad2b0ea5cf Size: 51712 Path: %WINDIR%\System32\wshbth.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 [Value] PackedCatalogItem [Data]: %SystemRoot%\system32\mswsock.dll MD5: 8e6958813b6faaff8a6ee9f2a7040299 Size: 306016 Path: %WINDIR%\system32\mswsock.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 [Value] PackedCatalogItem [Data]: %SystemRoot%\system32\mswsock.dll MD5: 8e6958813b6faaff8a6ee9f2a7040299 Size: 306016 Path: %WINDIR%\system32\mswsock.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 [Value] PackedCatalogItem [Data]: %SystemRoot%\system32\mswsock.dll MD5: 8e6958813b6faaff8a6ee9f2a7040299 Size: 306016 Path: %WINDIR%\system32\mswsock.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 [Value] PackedCatalogItem [Data]: %SystemRoot%\system32\mswsock.dll MD5: 8e6958813b6faaff8a6ee9f2a7040299 Size: 306016 Path: %WINDIR%\system32\mswsock.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 [Value] PackedCatalogItem [Data]: %SystemRoot%\system32\mswsock.dll MD5: 8e6958813b6faaff8a6ee9f2a7040299 Size: 306016 Path: %WINDIR%\system32\mswsock.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 [Value] PackedCatalogItem [Data]: %SystemRoot%\system32\mswsock.dll MD5: 8e6958813b6faaff8a6ee9f2a7040299 Size: 306016 Path: %WINDIR%\system32\mswsock.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 [Value] PackedCatalogItem [Data]: %SystemRoot%\system32\mswsock.dll MD5: 8e6958813b6faaff8a6ee9f2a7040299 Size: 306016 Path: %WINDIR%\system32\mswsock.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 [Value] PackedCatalogItem [Data]: %SystemRoot%\system32\mswsock.dll MD5: 8e6958813b6faaff8a6ee9f2a7040299 Size: 306016 Path: %WINDIR%\system32\mswsock.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 [Value] PackedCatalogItem [Data]: %SystemRoot%\system32\mswsock.dll MD5: 8e6958813b6faaff8a6ee9f2a7040299 Size: 306016 Path: %WINDIR%\system32\mswsock.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 [Value] PackedCatalogItem [Data]: %SystemRoot%\system32\mswsock.dll MD5: 8e6958813b6faaff8a6ee9f2a7040299 Size: 306016 Path: %WINDIR%\system32\mswsock.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 [Value] PackedCatalogItem [Data]: %SystemRoot%\system32\mswsock.dll MD5: 8e6958813b6faaff8a6ee9f2a7040299 Size: 306016 Path: %WINDIR%\system32\mswsock.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 [Value] PackedCatalogItem [Data]: %SystemRoot%\system32\mswsock.dll MD5: 8e6958813b6faaff8a6ee9f2a7040299 Size: 306016 Path: %WINDIR%\system32\mswsock.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 [Value] PackedCatalogItem [Data]: %SystemRoot%\system32\mswsock.dll MD5: 8e6958813b6faaff8a6ee9f2a7040299 Size: 306016 Path: %WINDIR%\system32\mswsock.dll ================= WINLOGON ================= ================= SERVICES REGISTRY ================= HKLM\SYSTEM\CurrentControlSet\Services\1394ohci [Value] ImagePath [Data]: \SystemRoot\System32\drivers\1394ohci.sys HKLM\SYSTEM\CurrentControlSet\Services\3ware [Value] ImagePath [Data]: System32\drivers\3ware.sys HKLM\SYSTEM\CurrentControlSet\Services\ACPI [Value] ImagePath [Data]: System32\drivers\ACPI.sys HKLM\SYSTEM\CurrentControlSet\Services\AcpiDev [Value] ImagePath [Data]: \SystemRoot\System32\drivers\AcpiDev.sys HKLM\SYSTEM\CurrentControlSet\Services\acpiex [Value] ImagePath [Data]: System32\Drivers\acpiex.sys HKLM\SYSTEM\CurrentControlSet\Services\acpipagr [Value] ImagePath [Data]: \SystemRoot\System32\drivers\acpipagr.sys HKLM\SYSTEM\CurrentControlSet\Services\AcpiPmi [Value] ImagePath [Data]: \SystemRoot\System32\drivers\acpipmi.sys HKLM\SYSTEM\CurrentControlSet\Services\acpitime [Value] ImagePath [Data]: \SystemRoot\System32\drivers\acpitime.sys HKLM\SYSTEM\CurrentControlSet\Services\ADP80XX [Value] ImagePath [Data]: System32\drivers\ADP80XX.SYS HKLM\SYSTEM\CurrentControlSet\Services\AFD [Value] ImagePath [Data]: \SystemRoot\system32\drivers\afd.sys HKLM\SYSTEM\CurrentControlSet\Services\ahcache [Value] ImagePath [Data]: system32\DRIVERS\ahcache.sys HKLM\SYSTEM\CurrentControlSet\Services\AJRouter [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\AJRouter.dll HKLM\SYSTEM\CurrentControlSet\Services\ALG [Value] ImagePath [Data]: %SystemRoot%\System32\alg.exe HKLM\SYSTEM\CurrentControlSet\Services\AmdK8 [Value] ImagePath [Data]: \SystemRoot\System32\drivers\amdk8.sys HKLM\SYSTEM\CurrentControlSet\Services\AmdPPM [Value] ImagePath [Data]: \SystemRoot\System32\drivers\amdppm.sys HKLM\SYSTEM\CurrentControlSet\Services\amdsata [Value] ImagePath [Data]: System32\drivers\amdsata.sys HKLM\SYSTEM\CurrentControlSet\Services\amdsbs [Value] ImagePath [Data]: System32\drivers\amdsbs.sys HKLM\SYSTEM\CurrentControlSet\Services\amdxata [Value] ImagePath [Data]: System32\drivers\amdxata.sys HKLM\SYSTEM\CurrentControlSet\Services\AppID [Value] ImagePath [Data]: system32\drivers\appid.sys HKLM\SYSTEM\CurrentControlSet\Services\AppIDSvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\appidsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\Appinfo [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\appinfo.dll HKLM\SYSTEM\CurrentControlSet\Services\applockerfltr [Value] ImagePath [Data]: system32\drivers\applockerfltr.sys HKLM\SYSTEM\CurrentControlSet\Services\AppReadiness [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k AppReadiness MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\AppReadiness.dll HKLM\SYSTEM\CurrentControlSet\Services\AppXSvc [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k wsappx MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\appxdeploymentserver.dll HKLM\SYSTEM\CurrentControlSet\Services\arcsas [Value] ImagePath [Data]: System32\drivers\arcsas.sys HKLM\SYSTEM\CurrentControlSet\Services\aswTap [Value] ImagePath [Data]: \SystemRoot\System32\drivers\aswTap.sys HKLM\SYSTEM\CurrentControlSet\Services\AsyncMac [Value] ImagePath [Data]: \SystemRoot\System32\drivers\asyncmac.sys HKLM\SYSTEM\CurrentControlSet\Services\atapi [Value] ImagePath [Data]: System32\drivers\atapi.sys HKLM\SYSTEM\CurrentControlSet\Services\AtherosSvc [Value] ImagePath [Data]: %SystemRoot%\system32\AdminService.exe HKLM\SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\AudioEndpointBuilder.dll HKLM\SYSTEM\CurrentControlSet\Services\Audiosrv [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\Audiosrv.dll HKLM\SYSTEM\CurrentControlSet\Services\AVP17.0.0 [Value] ImagePath [Data]: "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe" -r MD5: 03b45c52179e8dae51a0f685c30d06d6 Size: 241544 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe HKLM\SYSTEM\CurrentControlSet\Services\AxInstSV [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k AxInstSVGroup MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\AxInstSV.dll HKLM\SYSTEM\CurrentControlSet\Services\b06bdrv [Value] ImagePath [Data]: System32\drivers\bxvbda.sys HKLM\SYSTEM\CurrentControlSet\Services\BasicDisplay [Value] ImagePath [Data]: \SystemRoot\System32\drivers\BasicDisplay.sys HKLM\SYSTEM\CurrentControlSet\Services\BasicRender [Value] ImagePath [Data]: \SystemRoot\System32\drivers\BasicRender.sys HKLM\SYSTEM\CurrentControlSet\Services\bcmfn [Value] ImagePath [Data]: \SystemRoot\System32\drivers\bcmfn.sys HKLM\SYSTEM\CurrentControlSet\Services\bcmfn2 [Value] ImagePath [Data]: \SystemRoot\System32\drivers\bcmfn2.sys HKLM\SYSTEM\CurrentControlSet\Services\BDESVC [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\bdesvc.dll HKLM\SYSTEM\CurrentControlSet\Services\BFE [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\bfe.dll HKLM\SYSTEM\CurrentControlSet\Services\BITS [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\qmgr.dll HKLM\SYSTEM\CurrentControlSet\Services\bowser [Value] ImagePath [Data]: system32\DRIVERS\bowser.sys HKLM\SYSTEM\CurrentControlSet\Services\BrokerInfrastructure [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k DcomLaunch MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\bisrv.dll HKLM\SYSTEM\CurrentControlSet\Services\Browser [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\browser.dll HKLM\SYSTEM\CurrentControlSet\Services\BtFilter [Value] ImagePath [Data]: \SystemRoot\system32\DRIVERS\btfilter.sys HKLM\SYSTEM\CurrentControlSet\Services\BthAvrcpTg [Value] ImagePath [Data]: \SystemRoot\System32\drivers\BthAvrcpTg.sys HKLM\SYSTEM\CurrentControlSet\Services\BthEnum [Value] ImagePath [Data]: \SystemRoot\System32\drivers\BthEnum.sys HKLM\SYSTEM\CurrentControlSet\Services\BthHFEnum [Value] ImagePath [Data]: \SystemRoot\System32\drivers\bthhfenum.sys HKLM\SYSTEM\CurrentControlSet\Services\bthhfhid [Value] ImagePath [Data]: \SystemRoot\System32\drivers\BthHFHid.sys HKLM\SYSTEM\CurrentControlSet\Services\BthHFSrv [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\BthHFSrv.dll HKLM\SYSTEM\CurrentControlSet\Services\BthLEEnum [Value] ImagePath [Data]: \SystemRoot\System32\drivers\BthLEEnum.sys HKLM\SYSTEM\CurrentControlSet\Services\BTHMODEM [Value] ImagePath [Data]: \SystemRoot\System32\drivers\bthmodem.sys HKLM\SYSTEM\CurrentControlSet\Services\BthPan [Value] ImagePath [Data]: \SystemRoot\System32\drivers\bthpan.sys HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT [Value] ImagePath [Data]: \SystemRoot\System32\drivers\BTHport.sys HKLM\SYSTEM\CurrentControlSet\Services\bthserv [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\bthserv.dll HKLM\SYSTEM\CurrentControlSet\Services\BTHUSB [Value] ImagePath [Data]: \SystemRoot\System32\drivers\BTHUSB.sys HKLM\SYSTEM\CurrentControlSet\Services\buttonconverter [Value] ImagePath [Data]: \SystemRoot\System32\drivers\buttonconverter.sys HKLM\SYSTEM\CurrentControlSet\Services\CapImg [Value] ImagePath [Data]: \SystemRoot\System32\drivers\capimg.sys HKLM\SYSTEM\CurrentControlSet\Services\cdfs [Value] ImagePath [Data]: system32\DRIVERS\cdfs.sys HKLM\SYSTEM\CurrentControlSet\Services\CDPSvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\CDPSvc.dll HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\CDPUserSvc.dll HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_39dc8 [Value] ImagePath [Data]: C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe HKLM\SYSTEM\CurrentControlSet\Services\cdrom [Value] ImagePath [Data]: \SystemRoot\System32\drivers\cdrom.sys HKLM\SYSTEM\CurrentControlSet\Services\CertPropSvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\certprop.dll HKLM\SYSTEM\CurrentControlSet\Services\cht4iscsi [Value] ImagePath [Data]: System32\drivers\cht4sx64.sys HKLM\SYSTEM\CurrentControlSet\Services\cht4vbd [Value] ImagePath [Data]: \SystemRoot\System32\drivers\cht4vx64.sys HKLM\SYSTEM\CurrentControlSet\Services\circlass [Value] ImagePath [Data]: \SystemRoot\System32\drivers\circlass.sys HKLM\SYSTEM\CurrentControlSet\Services\CLFS [Value] ImagePath [Data]: System32\drivers\CLFS.sys HKLM\SYSTEM\CurrentControlSet\Services\ClickToRunSvc [Value] ImagePath [Data]: "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service MD5: e3cb15c66c3dadce7e2ff8a00b920799 Size: 3019968 Path: %SystemDrive%\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k wsappx MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\ClipSVC.dll HKLM\SYSTEM\CurrentControlSet\Services\clreg [Value] ImagePath [Data]: \SystemRoot\System32\drivers\registry.sys HKLM\SYSTEM\CurrentControlSet\Services\CmBatt [Value] ImagePath [Data]: \SystemRoot\System32\drivers\CmBatt.sys HKLM\SYSTEM\CurrentControlSet\Services\cm_km [Value] ImagePath [Data]: system32\DRIVERS\cm_km.sys HKLM\SYSTEM\CurrentControlSet\Services\CNG [Value] ImagePath [Data]: System32\Drivers\cng.sys HKLM\SYSTEM\CurrentControlSet\Services\cnghwassist [Value] ImagePath [Data]: System32\DRIVERS\cnghwassist.sys HKLM\SYSTEM\CurrentControlSet\Services\CompositeBus [Value] ImagePath [Data]: \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys MD5: 34c935af2a414572b412b3556586d783 Size: 39936 Path: %WINDIR%\system32\driverstore\filerepository\compositebus.inf_amd64_a140581a8f8b58b7\compositebus.sys HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp [Value] ImagePath [Data]: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} MD5: 6046950fc9ca5b7a7e084c189658dacb Size: 19808 Path: %WINDIR%\System32\dllhost.exe HKLM\SYSTEM\CurrentControlSet\Services\condrv [Value] ImagePath [Data]: System32\drivers\condrv.sys HKLM\SYSTEM\CurrentControlSet\Services\CoreMessagingRegistrar [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\coremessaging.dll MD5: ef45b6dcb4f90f5e39970d27707349e6 Size: 483840 Path: %WINDIR%\system32\coremessaging.dll HKLM\SYSTEM\CurrentControlSet\Services\cphs [Value] ImagePath [Data]: %SystemRoot%\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHeciSvc.exe MD5: 3e4e6f0aad15a93ec0b1c80b78025283 Size: 310256 Path: %WINDIR%\system32\driverstore\filerepository\igdlh64.inf_amd64_82119d956c80af5a\intelcphecisvc.exe HKLM\SYSTEM\CurrentControlSet\Services\cplspcon [Value] ImagePath [Data]: %SystemRoot%\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHDCPSvc.exe MD5: d6353de55fc11f06e33e4ec8d7a20dc8 Size: 488944 Path: %WINDIR%\system32\driverstore\filerepository\igdlh64.inf_amd64_82119d956c80af5a\intelcphdcpsvc.exe HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k NetworkService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\cryptsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\dam [Value] ImagePath [Data]: system32\drivers\dam.sys HKLM\SYSTEM\CurrentControlSet\Services\Dashlane Upgrade Service [Value] ImagePath [Data]: "C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe" MD5: bbb7b78348e84b302bd478f345ff6313 Size: 82968 Path: %PROGRAMFILES%\Dashlane\Upgrade\DashlaneUpgradeService.exe HKLM\SYSTEM\CurrentControlSet\Services\DcomLaunch [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k DcomLaunch MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\rpcss.dll HKLM\SYSTEM\CurrentControlSet\Services\DcpSvc [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\dcpsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\defragsvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k defragsvc MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %Systemroot%\System32\defragsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\DeviceAssociationService [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\das.dll HKLM\SYSTEM\CurrentControlSet\Services\DeviceInstall [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k DcomLaunch MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\umpnpmgr.dll HKLM\SYSTEM\CurrentControlSet\Services\DevQueryBroker [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\DevQueryBroker.dll HKLM\SYSTEM\CurrentControlSet\Services\Dfsc [Value] ImagePath [Data]: System32\Drivers\dfsc.sys HKLM\SYSTEM\CurrentControlSet\Services\Dhcp [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\dhcpcore.dll MD5: e0201a4bb639042959a11457a52dd627 Size: 292864 Path: %WINDIR%\system32\dhcpcore.dll HKLM\SYSTEM\CurrentControlSet\Services\diagnosticshub.standardcollector.service [Value] ImagePath [Data]: %SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe HKLM\SYSTEM\CurrentControlSet\Services\DiagTrack [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k utcsvc MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\diagtrack.dll HKLM\SYSTEM\CurrentControlSet\Services\disk [Value] ImagePath [Data]: System32\drivers\disk.sys HKLM\SYSTEM\CurrentControlSet\Services\DmEnrollmentSvc [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %systemroot%\system32\Windows.Internal.Management.dll MD5: ba07c3c4ba08423d63cd811e84ee7261 Size: 298496 Path: %WINDIR%\system32\windows.internal.management.dll HKLM\SYSTEM\CurrentControlSet\Services\dmvsc [Value] ImagePath [Data]: \SystemRoot\System32\drivers\dmvsc.sys HKLM\SYSTEM\CurrentControlSet\Services\dmwappushservice [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\dmwappushsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\Dnscache [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k NetworkService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\dnsrslvr.dll HKLM\SYSTEM\CurrentControlSet\Services\DoSvc [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe HKLM\SYSTEM\CurrentControlSet\Services\dot3svc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\dot3svc.dll HKLM\SYSTEM\CurrentControlSet\Services\DPS [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\dps.dll HKLM\SYSTEM\CurrentControlSet\Services\drmkaud [Value] ImagePath [Data]: \SystemRoot\system32\DRIVERS\drmkaud.sys HKLM\SYSTEM\CurrentControlSet\Services\DsmSvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\DeviceSetupManager.dll HKLM\SYSTEM\CurrentControlSet\Services\DsSvc [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\DsSvc.dll HKLM\SYSTEM\CurrentControlSet\Services\DXGKrnl [Value] ImagePath [Data]: \SystemRoot\System32\drivers\dxgkrnl.sys HKLM\SYSTEM\CurrentControlSet\Services\EapHost [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\eapsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\ebdrv [Value] ImagePath [Data]: System32\drivers\evbda.sys HKLM\SYSTEM\CurrentControlSet\Services\EFS [Value] ImagePath [Data]: %SystemRoot%\System32\lsass.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\efssvc.dll HKLM\SYSTEM\CurrentControlSet\Services\EhStorClass [Value] ImagePath [Data]: System32\drivers\EhStorClass.sys HKLM\SYSTEM\CurrentControlSet\Services\EhStorTcgDrv [Value] ImagePath [Data]: System32\drivers\EhStorTcgDrv.sys HKLM\SYSTEM\CurrentControlSet\Services\embeddedmode [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\embeddedmodesvc.dll HKLM\SYSTEM\CurrentControlSet\Services\EntAppSvc [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k appmodel MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\EnterpriseAppMgmtSvc.dll HKLM\SYSTEM\CurrentControlSet\Services\ErrDev [Value] ImagePath [Data]: \SystemRoot\System32\drivers\errdev.sys HKLM\SYSTEM\CurrentControlSet\Services\ESProtectionDriver [Value] ImagePath [Data]: \??\C:\WINDOWS\system32\drivers\mbae64.sys HKLM\SYSTEM\CurrentControlSet\Services\EventLog [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe HKLM\SYSTEM\CurrentControlSet\Services\EventSystem [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %systemroot%\system32\es.dll MD5: 297bfca82aa994ce9b95706146764fbc Size: 347136 Path: %WINDIR%\system32\es.dll HKLM\SYSTEM\CurrentControlSet\Services\Fax [Value] ImagePath [Data]: %systemroot%\system32\fxssvc.exe HKLM\SYSTEM\CurrentControlSet\Services\fdc [Value] ImagePath [Data]: \SystemRoot\System32\drivers\fdc.sys HKLM\SYSTEM\CurrentControlSet\Services\fdPHost [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\fdPHost.dll HKLM\SYSTEM\CurrentControlSet\Services\FDResPub [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\fdrespub.dll HKLM\SYSTEM\CurrentControlSet\Services\fhsvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\fhsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\FileCrypt [Value] ImagePath [Data]: system32\drivers\filecrypt.sys HKLM\SYSTEM\CurrentControlSet\Services\FileInfo [Value] ImagePath [Data]: System32\drivers\fileinfo.sys HKLM\SYSTEM\CurrentControlSet\Services\Filetrace [Value] ImagePath [Data]: system32\drivers\filetrace.sys HKLM\SYSTEM\CurrentControlSet\Services\flpydisk [Value] ImagePath [Data]: \SystemRoot\System32\drivers\flpydisk.sys HKLM\SYSTEM\CurrentControlSet\Services\FltMgr [Value] ImagePath [Data]: system32\drivers\fltmgr.sys HKLM\SYSTEM\CurrentControlSet\Services\FontCache [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\FntCache.dll HKLM\SYSTEM\CurrentControlSet\Services\FontCache3.0.0.0 [Value] ImagePath [Data]: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe MD5: 59241194dbdf30a2b4029e402f377900 Size: 43696 Path: %WINDIR%\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe HKLM\SYSTEM\CurrentControlSet\Services\FrameServer [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k Camera MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\FrameServer.dll HKLM\SYSTEM\CurrentControlSet\Services\FsDepends [Value] ImagePath [Data]: System32\drivers\FsDepends.sys HKLM\SYSTEM\CurrentControlSet\Services\fvevol [Value] ImagePath [Data]: System32\DRIVERS\fvevol.sys HKLM\SYSTEM\CurrentControlSet\Services\gencounter [Value] ImagePath [Data]: \SystemRoot\System32\drivers\vmgencounter.sys HKLM\SYSTEM\CurrentControlSet\Services\genericusbfn [Value] ImagePath [Data]: \SystemRoot\System32\drivers\genericusbfn.sys HKLM\SYSTEM\CurrentControlSet\Services\GPIOClx0101 [Value] ImagePath [Data]: System32\Drivers\msgpioclx.sys HKLM\SYSTEM\CurrentControlSet\Services\gpsvc [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\gpsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\GpuEnergyDrv [Value] ImagePath [Data]: System32\drivers\gpuenergydrv.sys HKLM\SYSTEM\CurrentControlSet\Services\HdAudAddService [Value] ImagePath [Data]: \SystemRoot\system32\DRIVERS\HdAudio.sys HKLM\SYSTEM\CurrentControlSet\Services\HDAudBus [Value] ImagePath [Data]: \SystemRoot\System32\drivers\HDAudBus.sys HKLM\SYSTEM\CurrentControlSet\Services\HidBatt [Value] ImagePath [Data]: \SystemRoot\System32\drivers\HidBatt.sys HKLM\SYSTEM\CurrentControlSet\Services\HidBth [Value] ImagePath [Data]: \SystemRoot\System32\drivers\hidbth.sys HKLM\SYSTEM\CurrentControlSet\Services\hidi2c [Value] ImagePath [Data]: \SystemRoot\System32\drivers\hidi2c.sys HKLM\SYSTEM\CurrentControlSet\Services\hidinterrupt [Value] ImagePath [Data]: \SystemRoot\System32\drivers\hidinterrupt.sys HKLM\SYSTEM\CurrentControlSet\Services\HidIr [Value] ImagePath [Data]: \SystemRoot\System32\drivers\hidir.sys HKLM\SYSTEM\CurrentControlSet\Services\hidserv [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\hidserv.dll MD5: be6a279ed7023652dd94fa19e9b27882 Size: 32256 Path: %WINDIR%\system32\hidserv.dll HKLM\SYSTEM\CurrentControlSet\Services\HidUsb [Value] ImagePath [Data]: \SystemRoot\System32\drivers\hidusb.sys HKLM\SYSTEM\CurrentControlSet\Services\HomeGroupListener [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\ListSvc.dll HKLM\SYSTEM\CurrentControlSet\Services\HomeGroupProvider [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\provsvc.dll MD5: e5d081908b6dd64bdfc125a56428aea5 Size: 385536 Path: %WINDIR%\system32\provsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\HpSAMD [Value] ImagePath [Data]: System32\drivers\HpSAMD.sys HKLM\SYSTEM\CurrentControlSet\Services\HTTP [Value] ImagePath [Data]: system32\drivers\HTTP.sys HKLM\SYSTEM\CurrentControlSet\Services\HvHost [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\hvhostsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\hvservice [Value] ImagePath [Data]: system32\drivers\hvservice.sys HKLM\SYSTEM\CurrentControlSet\Services\HWiNFO32 [Value] ImagePath [Data]: \??\C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS MD5: ef558a02d734a1403583e95cceec2487 Size: 27552 Path: %WINDIR%\syswow64\drivers\hwinfo64a.sys HKLM\SYSTEM\CurrentControlSet\Services\hwpolicy [Value] ImagePath [Data]: System32\drivers\hwpolicy.sys HKLM\SYSTEM\CurrentControlSet\Services\hyperkbd [Value] ImagePath [Data]: \SystemRoot\System32\drivers\hyperkbd.sys HKLM\SYSTEM\CurrentControlSet\Services\i8042prt [Value] ImagePath [Data]: \SystemRoot\System32\drivers\i8042prt.sys HKLM\SYSTEM\CurrentControlSet\Services\iagpio [Value] ImagePath [Data]: \SystemRoot\System32\drivers\iagpio.sys HKLM\SYSTEM\CurrentControlSet\Services\iai2c [Value] ImagePath [Data]: \SystemRoot\System32\drivers\iai2c.sys HKLM\SYSTEM\CurrentControlSet\Services\iaLPSS2i_GPIO2 [Value] ImagePath [Data]: \SystemRoot\System32\drivers\iaLPSS2i_GPIO2.sys HKLM\SYSTEM\CurrentControlSet\Services\iaLPSS2i_I2C [Value] ImagePath [Data]: \SystemRoot\System32\drivers\iaLPSS2i_I2C.sys HKLM\SYSTEM\CurrentControlSet\Services\iaLPSS2_I2C [Value] ImagePath [Data]: \SystemRoot\System32\drivers\iaLPSS2_I2C.sys HKLM\SYSTEM\CurrentControlSet\Services\iaLPSSi_GPIO [Value] ImagePath [Data]: \SystemRoot\System32\drivers\iaLPSSi_GPIO.sys HKLM\SYSTEM\CurrentControlSet\Services\iaLPSSi_I2C [Value] ImagePath [Data]: \SystemRoot\System32\drivers\iaLPSSi_I2C.sys HKLM\SYSTEM\CurrentControlSet\Services\iaStorA [Value] ImagePath [Data]: System32\drivers\iaStorA.sys HKLM\SYSTEM\CurrentControlSet\Services\iaStorAV [Value] ImagePath [Data]: System32\drivers\iaStorAV.sys HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrSvc [Value] ImagePath [Data]: "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" MD5: 0592ad7665975da67cd3524587479fab Size: 18856 Path: %SystemDrive%\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe HKLM\SYSTEM\CurrentControlSet\Services\iaStorV [Value] ImagePath [Data]: System32\drivers\iaStorV.sys HKLM\SYSTEM\CurrentControlSet\Services\ibbus [Value] ImagePath [Data]: \SystemRoot\System32\drivers\ibbus.sys HKLM\SYSTEM\CurrentControlSet\Services\icssvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\tetheringservice.dll HKLM\SYSTEM\CurrentControlSet\Services\igfx [Value] ImagePath [Data]: \SystemRoot\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igdkmd64.sys MD5: b6c54bf8eb345e70e8a1d76d2090de33 Size: 11041776 Path: %WINDIR%\system32\driverstore\filerepository\igdlh64.inf_amd64_82119d956c80af5a\igdkmd64.sys HKLM\SYSTEM\CurrentControlSet\Services\igfxCUIService2.0.0.0 [Value] ImagePath [Data]: %SystemRoot%\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe MD5: 9a79817b982c77eee85e38bcbc4b9416 Size: 350704 Path: %WINDIR%\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\ikeext.dll HKLM\SYSTEM\CurrentControlSet\Services\IndirectKmd [Value] ImagePath [Data]: \SystemRoot\System32\drivers\IndirectKmd.sys HKLM\SYSTEM\CurrentControlSet\Services\IntcAzAudAddService [Value] ImagePath [Data]: \SystemRoot\system32\drivers\RTKVHD64.sys HKLM\SYSTEM\CurrentControlSet\Services\IntcDAud [Value] ImagePath [Data]: \SystemRoot\system32\DRIVERS\IntcDAud.sys HKLM\SYSTEM\CurrentControlSet\Services\Intel(R) Capability Licensing Service TCP IP Interface [Value] ImagePath [Data]: "C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe" MD5: 99e6484c1c98047e41e18c7d32dc9667 Size: 976848 Path: %SystemDrive%\program files\intel\icls client\socketheciserver.exe HKLM\SYSTEM\CurrentControlSet\Services\Intel(R) Security Assist [Value] ImagePath [Data]: "C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe" MD5: aad556b0e8033f5fbdf1bf396f843eaa Size: 335872 Path: %PROGRAMFILES%\Intel\Intel(R) Security Assist\isa.exe HKLM\SYSTEM\CurrentControlSet\Services\intelide [Value] ImagePath [Data]: System32\drivers\intelide.sys HKLM\SYSTEM\CurrentControlSet\Services\intelpep [Value] ImagePath [Data]: System32\drivers\intelpep.sys HKLM\SYSTEM\CurrentControlSet\Services\intelppm [Value] ImagePath [Data]: \SystemRoot\System32\drivers\intelppm.sys HKLM\SYSTEM\CurrentControlSet\Services\IntelSSTSvc [Value] ImagePath [Data]: "C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe" HKLM\SYSTEM\CurrentControlSet\Services\iorate [Value] ImagePath [Data]: system32\drivers\iorate.sys HKLM\SYSTEM\CurrentControlSet\Services\IpFilterDriver [Value] ImagePath [Data]: system32\DRIVERS\ipfltdrv.sys HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k NetSvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\iphlpsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\IPMIDRV [Value] ImagePath [Data]: \SystemRoot\System32\drivers\IPMIDrv.sys HKLM\SYSTEM\CurrentControlSet\Services\IPNAT [Value] ImagePath [Data]: System32\drivers\ipnat.sys HKLM\SYSTEM\CurrentControlSet\Services\irda [Value] ImagePath [Data]: \SystemRoot\system32\drivers\irda.sys HKLM\SYSTEM\CurrentControlSet\Services\IRENUM [Value] ImagePath [Data]: system32\drivers\irenum.sys HKLM\SYSTEM\CurrentControlSet\Services\irmon [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\irmon.dll HKLM\SYSTEM\CurrentControlSet\Services\isaHelperSvc [Value] ImagePath [Data]: "C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe" MD5: 1ee06f61addade7dd0270fddd6050777 Size: 8704 Path: %PROGRAMFILES%\intel\intel(r) security assist\isahelperservice.exe HKLM\SYSTEM\CurrentControlSet\Services\isapnp [Value] ImagePath [Data]: System32\drivers\isapnp.sys HKLM\SYSTEM\CurrentControlSet\Services\iScsiPrt [Value] ImagePath [Data]: \SystemRoot\System32\drivers\msiscsi.sys HKLM\SYSTEM\CurrentControlSet\Services\jhi_service [Value] ImagePath [Data]: "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" MD5: 50e156d426d494eb9f429a55bed837c9 Size: 209184 Path: %PROGRAMFILES%\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe HKLM\SYSTEM\CurrentControlSet\Services\kbdclass [Value] ImagePath [Data]: \SystemRoot\System32\drivers\kbdclass.sys HKLM\SYSTEM\CurrentControlSet\Services\kbdhid [Value] ImagePath [Data]: \SystemRoot\System32\drivers\kbdhid.sys HKLM\SYSTEM\CurrentControlSet\Services\kdnic [Value] ImagePath [Data]: \SystemRoot\System32\drivers\kdnic.sys HKLM\SYSTEM\CurrentControlSet\Services\KeyIso [Value] ImagePath [Data]: %SystemRoot%\system32\lsass.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\keyiso.dll MD5: 0675de1739ec0e6cc8a9ec5ce459236a Size: 70656 Path: %WINDIR%\system32\keyiso.dll HKLM\SYSTEM\CurrentControlSet\Services\kl1 [Value] ImagePath [Data]: system32\DRIVERS\kl1.sys HKLM\SYSTEM\CurrentControlSet\Services\klbackupdisk [Value] ImagePath [Data]: system32\DRIVERS\klbackupdisk.sys HKLM\SYSTEM\CurrentControlSet\Services\klbackupflt [Value] ImagePath [Data]: system32\DRIVERS\klbackupflt.sys HKLM\SYSTEM\CurrentControlSet\Services\kldisk [Value] ImagePath [Data]: \SystemRoot\system32\DRIVERS\kldisk.sys HKLM\SYSTEM\CurrentControlSet\Services\klelam [Value] ImagePath [Data]: system32\DRIVERS\klelam.sys HKLM\SYSTEM\CurrentControlSet\Services\klflt [Value] ImagePath [Data]: \SystemRoot\system32\DRIVERS\klflt.sys HKLM\SYSTEM\CurrentControlSet\Services\klhk [Value] ImagePath [Data]: \SystemRoot\System32\drivers\klhk.sys HKLM\SYSTEM\CurrentControlSet\Services\klids [Value] ImagePath [Data]: \??\C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys MD5: 3a619b52be1967d6586b6af707dc1ff9 Size: 171312 Path: %ALLUSERSPROFILE%\kaspersky lab\avp17.0.0\bases\klids.sys HKLM\SYSTEM\CurrentControlSet\Services\KLIF [Value] ImagePath [Data]: system32\DRIVERS\klif.sys HKLM\SYSTEM\CurrentControlSet\Services\KLIM6 [Value] ImagePath [Data]: \SystemRoot\system32\DRIVERS\klim6.sys HKLM\SYSTEM\CurrentControlSet\Services\klkbdflt [Value] ImagePath [Data]: \SystemRoot\system32\DRIVERS\klkbdflt.sys HKLM\SYSTEM\CurrentControlSet\Services\klmouflt [Value] ImagePath [Data]: \SystemRoot\system32\DRIVERS\klmouflt.sys HKLM\SYSTEM\CurrentControlSet\Services\klpd [Value] ImagePath [Data]: system32\DRIVERS\klpd.sys HKLM\SYSTEM\CurrentControlSet\Services\kltap [Value] ImagePath [Data]: \SystemRoot\System32\drivers\kltap.sys HKLM\SYSTEM\CurrentControlSet\Services\klupd_klif_arkmon [Value] ImagePath [Data]: System32\Drivers\klupd_klif_arkmon.sys HKLM\SYSTEM\CurrentControlSet\Services\klupd_klif_kimul [Value] ImagePath [Data]: System32\Drivers\klupd_klif_kimul.sys HKLM\SYSTEM\CurrentControlSet\Services\klupd_klif_klark [Value] ImagePath [Data]: System32\Drivers\klupd_klif_klark.sys HKLM\SYSTEM\CurrentControlSet\Services\klupd_klif_klbg [Value] ImagePath [Data]: System32\Drivers\klupd_klif_klbg.sys HKLM\SYSTEM\CurrentControlSet\Services\klupd_klif_mark [Value] ImagePath [Data]: System32\Drivers\klupd_klif_mark.sys HKLM\SYSTEM\CurrentControlSet\Services\klvssbrigde64 [Value] ImagePath [Data]: "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe" MD5: d7f0b46844565e2ed68ac99af0f4263f Size: 77328 Path: %PROGRAMFILES%\kaspersky lab\kaspersky internet security 17.0.0\x64\vssbridge64.exe HKLM\SYSTEM\CurrentControlSet\Services\klwfp [Value] ImagePath [Data]: \SystemRoot\system32\DRIVERS\klwfp.sys HKLM\SYSTEM\CurrentControlSet\Services\Klwtp [Value] ImagePath [Data]: \SystemRoot\system32\DRIVERS\klwtp.sys HKLM\SYSTEM\CurrentControlSet\Services\kmloop [Value] ImagePath [Data]: \SystemRoot\system32\DRIVERS\loop.sys HKLM\SYSTEM\CurrentControlSet\Services\KMWDFILTER [Value] ImagePath [Data]: \SystemRoot\System32\drivers\KMWDFILTER.sys HKLM\SYSTEM\CurrentControlSet\Services\kneps [Value] ImagePath [Data]: \SystemRoot\system32\DRIVERS\kneps.sys HKLM\SYSTEM\CurrentControlSet\Services\KSDE1.0.0 [Value] ImagePath [Data]: "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe" -r MD5: eff5ea6088db81c6ef6edcda5ee79909 Size: 241544 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe HKLM\SYSTEM\CurrentControlSet\Services\KSecDD [Value] ImagePath [Data]: System32\Drivers\ksecdd.sys HKLM\SYSTEM\CurrentControlSet\Services\KSecPkg [Value] ImagePath [Data]: System32\Drivers\ksecpkg.sys HKLM\SYSTEM\CurrentControlSet\Services\ksthunk [Value] ImagePath [Data]: \SystemRoot\system32\drivers\ksthunk.sys HKLM\SYSTEM\CurrentControlSet\Services\KtmRm [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %systemroot%\system32\msdtckrm.dll HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\srvsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k NetworkService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\wkssvc.dll HKLM\SYSTEM\CurrentControlSet\Services\lfsvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\lfsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\LicenseManagerSvc.dll HKLM\SYSTEM\CurrentControlSet\Services\LiveTuner2PM [Value] ImagePath [Data]: \??\C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 14\LiveTuner64.sys MD5: 2223d781b2d1e16219c250520ce39c9f Size: 14320 Path: %PROGRAMFILES%\ashampoo\ashampoo winoptimizer 14\livetuner64.sys HKLM\SYSTEM\CurrentControlSet\Services\lltdio [Value] ImagePath [Data]: system32\drivers\lltdio.sys HKLM\SYSTEM\CurrentControlSet\Services\lltdsvc [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\lltdsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\LMDriver [Value] ImagePath [Data]: \SystemRoot\System32\drivers\LMDriver.sys HKLM\SYSTEM\CurrentControlSet\Services\lmhosts [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\lmhsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\LMS [Value] ImagePath [Data]: "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" MD5: cfbf8ec48688652b9a709370b1e50315 Size: 415520 Path: %PROGRAMFILES%\Intel\Intel(R) Management Engine Components\LMS\LMS.exe HKLM\SYSTEM\CurrentControlSet\Services\LSI_SAS [Value] ImagePath [Data]: System32\drivers\lsi_sas.sys HKLM\SYSTEM\CurrentControlSet\Services\LSI_SAS2i [Value] ImagePath [Data]: System32\drivers\lsi_sas2i.sys HKLM\SYSTEM\CurrentControlSet\Services\LSI_SAS3i [Value] ImagePath [Data]: System32\drivers\lsi_sas3i.sys HKLM\SYSTEM\CurrentControlSet\Services\LSI_SSS [Value] ImagePath [Data]: System32\drivers\lsi_sss.sys HKLM\SYSTEM\CurrentControlSet\Services\LSM [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k DcomLaunch MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\lsm.dll HKLM\SYSTEM\CurrentControlSet\Services\luafv [Value] ImagePath [Data]: \SystemRoot\system32\drivers\luafv.sys HKLM\SYSTEM\CurrentControlSet\Services\MapsBroker [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k NetworkService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\moshost.dll HKLM\SYSTEM\CurrentControlSet\Services\MBAMFarflt [Value] ImagePath [Data]: \??\C:\WINDOWS\system32\drivers\farflt.sys HKLM\SYSTEM\CurrentControlSet\Services\MBAMProtection [Value] ImagePath [Data]: \??\C:\WINDOWS\system32\drivers\mbam.sys HKLM\SYSTEM\CurrentControlSet\Services\MBAMWebProtection [Value] ImagePath [Data]: \??\C:\WINDOWS\system32\drivers\mwac.sys HKLM\SYSTEM\CurrentControlSet\Services\megasas [Value] ImagePath [Data]: System32\drivers\megasas.sys HKLM\SYSTEM\CurrentControlSet\Services\megasas2i [Value] ImagePath [Data]: System32\drivers\MegaSas2i.sys HKLM\SYSTEM\CurrentControlSet\Services\megasr [Value] ImagePath [Data]: System32\drivers\megasr.sys HKLM\SYSTEM\CurrentControlSet\Services\MEIx64 [Value] ImagePath [Data]: \SystemRoot\System32\drivers\TeeDriverW8x64.sys HKLM\SYSTEM\CurrentControlSet\Services\MessagingService [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\MessagingService.dll HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_39dc8 [Value] ImagePath [Data]: C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe HKLM\SYSTEM\CurrentControlSet\Services\mlx4_bus [Value] ImagePath [Data]: \SystemRoot\System32\drivers\mlx4_bus.sys HKLM\SYSTEM\CurrentControlSet\Services\MMCSS [Value] ImagePath [Data]: \SystemRoot\system32\drivers\mmcss.sys HKLM\SYSTEM\CurrentControlSet\Services\Mobile Broadband HL Service [Value] ImagePath [Data]: "C:\ProgramData\MobileBrServ\mbbservice.exe" -service MD5: 1f608ceaea01fa7f1089c11b8d9c0b61 Size: 237424 Path: %ALLUSERSPROFILE%\MobileBrServ\mbbService.exe HKLM\SYSTEM\CurrentControlSet\Services\Modem [Value] ImagePath [Data]: system32\drivers\modem.sys HKLM\SYSTEM\CurrentControlSet\Services\monitor [Value] ImagePath [Data]: \SystemRoot\System32\drivers\monitor.sys HKLM\SYSTEM\CurrentControlSet\Services\mouclass [Value] ImagePath [Data]: \SystemRoot\System32\drivers\mouclass.sys HKLM\SYSTEM\CurrentControlSet\Services\mouhid [Value] ImagePath [Data]: \SystemRoot\System32\drivers\mouhid.sys HKLM\SYSTEM\CurrentControlSet\Services\mountmgr [Value] ImagePath [Data]: System32\drivers\mountmgr.sys HKLM\SYSTEM\CurrentControlSet\Services\MozillaMaintenance [Value] ImagePath [Data]: "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" MD5: 4235b16e8c2e277eecb9bfd4579c428e Size: 173512 Path: %PROGRAMFILES%\mozilla maintenance service\maintenanceservice.exe HKLM\SYSTEM\CurrentControlSet\Services\mpsdrv [Value] ImagePath [Data]: System32\drivers\mpsdrv.sys HKLM\SYSTEM\CurrentControlSet\Services\MpsSvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\mpssvc.dll HKLM\SYSTEM\CurrentControlSet\Services\MRxDAV [Value] ImagePath [Data]: \SystemRoot\system32\drivers\mrxdav.sys HKLM\SYSTEM\CurrentControlSet\Services\mrxsmb [Value] ImagePath [Data]: system32\DRIVERS\mrxsmb.sys HKLM\SYSTEM\CurrentControlSet\Services\mrxsmb10 [Value] ImagePath [Data]: system32\DRIVERS\mrxsmb10.sys HKLM\SYSTEM\CurrentControlSet\Services\mrxsmb20 [Value] ImagePath [Data]: system32\DRIVERS\mrxsmb20.sys HKLM\SYSTEM\CurrentControlSet\Services\MsBridge [Value] ImagePath [Data]: System32\drivers\bridge.sys HKLM\SYSTEM\CurrentControlSet\Services\MSDTC [Value] ImagePath [Data]: %SystemRoot%\System32\msdtc.exe HKLM\SYSTEM\CurrentControlSet\Services\msgpiowin32 [Value] ImagePath [Data]: \SystemRoot\System32\drivers\msgpiowin32.sys HKLM\SYSTEM\CurrentControlSet\Services\mshidkmdf [Value] ImagePath [Data]: \SystemRoot\System32\drivers\mshidkmdf.sys HKLM\SYSTEM\CurrentControlSet\Services\mshidumdf [Value] ImagePath [Data]: \SystemRoot\System32\drivers\mshidumdf.sys HKLM\SYSTEM\CurrentControlSet\Services\msisadrv [Value] ImagePath [Data]: System32\drivers\msisadrv.sys HKLM\SYSTEM\CurrentControlSet\Services\MSiSCSI [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %systemroot%\system32\iscsiexe.dll HKLM\SYSTEM\CurrentControlSet\Services\msiserver [Value] ImagePath [Data]: %systemroot%\system32\msiexec.exe /V MD5: 9d69473a54b200870a407b0e7103ee28 Size: 58368 Path: %WINDIR%\system32\msiexec.exe HKLM\SYSTEM\CurrentControlSet\Services\MSKSSRV [Value] ImagePath [Data]: \SystemRoot\system32\DRIVERS\MSKSSRV.sys HKLM\SYSTEM\CurrentControlSet\Services\MsLldp [Value] ImagePath [Data]: system32\drivers\mslldp.sys HKLM\SYSTEM\CurrentControlSet\Services\MSPCLOCK [Value] ImagePath [Data]: \SystemRoot\system32\DRIVERS\MSPCLOCK.sys HKLM\SYSTEM\CurrentControlSet\Services\MSPQM [Value] ImagePath [Data]: \SystemRoot\system32\DRIVERS\MSPQM.sys HKLM\SYSTEM\CurrentControlSet\Services\mssmbios [Value] ImagePath [Data]: \SystemRoot\System32\drivers\mssmbios.sys HKLM\SYSTEM\CurrentControlSet\Services\MSTEE [Value] ImagePath [Data]: \SystemRoot\system32\DRIVERS\MSTEE.sys HKLM\SYSTEM\CurrentControlSet\Services\MTConfig [Value] ImagePath [Data]: \SystemRoot\System32\drivers\MTConfig.sys HKLM\SYSTEM\CurrentControlSet\Services\Mup [Value] ImagePath [Data]: System32\Drivers\mup.sys HKLM\SYSTEM\CurrentControlSet\Services\mvumis [Value] ImagePath [Data]: System32\drivers\mvumis.sys HKLM\SYSTEM\CurrentControlSet\Services\NativeWifiP [Value] ImagePath [Data]: system32\DRIVERS\nwifi.sys HKLM\SYSTEM\CurrentControlSet\Services\NcaSvc [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k NetSvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\ncasvc.dll HKLM\SYSTEM\CurrentControlSet\Services\NcbService [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\ncbservice.dll HKLM\SYSTEM\CurrentControlSet\Services\NcdAutoSetup [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\NcdAutoSetup.dll HKLM\SYSTEM\CurrentControlSet\Services\ndfltr [Value] ImagePath [Data]: \SystemRoot\System32\drivers\ndfltr.sys HKLM\SYSTEM\CurrentControlSet\Services\NDIS [Value] ImagePath [Data]: system32\drivers\ndis.sys HKLM\SYSTEM\CurrentControlSet\Services\NdisCap [Value] ImagePath [Data]: System32\drivers\ndiscap.sys HKLM\SYSTEM\CurrentControlSet\Services\NdisImPlatform [Value] ImagePath [Data]: System32\drivers\NdisImPlatform.sys HKLM\SYSTEM\CurrentControlSet\Services\NdisTapi [Value] ImagePath [Data]: System32\DRIVERS\ndistapi.sys HKLM\SYSTEM\CurrentControlSet\Services\Ndisuio [Value] ImagePath [Data]: system32\drivers\ndisuio.sys HKLM\SYSTEM\CurrentControlSet\Services\NdisVirtualBus [Value] ImagePath [Data]: \SystemRoot\System32\drivers\NdisVirtualBus.sys HKLM\SYSTEM\CurrentControlSet\Services\NdisWan [Value] ImagePath [Data]: \SystemRoot\System32\drivers\ndiswan.sys HKLM\SYSTEM\CurrentControlSet\Services\ndiswanlegacy [Value] ImagePath [Data]: System32\DRIVERS\ndiswan.sys HKLM\SYSTEM\CurrentControlSet\Services\ndproxy [Value] ImagePath [Data]: System32\DRIVERS\NDProxy.sys HKLM\SYSTEM\CurrentControlSet\Services\Ndu [Value] ImagePath [Data]: system32\drivers\Ndu.sys HKLM\SYSTEM\CurrentControlSet\Services\NetAdapterCx [Value] ImagePath [Data]: system32\drivers\NetAdapterCx.sys HKLM\SYSTEM\CurrentControlSet\Services\NetBIOS [Value] ImagePath [Data]: system32\drivers\netbios.sys HKLM\SYSTEM\CurrentControlSet\Services\NetBT [Value] ImagePath [Data]: System32\DRIVERS\netbt.sys HKLM\SYSTEM\CurrentControlSet\Services\Netlogon [Value] ImagePath [Data]: %systemroot%\system32\lsass.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\netlogon.dll MD5: c4a39409d825d4808832c7b9243fc9b7 Size: 670720 Path: %WINDIR%\system32\netlogon.dll HKLM\SYSTEM\CurrentControlSet\Services\Netman [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\netman.dll HKLM\SYSTEM\CurrentControlSet\Services\netprofm [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\netprofmsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\NetSetupSvc [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\NetSetupSvc.dll HKLM\SYSTEM\CurrentControlSet\Services\NetTcpPortSharing [Value] ImagePath [Data]: %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe MD5: efa857e2b0cc7c9dfef48a2187b910f7 Size: 136360 Path: %WINDIR%\microsoft.net\framework64\v4.0.30319\smsvchost.exe HKLM\SYSTEM\CurrentControlSet\Services\NgcCtnrSvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\NgcCtnrSvc.dll HKLM\SYSTEM\CurrentControlSet\Services\NgcSvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\ngcsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k NetworkService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\nlasvc.dll HKLM\SYSTEM\CurrentControlSet\Services\npsvctrig [Value] ImagePath [Data]: \SystemRoot\System32\drivers\npsvctrig.sys HKLM\SYSTEM\CurrentControlSet\Services\nsi [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k LocalService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %systemroot%\system32\nsisvc.dll HKLM\SYSTEM\CurrentControlSet\Services\nsiproxy [Value] ImagePath [Data]: system32\drivers\nsiproxy.sys HKLM\SYSTEM\CurrentControlSet\Services\NVDisplay.ContainerLocalSystem [Value] ImagePath [Data]: "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" MD5: 2328568ee63439a4a11f9dc0692e5527 Size: 458176 Path: %SystemDrive%\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe MD5: 728fd270c0cab60ccebda43933b49999 Size: 2722 Path: %ALLUSERSPROFILE%\nvidia\nvdisplay.containerlocalsystem.log HKLM\SYSTEM\CurrentControlSet\Services\nvlddmkm [Value] ImagePath [Data]: \SystemRoot\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvlddmkm.sys MD5: 4d56e475d32437ecf663ce944d7e0d3f Size: 14190520 Path: %WINDIR%\system32\driverstore\filerepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvlddmkm.sys HKLM\SYSTEM\CurrentControlSet\Services\nvraid [Value] ImagePath [Data]: System32\drivers\nvraid.sys HKLM\SYSTEM\CurrentControlSet\Services\nvstor [Value] ImagePath [Data]: System32\drivers\nvstor.sys HKLM\SYSTEM\CurrentControlSet\Services\NvStreamKms [Value] ImagePath [Data]: \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys MD5: 99d42078c9596a20a7b3419159265a25 Size: 28216 Path: %SystemDrive%\program files\nvidia corporation\nvstreamsrv\nvstreamkms.sys HKLM\SYSTEM\CurrentControlSet\Services\NvStreamNetworkSvc [Value] ImagePath [Data]: "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" MD5: e6a64322eb213aeacbb61584aa6fb032 Size: 3634232 Path: %SystemDrive%\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe HKLM\SYSTEM\CurrentControlSet\Services\NvStreamSvc [Value] ImagePath [Data]: "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe" MD5: a8213bf32d2e75add362e118ad164749 Size: 2522680 Path: %SystemDrive%\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe HKLM\SYSTEM\CurrentControlSet\Services\nvvad_WaveExtensible [Value] ImagePath [Data]: \SystemRoot\system32\drivers\nvvad64v.sys HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\APHostService.dll HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_39dc8 [Value] ImagePath [Data]: C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe HKLM\SYSTEM\CurrentControlSet\Services\ose [Value] ImagePath [Data]: "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" MD5: 55aff77d3dace7adce146e70f4691979 Size: 209088 Path: %COMMONPROGRAMFILES%\microsoft shared\source engine\ose.exe HKLM\SYSTEM\CurrentControlSet\Services\p2pimsvc [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\pnrpsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\p2psvc [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\p2psvc.dll HKLM\SYSTEM\CurrentControlSet\Services\Parport [Value] ImagePath [Data]: \SystemRoot\System32\drivers\parport.sys HKLM\SYSTEM\CurrentControlSet\Services\partmgr [Value] ImagePath [Data]: System32\drivers\partmgr.sys HKLM\SYSTEM\CurrentControlSet\Services\PcaSvc [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\pcasvc.dll HKLM\SYSTEM\CurrentControlSet\Services\pci [Value] ImagePath [Data]: System32\drivers\pci.sys HKLM\SYSTEM\CurrentControlSet\Services\pciide [Value] ImagePath [Data]: System32\drivers\pciide.sys HKLM\SYSTEM\CurrentControlSet\Services\pcmcia [Value] ImagePath [Data]: System32\drivers\pcmcia.sys HKLM\SYSTEM\CurrentControlSet\Services\pcw [Value] ImagePath [Data]: System32\drivers\pcw.sys HKLM\SYSTEM\CurrentControlSet\Services\pdc [Value] ImagePath [Data]: system32\drivers\pdc.sys HKLM\SYSTEM\CurrentControlSet\Services\PEAUTH [Value] ImagePath [Data]: system32\drivers\peauth.sys HKLM\SYSTEM\CurrentControlSet\Services\percsas2i [Value] ImagePath [Data]: System32\drivers\percsas2i.sys HKLM\SYSTEM\CurrentControlSet\Services\percsas3i [Value] ImagePath [Data]: System32\drivers\percsas3i.sys HKLM\SYSTEM\CurrentControlSet\Services\PerfHost [Value] ImagePath [Data]: %SystemRoot%\SysWow64\perfhost.exe MD5: cb5343ff52a702a9acfaae6be972fe09 Size: 21504 Path: %WINDIR%\syswow64\perfhost.exe HKLM\SYSTEM\CurrentControlSet\Services\PhoneSvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\PhoneService.dll HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\PimIndexMaintenance.dll HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_39dc8 [Value] ImagePath [Data]: C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe HKLM\SYSTEM\CurrentControlSet\Services\pla [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %systemroot%\system32\pla.dll MD5: 0faa756716218e68d46f9e2fee624242 Size: 1536512 Path: %WINDIR%\system32\pla.dll HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k DcomLaunch MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\umpnpmgr.dll HKLM\SYSTEM\CurrentControlSet\Services\PNRPAutoReg [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\pnrpauto.dll HKLM\SYSTEM\CurrentControlSet\Services\PNRPsvc [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\pnrpsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\ipsecsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\Power [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k DcomLaunch MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\umpo.dll HKLM\SYSTEM\CurrentControlSet\Services\PptpMiniport [Value] ImagePath [Data]: \SystemRoot\System32\drivers\raspptp.sys HKLM\SYSTEM\CurrentControlSet\Services\PrintNotify [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k print MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll MD5: 12eccdb0c865a8cb805babad5a54ef41 Size: 3318784 Path: %WINDIR%\system32\spool\drivers\x64\3\printconfig.dll HKLM\SYSTEM\CurrentControlSet\Services\Processor [Value] ImagePath [Data]: \SystemRoot\System32\drivers\processr.sys HKLM\SYSTEM\CurrentControlSet\Services\ProfSvc [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %systemroot%\system32\profsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\Psched [Value] ImagePath [Data]: System32\drivers\pacer.sys HKLM\SYSTEM\CurrentControlSet\Services\Qcamain10x64 [Value] ImagePath [Data]: \SystemRoot\system32\DRIVERS\Qcamain10x64.sys HKLM\SYSTEM\CurrentControlSet\Services\QWAVE [Value] ImagePath [Data]: %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %windir%\system32\qwave.dll MD5: c0c426db80a332672b9648c595bd5d1d Size: 234496 Path: %WINDIR%\system32\qwave.dll HKLM\SYSTEM\CurrentControlSet\Services\QWAVEdrv [Value] ImagePath [Data]: \SystemRoot\system32\drivers\qwavedrv.sys HKLM\SYSTEM\CurrentControlSet\Services\RadioShim [Value] ImagePath [Data]: \SystemRoot\System32\drivers\RadioShim.sys HKLM\SYSTEM\CurrentControlSet\Services\RasAcd [Value] ImagePath [Data]: System32\DRIVERS\rasacd.sys HKLM\SYSTEM\CurrentControlSet\Services\RasAgileVpn [Value] ImagePath [Data]: \SystemRoot\System32\drivers\AgileVpn.sys HKLM\SYSTEM\CurrentControlSet\Services\RasAuto [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\rasauto.dll HKLM\SYSTEM\CurrentControlSet\Services\Rasl2tp [Value] ImagePath [Data]: \SystemRoot\System32\drivers\rasl2tp.sys HKLM\SYSTEM\CurrentControlSet\Services\RasMan [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\rasmans.dll HKLM\SYSTEM\CurrentControlSet\Services\RasPppoe [Value] ImagePath [Data]: System32\DRIVERS\raspppoe.sys HKLM\SYSTEM\CurrentControlSet\Services\RasSstp [Value] ImagePath [Data]: \SystemRoot\System32\drivers\rassstp.sys HKLM\SYSTEM\CurrentControlSet\Services\rdbss [Value] ImagePath [Data]: system32\DRIVERS\rdbss.sys HKLM\SYSTEM\CurrentControlSet\Services\rdpbus [Value] ImagePath [Data]: \SystemRoot\System32\drivers\rdpbus.sys HKLM\SYSTEM\CurrentControlSet\Services\RDPDR [Value] ImagePath [Data]: System32\drivers\rdpdr.sys HKLM\SYSTEM\CurrentControlSet\Services\RdpVideoMiniport [Value] ImagePath [Data]: System32\drivers\rdpvideominiport.sys HKLM\SYSTEM\CurrentControlSet\Services\rdyboost [Value] ImagePath [Data]: System32\drivers\rdyboost.sys HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\mprdim.dll MD5: 35ba17ff927b79eddee436adeb98ef21 Size: 431104 Path: %WINDIR%\system32\mprdim.dll HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k localService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\regsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\RetailDemo [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\RDXService.dll HKLM\SYSTEM\CurrentControlSet\Services\RFCOMM [Value] ImagePath [Data]: \SystemRoot\System32\drivers\rfcomm.sys HKLM\SYSTEM\CurrentControlSet\Services\RmSvc [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\RMapi.dll HKLM\SYSTEM\CurrentControlSet\Services\RpcEptMapper [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k RPCSS MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\RpcEpMap.dll HKLM\SYSTEM\CurrentControlSet\Services\RpcLocator [Value] ImagePath [Data]: %SystemRoot%\system32\locator.exe HKLM\SYSTEM\CurrentControlSet\Services\RpcSs [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k rpcss MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\rpcss.dll HKLM\SYSTEM\CurrentControlSet\Services\rspndr [Value] ImagePath [Data]: system32\drivers\rspndr.sys HKLM\SYSTEM\CurrentControlSet\Services\rt640x64 [Value] ImagePath [Data]: \SystemRoot\System32\drivers\rt640x64.sys HKLM\SYSTEM\CurrentControlSet\Services\RTSPER [Value] ImagePath [Data]: \SystemRoot\system32\DRIVERS\RtsPer.sys HKLM\SYSTEM\CurrentControlSet\Services\s3cap [Value] ImagePath [Data]: \SystemRoot\System32\drivers\vms3cap.sys HKLM\SYSTEM\CurrentControlSet\Services\SamSs [Value] ImagePath [Data]: %SystemRoot%\system32\lsass.exe HKLM\SYSTEM\CurrentControlSet\Services\sbp2port [Value] ImagePath [Data]: System32\drivers\sbp2port.sys HKLM\SYSTEM\CurrentControlSet\Services\SCardSvr [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\SCardSvr.dll HKLM\SYSTEM\CurrentControlSet\Services\ScDeviceEnum [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\ScDeviceEnum.dll HKLM\SYSTEM\CurrentControlSet\Services\scfilter [Value] ImagePath [Data]: System32\DRIVERS\scfilter.sys HKLM\SYSTEM\CurrentControlSet\Services\Schedule [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %systemroot%\system32\schedsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\scmbus [Value] ImagePath [Data]: System32\drivers\scmbus.sys HKLM\SYSTEM\CurrentControlSet\Services\scmdisk0101 [Value] ImagePath [Data]: \SystemRoot\System32\drivers\scmdisk0101.sys HKLM\SYSTEM\CurrentControlSet\Services\SCPolicySvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\certprop.dll HKLM\SYSTEM\CurrentControlSet\Services\sdbus [Value] ImagePath [Data]: \SystemRoot\System32\drivers\sdbus.sys HKLM\SYSTEM\CurrentControlSet\Services\SDRSVC [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k SDRSVC MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %Systemroot%\System32\SDRSVC.dll HKLM\SYSTEM\CurrentControlSet\Services\sdstor [Value] ImagePath [Data]: \SystemRoot\System32\drivers\sdstor.sys HKLM\SYSTEM\CurrentControlSet\Services\seclogon [Value] ImagePath [Data]: %windir%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %windir%\system32\seclogon.dll HKLM\SYSTEM\CurrentControlSet\Services\SENS [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\sens.dll HKLM\SYSTEM\CurrentControlSet\Services\SensorDataService [Value] ImagePath [Data]: %SystemRoot%\System32\SensorDataService.exe HKLM\SYSTEM\CurrentControlSet\Services\SensorService [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\SensorService.dll HKLM\SYSTEM\CurrentControlSet\Services\SensrSvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\sensrsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\SerCx [Value] ImagePath [Data]: system32\drivers\SerCx.sys HKLM\SYSTEM\CurrentControlSet\Services\SerCx2 [Value] ImagePath [Data]: system32\drivers\SerCx2.sys HKLM\SYSTEM\CurrentControlSet\Services\Serenum [Value] ImagePath [Data]: \SystemRoot\System32\drivers\serenum.sys HKLM\SYSTEM\CurrentControlSet\Services\Serial [Value] ImagePath [Data]: \SystemRoot\System32\drivers\serial.sys HKLM\SYSTEM\CurrentControlSet\Services\sermouse [Value] ImagePath [Data]: \SystemRoot\System32\drivers\sermouse.sys HKLM\SYSTEM\CurrentControlSet\Services\SessionEnv [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\sessenv.dll MD5: eb4f3bde38abf0aeecdfea76e2cb1eff Size: 331776 Path: %WINDIR%\system32\sessenv.dll HKLM\SYSTEM\CurrentControlSet\Services\sfloppy [Value] ImagePath [Data]: \SystemRoot\System32\drivers\sfloppy.sys HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\ipnathlp.dll HKLM\SYSTEM\CurrentControlSet\Services\ShellHWDetection [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\shsvcs.dll MD5: 25fd6dc3d4ec699e4ef5cfb91bfc6ecf Size: 566784 Path: %WINDIR%\system32\shsvcs.dll HKLM\SYSTEM\CurrentControlSet\Services\shpamsvc [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %systemroot%\system32\Windows.SharedPC.AccountManager.dll HKLM\SYSTEM\CurrentControlSet\Services\SiSRaid2 [Value] ImagePath [Data]: System32\drivers\SiSRaid2.sys HKLM\SYSTEM\CurrentControlSet\Services\SiSRaid4 [Value] ImagePath [Data]: System32\drivers\sisraid4.sys HKLM\SYSTEM\CurrentControlSet\Services\SmartDefragDriver [Value] ImagePath [Data]: System32\Drivers\SmartDefragDriver.sys HKLM\SYSTEM\CurrentControlSet\Services\smphost [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k smphost MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %Systemroot%\System32\smphost.dll MD5: 71c635d7796d394138bffbb8c2559cfb Size: 20992 Path: %WINDIR%\system32\smphost.dll HKLM\SYSTEM\CurrentControlSet\Services\SmsRouter [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\SmsRouterSvc.dll HKLM\SYSTEM\CurrentControlSet\Services\SNMPTRAP [Value] ImagePath [Data]: %SystemRoot%\System32\snmptrap.exe HKLM\SYSTEM\CurrentControlSet\Services\spaceport [Value] ImagePath [Data]: System32\drivers\spaceport.sys HKLM\SYSTEM\CurrentControlSet\Services\SpbCx [Value] ImagePath [Data]: system32\drivers\SpbCx.sys HKLM\SYSTEM\CurrentControlSet\Services\Spooler [Value] ImagePath [Data]: %SystemRoot%\System32\spoolsv.exe HKLM\SYSTEM\CurrentControlSet\Services\sppsvc [Value] ImagePath [Data]: %SystemRoot%\system32\sppsvc.exe HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service [Value] ImagePath [Data]: C:\Program Files\SpyHunter\SH4Service.exe MD5: c1c42195839b65739f7ceeb062b9705c Size: 665768 Path: %SystemDrive%\program files\spyhunter\sh4service.exe HKLM\SYSTEM\CurrentControlSet\Services\srv [Value] ImagePath [Data]: System32\DRIVERS\srv.sys HKLM\SYSTEM\CurrentControlSet\Services\srv2 [Value] ImagePath [Data]: System32\DRIVERS\srv2.sys HKLM\SYSTEM\CurrentControlSet\Services\srvnet [Value] ImagePath [Data]: System32\DRIVERS\srvnet.sys HKLM\SYSTEM\CurrentControlSet\Services\SSDPSRV [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\ssdpsrv.dll HKLM\SYSTEM\CurrentControlSet\Services\SstpSvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\sstpsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\StateRepository [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k appmodel MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\windows.staterepository.dll MD5: fe68cce3d2985526fb00c692e92e0fe2 Size: 3370496 Path: %WINDIR%\system32\windows.staterepository.dll HKLM\SYSTEM\CurrentControlSet\Services\stexstor [Value] ImagePath [Data]: System32\drivers\stexstor.sys HKLM\SYSTEM\CurrentControlSet\Services\stisvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k imgsvc MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\wiaservc.dll HKLM\SYSTEM\CurrentControlSet\Services\storahci [Value] ImagePath [Data]: System32\drivers\storahci.sys HKLM\SYSTEM\CurrentControlSet\Services\storflt [Value] ImagePath [Data]: System32\drivers\vmstorfl.sys HKLM\SYSTEM\CurrentControlSet\Services\stornvme [Value] ImagePath [Data]: System32\drivers\stornvme.sys HKLM\SYSTEM\CurrentControlSet\Services\storqosflt [Value] ImagePath [Data]: system32\drivers\storqosflt.sys HKLM\SYSTEM\CurrentControlSet\Services\StorSvc [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\storsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\storufs [Value] ImagePath [Data]: System32\drivers\storufs.sys HKLM\SYSTEM\CurrentControlSet\Services\storvsc [Value] ImagePath [Data]: System32\drivers\storvsc.sys HKLM\SYSTEM\CurrentControlSet\Services\svsvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\svsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\swenum [Value] ImagePath [Data]: \SystemRoot\System32\drivers\swenum.sys HKLM\SYSTEM\CurrentControlSet\Services\swprv [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k swprv MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %Systemroot%\System32\swprv.dll HKLM\SYSTEM\CurrentControlSet\Services\SynRMIHID [Value] ImagePath [Data]: \SystemRoot\System32\drivers\SynRMIHID.sys HKLM\SYSTEM\CurrentControlSet\Services\Synth3dVsc [Value] ImagePath [Data]: \SystemRoot\System32\drivers\Synth3dVsc.sys HKLM\SYSTEM\CurrentControlSet\Services\SysMain [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %systemroot%\system32\sysmain.dll HKLM\SYSTEM\CurrentControlSet\Services\SystemEventsBroker [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k DcomLaunch MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\SystemEventsBrokerServer.dll HKLM\SYSTEM\CurrentControlSet\Services\TabletInputService [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\TabSvc.dll HKLM\SYSTEM\CurrentControlSet\Services\TapiSrv [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k NetworkService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\tapisrv.dll MD5: 0cba864dbb0e503101c746befc01bbde Size: 254976 Path: %WINDIR%\system32\tapisrv.dll HKLM\SYSTEM\CurrentControlSet\Services\Tcpip [Value] ImagePath [Data]: System32\drivers\tcpip.sys HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6 [Value] ImagePath [Data]: System32\drivers\tcpip.sys HKLM\SYSTEM\CurrentControlSet\Services\tcpipreg [Value] ImagePath [Data]: System32\drivers\tcpipreg.sys HKLM\SYSTEM\CurrentControlSet\Services\tdx [Value] ImagePath [Data]: \SystemRoot\system32\DRIVERS\tdx.sys HKLM\SYSTEM\CurrentControlSet\Services\terminpt [Value] ImagePath [Data]: \SystemRoot\System32\drivers\terminpt.sys HKLM\SYSTEM\CurrentControlSet\Services\TermService [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k NetworkService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\termsrv.dll HKLM\SYSTEM\CurrentControlSet\Services\Themes [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\themeservice.dll HKLM\SYSTEM\CurrentControlSet\Services\TieringEngineService [Value] ImagePath [Data]: %SystemRoot%\system32\TieringEngineService.exe HKLM\SYSTEM\CurrentControlSet\Services\tiledatamodelsvc [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k appmodel MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\tileobjserver.dll HKLM\SYSTEM\CurrentControlSet\Services\TimeBrokerSvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\TimeBrokerServer.dll HKLM\SYSTEM\CurrentControlSet\Services\TPM [Value] ImagePath [Data]: \SystemRoot\System32\drivers\tpm.sys HKLM\SYSTEM\CurrentControlSet\Services\TrkWks [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\trkwks.dll HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller [Value] ImagePath [Data]: %SystemRoot%\servicing\TrustedInstaller.exe MD5: 09440fa30c020b4443391fafcf4876e3 Size: 122880 Path: %WINDIR%\servicing\trustedinstaller.exe HKLM\SYSTEM\CurrentControlSet\Services\TsUsbFlt [Value] ImagePath [Data]: system32\drivers\tsusbflt.sys HKLM\SYSTEM\CurrentControlSet\Services\TsUsbGD [Value] ImagePath [Data]: \SystemRoot\System32\drivers\TsUsbGD.sys HKLM\SYSTEM\CurrentControlSet\Services\tunnel [Value] ImagePath [Data]: \SystemRoot\System32\drivers\tunnel.sys HKLM\SYSTEM\CurrentControlSet\Services\tzautoupdate [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\tzautoupdate.dll HKLM\SYSTEM\CurrentControlSet\Services\UASPStor [Value] ImagePath [Data]: \SystemRoot\System32\drivers\uaspstor.sys HKLM\SYSTEM\CurrentControlSet\Services\UcmCx0101 [Value] ImagePath [Data]: System32\Drivers\UcmCx.sys HKLM\SYSTEM\CurrentControlSet\Services\UcmTcpciCx0101 [Value] ImagePath [Data]: System32\Drivers\UcmTcpciCx.sys HKLM\SYSTEM\CurrentControlSet\Services\UcmUcsi [Value] ImagePath [Data]: \SystemRoot\System32\drivers\UcmUcsi.sys HKLM\SYSTEM\CurrentControlSet\Services\Ucx01000 [Value] ImagePath [Data]: system32\drivers\ucx01000.sys HKLM\SYSTEM\CurrentControlSet\Services\UdeCx [Value] ImagePath [Data]: system32\drivers\udecx.sys HKLM\SYSTEM\CurrentControlSet\Services\udfs [Value] ImagePath [Data]: system32\DRIVERS\udfs.sys HKLM\SYSTEM\CurrentControlSet\Services\UEFI [Value] ImagePath [Data]: \SystemRoot\System32\drivers\UEFI.sys HKLM\SYSTEM\CurrentControlSet\Services\Ufx01000 [Value] ImagePath [Data]: system32\drivers\ufx01000.sys HKLM\SYSTEM\CurrentControlSet\Services\UfxChipidea [Value] ImagePath [Data]: \SystemRoot\System32\drivers\UfxChipidea.sys HKLM\SYSTEM\CurrentControlSet\Services\ufxsynopsys [Value] ImagePath [Data]: \SystemRoot\System32\drivers\ufxsynopsys.sys HKLM\SYSTEM\CurrentControlSet\Services\UI0Detect [Value] ImagePath [Data]: %SystemRoot%\system32\UI0Detect.exe HKLM\SYSTEM\CurrentControlSet\Services\umbus [Value] ImagePath [Data]: \SystemRoot\System32\drivers\umbus.sys HKLM\SYSTEM\CurrentControlSet\Services\UmPass [Value] ImagePath [Data]: \SystemRoot\System32\drivers\umpass.sys HKLM\SYSTEM\CurrentControlSet\Services\UmRdpService [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\umrdp.dll HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k UnistackSvcGroup MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\unistore.dll MD5: 6a315952b27027e47fc04624d36a7a49 Size: 968704 Path: %WINDIR%\system32\unistore.dll HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_39dc8 [Value] ImagePath [Data]: C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe HKLM\SYSTEM\CurrentControlSet\Services\upnphost [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\upnphost.dll MD5: ac79703ebf464c6ea2ae2cc65e6878a0 Size: 328192 Path: %WINDIR%\system32\upnphost.dll HKLM\SYSTEM\CurrentControlSet\Services\UrsChipidea [Value] ImagePath [Data]: \SystemRoot\System32\drivers\urschipidea.sys HKLM\SYSTEM\CurrentControlSet\Services\UrsCx01000 [Value] ImagePath [Data]: system32\drivers\urscx01000.sys HKLM\SYSTEM\CurrentControlSet\Services\UrsSynopsys [Value] ImagePath [Data]: \SystemRoot\System32\drivers\urssynopsys.sys HKLM\SYSTEM\CurrentControlSet\Services\usbccgp [Value] ImagePath [Data]: \SystemRoot\System32\drivers\usbccgp.sys HKLM\SYSTEM\CurrentControlSet\Services\usbcir [Value] ImagePath [Data]: \SystemRoot\System32\drivers\usbcir.sys HKLM\SYSTEM\CurrentControlSet\Services\usbehci [Value] ImagePath [Data]: \SystemRoot\System32\drivers\usbehci.sys HKLM\SYSTEM\CurrentControlSet\Services\usbhub [Value] ImagePath [Data]: \SystemRoot\System32\drivers\usbhub.sys HKLM\SYSTEM\CurrentControlSet\Services\USBHUB3 [Value] ImagePath [Data]: \SystemRoot\System32\drivers\UsbHub3.sys HKLM\SYSTEM\CurrentControlSet\Services\usbohci [Value] ImagePath [Data]: \SystemRoot\System32\drivers\usbohci.sys HKLM\SYSTEM\CurrentControlSet\Services\usbprint [Value] ImagePath [Data]: \SystemRoot\System32\drivers\usbprint.sys HKLM\SYSTEM\CurrentControlSet\Services\usbser [Value] ImagePath [Data]: \SystemRoot\System32\drivers\usbser.sys HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR [Value] ImagePath [Data]: \SystemRoot\System32\drivers\USBSTOR.SYS HKLM\SYSTEM\CurrentControlSet\Services\usbuhci [Value] ImagePath [Data]: \SystemRoot\System32\drivers\usbuhci.sys HKLM\SYSTEM\CurrentControlSet\Services\usbvideo [Value] ImagePath [Data]: \SystemRoot\System32\Drivers\usbvideo.sys HKLM\SYSTEM\CurrentControlSet\Services\USBXHCI [Value] ImagePath [Data]: \SystemRoot\System32\drivers\USBXHCI.SYS HKLM\SYSTEM\CurrentControlSet\Services\usb_rndisx [Value] ImagePath [Data]: \SystemRoot\System32\drivers\usb8023x.sys HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\userdataservice.dll HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_39dc8 [Value] ImagePath [Data]: C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe HKLM\SYSTEM\CurrentControlSet\Services\UserManager [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\usermgr.dll HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %systemroot%\system32\usocore.dll HKLM\SYSTEM\CurrentControlSet\Services\VaultSvc [Value] ImagePath [Data]: %SystemRoot%\system32\lsass.exe [Value] Parameters\ServiceDll [Data]: C:\Windows\System32\vaultsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\vdrive [Value] ImagePath [Data]: \SystemRoot\system32\DRIVERS\vdrive.sys HKLM\SYSTEM\CurrentControlSet\Services\vdrvroot [Value] ImagePath [Data]: System32\drivers\vdrvroot.sys HKLM\SYSTEM\CurrentControlSet\Services\vds [Value] ImagePath [Data]: %SystemRoot%\System32\vds.exe HKLM\SYSTEM\CurrentControlSet\Services\VerifierExt [Value] ImagePath [Data]: system32\drivers\VerifierExt.sys HKLM\SYSTEM\CurrentControlSet\Services\vhdmp [Value] ImagePath [Data]: \SystemRoot\System32\drivers\vhdmp.sys HKLM\SYSTEM\CurrentControlSet\Services\vhf [Value] ImagePath [Data]: \SystemRoot\System32\drivers\vhf.sys HKLM\SYSTEM\CurrentControlSet\Services\vmbus [Value] ImagePath [Data]: System32\drivers\vmbus.sys HKLM\SYSTEM\CurrentControlSet\Services\VMBusHID [Value] ImagePath [Data]: \SystemRoot\System32\drivers\VMBusHID.sys HKLM\SYSTEM\CurrentControlSet\Services\vmgid [Value] ImagePath [Data]: \SystemRoot\System32\drivers\vmgid.sys HKLM\SYSTEM\CurrentControlSet\Services\vmicguestinterface [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\icsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\vmicheartbeat [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k ICService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\icsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\vmickvpexchange [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\icsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\vmicrdv [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k ICService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\icsvcext.dll HKLM\SYSTEM\CurrentControlSet\Services\vmicshutdown [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\icsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\vmictimesync [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k LocalServiceNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\icsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\vmicvmsession [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\icsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\vmicvss [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\icsvcext.dll HKLM\SYSTEM\CurrentControlSet\Services\volmgr [Value] ImagePath [Data]: System32\drivers\volmgr.sys HKLM\SYSTEM\CurrentControlSet\Services\volmgrx [Value] ImagePath [Data]: System32\drivers\volmgrx.sys HKLM\SYSTEM\CurrentControlSet\Services\volsnap [Value] ImagePath [Data]: System32\drivers\volsnap.sys HKLM\SYSTEM\CurrentControlSet\Services\volume [Value] ImagePath [Data]: System32\drivers\volume.sys HKLM\SYSTEM\CurrentControlSet\Services\vpci [Value] ImagePath [Data]: \SystemRoot\System32\drivers\vpci.sys HKLM\SYSTEM\CurrentControlSet\Services\vsmraid [Value] ImagePath [Data]: System32\drivers\vsmraid.sys HKLM\SYSTEM\CurrentControlSet\Services\VSS [Value] ImagePath [Data]: %systemroot%\system32\vssvc.exe HKLM\SYSTEM\CurrentControlSet\Services\VSTXRAID [Value] ImagePath [Data]: System32\drivers\vstxraid.sys HKLM\SYSTEM\CurrentControlSet\Services\vwifibus [Value] ImagePath [Data]: \SystemRoot\System32\drivers\vwifibus.sys HKLM\SYSTEM\CurrentControlSet\Services\vwififlt [Value] ImagePath [Data]: System32\drivers\vwififlt.sys HKLM\SYSTEM\CurrentControlSet\Services\vwifimp [Value] ImagePath [Data]: \SystemRoot\System32\drivers\vwifimp.sys HKLM\SYSTEM\CurrentControlSet\Services\W32Time [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %systemroot%\system32\w32time.dll HKLM\SYSTEM\CurrentControlSet\Services\WacomPen [Value] ImagePath [Data]: \SystemRoot\System32\drivers\wacompen.sys HKLM\SYSTEM\CurrentControlSet\Services\WalletService [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k appmodel MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\WalletService.dll HKLM\SYSTEM\CurrentControlSet\Services\wanarp [Value] ImagePath [Data]: System32\DRIVERS\wanarp.sys HKLM\SYSTEM\CurrentControlSet\Services\wanarpv6 [Value] ImagePath [Data]: System32\DRIVERS\wanarp.sys HKLM\SYSTEM\CurrentControlSet\Services\wbengine [Value] ImagePath [Data]: "%systemroot%\system32\wbengine.exe" HKLM\SYSTEM\CurrentControlSet\Services\WbioSrvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k WbioSvcGroup MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\wbiosrvc.dll HKLM\SYSTEM\CurrentControlSet\Services\wcifs [Value] ImagePath [Data]: \SystemRoot\system32\drivers\wcifs.sys HKLM\SYSTEM\CurrentControlSet\Services\Wcmsvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\wcmsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\wcncsvc [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\wcncsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\wcnfs [Value] ImagePath [Data]: \SystemRoot\system32\drivers\wcnfs.sys HKLM\SYSTEM\CurrentControlSet\Services\WdBoot [Value] ImagePath [Data]: \SystemRoot\system32\drivers\WdBoot.sys HKLM\SYSTEM\CurrentControlSet\Services\Wdf01000 [Value] ImagePath [Data]: system32\drivers\Wdf01000.sys HKLM\SYSTEM\CurrentControlSet\Services\WdFilter [Value] ImagePath [Data]: \SystemRoot\system32\drivers\WdFilter.sys HKLM\SYSTEM\CurrentControlSet\Services\WdiServiceHost [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\wdi.dll MD5: 2e63ca57869cfa25cb072befe64a2640 Size: 89088 Path: %WINDIR%\system32\wdi.dll HKLM\SYSTEM\CurrentControlSet\Services\WdiSystemHost [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\wdi.dll MD5: 2e63ca57869cfa25cb072befe64a2640 Size: 89088 Path: %WINDIR%\system32\wdi.dll HKLM\SYSTEM\CurrentControlSet\Services\wdiwifi [Value] ImagePath [Data]: system32\DRIVERS\wdiwifi.sys HKLM\SYSTEM\CurrentControlSet\Services\WdNisDrv [Value] ImagePath [Data]: system32\Drivers\WdNisDrv.sys HKLM\SYSTEM\CurrentControlSet\Services\WdNisSvc [Value] ImagePath [Data]: "%ProgramFiles%\Windows Defender\NisSrv.exe" HKLM\SYSTEM\CurrentControlSet\Services\WebClient [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\webclnt.dll MD5: dc496ecfc465280a610188c9b316da21 Size: 198656 Path: %WINDIR%\system32\webclnt.dll HKLM\SYSTEM\CurrentControlSet\Services\Wecsvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k NetworkService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\wecsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\WEPHOSTSVC [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k WepHostSvcGroup MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %systemroot%\system32\wephostsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\wercplsupport [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\wercplsupport.dll HKLM\SYSTEM\CurrentControlSet\Services\WerSvc [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k WerSvcGroup MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\WerSvc.dll HKLM\SYSTEM\CurrentControlSet\Services\WFPLWFS [Value] ImagePath [Data]: System32\drivers\wfplwfs.sys HKLM\SYSTEM\CurrentControlSet\Services\WiaRpc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\wiarpc.dll HKLM\SYSTEM\CurrentControlSet\Services\WIMMount [Value] ImagePath [Data]: system32\drivers\wimmount.sys HKLM\SYSTEM\CurrentControlSet\Services\WinDefend [Value] ImagePath [Data]: "%ProgramFiles%\Windows Defender\MsMpEng.exe" HKLM\SYSTEM\CurrentControlSet\Services\WindowsTrustedRT [Value] ImagePath [Data]: system32\drivers\WindowsTrustedRT.sys HKLM\SYSTEM\CurrentControlSet\Services\WindowsTrustedRTProxy [Value] ImagePath [Data]: System32\drivers\WindowsTrustedRTProxy.sys HKLM\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\winhttp.dll MD5: bf9c66e5614e392fa1255a90046d3275 Size: 636928 Path: %WINDIR%\SYSTEM32\winhttp.dll HKLM\SYSTEM\CurrentControlSet\Services\WinMad [Value] ImagePath [Data]: \SystemRoot\System32\drivers\winmad.sys HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\wbem\WMIsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\WinRM [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k NetworkService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\WsmSvc.dll MD5: 9c1136442f311a2bdb0c9ae7b5118b86 Size: 2333184 Path: %WINDIR%\system32\wsmsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\WINUSB [Value] ImagePath [Data]: \SystemRoot\System32\drivers\WinUSB.SYS HKLM\SYSTEM\CurrentControlSet\Services\WinVerbs [Value] ImagePath [Data]: \SystemRoot\System32\drivers\winverbs.sys HKLM\SYSTEM\CurrentControlSet\Services\wisvc [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %systemroot%\system32\flightsettings.dll HKLM\SYSTEM\CurrentControlSet\Services\WlanSvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\wlansvc.dll HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\wlidsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\WmiAcpi [Value] ImagePath [Data]: \SystemRoot\System32\drivers\wmiacpi.sys HKLM\SYSTEM\CurrentControlSet\Services\wmiApSrv [Value] ImagePath [Data]: %systemroot%\system32\wbem\WmiApSrv.exe HKLM\SYSTEM\CurrentControlSet\Services\WMPNetworkSvc [Value] ImagePath [Data]: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" HKLM\SYSTEM\CurrentControlSet\Services\workfolderssvc [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalService MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %systemroot%\system32\workfolderssvc.dll HKLM\SYSTEM\CurrentControlSet\Services\WO_LiveService2 [Value] ImagePath [Data]: C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 14\LiveTunerService.exe MD5: 79bc1b53d405ef546d3b809c6d1699ed Size: 257872 Path: %PROGRAMFILES%\Ashampoo\Ashampoo WinOptimizer 14\LiveTunerService.exe HKLM\SYSTEM\CurrentControlSet\Services\WPDBusEnum [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\wpdbusenum.dll HKLM\SYSTEM\CurrentControlSet\Services\WpdUpFltr [Value] ImagePath [Data]: System32\drivers\WpdUpFltr.sys HKLM\SYSTEM\CurrentControlSet\Services\WpnService [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\WpnService.dll HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\WpnUserService.dll HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_39dc8 [Value] ImagePath [Data]: C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe HKLM\SYSTEM\CurrentControlSet\Services\ws2ifsl [Value] ImagePath [Data]: \SystemRoot\system32\drivers\ws2ifsl.sys HKLM\SYSTEM\CurrentControlSet\Services\wscsvc [Value] ImagePath [Data]: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\wscsvc.dll HKLM\SYSTEM\CurrentControlSet\Services\WSearch [Value] ImagePath [Data]: %systemroot%\system32\SearchIndexer.exe /Embedding MD5: b13b953abe94ae209f0812995de1fc19 Size: 773120 Path: %WINDIR%\System32\SearchIndexer.exe HKLM\SYSTEM\CurrentControlSet\Services\wuauserv [Value] ImagePath [Data]: %systemroot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %systemroot%\system32\wuaueng.dll HKLM\SYSTEM\CurrentControlSet\Services\WudfPf [Value] ImagePath [Data]: system32\drivers\WudfPf.sys HKLM\SYSTEM\CurrentControlSet\Services\WUDFRd [Value] ImagePath [Data]: system32\drivers\WudfRd.sys HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\WUDFSvc.dll HKLM\SYSTEM\CurrentControlSet\Services\WUDFWpdFs [Value] ImagePath [Data]: \SystemRoot\system32\DRIVERS\WUDFRd.sys HKLM\SYSTEM\CurrentControlSet\Services\WUDFWpdMtp [Value] ImagePath [Data]: \SystemRoot\system32\DRIVERS\WUDFRd.sys HKLM\SYSTEM\CurrentControlSet\Services\WwanSvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\wwansvc.dll HKLM\SYSTEM\CurrentControlSet\Services\XblAuthManager [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\XblAuthManager.dll HKLM\SYSTEM\CurrentControlSet\Services\XblGameSave [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\System32\XblGameSave.dll HKLM\SYSTEM\CurrentControlSet\Services\xboxgip [Value] ImagePath [Data]: \SystemRoot\System32\drivers\xboxgip.sys HKLM\SYSTEM\CurrentControlSet\Services\XboxNetApiSvc [Value] ImagePath [Data]: %SystemRoot%\system32\svchost.exe -k netsvcs MD5: 1f8434dd4907c832e6e90d6298eab85b Size: 38792 Path: %WINDIR%\System32\svchost.exe [Value] Parameters\ServiceDll [Data]: %SystemRoot%\system32\XboxNetApiSvc.dll HKLM\SYSTEM\CurrentControlSet\Services\xinputhid [Value] ImagePath [Data]: \SystemRoot\System32\drivers\xinputhid.sys ================= STARTUP LOCATIONS ================= HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Value] SunJavaUpdateSched [Data]: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MD5: 05335d3912effb2b038906dec3982b06 Size: 587288 Path: %COMMONPROGRAMFILES%\Java\Java Update\jusched.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Value] CCleaner Monitoring [Data]: "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MD5: 8aa4a3119b2df4ffaad39a98f4764e47 Size: 8912088 Path: %SystemDrive%\Program Files\CCleaner\CCleaner64.exe [Value] World of Tanks [Data]: "C:\Games\World_of_Tanks\WargamingGameUpdater.exe" MD5: 0b4431d8286ab24483ceba4503dcb6b1 Size: 3135752 Path: %SystemDrive%\games\world_of_tanks\wargaminggameupdater.exe HKU\S-1-5-21-618468374-2032823393-735328301-1001\Software\Microsoft\Windows\CurrentVersion\Run [Value] CCleaner Monitoring [Data]: "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MD5: 8aa4a3119b2df4ffaad39a98f4764e47 Size: 8912088 Path: %SystemDrive%\Program Files\CCleaner\CCleaner64.exe [Value] World of Tanks [Data]: "C:\Games\World_of_Tanks\WargamingGameUpdater.exe" MD5: 0b4431d8286ab24483ceba4503dcb6b1 Size: 3135752 Path: %SystemDrive%\games\world_of_tanks\wargaminggameupdater.exe ================= SAFE BOOT ================= HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal [Key] Ahcache.sys [Value] (Default) [Data]: Driver [Key] AppInfo [Value] (Default) [Data]: Service [Key] AppMgmt [Value] (Default) [Data]: Service [Key] Base [Value] (Default) [Data]: Driver Group [Key] BasicDisplay.sys [Value] (Default) [Data]: Driver [Key] BasicRender.sys [Value] (Default) [Data]: Driver [Key] Boot Bus Extender [Value] (Default) [Data]: Driver Group [Key] Boot file system [Value] (Default) [Data]: Driver Group [Key] BrokerInfrastructure [Value] (Default) [Data]: Service [Key] CoreMessagingRegistrar [Value] (Default) [Data]: Service [Key] CryptSvc [Value] (Default) [Data]: Service [Key] DcomLaunch [Value] (Default) [Data]: Service [Key] DeviceInstall [Value] (Default) [Data]: Service [Key] dxgkrnl.sys [Value] (Default) [Data]: Driver [Key] EFS [Value] (Default) [Data]: Service [Key] EventLog [Value] (Default) [Data]: Service [Key] File system [Value] (Default) [Data]: Driver Group [Key] Filter [Value] (Default) [Data]: Driver Group [Key] FsDepends.sys [Value] (Default) [Data]: Driver [Key] HelpSvc [Value] (Default) [Data]: Service [Key] iai2c.sys [Value] (Default) [Data]: Driver [Key] KeyIso [Value] (Default) [Data]: Service [Key] LSM [Value] (Default) [Data]: Service [Key] MBAMService [Value] (Default) [Data]: Service [Key] Netlogon [Value] (Default) [Data]: Service [Key] NTDS [Value] (Default) [Data]: Service [Key] PCI Configuration [Value] (Default) [Data]: Driver Group [Key] PlugPlay [Value] (Default) [Data]: Service [Key] PNP Filter [Value] (Default) [Data]: Driver Group [Key] Power [Value] (Default) [Data]: Service [Key] Primary disk [Value] (Default) [Data]: Driver Group [Key] ProfSvc [Value] (Default) [Data]: Service [Key] RpcEptMapper [Value] (Default) [Data]: Service [Key] RpcSs [Value] (Default) [Data]: Service [Key] sacsvr [Value] (Default) [Data]: Service [Key] SCSI Class [Value] (Default) [Data]: Driver Group [Key] sermouse.sys [Value] (Default) [Data]: Driver [Key] SpbCx.sys [Value] (Default) [Data]: Driver [Key] StateRepository [Value] (Default) [Data]: Service [Key] SWPRV [Value] (Default) [Data]: Service [Key] System Bus Extender [Value] (Default) [Data]: Driver Group [Key] SystemEventsBroker [Value] (Default) [Data]: Service [Key] TabletInputService [Value] (Default) [Data]: Service [Key] TBS [Value] (Default) [Data]: Service [Key] TileDataModelSvc [Value] (Default) [Data]: Service [Key] TrustedInstaller [Value] (Default) [Data]: Service [Key] uefi.sys [Value] (Default) [Data]: Driver [Key] UserManager [Value] (Default) [Data]: Service [Key] VDS [Value] (Default) [Data]: Service [Key] vmms [Value] (Default) [Data]: Service [Key] volmgr.sys [Value] (Default) [Data]: Driver [Key] volmgrx.sys [Value] (Default) [Data]: Driver [Key] WinDefend [Value] (Default) [Data]: Service [Key] WinMgmt [Value] (Default) [Data]: Service [Key] WudfPf [Value] (Default) [Data]: Driver [Key] WudfRd [Value] (Default) [Data]: Driver [Key] WudfSvc [Value] (Default) [Data]: Service [Key] {36FC9E60-C465-11CF-8056-444553540000} [Value] (Default) [Data]: Universal Serial Bus controllers [Key] {4D36E965-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: CD-ROM Drive [Key] {4D36E967-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: DiskDrive [Key] {4D36E969-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: Standard floppy disk controller [Key] {4D36E96A-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: Hdc [Key] {4D36E96B-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: Keyboard [Key] {4D36E96F-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: Mouse [Key] {4D36E977-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: PCMCIA Adapters [Key] {4D36E97B-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: SCSIAdapter [Key] {4D36E97D-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: System [Key] {4D36E980-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: Floppy disk drive [Key] {533C5B84-EC70-11D2-9505-00C04F79DEAF} [Value] (Default) [Data]: Volume shadow copy [Key] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} [Value] (Default) [Data]: IEEE 1394 Bus host controllers [Key] {71A27CDD-812A-11D0-BEC7-08002BE2092F} [Value] (Default) [Data]: Volume [Key] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} [Value] (Default) [Data]: Human Interface Devices [Key] {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} [Value] (Default) [Data]: Enhanced Storage Devices [Key] {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} [Value] (Default) [Data]: SDA Standard Compliant SD Host Controller [Key] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} [Value] (Default) [Data]: SBP2 IEEE 1394 Devices [Key] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} [Value] (Default) [Data]: SecurityDevices [Key] {F2E7DD72-6468-4E36-B6F1-6488F42C1B52} [Value] (Default) [Data]: Firmware HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network [Key] AFD [Value] (Default) [Data]: Service [Key] Ahcache.sys [Value] (Default) [Data]: Driver [Key] AppInfo [Value] (Default) [Data]: Service [Key] AppMgmt [Value] (Default) [Data]: Service [Key] Base [Value] (Default) [Data]: Driver Group [Key] BasicDisplay.sys [Value] (Default) [Data]: Driver [Key] BasicRender.sys [Value] (Default) [Data]: Driver [Key] BFE [Value] (Default) [Data]: Service [Key] Boot Bus Extender [Value] (Default) [Data]: Driver Group [Key] Boot file system [Value] (Default) [Data]: Driver Group [Key] bowser [Value] (Default) [Data]: Driver [Key] BrokerInfrastructure [Value] (Default) [Data]: Service [Key] Browser [Value] (Default) [Data]: Service [Key] CoreMessagingRegistrar [Value] (Default) [Data]: Service [Key] CryptSvc [Value] (Default) [Data]: Service [Key] DcomLaunch [Value] (Default) [Data]: Service [Key] DeviceInstall [Value] (Default) [Data]: Service [Key] dfsc [Value] (Default) [Data]: Driver [Key] Dhcp [Value] (Default) [Data]: Service [Key] DnsCache [Value] (Default) [Data]: Service [Key] Dot3Svc [Value] (Default) [Data]: Service [Key] dxgkrnl.sys [Value] (Default) [Data]: Driver [Key] Eaphost [Value] (Default) [Data]: Service [Key] EFS [Value] (Default) [Data]: Service [Key] EventLog [Value] (Default) [Data]: Service [Key] File system [Value] (Default) [Data]: Driver Group [Key] Filter [Value] (Default) [Data]: Driver Group [Key] FsDepends.sys [Value] (Default) [Data]: Driver [Key] HelpSvc [Value] (Default) [Data]: Service [Key] IKEEXT [Value] (Default) [Data]: Service [Key] ipnat.sys [Value] (Default) [Data]: Driver [Key] KeyIso [Value] (Default) [Data]: Service [Key] LanmanServer [Value] (Default) [Data]: Service [Key] LanmanWorkstation [Value] (Default) [Data]: Service [Key] LmHosts [Value] (Default) [Data]: Service [Key] LSM [Value] (Default) [Data]: Service [Key] MBAMService [Value] (Default) [Data]: Service [Key] Messenger [Value] (Default) [Data]: Service [Key] MPSDrv [Value] (Default) [Data]: Driver [Key] MPSSvc [Value] (Default) [Data]: Service [Key] mrxsmb [Value] (Default) [Data]: Driver [Key] mrxsmb10 [Value] (Default) [Data]: Driver [Key] mrxsmb20 [Value] (Default) [Data]: Driver [Key] NativeWifiP [Value] (Default) [Data]: Service [Key] NDIS [Value] (Default) [Data]: Driver Group [Key] NDIS Wrapper [Value] (Default) [Data]: Driver Group [Key] ndiscap [Value] (Default) [Data]: Driver [Key] Ndisuio [Value] (Default) [Data]: Service [Key] NetBIOS [Value] (Default) [Data]: Service [Key] NetBIOSGroup [Value] (Default) [Data]: Driver Group [Key] NetBT [Value] (Default) [Data]: Service [Key] NetDDEGroup [Value] (Default) [Data]: Driver Group [Key] Netlogon [Value] (Default) [Data]: Service [Key] NetMan [Value] (Default) [Data]: Service [Key] netprofm [Value] (Default) [Data]: Service [Key] Network [Value] (Default) [Data]: Driver Group [Key] NetworkProvider [Value] (Default) [Data]: Driver Group [Key] NlaSvc [Value] (Default) [Data]: Service [Key] Nsi [Value] (Default) [Data]: Service [Key] nsiproxy.sys [Value] (Default) [Data]: Driver [Key] NTDS [Value] (Default) [Data]: Service [Key] PCI Configuration [Value] (Default) [Data]: Driver Group [Key] PlugPlay [Value] (Default) [Data]: Service [Key] PNP Filter [Value] (Default) [Data]: Driver Group [Key] PNP_TDI [Value] (Default) [Data]: Driver Group [Key] PolicyAgent [Value] (Default) [Data]: Service [Key] Power [Value] (Default) [Data]: Service [Key] Primary disk [Value] (Default) [Data]: Driver Group [Key] ProfSvc [Value] (Default) [Data]: Service [Key] rdbss [Value] (Default) [Data]: Driver [Key] rdpencdd.sys [Value] (Default) [Data]: Driver [Key] rdsessmgr [Value] (Default) [Data]: Service [Key] RpcEptMapper [Value] (Default) [Data]: Service [Key] RpcSs [Value] (Default) [Data]: Service [Key] sacsvr [Value] (Default) [Data]: Service [Key] SCardSvr [Value] (Default) [Data]: Service [Key] SCSI Class [Value] (Default) [Data]: Driver Group [Key] sermouse.sys [Value] (Default) [Data]: Driver [Key] SharedAccess [Value] (Default) [Data]: Service [Key] SmartcardSimulator [Value] (Default) [Data]: Driver [Key] SpbCx.sys [Value] (Default) [Data]: Driver [Key] StateRepository [Value] (Default) [Data]: Service [Key] Streams Drivers [Value] (Default) [Data]: Driver Group [Key] SWPRV [Value] (Default) [Data]: Service [Key] System Bus Extender [Value] (Default) [Data]: Driver Group [Key] SystemEventsBroker [Value] (Default) [Data]: Service [Key] TabletInputService [Value] (Default) [Data]: Service [Key] TBS [Value] (Default) [Data]: Service [Key] Tcpip [Value] (Default) [Data]: Service [Key] TDI [Value] (Default) [Data]: Driver Group [Key] TileDataModelSvc [Value] (Default) [Data]: Service [Key] TrustedInstaller [Value] (Default) [Data]: Service [Key] uefi.sys [Value] (Default) [Data]: Driver [Key] UserManager [Value] (Default) [Data]: Service [Key] VaultSvc [Value] (Default) [Data]: Service [Key] VDS [Value] (Default) [Data]: Service [Key] VirtualSmartcardReader [Value] (Default) [Data]: Driver [Key] vmms [Value] (Default) [Data]: Service [Key] volmgr.sys [Value] (Default) [Data]: Driver [Key] volmgrx.sys [Value] (Default) [Data]: Driver [Key] Wcmsvc [Value] (Default) [Data]: Service [Key] WinDefend [Value] (Default) [Data]: Service [Key] WinMgmt [Value] (Default) [Data]: Service [Key] Wlansvc [Value] (Default) [Data]: Service [Key] WudfPf [Value] (Default) [Data]: Driver [Key] WudfRd [Value] (Default) [Data]: Driver [Key] WudfSvc [Value] (Default) [Data]: Service [Key] WudfUsbccidDriver [Value] (Default) [Data]: Driver [Key] {36FC9E60-C465-11CF-8056-444553540000} [Value] (Default) [Data]: Universal Serial Bus controllers [Key] {4D36E965-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: CD-ROM Drive [Key] {4D36E967-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: DiskDrive [Key] {4D36E969-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: Standard floppy disk controller [Key] {4D36E96A-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: Hdc [Key] {4D36E96B-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: Keyboard [Key] {4D36E96F-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: Mouse [Key] {4D36E972-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: Net [Key] {4D36E973-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: NetClient [Key] {4D36E974-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: NetService [Key] {4D36E975-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: NetTrans [Key] {4D36E977-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: PCMCIA Adapters [Key] {4D36E97B-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: SCSIAdapter [Key] {4D36E97D-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: System [Key] {4D36E980-E325-11CE-BFC1-08002BE10318} [Value] (Default) [Data]: Floppy disk drive [Key] {50DD5230-BA8A-11D1-BF5D-0000F805F530} [Value] (Default) [Data]: Smart card readers [Key] {533C5B84-EC70-11D2-9505-00C04F79DEAF} [Value] (Default) [Data]: Volume shadow copy [Key] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} [Value] (Default) [Data]: IEEE 1394 Bus host controllers [Key] {71A27CDD-812A-11D0-BEC7-08002BE2092F} [Value] (Default) [Data]: Volume [Key] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} [Value] (Default) [Data]: Human Interface Devices [Key] {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} [Value] (Default) [Data]: Enhanced Storage Devices [Key] {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} [Value] (Default) [Data]: SDA Standard Compliant SD Host Controller [Key] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} [Value] (Default) [Data]: SBP2 IEEE 1394 Devices [Key] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} [Value] (Default) [Data]: SecurityDevices [Key] {F2E7DD72-6468-4E36-B6F1-6488F42C1B52} [Value] (Default) [Data]: Firmware ================= REGISTRY DATA ================= HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced [Value] Start_SearchFiles [Data]: 2 [Value] EnableStartMenu [Data]: 1 [Value] StoreAppsOnTaskbar [Data]: 1 [Value] ServerAdminUI [Data]: 0 [Value] Hidden [Data]: 2 [Value] ShowCompColor [Data]: 1 [Value] HideFileExt [Data]: 0 [Value] DontPrettyPath [Data]: 0 [Value] ShowInfoTip [Data]: 1 [Value] HideIcons [Data]: 0 [Value] MapNetDrvBtn [Data]: 0 [Value] WebView [Data]: 1 [Value] Filter [Data]: 0 [Value] ShowSuperHidden [Data]: 1 [Value] SeparateProcess [Data]: 0 [Value] AutoCheckSelect [Data]: 0 [Value] IconsOnly [Data]: 0 [Value] ShowTypeOverlay [Data]: 1 [Value] ShowStatusBar [Data]: 1 [Value] ListviewShadow [Data]: 1 [Value] StartMenuInit [Data]: 13 [Value] ReindexedProfile [Data]: 1 [Value] nonetcrawling [Data]: 1 [Value] ListviewAlphaSelect [Data]: 0 [Value] TaskbarAnimations [Data]: 0 [Value] PersistBrowsers [Data]: 0 [Value] SharingWizardOn [Data]: 0 [Value] HideMergeConflicts [Data]: 0 [Value] HideDrivesWithNoMedia [Data]: 0 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer [Value] NoSimpleNetIDList [Data]: 1 [Value] NoDriveTypeAutoRun [Data]: 221 [Value] NolowDiskSpaceChecks [Data]: 1 HKCU\Control Panel\International [Value] Locale [Data]: 00000415 [Value] LocaleName [Data]: pl-PL [Value] s1159 [Data]: AM [Value] s2359 [Data]: PM [Value] sCountry [Data]: Polska [Value] sCurrency [Data]: zA? [Value] sDate [Data]: . [Value] sDecimal [Data]: , [Value] sGrouping [Data]: 3;0 [Value] sLanguage [Data]: PLK [Value] sList [Data]: ; [Value] sLongDate [Data]: dddd, d MMMM yyyy [Value] sMonDecimalSep [Data]: , [Value] sMonGrouping [Data]: 3;0 [Value] sMonThousandSep [Data]: Ā  [Value] sNativeDigits [Data]: 0123456789 [Value] sNegativeSign [Data]: - [Value] sShortDate [Data]: dd.MM.yyyy [Value] sThousand [Data]: Ā  [Value] sTime [Data]: : [Value] sTimeFormat [Data]: HH:mm:ss [Value] sShortTime [Data]: HH:mm [Value] sYearMonth [Data]: MMMM yyyy [Value] iCalendarType [Data]: 1 [Value] iCountry [Data]: 48 [Value] iCurrDigits [Data]: 2 [Value] iCurrency [Data]: 3 [Value] iDate [Data]: 1 [Value] iDigits [Data]: 2 [Value] NumShape [Data]: 1 [Value] iFirstDayOfWeek [Data]: 0 [Value] iFirstWeekOfYear [Data]: 2 [Value] iLZero [Data]: 1 [Value] iMeasure [Data]: 0 [Value] iNegCurr [Data]: 8 [Value] iNegNumber [Data]: 1 [Value] iPaperSize [Data]: 9 [Value] iTime [Data]: 1 [Value] iTimePrefix [Data]: 0 [Value] iTLZero [Data]: 1 [Value] sPositiveSign [Data]: + HKU\S-1-5-21-618468374-2032823393-735328301-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced [Value] Start_SearchFiles [Data]: 2 [Value] EnableStartMenu [Data]: 1 [Value] StoreAppsOnTaskbar [Data]: 1 [Value] ServerAdminUI [Data]: 0 [Value] Hidden [Data]: 2 [Value] ShowCompColor [Data]: 1 [Value] HideFileExt [Data]: 0 [Value] DontPrettyPath [Data]: 0 [Value] ShowInfoTip [Data]: 1 [Value] HideIcons [Data]: 0 [Value] MapNetDrvBtn [Data]: 0 [Value] WebView [Data]: 1 [Value] Filter [Data]: 0 [Value] ShowSuperHidden [Data]: 1 [Value] SeparateProcess [Data]: 0 [Value] AutoCheckSelect [Data]: 0 [Value] IconsOnly [Data]: 0 [Value] ShowTypeOverlay [Data]: 1 [Value] ShowStatusBar [Data]: 1 [Value] ListviewShadow [Data]: 1 [Value] StartMenuInit [Data]: 13 [Value] ReindexedProfile [Data]: 1 [Value] nonetcrawling [Data]: 1 [Value] ListviewAlphaSelect [Data]: 0 [Value] TaskbarAnimations [Data]: 0 [Value] PersistBrowsers [Data]: 0 [Value] SharingWizardOn [Data]: 0 [Value] HideMergeConflicts [Data]: 0 [Value] HideDrivesWithNoMedia [Data]: 0 HKU\S-1-5-21-618468374-2032823393-735328301-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer [Value] NoSimpleNetIDList [Data]: 1 [Value] NoDriveTypeAutoRun [Data]: 221 [Value] NolowDiskSpaceChecks [Data]: 1 ================= REGISTRY SHELL ================= HKCR\.contact\ShellNew\ [Value] Command [Data]: "%programFiles%\Windows Mail\Wab.exe" /CreateContact "%1" MD5: 2781e6ef593909a8b73fe1ad397f778a Size: 515072 Path: %PROGRAMFILES%\windows mail\wab.exe HKCR\Application.Manifest\shell\open\command\ [Value] (Default) [Data]: "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\dfshim.dll",ShOpenVerbApplication %1 MD5: 7dcac82b896e239f32709f24d92ff608 Size: 1224192 Path: %WINDIR%\system32\dfshim.dll HKCR\Application.Reference\shell\open\command\ [Value] (Default) [Data]: "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\dfshim.dll",ShOpenVerbShortcut %1|%2 MD5: 7dcac82b896e239f32709f24d92ff608 Size: 1224192 Path: %WINDIR%\system32\dfshim.dll HKCR\AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9\shell\open\command\ [Value] (Default) [Data]: "C:\WINDOWS\system32\LaunchWinApp.exe" "%1" MD5: b143224e703778589f04ac86678a0308 Size: 34304 Path: %WINDIR%\system32\launchwinapp.exe HKCR\AppX90nv6nhay5n6a98fnetv7tpk64pp35es\shell\open\command\ [Value] (Default) [Data]: "C:\WINDOWS\system32\LaunchWinApp.exe" "%1" MD5: b143224e703778589f04ac86678a0308 Size: 34304 Path: %WINDIR%\system32\launchwinapp.exe HKCR\AppXq0fevzme2pys62n3e0fbqa7peapykr8v\shell\open\command\ [Value] (Default) [Data]: "C:\WINDOWS\system32\LaunchWinApp.exe" "%1" MD5: b143224e703778589f04ac86678a0308 Size: 34304 Path: %WINDIR%\system32\launchwinapp.exe HKCR\ashampoo.BackupArchive.Document\shell\open\command\ [Value] (Default) [Data]: "C:\Programy\Ashampoo\Ashampoo Burning Studio 6\burningstudio.exe" -open "%1" MD5: e9622367349b99831666a6035f5b3134 Size: 1013192 Path: %SystemDrive%\programy\ashampoo\ashampoo burning studio 6\burningstudio.exe HKCR\ashampoo.BackupProject.Document\shell\open\command\ [Value] (Default) [Data]: "C:\Programy\Ashampoo\Ashampoo Burning Studio 6\burningstudio.exe" -open "%1" MD5: e9622367349b99831666a6035f5b3134 Size: 1013192 Path: %SystemDrive%\programy\ashampoo\ashampoo burning studio 6\burningstudio.exe HKCR\Ashampoo.BurningStudio6FREE\shell\autoplay\command\ [Value] (Default) [Data]: "C:\Programy\Ashampoo\Ashampoo Burning Studio 6\burningstudio.exe" -autoplay -selectdrive "%l" MD5: e9622367349b99831666a6035f5b3134 Size: 1013192 Path: %SystemDrive%\programy\ashampoo\ashampoo burning studio 6\burningstudio.exe HKCR\Ashampoo.BurningStudio6FREE\shell\autoplay-burn\command\ [Value] (Default) [Data]: "C:\Programy\Ashampoo\Ashampoo Burning Studio 6\burningstudio.exe" -autoplay -selectdrive "%l" MD5: e9622367349b99831666a6035f5b3134 Size: 1013192 Path: %SystemDrive%\programy\ashampoo\ashampoo burning studio 6\burningstudio.exe HKCR\Ashampoo.BurningStudio6FREE\shell\autoplay-copy\command\ [Value] (Default) [Data]: C:\Programy\Ashampoo\Ashampoo Burning Studio 6\burningstudio.exe" -autoplay -selectdrive "%l" -copy MD5: e9622367349b99831666a6035f5b3134 Size: 1013192 Path: %SystemDrive%\programy\ashampoo\ashampoo burning studio 6\burningstudio.exe HKCR\Ashampoo.BurningStudio6FREE\shell\autoplay-rip\command\ [Value] (Default) [Data]: "C:\Programy\Ashampoo\Ashampoo Burning Studio 6\burningstudio.exe" -autoplay -selectdrive "%l" -rip MD5: e9622367349b99831666a6035f5b3134 Size: 1013192 Path: %SystemDrive%\programy\ashampoo\ashampoo burning studio 6\burningstudio.exe HKCR\AudioCD\shell\play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\AudioCD\shell\PlayWithPowerDVD12.0\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLP.exe" AUTOPLAY CD "%L" MD5: 0ffa697637e5199629670ebc34b57cad Size: 343480 Path: %PROGRAMFILES%\cyberlink\powerdvd12\pdvdlp.exe HKCR\AVP\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe" -hidden navigate "%1" MD5: e14f3c1c1833a0bb3b639d1bd5f55bf5 Size: 223704 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe HKCR\batfile\shell\edit\command\ [Value] (Default) [Data]: %SystemRoot%\System32\NOTEPAD.EXE %1 MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\batfile\shell\print\command\ [Value] (Default) [Data]: %SystemRoot%\System32\NOTEPAD.EXE /p %1 MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\batfile\shell\runas\command\ [Value] (Default) [Data]: %SystemRoot%\System32\cmd.exe /C "%1" %* MD5: 0fec5f30e705eadaea5e9144f2fb12dc Size: 202752 Path: %WINDIR%\system32\cmd.exe HKCR\bootstrap.vsto.1\shell\open\command\ [Value] (Default) [Data]: rundll32.exe "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll",InstallVstoSolution %1 MD5: c948c3caa5d6a004e9790e219d4da81c Size: 127304 Path: %COMMONPROGRAMFILES%\microsoft shared\vsto\vstoee.dll HKCR\burningstudio.Image.Document\shell\open\command\ [Value] (Default) [Data]: "C:\Programy\Ashampoo\Ashampoo Burning Studio 6\burningstudio.exe" -open "%1" MD5: e9622367349b99831666a6035f5b3134 Size: 1013192 Path: %SystemDrive%\programy\ashampoo\ashampoo burning studio 6\burningstudio.exe HKCR\burningstudio.Project.Document\shell\open\command\ [Value] (Default) [Data]: "C:\Programy\Ashampoo\Ashampoo Burning Studio 6\burningstudio.exe" -open "%1" MD5: e9622367349b99831666a6035f5b3134 Size: 1013192 Path: %SystemDrive%\programy\ashampoo\ashampoo burning studio 6\burningstudio.exe HKCR\CABFolder\shell\find\command\ [Value] (Default) [Data]: %SystemRoot%\Explorer.exe MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe HKCR\CABFolder\shell\Open\command\ [Value] (Default) [Data]: %SystemRoot%\Explorer.exe /idlist,%I,%L MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe HKCR\campfile\shell\Install Profile\command\ [Value] (Default) [Data]: "colorcpl.exe" "%1" MD5: 38eb45466769ccd7915ca3582fe7d64a Size: 86528 Path: %WINDIR%\system32\colorcpl.exe HKCR\CATFile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCAT %1 MD5: f17b26434c4c741174117e373e268bf9 Size: 60416 Path: %WINDIR%\system32\cryptext.dll HKCR\cclaunch\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\CCleaner\ccleaner.exe" /%1 MD5: c2c9e42d6c51e99c1bab44f108e8851c Size: 6868696 Path: %SystemDrive%\program files\ccleaner\ccleaner.exe HKCR\cdmpfile\shell\Install Profile\command\ [Value] (Default) [Data]: "colorcpl.exe" "%1" MD5: 38eb45466769ccd7915ca3582fe7d64a Size: 86528 Path: %WINDIR%\system32\colorcpl.exe HKCR\CERFile\shell\add\command\ [Value] (Default) [Data]: %SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddCER %1 MD5: f17b26434c4c741174117e373e268bf9 Size: 60416 Path: %WINDIR%\system32\cryptext.dll HKCR\CERFile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCER %1 MD5: f17b26434c4c741174117e373e268bf9 Size: 60416 Path: %WINDIR%\system32\cryptext.dll HKCR\CertificateStoreFile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenSTR %1 MD5: f17b26434c4c741174117e373e268bf9 Size: 60416 Path: %WINDIR%\system32\cryptext.dll HKCR\certificate_wab_auto_file\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows Mail\wab.exe" /certificate "%1" MD5: 2781e6ef593909a8b73fe1ad397f778a Size: 515072 Path: %PROGRAMFILES%\windows mail\wab.exe HKCR\chm.file\shell\open\command\ [Value] (Default) [Data]: "%SystemRoot%\hh.exe" %1 MD5: 52afe6de5e463b7a08c184b1eb49dd6a Size: 18432 Path: %WINDIR%\hh.exe HKCR\cmdfile\shell\edit\command\ [Value] (Default) [Data]: %SystemRoot%\System32\NOTEPAD.EXE %1 MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\cmdfile\shell\print\command\ [Value] (Default) [Data]: %SystemRoot%\System32\NOTEPAD.EXE /p %1 MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\cmdfile\shell\runas\command\ [Value] (Default) [Data]: %SystemRoot%\System32\cmd.exe /C "%1" %* MD5: 0fec5f30e705eadaea5e9144f2fb12dc Size: 202752 Path: %WINDIR%\system32\cmd.exe HKCR\CompressedFolder\shell\find\command\ [Value] (Default) [Data]: %SystemRoot%\Explorer.exe MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe HKCR\CompressedFolder\shell\Open\command\ [Value] (Default) [Data]: %SystemRoot%\Explorer.exe /idlist,%I,%L MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe HKCR\contact_wab_auto_file\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows Mail\wab.exe" /contact "%1" MD5: 2781e6ef593909a8b73fe1ad397f778a Size: 515072 Path: %PROGRAMFILES%\windows mail\wab.exe HKCR\contact_wab_auto_file\shell\print\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows Mail\wab.exe" /Print "%1" MD5: 2781e6ef593909a8b73fe1ad397f778a Size: 515072 Path: %PROGRAMFILES%\windows mail\wab.exe HKCR\cplfile\shell\cplopen\command\ [Value] (Default) [Data]: %SystemRoot%\System32\control.exe "%1",%* MD5: 359de40504bf90efd590c248b71c8b81 Size: 114688 Path: %WINDIR%\system32\control.exe HKCR\cplfile\shell\runas\command\ [Value] (Default) [Data]: %SystemRoot%\System32\rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%* MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\CRLFile\shell\add\command\ [Value] (Default) [Data]: %SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddCRL %1 MD5: f17b26434c4c741174117e373e268bf9 Size: 60416 Path: %WINDIR%\system32\cryptext.dll HKCR\CRLFile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenCRL %1 MD5: f17b26434c4c741174117e373e268bf9 Size: 60416 Path: %WINDIR%\system32\cryptext.dll HKCR\desktopthemepackfile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\themecpl.dll,OpenThemeAction %1 MD5: 85437022aa32a38a4bb39a88e1ca1f5b Size: 2458112 Path: %WINDIR%\system32\themecpl.dll HKCR\Diagnostic.Cabinet\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\msdt.exe /cab "%1" MD5: 7ff1826697bac1f6414fef5a12d5a930 Size: 1508864 Path: %WINDIR%\system32\msdt.exe HKCR\Diagnostic.Config\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\msdt.exe /path "%1" MD5: 7ff1826697bac1f6414fef5a12d5a930 Size: 1508864 Path: %WINDIR%\system32\msdt.exe HKCR\Diagnostic.Document\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\msdt.exe /path "%1" MD5: 7ff1826697bac1f6414fef5a12d5a930 Size: 1508864 Path: %WINDIR%\system32\msdt.exe HKCR\Diagnostic.Perfmon.Config\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\perfmon /sys /load "%1" MD5: 59e84c4f4edb28e31e8ada521f977eab Size: 163840 Path: %WINDIR%\system32\perfmon.exe HKCR\Diagnostic.Perfmon.Document\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\perfmon /sys /open "%1" MD5: 59e84c4f4edb28e31e8ada521f977eab Size: 163840 Path: %WINDIR%\system32\perfmon.exe HKCR\Diagnostic.Resmon.Config\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\perfmon /res /load "%1" MD5: 59e84c4f4edb28e31e8ada521f977eab Size: 163840 Path: %WINDIR%\system32\perfmon.exe HKCR\Directory\shell\cmd\command\ [Value] (Default) [Data]: cmd.exe /s /k pushd "%V" MD5: 0fec5f30e705eadaea5e9144f2fb12dc Size: 202752 Path: %WINDIR%\system32\cmd.exe HKCR\Directory\shell\find\command\ [Value] (Default) [Data]: %SystemRoot%\Explorer.exe MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe HKCR\Directory\shell\Powershell\command\ [Value] (Default) [Data]: powershell.exe -noexit -command Set-Location '%V' MD5: 65d86c34814c02569e2ad53fd24e7f61 Size: 431616 Path: %WINDIR%\system32\windowspowershell\v1.0\powershell.exe HKCR\DLNA-PLAYSINGLE\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\docxfile\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" MD5: 2ce55791ef4340cf59e8804934df6389 Size: 4300800 Path: %PROGRAMFILES%\windows nt\accessories\wordpad.exe HKCR\docxfile\shell\print\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" /p "%1" MD5: 2ce55791ef4340cf59e8804934df6389 Size: 4300800 Path: %PROGRAMFILES%\windows nt\accessories\wordpad.exe HKCR\docxfile\shell\printto\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" /pt "%1" "%2" "%3" "%4" MD5: 2ce55791ef4340cf59e8804934df6389 Size: 4300800 Path: %PROGRAMFILES%\windows nt\accessories\wordpad.exe HKCR\dqyfile\shell\Edit_Query_in_Notepad\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\root\client\appvlp.exe" notepad.exe "%1" MD5: 6a1c5489c760cffca5ebfcde97d4eb3c Size: 378560 Path: %PROGRAMFILES%\microsoft office\root\client\appvlp.exe HKCR\dqyfile\shell\open\command\ [Value] (Default) [Data]: C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Drive\shell\cmd\command\ [Value] (Default) [Data]: cmd.exe /s /k pushd "%V" MD5: 0fec5f30e705eadaea5e9144f2fb12dc Size: 202752 Path: %WINDIR%\system32\cmd.exe HKCR\Drive\shell\find\command\ [Value] (Default) [Data]: %SystemRoot%\Explorer.exe MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe HKCR\Drive\shell\Powershell\command\ [Value] (Default) [Data]: powershell.exe -noexit -command Set-Location '%V' MD5: 65d86c34814c02569e2ad53fd24e7f61 Size: 431616 Path: %WINDIR%\system32\windowspowershell\v1.0\powershell.exe HKCR\Drive\shell\unlock-bde\command\ [Value] (Default) [Data]: %SystemRoot%\System32\bdeunlock.exe %1 HKCR\DVD\shell\PlayWithPowerDVD12.0\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLP.exe" AUTOPLAY DVD "%L" MD5: 0ffa697637e5199629670ebc34b57cad Size: 343480 Path: %PROGRAMFILES%\cyberlink\powerdvd12\pdvdlp.exe HKCR\emffile\shell\open\command\ [Value] (Default) [Data]: "%systemroot%\system32\mspaint.exe" "%1" MD5: ecd027759059c8300e0ff28aa4cb3f5b Size: 6474752 Path: %WINDIR%\system32\mspaint.exe HKCR\emffile\shell\print\command\ [Value] (Default) [Data]: "%systemroot%\system32\mspaint.exe" /p "%1" MD5: ecd027759059c8300e0ff28aa4cb3f5b Size: 6474752 Path: %WINDIR%\system32\mspaint.exe HKCR\emffile\shell\printto\command\ [Value] (Default) [Data]: "%systemroot%\system32\mspaint.exe" /pt "%1" "%2" "%3" "%4" MD5: ecd027759059c8300e0ff28aa4cb3f5b Size: 6474752 Path: %WINDIR%\system32\mspaint.exe HKCR\evtfile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\eventvwr.exe /l:"%1" MD5: 836d39ad5985ca36f9583d160f858d68 Size: 81408 Path: %WINDIR%\system32\eventvwr.exe HKCR\evtxfile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\eventvwr.exe /l:"%1" MD5: 836d39ad5985ca36f9583d160f858d68 Size: 81408 Path: %WINDIR%\system32\eventvwr.exe HKCR\Excel.Addin\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.Backup\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.Backup\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.Backup\shell\Print\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.Backup\shell\ViewProtected\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.CSV\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.CSV\shell\Print\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.Macrosheet\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.Macrosheet\shell\New\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.Macrosheet\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.Macrosheet\shell\Print\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.Macrosheet\shell\ViewProtected\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.OpenDocumentSpreadsheet.12\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.OpenDocumentSpreadsheet.12\shell\New\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde /n MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.OpenDocumentSpreadsheet.12\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.OpenDocumentSpreadsheet.12\shell\OpenAsReadOnly\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /h /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.OpenDocumentSpreadsheet.12\shell\Print\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.OpenDocumentSpreadsheet.12\shell\Printto\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.OpenDocumentSpreadsheet.12\shell\ViewProtected\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.Sheet.12\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.Sheet.12\shell\New\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde /n MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.Sheet.12\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.Sheet.12\shell\OpenAsReadOnly\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /h /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.Sheet.12\shell\Print\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.Sheet.12\shell\Printto\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.Sheet.12\shell\ViewProtected\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.SheetMacroEnabled.12\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.SheetMacroEnabled.12\shell\New\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde /n MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.SheetMacroEnabled.12\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.SheetMacroEnabled.12\shell\OpenAsReadOnly\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /h /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.SheetMacroEnabled.12\shell\Print\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.SheetMacroEnabled.12\shell\Printto\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.SheetMacroEnabled.12\shell\ViewProtected\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.Template.8\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.Template.8\shell\New\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde /n MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.Template.8\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.Template.8\shell\OpenAsReadOnly\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /h /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.Template.8\shell\Print\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.Template.8\shell\Printto\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.Template.8\shell\ViewProtected\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excel.WebQuery\shell\edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /w "%1" MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Excelhtmlfile\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\Explorer.AssocActionId.BurnSelection\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\explorer.exe MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe HKCR\Explorer.AssocActionId.EraseDisc\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\explorer.exe MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe HKCR\Explorer.AssocActionId.ZipSelection\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\explorer.exe MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe HKCR\Explorer.AssocProtocol.search-ms\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe HKCR\FaxCover.Document\shell\open\command\ [Value] (Default) [Data]: C:\Windows\System32\fxscover.exe "%1" HKCR\FaxCover.Document\shell\print\command\ [Value] (Default) [Data]: C:\Windows\System32\fxscover.exe /P "%1" HKCR\feeds\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /share "%1" MD5: 48f7379a04bfef42aa6fddb1c3b5b32b Size: 25836224 Path: %PROGRAMFILES%\microsoft office\root\office16\outlook.exe HKCR\FHConfig.AutoPlayHandler\shell\config\command\ [Value] (Default) [Data]: fhmanagew -autoplay HKCR\FindApp.DVD\shell\Play\command\ [Value] (Default) [Data]: explorer "ms-windows-store://search/?query=DVD" MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe HKCR\FirefoxHTML\shell\open\command\ [Value] (Default) [Data]: "C:\Programy\firefox\firefox.exe" -osint -url "%1" MD5: 3dab9632c789a1895760e641d747b4ef Size: 517064 Path: %SystemDrive%\Programy\firefox\firefox.exe HKCR\FirefoxURL\shell\open\command\ [Value] (Default) [Data]: "C:\Programy\firefox\firefox.exe" -osint -url "%1" MD5: 3dab9632c789a1895760e641d747b4ef Size: 517064 Path: %SystemDrive%\Programy\firefox\firefox.exe HKCR\Folder\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\Explorer.exe MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe HKCR\fonfile\shell\preview\command\ [Value] (Default) [Data]: %SystemRoot%\System32\fontview.exe %1 MD5: 41f2c4bcf495e8130fa93d7a641476cd Size: 114176 Path: %WINDIR%\system32\fontview.exe HKCR\fonfile\shell\print\command\ [Value] (Default) [Data]: %SystemRoot%\System32\fontview.exe /p %1 MD5: 41f2c4bcf495e8130fa93d7a641476cd Size: 114176 Path: %WINDIR%\system32\fontview.exe HKCR\ftp\shell\open\command\ [Value] (Default) [Data]: "C:\Programy\firefox\firefox.exe" -osint -url "%1" MD5: 3dab9632c789a1895760e641d747b4ef Size: 517064 Path: %SystemDrive%\Programy\firefox\firefox.exe HKCR\giffile\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files\Internet Explorer\iexplore.exe" %1 MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe HKCR\giffile\shell\printto\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4" MD5: 88dd23a0235531ab9d599f9f28a5d805 Size: 26112 Path: %WINDIR%\system32\shimgvw.dll HKCR\gmmpfile\shell\Install Profile\command\ [Value] (Default) [Data]: "colorcpl.exe" "%1" MD5: 38eb45466769ccd7915ca3582fe7d64a Size: 86528 Path: %WINDIR%\system32\colorcpl.exe HKCR\group_wab_auto_file\shell\edit\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows Mail\wab.exe" /Group "%1" MD5: 2781e6ef593909a8b73fe1ad397f778a Size: 515072 Path: %PROGRAMFILES%\windows mail\wab.exe HKCR\group_wab_auto_file\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows Mail\wab.exe" /Group "%1" MD5: 2781e6ef593909a8b73fe1ad397f778a Size: 515072 Path: %PROGRAMFILES%\windows mail\wab.exe HKCR\group_wab_auto_file\shell\print\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows Mail\wab.exe" /Print "%1" MD5: 2781e6ef593909a8b73fe1ad397f778a Size: 515072 Path: %PROGRAMFILES%\windows mail\wab.exe HKCR\hlpfile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\winhlp32.exe %1 MD5: 9328e170e5407d9dde7eb1e208a2cbb4 Size: 10240 Path: %WINDIR%\winhlp32.exe HKCR\htmlfile\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe HKCR\htmlfile\shell\print\command\ [Value] (Default) [Data]: "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" MD5: a17bec6fa6015eff75d094434f832441 Size: 19416576 Path: %WINDIR%\system32\mshtml.dll HKCR\htmlfile\shell\printto\command\ [Value] (Default) [Data]: "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4" MD5: a17bec6fa6015eff75d094434f832441 Size: 19416576 Path: %WINDIR%\system32\mshtml.dll HKCR\http\shell\open\command\ [Value] (Default) [Data]: "C:\Programy\firefox\firefox.exe" -osint -url "%1" MD5: 3dab9632c789a1895760e641d747b4ef Size: 517064 Path: %SystemDrive%\Programy\firefox\firefox.exe HKCR\https\shell\open\command\ [Value] (Default) [Data]: "C:\Programy\firefox\firefox.exe" -osint -url "%1" MD5: 3dab9632c789a1895760e641d747b4ef Size: 517064 Path: %SystemDrive%\Programy\firefox\firefox.exe HKCR\icmfile\shell\Install Profile\command\ [Value] (Default) [Data]: "colorcpl.exe" "%1" MD5: 38eb45466769ccd7915ca3582fe7d64a Size: 86528 Path: %WINDIR%\system32\colorcpl.exe HKCR\IE.AssocFile.HTM\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\Internet Explorer\iexplore.exe" %1 MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe HKCR\IE.AssocFile.HTM\shell\opennew\command\ [Value] (Default) [Data]: "C:\Program Files\Internet Explorer\iexplore.exe" %1 MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe HKCR\IE.AssocFile.HTM\shell\print\command\ [Value] (Default) [Data]: "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" MD5: a17bec6fa6015eff75d094434f832441 Size: 19416576 Path: %WINDIR%\system32\mshtml.dll HKCR\IE.AssocFile.HTM\shell\printto\command\ [Value] (Default) [Data]: "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4" MD5: a17bec6fa6015eff75d094434f832441 Size: 19416576 Path: %WINDIR%\system32\mshtml.dll HKCR\IE.AssocFile.MHT\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\Internet Explorer\iexplore.exe" %1 MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe HKCR\IE.AssocFile.MHT\shell\opennew\command\ [Value] (Default) [Data]: "C:\Program Files\Internet Explorer\iexplore.exe" %1 MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe HKCR\IE.AssocFile.PARTIAL\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\Internet Explorer\iexplore.exe" %1 MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe HKCR\IE.AssocFile.SVG\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\Internet Explorer\iexplore.exe" %1 MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe HKCR\IE.AssocFile.SVG\shell\opennew\command\ [Value] (Default) [Data]: "C:\Program Files\Internet Explorer\iexplore.exe" %1 MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe HKCR\IE.AssocFile.SVG\shell\print\command\ [Value] (Default) [Data]: "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" MD5: a17bec6fa6015eff75d094434f832441 Size: 19416576 Path: %WINDIR%\system32\mshtml.dll HKCR\IE.AssocFile.SVG\shell\printto\command\ [Value] (Default) [Data]: "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4" MD5: a17bec6fa6015eff75d094434f832441 Size: 19416576 Path: %WINDIR%\system32\mshtml.dll HKCR\IE.AssocFile.URL\shell\Open\command\ [Value] (Default) [Data]: "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l MD5: 059116e27e72be15321f7fe9aa3ef27f Size: 12181504 Path: %WINDIR%\system32\ieframe.dll HKCR\IE.AssocFile.URL\shell\print\command\ [Value] (Default) [Data]: "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" MD5: a17bec6fa6015eff75d094434f832441 Size: 19416576 Path: %WINDIR%\system32\mshtml.dll HKCR\IE.AssocFile.URL\shell\printto\command\ [Value] (Default) [Data]: "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4" MD5: a17bec6fa6015eff75d094434f832441 Size: 19416576 Path: %WINDIR%\system32\mshtml.dll HKCR\IE.AssocFile.WEBSITE\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files\Internet Explorer\iexplore.exe" -w "%l" %* MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe HKCR\IE.AssocFile.XHT\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\Internet Explorer\iexplore.exe" %1 MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe HKCR\IE.AssocFile.XHT\shell\opennew\command\ [Value] (Default) [Data]: "C:\Program Files\Internet Explorer\iexplore.exe" %1 MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe HKCR\IE.AssocFile.XHT\shell\print\command\ [Value] (Default) [Data]: "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintXHTML "%1" MD5: a17bec6fa6015eff75d094434f832441 Size: 19416576 Path: %WINDIR%\system32\mshtml.dll HKCR\IE.AssocFile.XHT\shell\printto\command\ [Value] (Default) [Data]: "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintXHTML "%1" "%2" "%3" "%4" MD5: a17bec6fa6015eff75d094434f832441 Size: 19416576 Path: %WINDIR%\system32\mshtml.dll HKCR\IE.FTP\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\Internet Explorer\iexplore.exe" %1 MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe HKCR\IE.HTTP\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\Internet Explorer\iexplore.exe" %1 MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe HKCR\IE.HTTPS\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\Internet Explorer\iexplore.exe" %1 MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe HKCR\IMEDictionaryCompiler\shell\open\command\ [Value] (Default) [Data]: "%WINDIR%\system32\IME\SHARED\imewdbld.exe" "%1" %* MD5: de99a1fc5efca6bce02291b05e744f22 Size: 511488 Path: %WINDIR%\system32\ime\shared\imewdbld.exe HKCR\imesxfile\shell\open\command\ [Value] (Default) [Data]: "%WINDIR%\system32\IME\SHARED\imesearch.exe" "%1" MD5: 31aabab8399b5d799daeae76d1a4607c Size: 129536 Path: %WINDIR%\system32\ime\shared\imesearch.exe HKCR\inffile\shell\Install\command\ [Value] (Default) [Data]: %SystemRoot%\System32\InfDefaultInstall.exe "%1" MD5: 85449c56339bfef1af92ea9e034d5d84 Size: 11776 Path: %WINDIR%\system32\infdefaultinstall.exe HKCR\inffile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\NOTEPAD.EXE %1 MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\inffile\shell\print\command\ [Value] (Default) [Data]: %SystemRoot%\system32\NOTEPAD.EXE /p %1 MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\inifile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\NOTEPAD.EXE %1 MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\inifile\shell\print\command\ [Value] (Default) [Data]: %SystemRoot%\system32\NOTEPAD.EXE /p %1 MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\Intel.GraphicsControlPanel.igp.1\shell\open\command\ [Value] (Default) [Data]: C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\GfxUIEx.exe %1 MD5: b15e09fcdd5ed3fd0a29d073ab5bdb54 Size: 467432 Path: %WINDIR%\system32\driverstore\filerepository\igdlh64.inf_amd64_82119d956c80af5a\gfxuiex.exe HKCR\InternetShortcut\shell\Open\command\ [Value] (Default) [Data]: "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l MD5: 059116e27e72be15321f7fe9aa3ef27f Size: 12181504 Path: %WINDIR%\system32\ieframe.dll HKCR\InternetShortcut\shell\print\command\ [Value] (Default) [Data]: "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" MD5: a17bec6fa6015eff75d094434f832441 Size: 19416576 Path: %WINDIR%\system32\mshtml.dll HKCR\InternetShortcut\shell\printto\command\ [Value] (Default) [Data]: "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4" MD5: a17bec6fa6015eff75d094434f832441 Size: 19416576 Path: %WINDIR%\system32\mshtml.dll HKCR\jarfile\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\Java\jre1.8.0_131\bin\javaw.exe" -jar "%1" %* MD5: b4aa295aee6aeb51fc0dfd18c8b91468 Size: 206912 Path: %SystemDrive%\program files\java\jre1.8.0_131\bin\javaw.exe HKCR\jnlp\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2launcher.exe" -securejws "%1" MD5: ee3f5fa62fc6faa7d130c26e03e148e2 Size: 83008 Path: %PROGRAMFILES%\java\jre1.8.0_131\bin\jp2launcher.exe HKCR\JNLPFile\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Java\jre1.8.0_131\bin\javaws.exe" "%1" MD5: 1b608a3165adcaa835f4bf1dc1647588 Size: 268864 Path: %PROGRAMFILES%\java\jre1.8.0_131\bin\javaws.exe HKCR\jnlps\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2launcher.exe" -securejws "%1" MD5: ee3f5fa62fc6faa7d130c26e03e148e2 Size: 83008 Path: %PROGRAMFILES%\java\jre1.8.0_131\bin\jp2launcher.exe HKCR\jpegfile\shell\printto\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4" MD5: 88dd23a0235531ab9d599f9f28a5d805 Size: 26112 Path: %WINDIR%\system32\shimgvw.dll HKCR\JSEFile\shell\Edit\command\ [Value] (Default) [Data]: C:\Windows\System32\Notepad.exe %1 MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\JSEFile\shell\Open\command\ [Value] (Default) [Data]: C:\Windows\System32\WScript.exe "%1" %* MD5: 5e5abbcb6a426693edbf3e68e480df2d Size: 148992 Path: %WINDIR%\system32\wscript.exe HKCR\JSEFile\shell\Open2\command\ [Value] (Default) [Data]: C:\Windows\System32\CScript.exe "%1" %* MD5: f87e44a2c205faa3be76d9462d5125bb Size: 144384 Path: %WINDIR%\system32\cscript.exe HKCR\JSEFile\shell\Print\command\ [Value] (Default) [Data]: C:\Windows\System32\Notepad.exe /p %1 MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\JSFile\shell\Edit\command\ [Value] (Default) [Data]: C:\Windows\System32\Notepad.exe %1 MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\JSFile\shell\Open\command\ [Value] (Default) [Data]: C:\Windows\System32\WScript.exe "%1" %* MD5: 5e5abbcb6a426693edbf3e68e480df2d Size: 148992 Path: %WINDIR%\system32\wscript.exe HKCR\JSFile\shell\Open2\command\ [Value] (Default) [Data]: C:\Windows\System32\CScript.exe "%1" %* MD5: f87e44a2c205faa3be76d9462d5125bb Size: 144384 Path: %WINDIR%\system32\cscript.exe HKCR\JSFile\shell\Print\command\ [Value] (Default) [Data]: C:\Windows\System32\Notepad.exe /p %1 MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\KasperskyBackupFolder\shell\Restore\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\Kaspersky Restore Utility\KasperskyLab.Pure.RestoreTool.exe" %1 MD5: 1930cc8583071b5f5c342e0be90b0bf8 Size: 127440 Path: %PROGRAMFILES%\kaspersky lab\kaspersky internet security 17.0.0\kaspersky restore utility\kasperskylab.pure.restoretool.exe HKCR\KSDE\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe" -hidden navigate "%1" MD5: bdb3d8437752ebcd11db04082b1fe8a5 Size: 480216 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe HKCR\Launcher.Computer\shell\Manage\command\ [Value] (Default) [Data]: %SystemRoot%\system32\CompMgmtLauncher.exe HKCR\LDAP\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows Mail\wab.exe" "/ldap:%1" MD5: 2781e6ef593909a8b73fe1ad397f778a Size: 515072 Path: %PROGRAMFILES%\windows mail\wab.exe HKCR\LpkSetup.1\shell\install\command\ [Value] (Default) [Data]: %systemroot%\system32\lpksetup.exe /p "%1" HKCR\MacromediaFlashPaper.MacromediaFlashPaper\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles%\Internet Explorer\iexplore.exe" "%1" MD5: a036c540dc3cabb643c7e8f2c8afc9aa Size: 825536 Path: %PROGRAMFILES%\internet explorer\iexplore.exe HKCR\mhtmlfile\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe HKCR\mhtmlfile\shell\opennew\command\ [Value] (Default) [Data]: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe HKCR\Microsoft.PowerShellConsole.1\shell\0\command\ [Value] (Default) [Data]: "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -p "%1" MD5: 65d86c34814c02569e2ad53fd24e7f61 Size: 431616 Path: %WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe HKCR\Microsoft.PowerShellConsole.1\shell\Open\command\ [Value] (Default) [Data]: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -p "%1" MD5: 65d86c34814c02569e2ad53fd24e7f61 Size: 431616 Path: %WINDIR%\system32\windowspowershell\v1.0\powershell.exe HKCR\Microsoft.PowerShellData.1\shell\Edit\command\ [Value] (Default) [Data]: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe" "%1" MD5: 8f1f1c4eda2cfa2073e82a409bbe35d0 Size: 214016 Path: %WINDIR%\system32\windowspowershell\v1.0\powershell_ise.exe HKCR\Microsoft.PowerShellData.1\shell\Open\command\ [Value] (Default) [Data]: "C:\Windows\System32\notepad.exe" "%1" MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\Microsoft.PowerShellModule.1\shell\Edit\command\ [Value] (Default) [Data]: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe" "%1" MD5: 8f1f1c4eda2cfa2073e82a409bbe35d0 Size: 214016 Path: %WINDIR%\system32\windowspowershell\v1.0\powershell_ise.exe HKCR\Microsoft.PowerShellModule.1\shell\Open\command\ [Value] (Default) [Data]: "C:\Windows\System32\notepad.exe" "%1" MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\Microsoft.PowerShellScript.1\shell\0\command\ [Value] (Default) [Data]: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-Command" "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & '%1'" MD5: 65d86c34814c02569e2ad53fd24e7f61 Size: 431616 Path: %WINDIR%\system32\windowspowershell\v1.0\powershell.exe HKCR\Microsoft.PowerShellScript.1\shell\Edit\command\ [Value] (Default) [Data]: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe" "%1" MD5: 8f1f1c4eda2cfa2073e82a409bbe35d0 Size: 214016 Path: %WINDIR%\system32\windowspowershell\v1.0\powershell_ise.exe HKCR\Microsoft.PowerShellScript.1\shell\Open\command\ [Value] (Default) [Data]: "C:\Windows\System32\notepad.exe" "%1" MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\Microsoft.ProvTool.Provisioning.1\shell\open\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\provtool.exe" "%1" HKCR\Microsoft.System.Update.1\shell\open\command\ [Value] (Default) [Data]: "%systemroot%\system32\wusa.exe" "%1" %* MD5: 9d8480f32c28bbb201f98fd795aa69ab Size: 304640 Path: %WINDIR%\system32\wusa.exe HKCR\Microsoft.Website\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -w "%l" %* MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe HKCR\Microsoft.Workfolders\shell\Open\command\ [Value] (Default) [Data]: C:\Windows\System32\control.exe /name Microsoft.WorkFolders MD5: 359de40504bf90efd590c248b71c8b81 Size: 114688 Path: %WINDIR%\system32\control.exe HKCR\MixedContent\shell\PlayWithPowerDVD12.0\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLP.exe" LOCALAUTOPLAY MIXCONTENT "%L" MD5: 0ffa697637e5199629670ebc34b57cad Size: 343480 Path: %PROGRAMFILES%\cyberlink\powerdvd12\pdvdlp.exe HKCR\ms-access\shell\open\command\ [Value] (Default) [Data]: C:\Program Files (x86)\Microsoft Office\Root\Office16\protocolhandler.exe "%1" MD5: 72a5f1d52efe64e18c59b3012f4a8d45 Size: 1487048 Path: %PROGRAMFILES%\microsoft office\root\office16\protocolhandler.exe HKCR\ms-availablenetworks\shell\Open\command\ [Value] (Default) [Data]: "%SystemRoot%\system32\LaunchWinApp.exe" "%1" MD5: b143224e703778589f04ac86678a0308 Size: 34304 Path: %WINDIR%\system32\launchwinapp.exe HKCR\ms-excel\shell\open\command\ [Value] (Default) [Data]: C:\Program Files (x86)\Microsoft Office\Root\Office16\protocolhandler.exe "%1" MD5: 72a5f1d52efe64e18c59b3012f4a8d45 Size: 1487048 Path: %PROGRAMFILES%\microsoft office\root\office16\protocolhandler.exe HKCR\ms-powerpoint\shell\open\command\ [Value] (Default) [Data]: C:\Program Files (x86)\Microsoft Office\Root\Office16\protocolhandler.exe "%1" MD5: 72a5f1d52efe64e18c59b3012f4a8d45 Size: 1487048 Path: %PROGRAMFILES%\microsoft office\root\office16\protocolhandler.exe HKCR\ms-publisher\shell\open\command\ [Value] (Default) [Data]: C:\Program Files (x86)\Microsoft Office\Root\Office16\protocolhandler.exe "%1" MD5: 72a5f1d52efe64e18c59b3012f4a8d45 Size: 1487048 Path: %PROGRAMFILES%\microsoft office\root\office16\protocolhandler.exe HKCR\ms-quick-assist\shell\Open\command\ [Value] (Default) [Data]: "%SystemRoot%\system32\quickassist.exe" %1 HKCR\ms-settings-connectabledevices\shell\Open\command\ [Value] (Default) [Data]: "%SystemRoot%\system32\LaunchWinApp.exe" "%1" MD5: b143224e703778589f04ac86678a0308 Size: 34304 Path: %WINDIR%\system32\launchwinapp.exe HKCR\ms-settings-displays-topology\shell\Open\command\ [Value] (Default) [Data]: "%SystemRoot%\system32\LaunchWinApp.exe" "%1" MD5: b143224e703778589f04ac86678a0308 Size: 34304 Path: %WINDIR%\system32\launchwinapp.exe HKCR\ms-word\shell\open\command\ [Value] (Default) [Data]: C:\Program Files (x86)\Microsoft Office\Root\Office16\protocolhandler.exe "%1" MD5: 72a5f1d52efe64e18c59b3012f4a8d45 Size: 1487048 Path: %PROGRAMFILES%\microsoft office\root\office16\protocolhandler.exe HKCR\mscfile\shell\Author\command\ [Value] (Default) [Data]: %SystemRoot%\system32\mmc.exe /a "%1" %* MD5: 0b75ab918076d87c9c37d351d3b9c9ae Size: 1543680 Path: %WINDIR%\system32\mmc.exe HKCR\mscfile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\mmc.exe "%1" %* MD5: 0b75ab918076d87c9c37d351d3b9c9ae Size: 1543680 Path: %WINDIR%\system32\mmc.exe HKCR\mscfile\shell\RunAs\command\ [Value] (Default) [Data]: %SystemRoot%\system32\mmc.exe "%1" %* MD5: 0b75ab918076d87c9c37d351d3b9c9ae Size: 1543680 Path: %WINDIR%\system32\mmc.exe HKCR\MSDASC\shell\open\command\ [Value] (Default) [Data]: Rundll32.exe "%CommonProgramFiles%\System\OLE DB\oledb32.dll",OpenDSLFile %1 MD5: d2c20b894b655993a99f7fddca6ff31b Size: 813568 Path: %COMMONPROGRAMFILES%\system\ole db\oledb32.dll HKCR\Msi.Package\shell\Open\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\msiexec.exe" /i "%1" %* MD5: 9d69473a54b200870a407b0e7103ee28 Size: 58368 Path: %WINDIR%\system32\msiexec.exe HKCR\Msi.Package\shell\Repair\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\msiexec.exe" /f "%1" %* MD5: 9d69473a54b200870a407b0e7103ee28 Size: 58368 Path: %WINDIR%\system32\msiexec.exe HKCR\Msi.Package\shell\Uninstall\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\msiexec.exe" /x "%1" %* MD5: 9d69473a54b200870a407b0e7103ee28 Size: 58368 Path: %WINDIR%\system32\msiexec.exe HKCR\Msi.Patch\shell\Open\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\msiexec.exe" /p "%1" %* MD5: 9d69473a54b200870a407b0e7103ee28 Size: 58368 Path: %WINDIR%\system32\msiexec.exe HKCR\MSInfoFile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\msinfo32.exe "%1" MD5: ddad9b61722b2a68a437ea6087af501e Size: 336896 Path: %WINDIR%\system32\msinfo32.exe HKCR\MSSppLicenseFile\shell\open\command\ [Value] (Default) [Data]: "iexplore.exe" "%1" MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe HKCR\MSStorageSense\shell\open\command\ [Value] (Default) [Data]: explorer ms-settings:storagesense MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe HKCR\msstylesfile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Appearance /Action:OpenMSTheme /file:"%1" MD5: cef925867fbb9031d088087bdedf5b20 Size: 163328 Path: %WINDIR%\system32\desk.cpl MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\MusicFiles\shell\PlayWithPowerDVD12.0\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLP.exe" LOCALAUTOPLAY AUDIO "%L" MD5: 0ffa697637e5199629670ebc34b57cad Size: 343480 Path: %PROGRAMFILES%\cyberlink\powerdvd12\pdvdlp.exe HKCR\NetServer\shell\remotedesktop\command\ [Value] (Default) [Data]: mstsc.exe -v %1 MD5: bba2d637abcf77d646d31588caf02b34 Size: 3106304 Path: %WINDIR%\system32\mstsc.exe HKCR\ODCfile\shell\Analyze\command\ [Value] (Default) [Data]: C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE /dde MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\ODCfile\shell\Edit\command\ [Value] (Default) [Data]: C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE /y MD5: e189251aa634d433dbf512d9ed284554 Size: 34544840 Path: %PROGRAMFILES%\microsoft office\root\office16\excel.exe HKCR\odtfile\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" MD5: 2ce55791ef4340cf59e8804934df6389 Size: 4300800 Path: %PROGRAMFILES%\windows nt\accessories\wordpad.exe HKCR\odtfile\shell\print\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" /p "%1" MD5: 2ce55791ef4340cf59e8804934df6389 Size: 4300800 Path: %PROGRAMFILES%\windows nt\accessories\wordpad.exe HKCR\odtfile\shell\printto\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" /pt "%1" "%2" "%3" "%4" MD5: 2ce55791ef4340cf59e8804934df6389 Size: 4300800 Path: %PROGRAMFILES%\windows nt\accessories\wordpad.exe HKCR\OfficeTheme.12\shell\New\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\OfficeTheme.12\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "%1" /ou "%u" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\OfficeTheme.12\shell\Print\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /p "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\OfficeTheme.12\shell\Show\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\oms\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Client\AppVLp.exe" rundll32.exe C:\Program Files (x86)\Microsoft Office\Root\Office16\OMSMAIN.DLL, OmsProtocolHandler %1 MD5: 8f586d2fa94523583b9b037999223c38 Size: 740544 Path: %PROGRAMFILES%\microsoft office\root\office16\omsmain.dll HKCR\OneDrive.WebAction\shell\open\command\ [Value] (Default) [Data]: C:\Users\RafaA?\AppData\Local\Microsoft\OneDrive\OneDrive.exe /url:"%1" /hideWelcomePage MD5: fd9a7f99a09db266d0c1361b0accbd7e Size: 554176 Path: %LOCALAPPDATA%\microsoft\onedrive\onedrive.exe HKCR\onenote\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\ONENOTE.EXE" /hyperlink "%1" MD5: f4186be26e9ca366e94e415d81c339d7 Size: 1906368 Path: %PROGRAMFILES%\microsoft office\root\office16\onenote.exe HKCR\OneNote.Folder.1\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\ONENOTE.EXE" "%1" MD5: f4186be26e9ca366e94e415d81c339d7 Size: 1906368 Path: %PROGRAMFILES%\microsoft office\root\office16\onenote.exe HKCR\OneNote.Folder.1\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\ONENOTE.EXE" "%1" MD5: f4186be26e9ca366e94e415d81c339d7 Size: 1906368 Path: %PROGRAMFILES%\microsoft office\root\office16\onenote.exe HKCR\OneNote.Folder.1\shell\OpenAsReadOnly\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\ONENOTE.EXE" "%1" MD5: f4186be26e9ca366e94e415d81c339d7 Size: 1906368 Path: %PROGRAMFILES%\microsoft office\root\office16\onenote.exe HKCR\OneNote.Notebook.1\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\ONENOTE.EXE" "%1" MD5: f4186be26e9ca366e94e415d81c339d7 Size: 1906368 Path: %PROGRAMFILES%\microsoft office\root\office16\onenote.exe HKCR\OneNote.Notebook.1\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\ONENOTE.EXE" "%1" MD5: f4186be26e9ca366e94e415d81c339d7 Size: 1906368 Path: %PROGRAMFILES%\microsoft office\root\office16\onenote.exe HKCR\OneNote.Notebook.1\shell\OpenAsReadOnly\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\ONENOTE.EXE" "%1" MD5: f4186be26e9ca366e94e415d81c339d7 Size: 1906368 Path: %PROGRAMFILES%\microsoft office\root\office16\onenote.exe HKCR\OneNote.Package\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\ONENOTE.EXE" "%1" MD5: f4186be26e9ca366e94e415d81c339d7 Size: 1906368 Path: %PROGRAMFILES%\microsoft office\root\office16\onenote.exe HKCR\OneNote.TableOfContents\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\ONENOTE.EXE" /navigate "%1" MD5: f4186be26e9ca366e94e415d81c339d7 Size: 1906368 Path: %PROGRAMFILES%\microsoft office\root\office16\onenote.exe HKCR\OneNote.URL.16\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\ONENOTE.EXE" /hyperlink "%1" MD5: f4186be26e9ca366e94e415d81c339d7 Size: 1906368 Path: %PROGRAMFILES%\microsoft office\root\office16\onenote.exe HKCR\OneNoteDesktop\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\ONENOTE.EXE" /hyperlink "%1" MD5: f4186be26e9ca366e94e415d81c339d7 Size: 1906368 Path: %PROGRAMFILES%\microsoft office\root\office16\onenote.exe HKCR\OneNoteDesktop.URL.16\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\ONENOTE.EXE" /hyperlink "%1" MD5: f4186be26e9ca366e94e415d81c339d7 Size: 1906368 Path: %PROGRAMFILES%\microsoft office\root\office16\onenote.exe HKCR\opensearchdescription\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\explorer.exe MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe HKCR\opensearchfilefolderresult\shell\open\command\ [Value] (Default) [Data]: N/A HKCR\opensearchresult\shell\open\command\ [Value] (Default) [Data]: N/A HKCR\opensearchresult\shell\print\command\ [Value] (Default) [Data]: rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" MD5: a17bec6fa6015eff75d094434f832441 Size: 19416576 Path: %WINDIR%\system32\mshtml.dll HKCR\OrgPlusWOPX.4\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\ORGCHART.EXE" %1 MD5: 70fb797fec9786f7935adb447764ab26 Size: 567488 Path: %PROGRAMFILES%\microsoft office\root\office16\orgchart.exe HKCR\otffile\shell\preview\command\ [Value] (Default) [Data]: %SystemRoot%\System32\fontview.exe %1 MD5: 41f2c4bcf495e8130fa93d7a641476cd Size: 114176 Path: %WINDIR%\system32\fontview.exe HKCR\otffile\shell\print\command\ [Value] (Default) [Data]: %SystemRoot%\System32\fontview.exe /p %1 MD5: 41f2c4bcf495e8130fa93d7a641476cd Size: 114176 Path: %WINDIR%\system32\fontview.exe HKCR\Outlook.File.eml.15\shell\Open\command\ [Value] (Default) [Data]: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE /eml "%1" MD5: 48f7379a04bfef42aa6fddb1c3b5b32b Size: 25836224 Path: %PROGRAMFILES%\microsoft office\root\office16\outlook.exe HKCR\Outlook.File.oft.15\shell\New\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /t "%1" MD5: 48f7379a04bfef42aa6fddb1c3b5b32b Size: 25836224 Path: %PROGRAMFILES%\microsoft office\root\office16\outlook.exe HKCR\Outlook.File.oft.15\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /t "%1" MD5: 48f7379a04bfef42aa6fddb1c3b5b32b Size: 25836224 Path: %PROGRAMFILES%\microsoft office\root\office16\outlook.exe HKCR\Outlook.File.oft.15\shell\Print\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /p "%1" MD5: 48f7379a04bfef42aa6fddb1c3b5b32b Size: 25836224 Path: %PROGRAMFILES%\microsoft office\root\office16\outlook.exe HKCR\Outlook.File.vcs.15\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /vcal "%1" MD5: 48f7379a04bfef42aa6fddb1c3b5b32b Size: 25836224 Path: %PROGRAMFILES%\microsoft office\root\office16\outlook.exe HKCR\Outlook.URL.feed.15\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /share "%1" MD5: 48f7379a04bfef42aa6fddb1c3b5b32b Size: 25836224 Path: %PROGRAMFILES%\microsoft office\root\office16\outlook.exe HKCR\Outlook.URL.mailto.15\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" -c IPM.Note /mailto "%1" MD5: 48f7379a04bfef42aa6fddb1c3b5b32b Size: 25836224 Path: %PROGRAMFILES%\microsoft office\root\office16\outlook.exe HKCR\Outlook.URL.stssync.15\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /share "%1" MD5: 48f7379a04bfef42aa6fddb1c3b5b32b Size: 25836224 Path: %PROGRAMFILES%\microsoft office\root\office16\outlook.exe HKCR\Outlook.URL.webcal.15\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /share "%1" MD5: 48f7379a04bfef42aa6fddb1c3b5b32b Size: 25836224 Path: %PROGRAMFILES%\microsoft office\root\office16\outlook.exe HKCR\P7RFile\shell\add\command\ [Value] (Default) [Data]: %SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddP7R %1 MD5: f17b26434c4c741174117e373e268bf9 Size: 60416 Path: %WINDIR%\system32\cryptext.dll HKCR\P7RFile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenP7R %1 MD5: f17b26434c4c741174117e373e268bf9 Size: 60416 Path: %WINDIR%\system32\cryptext.dll HKCR\P7SFile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\\rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1 MD5: f17b26434c4c741174117e373e268bf9 Size: 60416 Path: %WINDIR%\system32\cryptext.dll HKCR\Paint.Picture\shell\edit\command\ [Value] (Default) [Data]: "%systemroot%\system32\mspaint.exe" "%1" MD5: ecd027759059c8300e0ff28aa4cb3f5b Size: 6474752 Path: %WINDIR%\system32\mspaint.exe HKCR\Paint.Picture\shell\printto\command\ [Value] (Default) [Data]: "%systemroot%\system32\mspaint.exe" /pt "%1" "%2" "%3" "%4" MD5: ecd027759059c8300e0ff28aa4cb3f5b Size: 6474752 Path: %WINDIR%\system32\mspaint.exe HKCR\pbkfile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\rasphone.exe -f "%1" MD5: 83f6f730b1a8a81234fca28107cbc280 Size: 32256 Path: %WINDIR%\system32\rasphone.exe HKCR\PBrush\shell\edit\command\ [Value] (Default) [Data]: "%systemroot%\system32\mspaint.exe" "%1" MD5: ecd027759059c8300e0ff28aa4cb3f5b Size: 6474752 Path: %WINDIR%\system32\mspaint.exe HKCR\PBrush\shell\print\command\ [Value] (Default) [Data]: "%systemroot%\system32\mspaint.exe" /p "%1" MD5: ecd027759059c8300e0ff28aa4cb3f5b Size: 6474752 Path: %WINDIR%\system32\mspaint.exe HKCR\PBrush\shell\printto\command\ [Value] (Default) [Data]: "%systemroot%\system32\mspaint.exe" /pt "%1" "%2" "%3" "%4" MD5: ecd027759059c8300e0ff28aa4cb3f5b Size: 6474752 Path: %WINDIR%\system32\mspaint.exe HKCR\PerfFile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\mmc.exe %systemroot%\system32\perfmon.msc /F "%1" MD5: 0b75ab918076d87c9c37d351d3b9c9ae Size: 1543680 Path: %WINDIR%\system32\mmc.exe MD5: 9be46dd971fba66d84567679d3d414ec Size: 145519 Path: %WINDIR%\system32\perfmon.msc HKCR\pfmfile\shell\preview\command\ [Value] (Default) [Data]: %SystemRoot%\System32\fontview.exe %1 MD5: 41f2c4bcf495e8130fa93d7a641476cd Size: 114176 Path: %WINDIR%\system32\fontview.exe HKCR\pfmfile\shell\print\command\ [Value] (Default) [Data]: %SystemRoot%\System32\fontview.exe /p %1 MD5: 41f2c4bcf495e8130fa93d7a641476cd Size: 114176 Path: %WINDIR%\system32\fontview.exe HKCR\PFXFile\shell\add\command\ [Value] (Default) [Data]: %SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddPFX %1 MD5: f17b26434c4c741174117e373e268bf9 Size: 60416 Path: %WINDIR%\system32\cryptext.dll HKCR\PFXFile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenPFX %1 MD5: f17b26434c4c741174117e373e268bf9 Size: 60416 Path: %WINDIR%\system32\cryptext.dll HKCR\PhotoViewer.FileAssoc.Tiff\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 MD5: 3f05d6d65e12fe66313cf6db2cdfec9f Size: 1570304 Path: %PROGRAMFILES%\windows photo viewer\photoviewer.dll HKCR\Picture\shell\PlayWithPowerDVD12.0\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLP.exe" LOCALAUTOPLAY PHOTO "%L" MD5: 0ffa697637e5199629670ebc34b57cad Size: 343480 Path: %PROGRAMFILES%\cyberlink\powerdvd12\pdvdlp.exe HKCR\pjpegfile\shell\printto\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4" MD5: 88dd23a0235531ab9d599f9f28a5d805 Size: 26112 Path: %WINDIR%\system32\shimgvw.dll HKCR\pngfile\shell\printto\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4" MD5: 88dd23a0235531ab9d599f9f28a5d805 Size: 26112 Path: %WINDIR%\system32\shimgvw.dll HKCR\potcmd\shell\open\command\ [Value] (Default) [Data]: C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\potplayer\shell\open\command\ [Value] (Default) [Data]: C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.3G2\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.3G2\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.3G2\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.3GP\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.3GP\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.3GP\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.3GP2\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.3GP2\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.3GP2\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.3GPP\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.3GPP\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.3GPP\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.AAC\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.AAC\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.AAC\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.AC3\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.AC3\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.AC3\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.AMR\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.AMR\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.AMR\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.AMV\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.AMV\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.AMV\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.APE\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.APE\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.APE\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.ASF\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.ASF\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.ASF\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.ASS\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.ASS\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.ASS\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.ASX\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.ASX\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.ASX\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.AVI\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.AVI\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.AVI\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.CDA\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.CDA\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.CDA\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.CUE\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.CUE\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.CUE\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.DIVX\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.DIVX\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.DIVX\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.DMSKM\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.DMSKM\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.DMSKM\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.DPG\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.DPG\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.DPG\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.DPL\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.DSF\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.DTS\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.DTS\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.DTS\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.DTSHD\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.DTSHD\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.DTSHD\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.DVR-MS\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.DVR-MS\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.DVR-MS\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.EAC3\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.EAC3\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.EAC3\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.EVO\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.EVO\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.EVO\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.F4V\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.F4V\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.F4V\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.FLAC\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.FLAC\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.FLAC\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.FLV\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.FLV\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.FLV\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.IDX\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.IDX\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.IDX\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.IFO\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.IFO\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.IFO\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.K3G\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.K3G\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.K3G\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.LMP4\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.LMP4\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.LMP4\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M1A\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M1A\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M1A\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M1V\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M1V\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M1V\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M2A\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M2A\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M2A\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M2T\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M2T\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M2T\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M2TS\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M2TS\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M2TS\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M2V\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M2V\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M2V\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M3U\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M3U\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M3U\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M3U8\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M3U8\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M3U8\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M4A\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M4A\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M4A\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M4B\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M4B\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M4B\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M4P\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M4P\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M4P\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M4V\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M4V\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.M4V\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MKA\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MKA\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MKA\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MKV\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MKV\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MKV\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MOD\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MOD\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MOD\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MOV\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MOV\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MOV\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MP2\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MP2\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MP2\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MP2V\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MP2V\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MP2V\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MP3\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MP3\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MP3\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MP4\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MP4\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MP4\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPA\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPA\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPA\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPC\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPC\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPC\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPE\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPE\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPE\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPEG\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPEG\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPEG\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPG\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPG\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPG\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPL\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPL\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPL\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPLS\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPLS\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPLS\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPV2\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPV2\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MPV2\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MQV\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MQV\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MQV\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MTS\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MTS\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MTS\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MXF\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MXF\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.MXF\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.NSR\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.NSR\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.NSR\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.NSV\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.NSV\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.NSV\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.OGG\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.OGG\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.OGG\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.OGM\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.OGM\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.OGM\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.OGV\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.OGV\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.OGV\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.pbf\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.PLS\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.PLS\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.PLS\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.QT\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.QT\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.QT\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.RA\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.RA\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.RA\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.RAM\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.RAM\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.RAM\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.RM\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.RM\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.RM\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.RMVB\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.RMVB\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.RMVB\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.RPM\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.RPM\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.RPM\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.SKM\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.SKM\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.SKM\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.SMI\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.SMI\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.SMI\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.SRT\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.SRT\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.SRT\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.SSA\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.SSA\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.SSA\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.SUB\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.SUB\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.SUB\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.SUP\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.SUP\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.SUP\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.SWF\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.SWF\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.SWF\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.TAK\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.TAK\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.TAK\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.TP\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.TP\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.TP\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.TPR\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.TPR\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.TPR\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.TRP\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.TRP\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.TRP\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.TS\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.TS\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.TS\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.VOB\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.VOB\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.VOB\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WAV\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WAV\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WAV\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WAX\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WAX\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WAX\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WEBM\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WEBM\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WEBM\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WM\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WM\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WM\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WMA\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WMA\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WMA\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WMP\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WMP\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WMP\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WMV\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WMV\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WMV\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WMX\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WMX\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WMX\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WTV\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WTV\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WTV\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WV\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WV\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WV\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WVX\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WVX\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.WVX\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.XSPF\shell\Enqueue\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" /ADD MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.XSPF\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PotPlayerMini64.XSPF\shell\play\command\ [Value] (Default) [Data]: "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\potrun\shell\open\command\ [Value] (Default) [Data]: C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\PowerDVD12.0FILE\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe" "%1" MD5: 57e689560ee9dffca1d15675f7c5b8cc Size: 377544 Path: %PROGRAMFILES%\cyberlink\powerdvd12\powerdvd12.exe HKCR\PowerDVD12.0IFOfile\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe" "%1" MD5: 57e689560ee9dffca1d15675f7c5b8cc Size: 377544 Path: %PROGRAMFILES%\cyberlink\powerdvd12\powerdvd12.exe HKCR\PowerDVD12.0POWERDVDfile\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe" "%1" MD5: 57e689560ee9dffca1d15675f7c5b8cc Size: 377544 Path: %PROGRAMFILES%\cyberlink\powerdvd12\powerdvd12.exe HKCR\PowerDVD12.0VOBfile\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe" "%1" MD5: 57e689560ee9dffca1d15675f7c5b8cc Size: 377544 Path: %PROGRAMFILES%\cyberlink\powerdvd12\powerdvd12.exe HKCR\PowerPoint.Addin.12\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "%1" /ou "%u" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Addin.8\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.OpenDocumentPresentation.12\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /vu "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.OpenDocumentPresentation.12\shell\New\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.OpenDocumentPresentation.12\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "%1" /ou "%u" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.OpenDocumentPresentation.12\shell\OpenAsReadOnly\command\ [Value] (Default) [Data]: C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE /h "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.OpenDocumentPresentation.12\shell\Print\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /p "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.OpenDocumentPresentation.12\shell\Show\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.OpenDocumentPresentation.12\shell\ViewProtected\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /vp "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Show.12\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /vu "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Show.12\shell\New\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Show.12\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "%1" /ou "%u" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Show.12\shell\OpenAsReadOnly\command\ [Value] (Default) [Data]: C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE /h "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Show.12\shell\Print\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /p "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Show.12\shell\PrintTo\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /pt "%2" "%3" "%4" "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Show.12\shell\Show\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Show.12\shell\ViewProtected\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /vp "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Slide.12\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /vu "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Slide.12\shell\New\command\ [Value] (Default) [Data]: C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE /n "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Slide.12\shell\Open\command\ [Value] (Default) [Data]: C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE "%1" /ou "%u" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Slide.12\shell\OpenAsReadOnly\command\ [Value] (Default) [Data]: C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE /h "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Slide.12\shell\Print\command\ [Value] (Default) [Data]: C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE /p "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Slide.12\shell\Show\command\ [Value] (Default) [Data]: C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE /s "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Slide.12\shell\ViewProtected\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /vp "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.SlideShow.12\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /vu "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.SlideShow.12\shell\New\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.SlideShow.12\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "%1" /ou "%u" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.SlideShow.12\shell\Print\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /p "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.SlideShow.12\shell\ViewProtected\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /vp "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.SlideShowMacroEnabled.12\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /vu "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.SlideShowMacroEnabled.12\shell\New\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.SlideShowMacroEnabled.12\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "%1" /ou "%u" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.SlideShowMacroEnabled.12\shell\Print\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /p "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.SlideShowMacroEnabled.12\shell\ViewProtected\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /vp "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Template.12\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /vu "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Template.12\shell\New\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Template.12\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "%1" /ou "%u" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Template.12\shell\Print\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /p "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Template.12\shell\Show\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Template.12\shell\ViewProtected\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /vp "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Template.8\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /vu "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Template.8\shell\New\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Template.8\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "%1" /ou "%u" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Template.8\shell\Print\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /p "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Template.8\shell\Show\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.Template.8\shell\ViewProtected\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /vp "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.TemplateMacroEnabled.12\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /vu "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.TemplateMacroEnabled.12\shell\New\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.TemplateMacroEnabled.12\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "%1" /ou "%u" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.TemplateMacroEnabled.12\shell\Print\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /p "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.TemplateMacroEnabled.12\shell\Show\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.TemplateMacroEnabled.12\shell\ViewProtected\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" /vp "%1" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\PowerPoint.UriLink.16\shell\open\command\ [Value] (Default) [Data]: C:\Program Files (x86)\Microsoft Office\Root\Office16\protocolhandler.exe "%1" MD5: 72a5f1d52efe64e18c59b3012f4a8d45 Size: 1487048 Path: %PROGRAMFILES%\microsoft office\root\office16\protocolhandler.exe HKCR\powerpointhtmlfile\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\powerpointhtmltemplate\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\powerpointxmlfile\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" MD5: 6d2dd729ac2542d905b63b8c872d441e Size: 1863368 Path: %PROGRAMFILES%\microsoft office\root\office16\powerpnt.exe HKCR\prffile\shell\Open\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\msrating.dll",ClickedOnPRF %1 MD5: 66bcf3d8fe2bc65768163cac8578537d Size: 10752 Path: %WINDIR%\system32\msrating.dll HKCR\Publisher.Document.16\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSPUB.EXE" %1 MD5: 9ce8e0d257c53e13833d302130c67e2c Size: 10341056 Path: %PROGRAMFILES%\microsoft office\root\office16\mspub.exe HKCR\Publisher.Document.16\shell\New\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSPUB.EXE" /n %1 MD5: 9ce8e0d257c53e13833d302130c67e2c Size: 10341056 Path: %PROGRAMFILES%\microsoft office\root\office16\mspub.exe HKCR\Publisher.Document.16\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSPUB.EXE" /ou "%u" "%1" MD5: 9ce8e0d257c53e13833d302130c67e2c Size: 10341056 Path: %PROGRAMFILES%\microsoft office\root\office16\mspub.exe HKCR\Publisher.Document.16\shell\OpenAsReadOnly\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSPUB.EXE" /r "%1" MD5: 9ce8e0d257c53e13833d302130c67e2c Size: 10341056 Path: %PROGRAMFILES%\microsoft office\root\office16\mspub.exe HKCR\Publisher.Document.16\shell\Print\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSPUB.EXE" /p %1 MD5: 9ce8e0d257c53e13833d302130c67e2c Size: 10341056 Path: %PROGRAMFILES%\microsoft office\root\office16\mspub.exe HKCR\Publisher.Document.16\shell\PrintTo\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSPUB.EXE" /p %1 *%2, %3, %4 MD5: 9ce8e0d257c53e13833d302130c67e2c Size: 10341056 Path: %PROGRAMFILES%\microsoft office\root\office16\mspub.exe HKCR\Publisher.UriLink.16\shell\open\command\ [Value] (Default) [Data]: C:\Program Files (x86)\Microsoft Office\Root\Office16\protocolhandler.exe "%1" MD5: 72a5f1d52efe64e18c59b3012f4a8d45 Size: 1487048 Path: %PROGRAMFILES%\microsoft office\root\office16\protocolhandler.exe HKCR\ratfile\shell\Open\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\msrating.dll",ClickedOnRAT %1 MD5: 66bcf3d8fe2bc65768163cac8578537d Size: 10752 Path: %WINDIR%\system32\msrating.dll HKCR\RDP.File\shell\Connect\command\ [Value] (Default) [Data]: mstsc.exe "%1" MD5: bba2d637abcf77d646d31588caf02b34 Size: 3106304 Path: %WINDIR%\system32\mstsc.exe HKCR\RDP.File\shell\Edit\command\ [Value] (Default) [Data]: mstsc.exe -edit "%1" MD5: bba2d637abcf77d646d31588caf02b34 Size: 3106304 Path: %WINDIR%\system32\mstsc.exe HKCR\RDP.File\shell\Open\command\ [Value] (Default) [Data]: "%systemroot%\system32\mstsc.exe" "%1" MD5: bba2d637abcf77d646d31588caf02b34 Size: 3106304 Path: %WINDIR%\system32\mstsc.exe HKCR\regedit\shell\open\command\ [Value] (Default) [Data]: regedit.exe "%1" MD5: 2e327f27b5b836d8304df46e8e20341a Size: 300544 Path: %WINDIR%\regedit.exe HKCR\regfile\shell\edit\command\ [Value] (Default) [Data]: %SystemRoot%\system32\notepad.exe "%1" MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\regfile\shell\open\command\ [Value] (Default) [Data]: regedit.exe "%1" MD5: 2e327f27b5b836d8304df46e8e20341a Size: 300544 Path: %WINDIR%\regedit.exe HKCR\regfile\shell\print\command\ [Value] (Default) [Data]: %SystemRoot%\system32\notepad.exe /p "%1" MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\RemoteAssistance.1\shell\open\command\ [Value] (Default) [Data]: "%systemRoot%\system32\msra.exe" -openfile "%1" MD5: 0b49b8d7a256dd61519de70755930a2d Size: 108544 Path: %WINDIR%\system32\msra.exe HKCR\rlefile\shell\open\command\ [Value] (Default) [Data]: "%systemroot%\system32\mspaint.exe" "%1" MD5: ecd027759059c8300e0ff28aa4cb3f5b Size: 6474752 Path: %WINDIR%\system32\mspaint.exe HKCR\rlefile\shell\print\command\ [Value] (Default) [Data]: "%systemroot%\system32\mspaint.exe" /p "%1" MD5: ecd027759059c8300e0ff28aa4cb3f5b Size: 6474752 Path: %WINDIR%\system32\mspaint.exe HKCR\rlefile\shell\printto\command\ [Value] (Default) [Data]: "%systemroot%\system32\mspaint.exe" /pt "%1" "%2" "%3" "%4" MD5: ecd027759059c8300e0ff28aa4cb3f5b Size: 6474752 Path: %WINDIR%\system32\mspaint.exe HKCR\rlogin\shell\open\command\ [Value] (Default) [Data]: "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\url.dll",TelnetProtocolHandler %l MD5: 924b305f9ea87769169b84c4ae4dd600 Size: 233472 Path: %WINDIR%\system32\url.dll HKCR\rqyfile\shell\Edit_Query_in_Notepad\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\root\client\appvlp.exe" notepad.exe "%1" MD5: 6a1c5489c760cffca5ebfcde97d4eb3c Size: 378560 Path: %PROGRAMFILES%\microsoft office\root\client\appvlp.exe HKCR\rtffile\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" MD5: 2ce55791ef4340cf59e8804934df6389 Size: 4300800 Path: %PROGRAMFILES%\windows nt\accessories\wordpad.exe HKCR\rtffile\shell\print\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" /p "%1" MD5: 2ce55791ef4340cf59e8804934df6389 Size: 4300800 Path: %PROGRAMFILES%\windows nt\accessories\wordpad.exe HKCR\rtffile\shell\printto\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" /pt "%1" "%2" "%3" "%4" MD5: 2ce55791ef4340cf59e8804934df6389 Size: 4300800 Path: %PROGRAMFILES%\windows nt\accessories\wordpad.exe HKCR\rtmp\shell\open\command\ [Value] (Default) [Data]: C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\rtsp\shell\open\command\ [Value] (Default) [Data]: C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe "%1" MD5: 982fbf5ca86793b90689874a27a5b4b0 Size: 252864 Path: %SystemDrive%\program files\daum\potplayer\potplayermini64.exe HKCR\SavedDsQuery\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\dsquery.dll,OpenSavedDsQuery %1 MD5: bc3868a4b8b659e63304548f782628c0 Size: 413184 Path: %WINDIR%\system32\dsquery.dll HKCR\scrfile\shell\install\command\ [Value] (Default) [Data]: rundll32.exe desk.cpl,InstallScreenSaver %l MD5: cef925867fbb9031d088087bdedf5b20 Size: 163328 Path: %WINDIR%\system32\desk.cpl HKCR\scriptletfile\shell\Generate Typelib\command\ [Value] (Default) [Data]: "C:\Windows\System32\RUNDLL32.EXE" "C:\Windows\System32\scrobj.dll",GenerateTypeLib "%1" MD5: 28538a3ba743e5e921ee7d2b7cbfb90f Size: 205312 Path: %WINDIR%\system32\scrobj.dll HKCR\scriptletfile\shell\Open\command\ [Value] (Default) [Data]: "C:\Windows\System32\NOTEPAD.EXE" "%1" MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\scriptletfile\shell\Register\command\ [Value] (Default) [Data]: "C:\Windows\System32\REGSVR32.EXE" /i:"%1" "C:\Windows\System32\scrobj.dll" MD5: 677e32495213f015ffa7ff435b6a57b0 Size: 20480 Path: %WINDIR%\system32\regsvr32.exe MD5: 28538a3ba743e5e921ee7d2b7cbfb90f Size: 205312 Path: %WINDIR%\system32\scrobj.dll HKCR\scriptletfile\shell\Unregister\command\ [Value] (Default) [Data]: "C:\Windows\System32\REGSVR32.EXE" /u /n /i:"%1" "C:\Windows\System32\scrobj.dll" MD5: 677e32495213f015ffa7ff435b6a57b0 Size: 20480 Path: %WINDIR%\system32\regsvr32.exe MD5: 28538a3ba743e5e921ee7d2b7cbfb90f Size: 205312 Path: %WINDIR%\system32\scrobj.dll HKCR\search\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe HKCR\search-ms\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe HKCR\SHCmdFile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\explorer.exe MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe HKCR\Shell.CDBurn\shell\Prepare\command\ [Value] (Default) [Data]: %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,PrepareDiscForBurnRunDll %L MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\SPCFile\shell\add\command\ [Value] (Default) [Data]: %SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtAddSPC %1 MD5: f17b26434c4c741174117e373e268bf9 Size: 60416 Path: %WINDIR%\system32\cryptext.dll HKCR\SPCFile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\rundll32.exe cryptext.dll,CryptExtOpenPKCS7 %1 MD5: f17b26434c4c741174117e373e268bf9 Size: 60416 Path: %WINDIR%\system32\cryptext.dll HKCR\stssync\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /share "%1" MD5: 48f7379a04bfef42aa6fddb1c3b5b32b Size: 25836224 Path: %PROGRAMFILES%\microsoft office\root\office16\outlook.exe HKCR\SVCD\shell\PlayWithPowerDVD12.0\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLP.exe" AUTOPLAY VCD "%L" MD5: 0ffa697637e5199629670ebc34b57cad Size: 343480 Path: %PROGRAMFILES%\cyberlink\powerdvd12\pdvdlp.exe HKCR\svgfile\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe HKCR\svgfile\shell\opennew\command\ [Value] (Default) [Data]: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe HKCR\svgfile\shell\print\command\ [Value] (Default) [Data]: "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" MD5: a17bec6fa6015eff75d094434f832441 Size: 19416576 Path: %WINDIR%\system32\mshtml.dll HKCR\svgfile\shell\printto\command\ [Value] (Default) [Data]: "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4" MD5: a17bec6fa6015eff75d094434f832441 Size: 19416576 Path: %WINDIR%\system32\mshtml.dll HKCR\telnet\shell\open\command\ [Value] (Default) [Data]: "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\url.dll",TelnetProtocolHandler %l MD5: 924b305f9ea87769169b84c4ae4dd600 Size: 233472 Path: %WINDIR%\system32\url.dll HKCR\textfile\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" MD5: 2ce55791ef4340cf59e8804934df6389 Size: 4300800 Path: %PROGRAMFILES%\windows nt\accessories\wordpad.exe HKCR\textfile\shell\print\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" /p "%1" MD5: 2ce55791ef4340cf59e8804934df6389 Size: 4300800 Path: %PROGRAMFILES%\windows nt\accessories\wordpad.exe HKCR\textfile\shell\printto\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" /pt "%1" "%2" "%3" "%4" MD5: 2ce55791ef4340cf59e8804934df6389 Size: 4300800 Path: %PROGRAMFILES%\windows nt\accessories\wordpad.exe HKCR\themefile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\themecpl.dll,OpenThemeAction %1 MD5: 85437022aa32a38a4bb39a88e1ca1f5b Size: 2458112 Path: %WINDIR%\system32\themecpl.dll HKCR\themepackfile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\themecpl.dll,OpenThemeAction %1 MD5: 85437022aa32a38a4bb39a88e1ca1f5b Size: 2458112 Path: %WINDIR%\system32\themecpl.dll HKCR\TIFImage.Document\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 MD5: 3f05d6d65e12fe66313cf6db2cdfec9f Size: 1570304 Path: %PROGRAMFILES%\windows photo viewer\photoviewer.dll HKCR\TIFImage.Document\shell\printto\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\shimgvw.dll",ImageView_PrintTo /pt "%1" "%2" "%3" "%4" MD5: 88dd23a0235531ab9d599f9f28a5d805 Size: 26112 Path: %WINDIR%\system32\shimgvw.dll HKCR\tn3270\shell\open\command\ [Value] (Default) [Data]: "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\url.dll",TelnetProtocolHandler %l MD5: 924b305f9ea87769169b84c4ae4dd600 Size: 233472 Path: %WINDIR%\system32\url.dll HKCR\ts3addon\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\TeamSpeak 3 Client\package_inst.exe" "%1" MD5: 7b1ee2885d00693acbf1e2f8239de1a5 Size: 474904 Path: %SystemDrive%\program files\teamspeak 3 client\package_inst.exe HKCR\ts3file\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe" "%1" MD5: 5e6cc633a89c670424fae6b96cc32a06 Size: 11479320 Path: %SystemDrive%\program files\teamspeak 3 client\ts3client_win64.exe HKCR\ts3server\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe" "%1" MD5: 5e6cc633a89c670424fae6b96cc32a06 Size: 11479320 Path: %SystemDrive%\program files\teamspeak 3 client\ts3client_win64.exe HKCR\ttcfile\shell\preview\command\ [Value] (Default) [Data]: %SystemRoot%\System32\fontview.exe %1 MD5: 41f2c4bcf495e8130fa93d7a641476cd Size: 114176 Path: %WINDIR%\system32\fontview.exe HKCR\ttcfile\shell\print\command\ [Value] (Default) [Data]: %SystemRoot%\System32\fontview.exe /p %1 MD5: 41f2c4bcf495e8130fa93d7a641476cd Size: 114176 Path: %WINDIR%\system32\fontview.exe HKCR\ttffile\shell\preview\command\ [Value] (Default) [Data]: %SystemRoot%\System32\fontview.exe %1 MD5: 41f2c4bcf495e8130fa93d7a641476cd Size: 114176 Path: %WINDIR%\system32\fontview.exe HKCR\ttffile\shell\print\command\ [Value] (Default) [Data]: %SystemRoot%\System32\fontview.exe /p %1 MD5: 41f2c4bcf495e8130fa93d7a641476cd Size: 114176 Path: %WINDIR%\system32\fontview.exe HKCR\txtfile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\NOTEPAD.EXE %1 MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\txtfile\shell\print\command\ [Value] (Default) [Data]: %SystemRoot%\system32\NOTEPAD.EXE /p %1 MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\txtfile\shell\printto\command\ [Value] (Default) [Data]: %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\Undecided\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\OpenWith.exe "%1" MD5: a633739da182e75c0d6741119a902a0b Size: 87296 Path: %WINDIR%\system32\openwith.exe HKCR\Unknown\shell\Open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\OpenWith.exe "%1" MD5: a633739da182e75c0d6741119a902a0b Size: 87296 Path: %WINDIR%\system32\openwith.exe HKCR\Unknown\shell\openas\command\ [Value] (Default) [Data]: %SystemRoot%\system32\OpenWith.exe "%1" MD5: a633739da182e75c0d6741119a902a0b Size: 87296 Path: %WINDIR%\system32\openwith.exe HKCR\Unknown\shell\OpenWithSetDefaultOn\command\ [Value] (Default) [Data]: %SystemRoot%\system32\OpenWith.exe -override "%1" MD5: a633739da182e75c0d6741119a902a0b Size: 87296 Path: %WINDIR%\system32\openwith.exe HKCR\VBEFile\shell\Edit\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\Notepad.exe" %1 MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\VBEFile\shell\Open\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\WScript.exe" "%1" %* MD5: 5e5abbcb6a426693edbf3e68e480df2d Size: 148992 Path: %WINDIR%\system32\wscript.exe HKCR\VBEFile\shell\Open2\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\CScript.exe" "%1" %* MD5: f87e44a2c205faa3be76d9462d5125bb Size: 144384 Path: %WINDIR%\system32\cscript.exe HKCR\VBEFile\shell\Print\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\Notepad.exe" /p %1 MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\VBSFile\shell\Edit\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\Notepad.exe" %1 MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\VBSFile\shell\Open\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\WScript.exe" "%1" %* MD5: 5e5abbcb6a426693edbf3e68e480df2d Size: 148992 Path: %WINDIR%\system32\wscript.exe HKCR\VBSFile\shell\Open2\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\CScript.exe" "%1" %* MD5: f87e44a2c205faa3be76d9462d5125bb Size: 144384 Path: %WINDIR%\system32\cscript.exe HKCR\VBSFile\shell\Print\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\Notepad.exe" /p %1 MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\vcard_wab_auto_file\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows Mail\wab.exe" /vcard "%1" MD5: 2781e6ef593909a8b73fe1ad397f778a Size: 515072 Path: %PROGRAMFILES%\windows mail\wab.exe HKCR\VCD\shell\PlayWithPowerDVD12.0\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLP.exe" AUTOPLAY VCD "%L" MD5: 0ffa697637e5199629670ebc34b57cad Size: 343480 Path: %PROGRAMFILES%\cyberlink\powerdvd12\pdvdlp.exe HKCR\VideoFiles\shell\PlayWithPowerDVD12.0\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLP.exe" LOCALAUTOPLAY VIDEO "%L" MD5: 0ffa697637e5199629670ebc34b57cad Size: 343480 Path: %PROGRAMFILES%\cyberlink\powerdvd12\pdvdlp.exe HKCR\VisioViewer.Viewer\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles%\Internet Explorer\iexplore.exe" -nohome MD5: a036c540dc3cabb643c7e8f2c8afc9aa Size: 825536 Path: %PROGRAMFILES%\internet explorer\iexplore.exe HKCR\WAB.AssocProtocol.LDAP\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows Mail\wab.exe" "/ldap:%1" MD5: 2781e6ef593909a8b73fe1ad397f778a Size: 515072 Path: %PROGRAMFILES%\windows mail\wab.exe HKCR\wab_auto_file\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows Mail\wab.exe" /Import "%1" MD5: 2781e6ef593909a8b73fe1ad397f778a Size: 515072 Path: %PROGRAMFILES%\windows mail\wab.exe HKCR\wbcatfile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\sdclt.exe /restorepage HKCR\wcxfile\shell\Open\command\ [Value] (Default) [Data]: "C:\Windows\System32\xwizard.exe" RunWizard /u {7940acf8-60ba-4213-a7c3-f3b400ee266d} /z%1 MD5: 3c70f039ee4c07511abd82b5664fb91b Size: 57344 Path: %WINDIR%\system32\xwizard.exe HKCR\wdpfile\shell\print\command\ [Value] (Default) [Data]: rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_Fullscreen %1 MD5: 88dd23a0235531ab9d599f9f28a5d805 Size: 26112 Path: %WINDIR%\system32\shimgvw.dll HKCR\wdpfile\shell\printto\command\ [Value] (Default) [Data]: rundll32.exe %SystemRoot%\system32\shimgvw.dll,ImageView_PrintTo /pt "%1" "%2" "%3" "%4" MD5: 88dd23a0235531ab9d599f9f28a5d805 Size: 26112 Path: %WINDIR%\system32\shimgvw.dll HKCR\webcals\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /share "%1" MD5: 48f7379a04bfef42aa6fddb1c3b5b32b Size: 25836224 Path: %PROGRAMFILES%\microsoft office\root\office16\outlook.exe HKCR\webpnpFile\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\system32\wpnpinst.exe %1 HKCR\Windows.CompositeFont\shell\open\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\notepad.exe" "%1" MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\Windows.IsoFile\shell\burn\command\ [Value] (Default) [Data]: %SystemRoot%\System32\isoburn.exe "%1" MD5: ed41290ec63dc2c0743edbac5f5c3c0e Size: 108032 Path: %WINDIR%\system32\isoburn.exe HKCR\Windows.IsoFile\shell\mount\command\ [Value] (Default) [Data]: %SystemRoot%\Explorer.exe MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe HKCR\Windows.VhdFile\shell\mount\command\ [Value] (Default) [Data]: %SystemRoot%\Explorer.exe MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe HKCR\Windows.XamlDocument\shell\edit\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\notepad.exe" "%1" MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\Windows.XamlDocument\shell\open\command\ [Value] (Default) [Data]: "C:\Windows\System32\PresentationHost.exe" "%1" %* MD5: 7db413989bddfd23af251b26fc9f6055 Size: 244736 Path: %WINDIR%\system32\presentationhost.exe HKCR\Windows.Xbap\shell\edit\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\notepad.exe" "%1" MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\Windows.Xbap\shell\open\command\ [Value] (Default) [Data]: "C:\Windows\System32\PresentationHost.exe" "%1" %* MD5: 7db413989bddfd23af251b26fc9f6055 Size: 244736 Path: %WINDIR%\system32\presentationhost.exe HKCR\Windows.XPSReachViewer\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\System32\xpsrchvw.exe "%1" %* MD5: 2b149633b2ebbccea912772eb7473c71 Size: 3520512 Path: %WINDIR%\system32\xpsrchvw.exe HKCR\Windows.XPSReachViewer\shell\print\command\ [Value] (Default) [Data]: %SystemRoot%\System32\xpsrchvw.exe "%1" /p MD5: 2b149633b2ebbccea912772eb7473c71 Size: 3520512 Path: %WINDIR%\system32\xpsrchvw.exe HKCR\WindowsDefender\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\Windows Defender\MSASCui.exe" %1 MD5: 1f3210e210e6b755c6fe263839960b5a Size: 1299968 Path: %SystemDrive%\program files\windows defender\msascui.exe HKCR\WindowsStore.License\shell\open\command\ [Value] (Default) [Data]: %SystemRoot%\System32\licensemanagershellext.exe "%1" HKCR\WinRAR\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\WinRAR\WinRAR.exe" "%1" MD5: 15cc78351432c081e1203aa6b4b59da5 Size: 1558928 Path: %SystemDrive%\program files\winrar\winrar.exe HKCR\WinRAR.REV\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\WinRAR\WinRAR.exe" "%1" MD5: 15cc78351432c081e1203aa6b4b59da5 Size: 1558928 Path: %SystemDrive%\program files\winrar\winrar.exe HKCR\WinRAR.ZIP\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\WinRAR\WinRAR.exe" "%1" MD5: 15cc78351432c081e1203aa6b4b59da5 Size: 1558928 Path: %SystemDrive%\program files\winrar\winrar.exe HKCR\wmffile\shell\open\command\ [Value] (Default) [Data]: "%systemroot%\system32\mspaint.exe" "%1" MD5: ecd027759059c8300e0ff28aa4cb3f5b Size: 6474752 Path: %WINDIR%\system32\mspaint.exe HKCR\wmffile\shell\print\command\ [Value] (Default) [Data]: "%systemroot%\system32\mspaint.exe" /p "%1" MD5: ecd027759059c8300e0ff28aa4cb3f5b Size: 6474752 Path: %WINDIR%\system32\mspaint.exe HKCR\wmffile\shell\printto\command\ [Value] (Default) [Data]: "%systemroot%\system32\mspaint.exe" /pt "%1" "%2" "%3" "%4" MD5: ecd027759059c8300e0ff28aa4cb3f5b Size: 6474752 Path: %WINDIR%\system32\mspaint.exe HKCR\WMP.AudioCD\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP.BurnCD\shell\Burn\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP.DVD\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP.DVR-MSFile\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP.DVR-MSFile\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP.VCD\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP.WTVFile\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP.WTVFile\shell\play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.3G2\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.3G2\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.3GP\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.3GP\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.ADTS\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.ADTS\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.AIFF\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.AIFF\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.ASF\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:7 /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.ASF\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:7 /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.ASX\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.ASX\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.AU\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.AU\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.AVI\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:8 /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.AVI\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:8 /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.CDA\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.CDA\shell\play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.FLAC\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.FLAC\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.M2TS\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:12 /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.M2TS\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:12 /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.m3u\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.m3u\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.M4A\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.M4A\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.MIDI\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.MIDI\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.MK3D\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.MK3D\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.MKA\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.MKA\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.MKV\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.MKV\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.MOV\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.MOV\shell\play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.MP3\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.MP3\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.MP4\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.MP4\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:6 /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.MPEG\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:9 /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.MPEG\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:9 /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.TTS\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:12 /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.TTS\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:12 /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.WAV\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.WAV\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.WAX\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.WAX\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.wma\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:5 /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.wma\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:5 /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.WMD\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /WMPackage:"%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.WMS\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /layout:"%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.WMV\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:7 /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.WMV\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /prefetch:7 /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.WMZ\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /layout:"%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.WPL\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.WPL\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.WVX\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocFile.WVX\shell\Play\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Play "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocProtocol.DLNA-PLAYSINGLE\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\WMP11.AssocProtocol.MMS\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" "%L" MD5: b1419b38fbd14c65cb73d26d5577bd99 Size: 166912 Path: %PROGRAMFILES%\windows media player\wmplayer.exe HKCR\Word.Document.12\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /vu "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.Document.12\shell\New\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.Document.12\shell\OnenotePrintto\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%1" "%2" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.Document.12\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "%1" /o "%u" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.Document.12\shell\OpenAsReadOnly\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /h /n "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.Document.12\shell\Print\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /i "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.Document.12\shell\Printto\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%1" "%2" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.Document.12\shell\ViewProtected\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /vp "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.Document.8\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /vu "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.Document.8\shell\New\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.Document.8\shell\OnenotePrintto\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%1" "%2" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.Document.8\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "%1" /o "%u" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.Document.8\shell\OpenAsReadOnly\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /h /n "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.Document.8\shell\Print\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /i "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.Document.8\shell\Printto\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%1" "%2" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.Document.8\shell\ViewProtected\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /vp "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.DocumentMacroEnabled.12\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /vu "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.DocumentMacroEnabled.12\shell\New\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.DocumentMacroEnabled.12\shell\OnenotePrintto\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%1" "%2" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.DocumentMacroEnabled.12\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "%1" /o "%u" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.DocumentMacroEnabled.12\shell\OpenAsReadOnly\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /h /n "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.DocumentMacroEnabled.12\shell\Print\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /i "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.DocumentMacroEnabled.12\shell\Printto\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%1" "%2" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.DocumentMacroEnabled.12\shell\ViewProtected\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /vp "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.OpenDocumentText.12\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /vu "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.OpenDocumentText.12\shell\New\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.OpenDocumentText.12\shell\OnenotePrintto\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%1" "%2" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.OpenDocumentText.12\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.OpenDocumentText.12\shell\OpenAsReadOnly\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /h /n "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.OpenDocumentText.12\shell\Print\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /i "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.OpenDocumentText.12\shell\printto\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%1" "%2" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.OpenDocumentText.12\shell\ViewProtected\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /vp "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.Template.12\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /vu "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.Template.12\shell\New\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.Template.12\shell\OnenotePrintto\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%1" "%2" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.Template.12\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "%1" /o "%u" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.Template.12\shell\OpenAsReadOnly\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /h /n "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.Template.12\shell\Print\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /i "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.Template.12\shell\Printto\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%1" "%2" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.Template.12\shell\ViewProtected\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /vp "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.TemplateMacroEnabled.12\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /vu "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.TemplateMacroEnabled.12\shell\New\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.TemplateMacroEnabled.12\shell\OnenotePrintto\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%1" "%2" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.TemplateMacroEnabled.12\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "%1" /o "%u" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.TemplateMacroEnabled.12\shell\OpenAsReadOnly\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /h /n "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.TemplateMacroEnabled.12\shell\Print\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /i "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.TemplateMacroEnabled.12\shell\Printto\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%1" "%2" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Word.TemplateMacroEnabled.12\shell\ViewProtected\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /vp "%1" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\wordhtmlfile\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\wordhtmltemplate\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\Wordpad.Document.1\shell\open\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" MD5: 2ce55791ef4340cf59e8804934df6389 Size: 4300800 Path: %PROGRAMFILES%\windows nt\accessories\wordpad.exe HKCR\Wordpad.Document.1\shell\print\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" /p "%1" MD5: 2ce55791ef4340cf59e8804934df6389 Size: 4300800 Path: %PROGRAMFILES%\windows nt\accessories\wordpad.exe HKCR\Wordpad.Document.1\shell\printto\command\ [Value] (Default) [Data]: "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" /pt "%1" "%2" "%3" "%4" MD5: 2ce55791ef4340cf59e8804934df6389 Size: 4300800 Path: %PROGRAMFILES%\windows nt\accessories\wordpad.exe HKCR\wordxmlfile\shell\Edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" MD5: 30d7c83328476782f857e904886a5361 Size: 1943240 Path: %PROGRAMFILES%\microsoft office\root\office16\winword.exe HKCR\WPDContextMenu.Url\shell\Open\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\rundll32.exe" "%SystemRoot%\System32\ieframe.dll",OpenURL %l MD5: 059116e27e72be15321f7fe9aa3ef27f Size: 12181504 Path: %WINDIR%\system32\ieframe.dll HKCR\WSFFile\shell\Edit\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\Notepad.exe" %1 MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\WSFFile\shell\Open\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\WScript.exe" "%1" %* MD5: 5e5abbcb6a426693edbf3e68e480df2d Size: 148992 Path: %WINDIR%\system32\wscript.exe HKCR\WSFFile\shell\Open2\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\CScript.exe" "%1" %* MD5: f87e44a2c205faa3be76d9462d5125bb Size: 144384 Path: %WINDIR%\system32\cscript.exe HKCR\WSFFile\shell\Print\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\Notepad.exe" /p %1 MD5: af79f5a331c50cc87f0a5f921ad93b0f Size: 232448 Path: %WINDIR%\System32\notepad.exe HKCR\WSHFile\shell\Open\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\WScript.exe" "%1" %* MD5: 5e5abbcb6a426693edbf3e68e480df2d Size: 148992 Path: %WINDIR%\system32\wscript.exe HKCR\WSHFile\shell\Open2\command\ [Value] (Default) [Data]: "%SystemRoot%\System32\CScript.exe" "%1" %* MD5: f87e44a2c205faa3be76d9462d5125bb Size: 144384 Path: %WINDIR%\system32\cscript.exe HKCR\xhtmlfile\shell\open\command\ [Value] (Default) [Data]: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe HKCR\xhtmlfile\shell\opennew\command\ [Value] (Default) [Data]: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe HKCR\xhtmlfile\shell\print\command\ [Value] (Default) [Data]: "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" MD5: a17bec6fa6015eff75d094434f832441 Size: 19416576 Path: %WINDIR%\system32\mshtml.dll HKCR\xhtmlfile\shell\printto\command\ [Value] (Default) [Data]: "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4" MD5: a17bec6fa6015eff75d094434f832441 Size: 19416576 Path: %WINDIR%\system32\mshtml.dll HKCR\xmlfile\shell\edit\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE" /verb edit "%1" MD5: e7f9edba630a0dc7bb31aec830c601dd Size: 221888 Path: %PROGRAMFILES%\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\msoxmled.exe HKCR\xmlfile\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "%1" MD5: e7f9edba630a0dc7bb31aec830c601dd Size: 221888 Path: %PROGRAMFILES%\microsoft office\root\vfs\programfilescommonx86\microsoft shared\office16\msoxmled.exe HKCR\xslfile\shell\Open\command\ [Value] (Default) [Data]: "C:\Program Files\Internet Explorer\iexplore.exe" %1 MD5: d2115718629e1c35a534978262ec172a Size: 825024 Path: %SystemDrive%\program files\internet explorer\iexplore.exe ================= REGISTRY SHELL HANDLERS ================= HKCR\*\shellex\ContextMenuHandlers\ FileSyncEx\ [Value] (Default) [Data]: {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} MD5: c7cf080bc77d1fd1ef3be32f124a19c2 Size: 1602248 Path: %LOCALAPPDATA%\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll HKCR\*\shellex\ContextMenuHandlers\BriefcaseMenu\ [Value] (Default) [Data]: {85BBD920-42A0-1069-A2E4-08002B30309D} MD5: 288dee677ae0e23bebc216f2f19354ff Size: 161792 Path: %WINDIR%\system32\syncui.dll HKCR\*\shellex\ContextMenuHandlers\Kaspersky Anti-Virus 17.0.0\ [Value] (Default) [Data]: {39C9FA89-7012-4573-A92D-BFD1F8CA542D} MD5: c699ad1c8d38d7e304be5d6893f24900 Size: 536160 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll HKCR\*\shellex\ContextMenuHandlers\Open With\ [Value] (Default) [Data]: {09799AFB-AD67-11d1-ABCD-00C04FC30936} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\*\shellex\ContextMenuHandlers\Open With EncryptionMenu\ [Value] (Default) [Data]: {A470F8CF-A1E8-4f65-8335-227475AA5C46} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\*\shellex\ContextMenuHandlers\Sharing\ [Value] (Default) [Data]: {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} MD5: b14ec96f7a15decf967560e981e592c8 Size: 772608 Path: %WINDIR%\System32\ntshrui.dll HKCR\*\shellex\ContextMenuHandlers\WinRAR32\ [Value] (Default) [Data]: {B41DB860-8EE4-11D2-9906-E49FADC173CA} MD5: b313f921a58ebdb29922f4c21f8c86ff Size: 368016 Path: %SystemDrive%\Program Files\WinRAR\rarext32.dll HKCR\*\shellex\ContextMenuHandlers\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\ [Value] (Default) [Data]: Taskband Pin MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\ [Value] (Default) [Data]: Start Menu Pin MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\*\shellex\PropertySheetHandlers\BriefcasePage\ [Value] (Default) [Data]: {85BBD920-42A0-1069-A2E4-08002B30309D} MD5: 288dee677ae0e23bebc216f2f19354ff Size: 161792 Path: %WINDIR%\system32\syncui.dll HKCR\*\shellex\PropertySheetHandlers\CryptoSignMenu\ [Value] (Default) [Data]: {7444C719-39BF-11D1-8CD9-00C04FC29D45} MD5: f17b26434c4c741174117e373e268bf9 Size: 60416 Path: %WINDIR%\system32\cryptext.dll HKCR\*\shellex\PropertySheetHandlers\{3EA48300-8CF6-101B-84FB-666CCB9BCD32}\ [Value] (Default) [Data]: OLE DocFile Property Page MD5: de853b29dd2e1dd3de8f0deb224113c6 Size: 36352 Path: %WINDIR%\system32\docprop.dll HKCR\*\shellex\PropertySheetHandlers\{883373C3-BF89-11D1-BE35-080036B11A03}\ [Value] (Default) [Data]: Summary Properties Page MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.3g2\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.3gp\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.3gp2\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.3gpp\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.3mf\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {E64164EB-1AE0-4C50-BAEF-A413C2B3A4BC} MD5: 488d09482de2e82c960ba9edc99a812f Size: 40448 Path: %WINDIR%\system32\ms3dthumbnailprovider.DLL HKCR\.accdt\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.appcontent-ms\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {7c67eb93-8eff-4e48-889f-45ba299bc46f} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.arw\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {C7657C4A-9F68-40fa-A4DF-96BC08EB3551} MD5: 55e90147be8552e3a9d8c4c5646d03de Size: 335360 Path: %WINDIR%\system32\PhotoMetadataHandler.dll HKCR\.asf\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.avi\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.cr2\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {C7657C4A-9F68-40fa-A4DF-96BC08EB3551} MD5: 55e90147be8552e3a9d8c4c5646d03de Size: 335360 Path: %WINDIR%\system32\PhotoMetadataHandler.dll HKCR\.crw\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {C7657C4A-9F68-40fa-A4DF-96BC08EB3551} MD5: 55e90147be8552e3a9d8c4c5646d03de Size: 335360 Path: %WINDIR%\system32\PhotoMetadataHandler.dll HKCR\.dng\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {C7657C4A-9F68-40fa-A4DF-96BC08EB3551} MD5: 55e90147be8552e3a9d8c4c5646d03de Size: 335360 Path: %WINDIR%\system32\PhotoMetadataHandler.dll HKCR\.docm\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.docx\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.dotm\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.dotx\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.DVR-MS\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.dwfx\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {44121072-A222-48f2-A58A-6D9AD51EBBE9} MD5: 5a5bc29fa3910cb4576defe6ea3012c9 Size: 82944 Path: %WINDIR%\system32\XPSSHHDR.DLL HKCR\.dwfx\shellex\PropertyHandler\ [Value] (Default) [Data]: {45670FA8-ED97-4F44-BC93-305082590BFB} MD5: 5a5bc29fa3910cb4576defe6ea3012c9 Size: 82944 Path: %WINDIR%\system32\XPSSHHDR.DLL HKCR\.easmx\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {44121072-A222-48f2-A58A-6D9AD51EBBE9} MD5: 5a5bc29fa3910cb4576defe6ea3012c9 Size: 82944 Path: %WINDIR%\system32\XPSSHHDR.DLL HKCR\.easmx\shellex\PropertyHandler\ [Value] (Default) [Data]: {45670FA8-ED97-4F44-BC93-305082590BFB} MD5: 5a5bc29fa3910cb4576defe6ea3012c9 Size: 82944 Path: %WINDIR%\system32\XPSSHHDR.DLL HKCR\.edrwx\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {44121072-A222-48f2-A58A-6D9AD51EBBE9} MD5: 5a5bc29fa3910cb4576defe6ea3012c9 Size: 82944 Path: %WINDIR%\system32\XPSSHHDR.DLL HKCR\.edrwx\shellex\PropertyHandler\ [Value] (Default) [Data]: {45670FA8-ED97-4F44-BC93-305082590BFB} MD5: 5a5bc29fa3910cb4576defe6ea3012c9 Size: 82944 Path: %WINDIR%\system32\XPSSHHDR.DLL HKCR\.eprtx\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {44121072-A222-48f2-A58A-6D9AD51EBBE9} MD5: 5a5bc29fa3910cb4576defe6ea3012c9 Size: 82944 Path: %WINDIR%\system32\XPSSHHDR.DLL HKCR\.eprtx\shellex\PropertyHandler\ [Value] (Default) [Data]: {45670FA8-ED97-4F44-BC93-305082590BFB} MD5: 5a5bc29fa3910cb4576defe6ea3012c9 Size: 82944 Path: %WINDIR%\system32\XPSSHHDR.DLL HKCR\.erf\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {C7657C4A-9F68-40fa-A4DF-96BC08EB3551} MD5: 55e90147be8552e3a9d8c4c5646d03de Size: 335360 Path: %WINDIR%\system32\PhotoMetadataHandler.dll HKCR\.flac\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.flv\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.jtx\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {44121072-A222-48f2-A58A-6D9AD51EBBE9} MD5: 5a5bc29fa3910cb4576defe6ea3012c9 Size: 82944 Path: %WINDIR%\system32\XPSSHHDR.DLL HKCR\.jtx\shellex\PropertyHandler\ [Value] (Default) [Data]: {45670FA8-ED97-4F44-BC93-305082590BFB} MD5: 5a5bc29fa3910cb4576defe6ea3012c9 Size: 82944 Path: %WINDIR%\system32\XPSSHHDR.DLL HKCR\.jxr\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {C7657C4A-9F68-40fa-A4DF-96BC08EB3551} MD5: 55e90147be8552e3a9d8c4c5646d03de Size: 335360 Path: %WINDIR%\system32\PhotoMetadataHandler.dll HKCR\.kdc\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {C7657C4A-9F68-40fa-A4DF-96BC08EB3551} MD5: 55e90147be8552e3a9d8c4c5646d03de Size: 335360 Path: %WINDIR%\system32\PhotoMetadataHandler.dll HKCR\.lnk\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {00021401-0000-0000-C000-000000000046} MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\SysWOW64\windows.storage.dll HKCR\.lnk\shellex\{00021500-0000-0000-C000-000000000046}\ [Value] (Default) [Data]: {00021401-0000-0000-C000-000000000046} MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\SysWOW64\windows.storage.dll HKCR\.lnk\shellex\{000214EE-0000-0000-C000-000000000046}\ [Value] (Default) [Data]: {00021401-0000-0000-C000-000000000046} MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\SysWOW64\windows.storage.dll HKCR\.lnk\shellex\{000214F9-0000-0000-C000-000000000046}\ [Value] (Default) [Data]: {00021401-0000-0000-C000-000000000046} MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\SysWOW64\windows.storage.dll HKCR\.M1V\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.m2t\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.m2ts\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.M2V\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.m4a\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.m4b\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.m4p\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.m4v\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.mkv\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.mod\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.mov\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.MP2\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.MP2V\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.mp3\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.mp4\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.mp4v\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.mpa\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.mpe\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.mpeg\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.mpg\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.mpv2\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.mrw\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {C7657C4A-9F68-40fa-A4DF-96BC08EB3551} MD5: 55e90147be8552e3a9d8c4c5646d03de Size: 335360 Path: %WINDIR%\system32\PhotoMetadataHandler.dll HKCR\.mts\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.nef\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {C7657C4A-9F68-40fa-A4DF-96BC08EB3551} MD5: 55e90147be8552e3a9d8c4c5646d03de Size: 335360 Path: %WINDIR%\system32\PhotoMetadataHandler.dll HKCR\.nrw\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {C7657C4A-9F68-40fa-A4DF-96BC08EB3551} MD5: 55e90147be8552e3a9d8c4c5646d03de Size: 335360 Path: %WINDIR%\system32\PhotoMetadataHandler.dll HKCR\.orf\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {C7657C4A-9F68-40fa-A4DF-96BC08EB3551} MD5: 55e90147be8552e3a9d8c4c5646d03de Size: 335360 Path: %WINDIR%\system32\PhotoMetadataHandler.dll HKCR\.oxps\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {44121072-A222-48f2-A58A-6D9AD51EBBE9} MD5: 5a5bc29fa3910cb4576defe6ea3012c9 Size: 82944 Path: %WINDIR%\system32\XPSSHHDR.DLL HKCR\.oxps\shellex\PropertyHandler\ [Value] (Default) [Data]: {45670FA8-ED97-4F44-BC93-305082590BFB} MD5: 5a5bc29fa3910cb4576defe6ea3012c9 Size: 82944 Path: %WINDIR%\system32\XPSSHHDR.DLL HKCR\.pano\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {44121072-A222-48f2-A58A-6D9AD51EBBE9} MD5: 5a5bc29fa3910cb4576defe6ea3012c9 Size: 82944 Path: %WINDIR%\system32\XPSSHHDR.DLL HKCR\.pef\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {C7657C4A-9F68-40fa-A4DF-96BC08EB3551} MD5: 55e90147be8552e3a9d8c4c5646d03de Size: 335360 Path: %WINDIR%\system32\PhotoMetadataHandler.dll HKCR\.potm\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.potx\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.ppam\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.ppsm\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.ppsx\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.pptm\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.pptx\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.raf\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {C7657C4A-9F68-40fa-A4DF-96BC08EB3551} MD5: 55e90147be8552e3a9d8c4c5646d03de Size: 335360 Path: %WINDIR%\system32\PhotoMetadataHandler.dll HKCR\.rw2\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {C7657C4A-9F68-40fa-A4DF-96BC08EB3551} MD5: 55e90147be8552e3a9d8c4c5646d03de Size: 335360 Path: %WINDIR%\system32\PhotoMetadataHandler.dll HKCR\.rwl\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {C7657C4A-9F68-40fa-A4DF-96BC08EB3551} MD5: 55e90147be8552e3a9d8c4c5646d03de Size: 335360 Path: %WINDIR%\system32\PhotoMetadataHandler.dll HKCR\.sr2\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {C7657C4A-9F68-40fa-A4DF-96BC08EB3551} MD5: 55e90147be8552e3a9d8c4c5646d03de Size: 335360 Path: %WINDIR%\system32\PhotoMetadataHandler.dll HKCR\.srw\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {C7657C4A-9F68-40fa-A4DF-96BC08EB3551} MD5: 55e90147be8552e3a9d8c4c5646d03de Size: 335360 Path: %WINDIR%\system32\PhotoMetadataHandler.dll HKCR\.symlink\shellex\ContextMenuHandlers\OpenContainingFolderMenu\ [Value] (Default) [Data]: {37ea3a21-7493-4208-a011-7f9ea79ce9f5} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.symlink\shellex\ContextMenuHandlers\{85cfccaf-2d14-42b6-80b6-f40f65d016e7}\ [Value] (Default) [Data]: N/A MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\System32\windows.storage.dll HKCR\.symlink\shellex\IconHandler\ [Value] (Default) [Data]: {85cfccaf-2d14-42b6-80b6-f40f65d016e7} MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\System32\windows.storage.dll HKCR\.symlink\shellex\{000214EE-0000-0000-C000-000000000046}\ [Value] (Default) [Data]: {85cfccaf-2d14-42b6-80b6-f40f65d016e7} MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\System32\windows.storage.dll HKCR\.symlink\shellex\{000214F9-0000-0000-C000-000000000046}\ [Value] (Default) [Data]: {85cfccaf-2d14-42b6-80b6-f40f65d016e7} MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\System32\windows.storage.dll HKCR\.tod\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.ts\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.tts\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.url\shellex\{00021500-0000-0000-C000-000000000046}\ [Value] (Default) [Data]: {FBF23B40-E3F0-101B-8488-00AA003E56F8} MD5: 059116e27e72be15321f7fe9aa3ef27f Size: 12181504 Path: %WINDIR%\SysWOW64\ieframe.dll HKCR\.url\shellex\{000214EE-0000-0000-C000-000000000046}\ [Value] (Default) [Data]: {FBF23B40-E3F0-101B-8488-00AA003E56F8} MD5: 059116e27e72be15321f7fe9aa3ef27f Size: 12181504 Path: %WINDIR%\SysWOW64\ieframe.dll HKCR\.url\shellex\{000214F9-0000-0000-C000-000000000046}\ [Value] (Default) [Data]: {FBF23B40-E3F0-101B-8488-00AA003E56F8} MD5: 059116e27e72be15321f7fe9aa3ef27f Size: 12181504 Path: %WINDIR%\SysWOW64\ieframe.dll HKCR\.uvu\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.vdx\shellex\{00021500-0000-0000-C000-000000000046}\ [Value] (Default) [Data]: {D66DC78C-4F61-447F-942B-3FB6980118CF} MD5: e5d0b59d66509cfd0513d85e27b57820 Size: 900800 Path: %PROGRAMFILES%\Microsoft Office\root\Office16\VISSHE.DLL HKCR\.vob\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.vsdm\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.vsdx\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.vssm\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.vssx\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.vstm\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.vstx\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.vsx\shellex\{00021500-0000-0000-C000-000000000046}\ [Value] (Default) [Data]: {D66DC78C-4F61-447F-942B-3FB6980118CF} MD5: e5d0b59d66509cfd0513d85e27b57820 Size: 900800 Path: %PROGRAMFILES%\Microsoft Office\root\Office16\VISSHE.DLL HKCR\.vtx\shellex\{00021500-0000-0000-C000-000000000046}\ [Value] (Default) [Data]: {D66DC78C-4F61-447F-942B-3FB6980118CF} MD5: e5d0b59d66509cfd0513d85e27b57820 Size: 900800 Path: %PROGRAMFILES%\Microsoft Office\root\Office16\VISSHE.DLL HKCR\.wav\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.wdp\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {C7657C4A-9F68-40fa-A4DF-96BC08EB3551} MD5: 55e90147be8552e3a9d8c4c5646d03de Size: 335360 Path: %WINDIR%\system32\PhotoMetadataHandler.dll HKCR\.wma\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.wmv\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\.xlam\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.xlsb\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.xlsm\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.xlsx\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.xltm\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.xltx\shellex\PropertyHandler\ [Value] (Default) [Data]: {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} MD5: 39dc840dc5bf3bb548780db8b58eae6a Size: 1286344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoshext.dll HKCR\.xps\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {44121072-A222-48f2-A58A-6D9AD51EBBE9} MD5: 5a5bc29fa3910cb4576defe6ea3012c9 Size: 82944 Path: %WINDIR%\system32\XPSSHHDR.DLL HKCR\.xps\shellex\PropertyHandler\ [Value] (Default) [Data]: {45670FA8-ED97-4F44-BC93-305082590BFB} MD5: 5a5bc29fa3910cb4576defe6ea3012c9 Size: 82944 Path: %WINDIR%\system32\XPSSHHDR.DLL HKCR\accountpicturefile\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {80FCA77A-FBCB-4F7D-BC84-547E3F79D618} MD5: f38292405ee98c03cb6286d58f254881 Size: 225280 Path: %WINDIR%\SysWOW64\shdocvw.dll HKCR\AllFilesystemObjects\shellex\ContextMenuHandlers\CopyAsPathMenu\ [Value] (Default) [Data]: {f3d06e7c-1e45-4a26-847e-f9fcdee59be0} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\AllFilesystemObjects\shellex\ContextMenuHandlers\SendTo\ [Value] (Default) [Data]: {7BA4C740-9E81-11CF-99D3-00AA004AE837} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\AllFilesystemObjects\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\ [Value] (Default) [Data]: Start Menu Pin MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Application.Reference\shellex\IconHandler\ [Value] (Default) [Data]: {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} MD5: 7dcac82b896e239f32709f24d92ff608 Size: 1224192 Path: %WINDIR%\SysWOW64\dfshim.dll HKCR\Application.Reference\shellex\{000214F9-0000-0000-C000-000000000046}\ [Value] (Default) [Data]: {e82a2d71-5b2f-43a0-97b8-81be15854de8} MD5: 7dcac82b896e239f32709f24d92ff608 Size: 1224192 Path: %WINDIR%\SysWOW64\dfshim.dll HKCR\batfile\shellex\ContextMenuHandlers\Compatibility\ [Value] (Default) [Data]: {1d27f844-3a1f-4410-85ac-14651078412d} MD5: 9df355889927947b2c542f8cbbdda067 Size: 46592 Path: %WINDIR%\system32\acppage.dll HKCR\batfile\shellex\PropertySheetHandlers\ShimLayer Property Page\ [Value] (Default) [Data]: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} MD5: 9df355889927947b2c542f8cbbdda067 Size: 46592 Path: %WINDIR%\system32\acppage.dll HKCR\batfile\shellex\DropHandler\ [Value] (Default) [Data]: {86C86720-42A0-1069-A2E8-08002B30309D} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\cmdfile\shellex\ContextMenuHandlers\Compatibility\ [Value] (Default) [Data]: {1d27f844-3a1f-4410-85ac-14651078412d} MD5: 9df355889927947b2c542f8cbbdda067 Size: 46592 Path: %WINDIR%\system32\acppage.dll HKCR\cmdfile\shellex\PropertySheetHandlers\ShimLayer Property Page\ [Value] (Default) [Data]: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} MD5: 9df355889927947b2c542f8cbbdda067 Size: 46592 Path: %WINDIR%\system32\acppage.dll HKCR\cmdfile\shellex\DropHandler\ [Value] (Default) [Data]: {86C86720-42A0-1069-A2E8-08002B30309D} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\comfile\shellex\DropHandler\ [Value] (Default) [Data]: {86C86720-42A0-1069-A2E8-08002B30309D} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\CompressedFolder\shellex\ContextMenuHandlers\{b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af}\ [Value] (Default) [Data]: Compressed (zipped) Folder Menu MD5: 5b5aad18fe6719a7d1be169388618391 Size: 348672 Path: %WINDIR%\system32\zipfldr.dll HKCR\CompressedFolder\shellex\DropHandler\ [Value] (Default) [Data]: {ed9d80b9-d157-457b-9192-0e7280313bf0} MD5: 5b5aad18fe6719a7d1be169388618391 Size: 348672 Path: %WINDIR%\system32\zipfldr.dll HKCR\ConflictFolder\shellex\PropertySheetHandlers\Standard\ [Value] (Default) [Data]: {F04CC277-03A2-4277-96A9-77967471BDFF} MD5: 9b7c44470580db4892f425ae95913600 Size: 3309056 Path: %WINDIR%\System32\SyncCenter.dll HKCR\contact_wab_auto_file\shellex\ContextMenuHandlers\WAB\ [Value] (Default) [Data]: {CF67796C-F57F-45f8-92FB-AD698826C602} MD5: c71925849d278d7e9415c1c4b373f3ab Size: 753152 Path: %COMMONPROGRAMFILES%\System\wab32.dll HKCR\contact_wab_auto_file\shellex\{00021500-0000-0000-C000-000000000046}\ [Value] (Default) [Data]: {8082C5E6-4C27-48ec-A809-B8E1122E8F97} MD5: c71925849d278d7e9415c1c4b373f3ab Size: 753152 Path: %COMMONPROGRAMFILES%\System\wab32.dll HKCR\ContentDirectory.item.audioItem\shellex\PropertySheetHandlers\{883373C3-BF89-11D1-BE35-080036B11A03}\ [Value] (Default) [Data]: Summary Properties Page MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\ContentDirectory.item.imageItem\shellex\PropertySheetHandlers\{883373C3-BF89-11D1-BE35-080036B11A03}\ [Value] (Default) [Data]: Summary Properties Page MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\ContentDirectory.item.videoItem\shellex\PropertySheetHandlers\{883373C3-BF89-11D1-BE35-080036B11A03}\ [Value] (Default) [Data]: Summary Properties Page MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\DesktopBackground\shellex\ContextMenuHandlers\DesktopSlideshow\ [Value] (Default) [Data]: {0bf754aa-c967-445c-ab3d-d8fda9bae7ef} MD5: de78c0522296196718d4045bc99948f3 Size: 358912 Path: %WINDIR%\system32\stobject.dll HKCR\Directory\shellex\ContextMenuHandlers\ FileSyncEx\ [Value] (Default) [Data]: {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} MD5: c7cf080bc77d1fd1ef3be32f124a19c2 Size: 1602248 Path: %LOCALAPPDATA%\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll HKCR\Directory\shellex\ContextMenuHandlers\EncryptionMenu\ [Value] (Default) [Data]: {A470F8CF-A1E8-4f65-8335-227475AA5C46} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Directory\shellex\ContextMenuHandlers\Kaspersky Anti-Virus 17.0.0\ [Value] (Default) [Data]: {39C9FA89-7012-4573-A92D-BFD1F8CA542D} MD5: c699ad1c8d38d7e304be5d6893f24900 Size: 536160 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll HKCR\Directory\shellex\ContextMenuHandlers\Sharing\ [Value] (Default) [Data]: {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} MD5: b14ec96f7a15decf967560e981e592c8 Size: 772608 Path: %WINDIR%\System32\ntshrui.dll HKCR\Directory\shellex\CopyHookHandlers\ClearfiCopyHook\ [Value] (Default) [Data]: {ED32C084-BABB-11E1-B491-D4D66088709B} MD5: 9c93efebb1144c55a8eea33e6cdbb5a8 Size: 90368 Path: %PROGRAMFILES%\Acer\clear.fi plug-in\Clearfishellext.dll HKCR\Directory\shellex\CopyHookHandlers\FileSystem\ [Value] (Default) [Data]: {217FC9C0-3AEA-1069-A2DB-08002B30309D} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Directory\shellex\CopyHookHandlers\Sharing\ [Value] (Default) [Data]: {40dd6e20-7c17-11ce-a804-00aa003ca9f6} MD5: b14ec96f7a15decf967560e981e592c8 Size: 772608 Path: %WINDIR%\System32\ntshrui.dll HKCR\Directory\shellex\PropertySheetHandlers\Sharing\ [Value] (Default) [Data]: {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} MD5: b14ec96f7a15decf967560e981e592c8 Size: 772608 Path: %WINDIR%\System32\ntshrui.dll HKCR\Directory\shellex\PropertySheetHandlers\{ef43ecfe-2ab9-4632-bf21-58909dd177f0}\ [Value] (Default) [Data]: N/A MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Drive\shellex\ContextMenuHandlers\Kaspersky Anti-Virus 17.0.0\ [Value] (Default) [Data]: {39C9FA89-7012-4573-A92D-BFD1F8CA542D} MD5: c699ad1c8d38d7e304be5d6893f24900 Size: 536160 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll HKCR\Drive\shellex\ContextMenuHandlers\Sharing\ [Value] (Default) [Data]: {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} MD5: b14ec96f7a15decf967560e981e592c8 Size: 772608 Path: %WINDIR%\System32\ntshrui.dll HKCR\Drive\shellex\ContextMenuHandlers\{fbeb8a05-beee-4442-804e-409d6c4515e9}\ [Value] (Default) [Data]: N/A MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Drive\shellex\DragDropHandlers\WinRAR32\ [Value] (Default) [Data]: {B41DB860-8EE4-11D2-9906-E49FADC173CA} MD5: b313f921a58ebdb29922f4c21f8c86ff Size: 368016 Path: %SystemDrive%\Program Files\WinRAR\rarext32.dll HKCR\Drive\shellex\PropertySheetHandlers\Sharing\ [Value] (Default) [Data]: {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} MD5: b14ec96f7a15decf967560e981e592c8 Size: 772608 Path: %WINDIR%\System32\ntshrui.dll HKCR\Drive\shellex\PropertySheetHandlers\{7988B573-EC89-11cf-9C00-00AA00A14F56}\ [Value] (Default) [Data]: N/A MD5: fb57bee388c9edd942919c6991984b95 Size: 196608 Path: %WINDIR%\SysWOW64\dskquoui.dll HKCR\Drive\shellex\PropertySheetHandlers\{ef43ecfe-2ab9-4632-bf21-58909dd177f0}\ [Value] (Default) [Data]: N/A MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Drive\shellex\PropertySheetHandlers\{fbeb8a05-beee-4442-804e-409d6c4515e9}\ [Value] (Default) [Data]: N/A MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\exefile\shellex\ContextMenuHandlers\Compatibility\ [Value] (Default) [Data]: {1d27f844-3a1f-4410-85ac-14651078412d} MD5: 9df355889927947b2c542f8cbbdda067 Size: 46592 Path: %WINDIR%\system32\acppage.dll HKCR\exefile\shellex\ContextMenuHandlers\PintoStartScreen\ [Value] (Default) [Data]: {470C0EBD-5D73-4d58-9CED-E91E22E23282} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page\ [Value] (Default) [Data]: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} MD5: 9df355889927947b2c542f8cbbdda067 Size: 46592 Path: %WINDIR%\system32\acppage.dll HKCR\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ [Value] (Default) [Data]: N/A MD5: b313f921a58ebdb29922f4c21f8c86ff Size: 368016 Path: %SystemDrive%\Program Files\WinRAR\rarext32.dll HKCR\exefile\shellex\DropHandler\ [Value] (Default) [Data]: {86C86720-42A0-1069-A2E8-08002B30309D} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Folder\shellex\ContextMenuHandlers\BriefcaseMenu\ [Value] (Default) [Data]: {85BBD920-42A0-1069-A2E4-08002B30309D} MD5: 288dee677ae0e23bebc216f2f19354ff Size: 161792 Path: %WINDIR%\system32\syncui.dll HKCR\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus 17.0.0\ [Value] (Default) [Data]: {39C9FA89-7012-4573-A92D-BFD1F8CA542D} MD5: c699ad1c8d38d7e304be5d6893f24900 Size: 536160 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll HKCR\Folder\shellex\ContextMenuHandlers\Library Location\ [Value] (Default) [Data]: {3dad6c5d-2167-4cae-9914-f99e41c12cfa} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Folder\shellex\ContextMenuHandlers\PintoStartScreen\ [Value] (Default) [Data]: {470C0EBD-5D73-4d58-9CED-E91E22E23282} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Folder\shellex\ContextMenuHandlers\WinRAR32\ [Value] (Default) [Data]: {B41DB860-8EE4-11D2-9906-E49FADC173CA} MD5: b313f921a58ebdb29922f4c21f8c86ff Size: 368016 Path: %SystemDrive%\Program Files\WinRAR\rarext32.dll HKCR\Folder\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\ [Value] (Default) [Data]: Start Menu Pin MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Folder\shellex\DragDropHandlers\WinRAR32\ [Value] (Default) [Data]: {B41DB860-8EE4-11D2-9906-E49FADC173CA} MD5: b313f921a58ebdb29922f4c21f8c86ff Size: 368016 Path: %SystemDrive%\Program Files\WinRAR\rarext32.dll HKCR\Folder\shellex\DragDropHandlers\{BD472F60-27FA-11cf-B8B4-444553540000}\ [Value] (Default) [Data]: N/A MD5: 5b5aad18fe6719a7d1be169388618391 Size: 348672 Path: %WINDIR%\system32\zipfldr.dll HKCR\Folder\shellex\PropertySheetHandlers\BriefcasePage\ [Value] (Default) [Data]: {85BBD920-42A0-1069-A2E4-08002B30309D} MD5: 288dee677ae0e23bebc216f2f19354ff Size: 161792 Path: %WINDIR%\system32\syncui.dll HKCR\fonfile\shellex\ContextMenuHandlers\InstallFont\ [Value] (Default) [Data]: {1a184871-359e-4f67-aad9-5b9905d62232} MD5: b1ff87c4ccc17d6a288df7212d5888de Size: 896512 Path: %WINDIR%\system32\fontext.dll HKCR\group_wab_auto_file\shellex\ContextMenuHandlers\WAB\ [Value] (Default) [Data]: {16C2C29D-0E5F-45f3-A445-03E03F587B7D} MD5: c71925849d278d7e9415c1c4b373f3ab Size: 753152 Path: %COMMONPROGRAMFILES%\System\wab32.dll HKCR\group_wab_auto_file\shellex\DropHandler\ [Value] (Default) [Data]: {4F58F63F-244B-4c07-B29F-210BE59BE9B4} MD5: c71925849d278d7e9415c1c4b373f3ab Size: 753152 Path: %COMMONPROGRAMFILES%\System\wab32.dll HKCR\group_wab_auto_file\shellex\{00021500-0000-0000-C000-000000000046}\ [Value] (Default) [Data]: {4F58F63F-244B-4c07-B29F-210BE59BE9B4} MD5: c71925849d278d7e9415c1c4b373f3ab Size: 753152 Path: %COMMONPROGRAMFILES%\System\wab32.dll HKCR\IE.AssocFile.URL\shellex\IconHandler\ [Value] (Default) [Data]: {FBF23B40-E3F0-101B-8488-00AA003E56F8} MD5: 059116e27e72be15321f7fe9aa3ef27f Size: 12181504 Path: %WINDIR%\SysWOW64\ieframe.dll HKCR\IE.AssocFile.WEBSITE\shellex\IconHandler\ [Value] (Default) [Data]: {182C3813-DF97-40fa-9C4E-B7D3E74F00CA} MD5: 059116e27e72be15321f7fe9aa3ef27f Size: 12181504 Path: %WINDIR%\SysWOW64\ieframe.dll HKCR\IE.AssocFile.WEBSITE\shellex\{00021500-0000-0000-C000-000000000046}\ [Value] (Default) [Data]: {182C3813-DF97-40fa-9C4E-B7D3E74F00CA} MD5: 059116e27e72be15321f7fe9aa3ef27f Size: 12181504 Path: %WINDIR%\SysWOW64\ieframe.dll HKCR\IE.AssocFile.WEBSITE\shellex\{000214F9-0000-0000-C000-000000000046}\ [Value] (Default) [Data]: {182C3813-DF97-40fa-9C4E-B7D3E74F00CA} MD5: 059116e27e72be15321f7fe9aa3ef27f Size: 12181504 Path: %WINDIR%\SysWOW64\ieframe.dll HKCR\IE.AssocFile.WEBSITE\shellex\PropertyHandler\ [Value] (Default) [Data]: {182C3813-DF97-40fa-9C4E-B7D3E74F00CA} MD5: 059116e27e72be15321f7fe9aa3ef27f Size: 12181504 Path: %WINDIR%\SysWOW64\ieframe.dll HKCR\InternetShortcut\shellex\ContextMenuHandlers\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\ [Value] (Default) [Data]: N/A MD5: 059116e27e72be15321f7fe9aa3ef27f Size: 12181504 Path: %WINDIR%\SysWOW64\ieframe.dll HKCR\InternetShortcut\shellex\PropertySheetHandlers\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\ [Value] (Default) [Data]: N/A MD5: 059116e27e72be15321f7fe9aa3ef27f Size: 12181504 Path: %WINDIR%\SysWOW64\ieframe.dll HKCR\InternetShortcut\shellex\IconHandler\ [Value] (Default) [Data]: {FBF23B40-E3F0-101B-8488-00AA003E56F8} MD5: 059116e27e72be15321f7fe9aa3ef27f Size: 12181504 Path: %WINDIR%\SysWOW64\ieframe.dll HKCR\jpegfile\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {C7657C4A-9F68-40fa-A4DF-96BC08EB3551} MD5: 55e90147be8552e3a9d8c4c5646d03de Size: 335360 Path: %WINDIR%\system32\PhotoMetadataHandler.dll HKCR\JSEFile\shellex\PropertySheetHandlers\WSHProps\ [Value] (Default) [Data]: {60254CA5-953B-11CF-8C96-00AA00B8708C} MD5: 003f8bdf1a41872e6d16ce9cf5e5a09f Size: 81920 Path: %WINDIR%\SysWOW64\wshext.dll HKCR\JSEFile\shellex\DropHandler\ [Value] (Default) [Data]: {60254CA5-953B-11CF-8C96-00AA00B8708C} MD5: 003f8bdf1a41872e6d16ce9cf5e5a09f Size: 81920 Path: %WINDIR%\SysWOW64\wshext.dll HKCR\JSFile\shellex\PropertySheetHandlers\WSHProps\ [Value] (Default) [Data]: {60254CA5-953B-11CF-8C96-00AA00B8708C} MD5: 003f8bdf1a41872e6d16ce9cf5e5a09f Size: 81920 Path: %WINDIR%\SysWOW64\wshext.dll HKCR\JSFile\shellex\DropHandler\ [Value] (Default) [Data]: {60254CA5-953B-11CF-8C96-00AA00B8708C} MD5: 003f8bdf1a41872e6d16ce9cf5e5a09f Size: 81920 Path: %WINDIR%\SysWOW64\wshext.dll HKCR\Launcher.AllAppsDesktopApplication\shellex\ContextMenuHandlers\PintoStartScreen\ [Value] (Default) [Data]: {470C0EBD-5D73-4d58-9CED-E91E22E23282} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Launcher.AllAppsDesktopApplication\shellex\ContextMenuHandlers\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\ [Value] (Default) [Data]: Taskband Pin MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Launcher.AllAppsDesktopApplication\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\ [Value] (Default) [Data]: Start Menu Pin MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Launcher.Computer\shellex\ContextMenuHandlers\PintoStartScreen\ [Value] (Default) [Data]: {470C0EBD-5D73-4d58-9CED-E91E22E23282} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Launcher.Computer\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\ [Value] (Default) [Data]: Start Menu Pin MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Launcher.Desktop\shellex\ContextMenuHandlers\PintoStartScreen\ [Value] (Default) [Data]: {470C0EBD-5D73-4d58-9CED-E91E22E23282} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Launcher.DesktopPackagedApplication\shellex\ContextMenuHandlers\PintoStartScreen\ [Value] (Default) [Data]: {470C0EBD-5D73-4d58-9CED-E91E22E23282} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Launcher.DesktopPackagedApplication\shellex\ContextMenuHandlers\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\ [Value] (Default) [Data]: Taskband Pin MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Launcher.DesktopPackagedApplication\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\ [Value] (Default) [Data]: Start Menu Pin MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Launcher.DualModeApplication\shellex\ContextMenuHandlers\PintoStartScreen\ [Value] (Default) [Data]: {470C0EBD-5D73-4d58-9CED-E91E22E23282} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Launcher.DualModeApplication\shellex\ContextMenuHandlers\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\ [Value] (Default) [Data]: Taskband Pin MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Launcher.DualModeApplication\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\ [Value] (Default) [Data]: Start Menu Pin MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Launcher.ImmersiveApplication\shellex\ContextMenuHandlers\PintoStartScreen\ [Value] (Default) [Data]: {470C0EBD-5D73-4d58-9CED-E91E22E23282} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Launcher.ImmersiveApplication\shellex\ContextMenuHandlers\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\ [Value] (Default) [Data]: Taskband Pin MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Launcher.ImmersiveApplication\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\ [Value] (Default) [Data]: Start Menu Pin MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Launcher.SystemSettings\shellex\ContextMenuHandlers\PintoStartScreen\ [Value] (Default) [Data]: {470C0EBD-5D73-4d58-9CED-E91E22E23282} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Launcher.SystemSettings\shellex\ContextMenuHandlers\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\ [Value] (Default) [Data]: Taskband Pin MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Launcher.SystemSettings\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\ [Value] (Default) [Data]: Start Menu Pin MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\LibraryFolder\shellex\ContextMenuHandlers\LibraryFolder\ [Value] (Default) [Data]: {0af96ede-aebf-41ed-a1c8-cf7a685505b6} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\LibraryFolder\shellex\IconHandler\ [Value] (Default) [Data]: {14074e0b-7216-4862-96e6-53cada442a56} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\LibraryFolder\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\LibraryLocation\shellex\ContextMenuHandlers\OpenContainingFolderMenu\ [Value] (Default) [Data]: {37ea3a21-7493-4208-a011-7f9ea79ce9f5} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\lnkfile\shellex\ContextMenuHandlers\OpenContainingFolderMenu\ [Value] (Default) [Data]: {37ea3a21-7493-4208-a011-7f9ea79ce9f5} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\lnkfile\shellex\ContextMenuHandlers\{00021401-0000-0000-C000-000000000046}\ [Value] (Default) [Data]: N/A MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\SysWOW64\windows.storage.dll HKCR\lnkfile\shellex\PropertySheetHandlers\Console\ [Value] (Default) [Data]: {D2942F8E-478E-41D3-870A-35A16238F4EE} MD5: a2f97329b3ba25655dc967f4bcbfb04d Size: 92160 Path: %WINDIR%\System32\console.dll HKCR\lnkfile\shellex\PropertySheetHandlers\ShimLayer Property Page\ [Value] (Default) [Data]: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} MD5: 9df355889927947b2c542f8cbbdda067 Size: 46592 Path: %WINDIR%\system32\acppage.dll HKCR\lnkfile\shellex\DropHandler\ [Value] (Default) [Data]: {00021401-0000-0000-C000-000000000046} MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\SysWOW64\windows.storage.dll HKCR\lnkfile\shellex\IconHandler\ [Value] (Default) [Data]: {00021401-0000-0000-C000-000000000046} MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\SysWOW64\windows.storage.dll HKCR\Microsoft.Website\shellex\ContextMenuHandlers\PintoStartScreen\ [Value] (Default) [Data]: {470C0EBD-5D73-4d58-9CED-E91E22E23282} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Microsoft.Website\shellex\ContextMenuHandlers\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\ [Value] (Default) [Data]: N/A MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Microsoft.Website\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\ [Value] (Default) [Data]: N/A MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Microsoft.Website\shellex\IconHandler\ [Value] (Default) [Data]: {182C3813-DF97-40fa-9C4E-B7D3E74F00CA} MD5: 059116e27e72be15321f7fe9aa3ef27f Size: 12181504 Path: %WINDIR%\SysWOW64\ieframe.dll HKCR\Microsoft.Website\shellex\{00021500-0000-0000-C000-000000000046}\ [Value] (Default) [Data]: {182C3813-DF97-40fa-9C4E-B7D3E74F00CA} MD5: 059116e27e72be15321f7fe9aa3ef27f Size: 12181504 Path: %WINDIR%\SysWOW64\ieframe.dll HKCR\Microsoft.Website\shellex\{000214F9-0000-0000-C000-000000000046}\ [Value] (Default) [Data]: {182C3813-DF97-40fa-9C4E-B7D3E74F00CA} MD5: 059116e27e72be15321f7fe9aa3ef27f Size: 12181504 Path: %WINDIR%\SysWOW64\ieframe.dll HKCR\Microsoft.Website\shellex\PropertyHandler\ [Value] (Default) [Data]: {182C3813-DF97-40fa-9C4E-B7D3E74F00CA} MD5: 059116e27e72be15321f7fe9aa3ef27f Size: 12181504 Path: %WINDIR%\SysWOW64\ieframe.dll HKCR\mscfile\shellex\ContextMenuHandlers\PintoStartScreen\ [Value] (Default) [Data]: {470C0EBD-5D73-4d58-9CED-E91E22E23282} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\mscfile\shellex\IconHandler\ [Value] (Default) [Data]: {7A80E4A8-8005-11D2-BCF8-00C04F72C717} MD5: c35dd907c3d7ead576da03b23abe16f4 Size: 115200 Path: %WINDIR%\system32\mmcshext.dll HKCR\Msi.Package\shellex\ContextMenuHandlers\Compatibility\ [Value] (Default) [Data]: {1d27f844-3a1f-4410-85ac-14651078412d} MD5: 9df355889927947b2c542f8cbbdda067 Size: 46592 Path: %WINDIR%\system32\acppage.dll HKCR\Msi.Package\shellex\PropertySheetHandlers\ShimLayer Property Page\ [Value] (Default) [Data]: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} MD5: 9df355889927947b2c542f8cbbdda067 Size: 46592 Path: %WINDIR%\system32\acppage.dll HKCR\MSILink\shellex\ContextMenuHandlers\{1d27f844-3a1f-4410-85ac-14651078412d}\ [Value] (Default) [Data]: Compatibility Context Menu MD5: 9df355889927947b2c542f8cbbdda067 Size: 46592 Path: %WINDIR%\system32\acppage.dll HKCR\MSILink\shellex\ContextMenuHandlers\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\ [Value] (Default) [Data]: Taskband Pin MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\MSILink\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\ [Value] (Default) [Data]: Start Menu Pin MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\OpenSearchProvider\shellex\ContextMenuHandlers\OpenSearchContextMenu\ [Value] (Default) [Data]: {F9A7AB61-C0BC-490e-A7FE-BFF26B327A3F} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\OpenSearchProvider\shellex\IconHandler\ [Value] (Default) [Data]: {96B9DAE3-CF15-45e9-9719-57285348225E} MD5: 0be66b716dac35c0df409ecb5324430a Size: 318464 Path: %WINDIR%\System32\SearchFolder.dll HKCR\OpenSearchProvider\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11d0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\otffile\shellex\ContextMenuHandlers\InstallFont\ [Value] (Default) [Data]: {1a184871-359e-4f67-aad9-5b9905d62232} MD5: b1ff87c4ccc17d6a288df7212d5888de Size: 896512 Path: %WINDIR%\system32\fontext.dll HKCR\pfmfile\shellex\ContextMenuHandlers\InstallFont\ [Value] (Default) [Data]: {1a184871-359e-4f67-aad9-5b9905d62232} MD5: b1ff87c4ccc17d6a288df7212d5888de Size: 896512 Path: %WINDIR%\system32\fontext.dll HKCR\piffile\shellex\PropertySheetHandlers\ShimLayer Property Page\ [Value] (Default) [Data]: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} MD5: 9df355889927947b2c542f8cbbdda067 Size: 46592 Path: %WINDIR%\system32\acppage.dll HKCR\piffile\shellex\DropHandler\ [Value] (Default) [Data]: {86C86720-42A0-1069-A2E8-08002B30309D} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\piffile\shellex\IconHandler\ [Value] (Default) [Data]: {00021401-0000-0000-C000-000000000046} MD5: 149e08578b7d656fd31fd817adbb5f7d Size: 5721808 Path: %WINDIR%\SysWOW64\windows.storage.dll HKCR\PKOFile\shellex\ContextMenuHandlers\CryptoMenu\ [Value] (Default) [Data]: {7444C717-39BF-11D1-8CD9-00C04FC29D45} MD5: f17b26434c4c741174117e373e268bf9 Size: 60416 Path: %WINDIR%\system32\cryptext.dll HKCR\PKOFile\shellex\PropertySheetHandlers\CryptoMenu\ [Value] (Default) [Data]: {7444C717-39BF-11D1-8CD9-00C04FC29D45} MD5: f17b26434c4c741174117e373e268bf9 Size: 60416 Path: %WINDIR%\system32\cryptext.dll HKCR\Printers\shellex\PropertySheetHandlers\ICM Printer Management\ [Value] (Default) [Data]: {675F097E-4C4D-11D0-B6C1-0800091AA605} MD5: f0d87f75e64afd5afc58ed5df8e84d53 Size: 604160 Path: %WINDIR%\SysWOW64\colorui.dll HKCR\RecentDocument\shellex\ContextMenuHandlers\OpenContainingFolderMenu\ [Value] (Default) [Data]: {37ea3a21-7493-4208-a011-7f9ea79ce9f5} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Results\shellex\ContextMenuHandlers\OpenContainingFolderMenu\ [Value] (Default) [Data]: {37ea3a21-7493-4208-a011-7f9ea79ce9f5} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\scrfile\shellex\DropHandler\ [Value] (Default) [Data]: {86C86720-42A0-1069-A2E8-08002B30309D} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\SearchConnectorFolder\shellex\IconHandler\ [Value] (Default) [Data]: {68b07bff-cb50-4d60-a7d5-02b1a523bc8c} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\SearchConnectorFolder\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {9DBD2C50-62AD-11D0-B806-00C04FD706EC} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\SHCmdFile\shellex\DropHandler\ [Value] (Default) [Data]: {86C86720-42A0-1069-A2E8-08002B30309D} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\SHCmdFile\shellex\IconHandler\ [Value] (Default) [Data]: {57651662-CE3E-11D0-8D77-00C04FC99D61} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\Stack.Audio\shellex\ContextMenuHandlers\PlayTo\ [Value] (Default) [Data]: {7AD84985-87B4-4a16-BE58-8B72A5B390F7} MD5: 4f6a7a15a888f3db44b67ea909ac1997 Size: 140288 Path: %WINDIR%\SysWOW64\playtomenu.dll HKCR\Stack.Image\shellex\ContextMenuHandlers\PlayTo\ [Value] (Default) [Data]: {7AD84985-87B4-4a16-BE58-8B72A5B390F7} MD5: 4f6a7a15a888f3db44b67ea909ac1997 Size: 140288 Path: %WINDIR%\SysWOW64\playtomenu.dll HKCR\Stack.Video\shellex\ContextMenuHandlers\PlayTo\ [Value] (Default) [Data]: {7AD84985-87B4-4a16-BE58-8B72A5B390F7} MD5: 4f6a7a15a888f3db44b67ea909ac1997 Size: 140288 Path: %WINDIR%\SysWOW64\playtomenu.dll HKCR\SyncMgrContent\shellex\PropertySheetHandlers\Standard\ [Value] (Default) [Data]: {B32D3949-ED98-4DBB-B347-17A144969BBA} MD5: 9b7c44470580db4892f425ae95913600 Size: 3309056 Path: %WINDIR%\System32\SyncCenter.dll HKCR\SyncMgrFolder\shellex\PropertySheetHandlers\Standard\ [Value] (Default) [Data]: {576C9E85-1300-4EF5-BF6B-D00509F4EDCD} MD5: 9b7c44470580db4892f425ae95913600 Size: 3309056 Path: %WINDIR%\System32\SyncCenter.dll HKCR\SyncResultsFolder\shellex\PropertySheetHandlers\Standard\ [Value] (Default) [Data]: {4B534112-3AF6-4697-A77C-D62CE9B9E7CF} MD5: 9b7c44470580db4892f425ae95913600 Size: 3309056 Path: %WINDIR%\System32\SyncCenter.dll HKCR\themefile\shellex\{E357FCCD-A995-4576-B01F-234630154E96}\ [Value] (Default) [Data]: {49C407EF-78B9-4C82-A40B-2FE02F8E771D} MD5: 70b9a4ebc9b1478a602f106a08a9d21c Size: 2813440 Path: %WINDIR%\system32\themeui.dll HKCR\ttcfile\shellex\ContextMenuHandlers\InstallFont\ [Value] (Default) [Data]: {1a184871-359e-4f67-aad9-5b9905d62232} MD5: b1ff87c4ccc17d6a288df7212d5888de Size: 896512 Path: %WINDIR%\system32\fontext.dll HKCR\ttffile\shellex\ContextMenuHandlers\InstallFont\ [Value] (Default) [Data]: {1a184871-359e-4f67-aad9-5b9905d62232} MD5: b1ff87c4ccc17d6a288df7212d5888de Size: 896512 Path: %WINDIR%\system32\fontext.dll HKCR\UserLibraryFolder\shellex\ContextMenuHandlers\SendTo\ [Value] (Default) [Data]: {7BA4C740-9E81-11CF-99D3-00AA004AE837} MD5: c38afe547d5d3d5287d651a7e7f1f113 Size: 20967840 Path: %WINDIR%\System32\SHELL32.dll HKCR\UserLibraryFolder\shellex\ContextMenuHandlers\Sharing\ [Value] (Default) [Data]: {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} MD5: b14ec96f7a15decf967560e981e592c8 Size: 772608 Path: %WINDIR%\System32\ntshrui.dll HKCR\VBEFile\shellex\PropertySheetHandlers\WSHProps\ [Value] (Default) [Data]: {60254CA5-953B-11CF-8C96-00AA00B8708C} MD5: 003f8bdf1a41872e6d16ce9cf5e5a09f Size: 81920 Path: %WINDIR%\SysWOW64\wshext.dll HKCR\VBEFile\shellex\DropHandler\ [Value] (Default) [Data]: {60254CA5-953B-11CF-8C96-00AA00B8708C} MD5: 003f8bdf1a41872e6d16ce9cf5e5a09f Size: 81920 Path: %WINDIR%\SysWOW64\wshext.dll HKCR\VBSFile\shellex\PropertySheetHandlers\WSHProps\ [Value] (Default) [Data]: {60254CA5-953B-11CF-8C96-00AA00B8708C} MD5: 003f8bdf1a41872e6d16ce9cf5e5a09f Size: 81920 Path: %WINDIR%\SysWOW64\wshext.dll HKCR\VBSFile\shellex\DropHandler\ [Value] (Default) [Data]: {60254CA5-953B-11CF-8C96-00AA00B8708C} MD5: 003f8bdf1a41872e6d16ce9cf5e5a09f Size: 81920 Path: %WINDIR%\SysWOW64\wshext.dll HKCR\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ [Value] (Default) [Data]: N/A MD5: b313f921a58ebdb29922f4c21f8c86ff Size: 368016 Path: %SystemDrive%\Program Files\WinRAR\rarext32.dll HKCR\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ [Value] (Default) [Data]: N/A MD5: b313f921a58ebdb29922f4c21f8c86ff Size: 368016 Path: %SystemDrive%\Program Files\WinRAR\rarext32.dll HKCR\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ [Value] (Default) [Data]: N/A MD5: b313f921a58ebdb29922f4c21f8c86ff Size: 368016 Path: %SystemDrive%\Program Files\WinRAR\rarext32.dll HKCR\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ [Value] (Default) [Data]: N/A MD5: b313f921a58ebdb29922f4c21f8c86ff Size: 368016 Path: %SystemDrive%\Program Files\WinRAR\rarext32.dll HKCR\WSFFile\shellex\PropertySheetHandlers\WSHProps\ [Value] (Default) [Data]: {60254CA5-953B-11CF-8C96-00AA00B8708C} MD5: 003f8bdf1a41872e6d16ce9cf5e5a09f Size: 81920 Path: %WINDIR%\SysWOW64\wshext.dll HKCR\WSFFile\shellex\DropHandler\ [Value] (Default) [Data]: {60254CA5-953B-11CF-8C96-00AA00B8708C} MD5: 003f8bdf1a41872e6d16ce9cf5e5a09f Size: 81920 Path: %WINDIR%\SysWOW64\wshext.dll HKCR\WSHFile\shellex\PropertySheetHandlers\WSHProps\ [Value] (Default) [Data]: {60254CA5-953B-11CF-8C96-00AA00B8708C} MD5: 003f8bdf1a41872e6d16ce9cf5e5a09f Size: 81920 Path: %WINDIR%\SysWOW64\wshext.dll HKCR\WSHFile\shellex\DropHandler\ [Value] (Default) [Data]: {60254CA5-953B-11CF-8C96-00AA00B8708C} MD5: 003f8bdf1a41872e6d16ce9cf5e5a09f Size: 81920 Path: %WINDIR%\SysWOW64\wshext.dll HKCR\xmlfile\shellex\IconHandler\ [Value] (Default) [Data]: {AB968F1E-E20B-403A-9EB8-72EB0EB6797E} MD5: 248d973e847309860ceebfe6bc6e1b70 Size: 70344 Path: %PROGRAMFILES%\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\msoxev.dll ================= IMAGE EXECUTIONS ================= ================= REGISTRY KEY VALUES ================= HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon [Value] shell [Data]: explorer.exe MD5: f2d58a2e27c2cd486f8f0a123a3f34c3 Size: 4674360 Path: %WINDIR%\explorer.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon [Value] userinit [Data]: C:\WINDOWS\system32\userinit.exe, MD5: fa900e6cccf0a429d5b720c6f0e2274b Size: 27648 Path: %WINDIR%\system32\userinit.exe HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd [Value] StartupPrograms [Data]: rdpclip HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems [Value] Windows [Data]: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ================= CLSID OBJECTS ================= HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [Value] {093F479D-712E-46CD-9E06-62E734A05F68} [Data]: MD5: d2b9aca7f98dd0bcc50eddf50d834262 Size: 1028968 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [Key] {4EADF352-44A1-40F7-9773-A3A4768D24DA} [Value] {4EADF352-44A1-40F7-9773-A3A4768D24DA}\URL [Data]: http://www.bing.com/search?q={searchTerms}&form=PRACE1&src=IE11TR&pc=ACTE [Key] {DB1DC6F3-0817-41BE-8236-E6638F9575FE} [Value] {DB1DC6F3-0817-41BE-8236-E6638F9575FE}\URL [Data]: http://www.bing.com/search?q={searchTerms}&form=PRACE1&src=IE11TR&pc=ACTE [Value] DefaultScope [Data]: {DB1DC6F3-0817-41BE-8236-E6638F9575FE} HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions [Key] {2670000A-7350-4f3c-8081-5663EE0C6C49} [Value] {2670000A-7350-4f3c-8081-5663EE0C6C49}\CLSID [Data]: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects [Key] {2E38825B-8815-42CF-9126-C58BC28D4591} MD5: d2b9aca7f98dd0bcc50eddf50d834262 Size: 1028968 Path: %PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [Key] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} MD5: 0ddf0eabd633212060e31e3a24a10e12 Size: 473152 Path: %PROGRAMFILES%\Java\jre1.8.0_131\bin\ssv.dll [Key] {DBC80044-A445-435b-BC74-9C25C1C588A9} MD5: 14f57fb1f3da1502e8d3e25ac67c9974 Size: 186944 Path: %PROGRAMFILES%\Java\jre1.8.0_131\bin\jp2ssv.dll [Key] {FFCB3198-32F3-4E8B-9539-4324694ED664} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad [Value] WebCheck [Data]: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [Value] {CFBFAE00-17A6-11D0-99CB-00C04FD64497} [Data]: MD5: 059116e27e72be15321f7fe9aa3ef27f Size: 12181504 Path: %WINDIR%\SysWOW64\ieframe.dll HKCU\Software\Microsoft\Internet Explorer\SearchScopes [Key] {4EADF352-44A1-40F7-9773-A3A4768D24DA} [Value] DefaultScope [Data]: {DB1DC6F3-0817-41BE-8236-E6638F9575FE} HKU\S-1-5-21-618468374-2032823393-735328301-1001\Software\Microsoft\Internet Explorer\URLSearchHooks [Value] {CFBFAE00-17A6-11D0-99CB-00C04FD64497} [Data]: MD5: 059116e27e72be15321f7fe9aa3ef27f Size: 12181504 Path: %WINDIR%\SysWOW64\ieframe.dll HKU\S-1-5-21-618468374-2032823393-735328301-1001\Software\Microsoft\Internet Explorer\SearchScopes [Key] {4EADF352-44A1-40F7-9773-A3A4768D24DA} [Value] DefaultScope [Data]: {DB1DC6F3-0817-41BE-8236-E6638F9575FE} ================= MRU LOCATIONS ================= HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU ================= UNINSTALL LOCATIONS ================= HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ashampoo Burning Studio 6 FREE_is1 [Value] DisplayName [Data]: Ashampoo Burning Studio 6 FREE [Value] InstallLocation [Data]: C:\Programy\Ashampoo\Ashampoo Burning Studio 6\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ashampoo WinOptimizer 14_is1 [Value] DisplayName [Data]: Ashampoo WinOptimizer 14 wersja 14.00.02 [Value] InstallLocation [Data]: C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 14\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dashlane Upgrade Service [Value] DisplayName [Data]: Dashlane Upgrade Service [Value] InstallLocation [Data]: C:\Program Files (x86)\Dashlane\Upgrade HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Huawei E5373 [Value] DisplayName [Data]: Huawei E5373 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A} [Value] DisplayName [Data]: CyberLink PowerDVD 12 [Value] InstallLocation [Data]: C:\Program Files (x86)\CyberLink\PowerDVD12 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686} [Value] DisplayName [Data]: Kaspersky Secure Connection [Value] InstallLocation [Data]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2} [Value] DisplayName [Data]: Kaspersky Internet Security [Value] InstallLocation [Data]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 53.0 (x86 pl) [Value] DisplayName [Data]: Mozilla Firefox 53.0 (x86 pl) [Value] InstallLocation [Data]: C:\Programy\firefox HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Defrag_is1 [Value] DisplayName [Data]: Smart Defrag 5 [Value] InstallLocation [Data]: C:\Program Files (x86)\IObit\Smart Defrag\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter 4.24.3.4750 [Value] DisplayName [Data]: SpyHunter4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{050d4fc8-5d48-4b8f-8972-47c82c46020f} [Value] DisplayName [Data]: Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} [Value] DisplayName [Data]: Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1CF84962-50F8-48CA-9082-B70F3A02C686} [Value] DisplayName [Data]: Kaspersky Secure Connection [Value] InstallLocation [Data]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} [Value] DisplayName [Data]: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20CA507E-24AA-4741-87CF-CC1B250790B7} [Value] DisplayName [Data]: Qualcomm Atheros 11ac Wireless LAN Installer [Value] InstallLocation [Data]: C:\Program Files (x86)\Qualcomm Atheros HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0} [Value] DisplayName [Data]: Java 8 Update 131 [Value] InstallLocation [Data]: C:\Program Files (x86)\Java\jre1.8.0_131\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9} [Value] DisplayName [Data]: Microsoft XNA Framework Redistributable 4.0 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} [Value] DisplayName [Data]: Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} [Value] DisplayName [Data]: Java Auto Updater HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A} [Value] DisplayName [Data]: Realtek Card Reader HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} [Value] DisplayName [Data]: Microsoft Visual C++ 2005 Redistributable HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{74d0e5db-b326-4dae-a6b2-445b9de1836e} [Value] DisplayName [Data]: Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476} [Value] DisplayName [Data]: Realtek Ethernet Controller Driver [Value] InstallLocation [Data]: C:\Program Files (x86)\Realtek\NICDRV_8169 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-0000-0000000FF1CE} [Value] DisplayName [Data]: Office 16 Click-to-Run Extensibility Component HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0415-0000-0000000FF1CE} [Value] DisplayName [Data]: Office 16 Click-to-Run Localization Component HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675} [Value] DisplayName [Data]: Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} [Value] DisplayName [Data]: Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A} [Value] DisplayName [Data]: CyberLink PowerDVD 12 [Value] InstallLocation [Data]: C:\Program Files (x86)\CyberLink\PowerDVD12 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B5AD89F2-03D3-4206-8487-018298007DD0} [Value] DisplayName [Data]: abPhoto HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} [Value] DisplayName [Data]: Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845} [Value] DisplayName [Data]: Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} [Value] DisplayName [Data]: Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CCBE9F01-C2C3-469C-A508-2E23A7495E91} [Value] DisplayName [Data]: IntelĀ® Security Assist HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2} [Value] DisplayName [Data]: Kaspersky Internet Security [Value] InstallLocation [Data]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e46eca4f-393b-40df-9f49-076faf788d83} [Value] DisplayName [Data]: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} [Value] DisplayName [Data]: Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} [Value] DisplayName [Data]: Intel(R) Processor Graphics [Value] InstallLocation [Data]: C:\Program Files (x86)\Intel\Intel(R) Processor Graphics HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} [Value] DisplayName [Data]: Realtek High Definition Audio Driver [Value] InstallLocation [Data]: C:\Program Files\Realtek\Audio\HDA HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F193D8D7-3D5E-4DB5-A74C-F8CD5378EE7B} [Value] DisplayName [Data]: LG United Mobile Drivers [Value] InstallLocation [Data]: C:\Program Files (x86)\LG Electronics\LG United Mobile Drivers\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f65db027-aff3-4070-886a-0d87064aabb1} [Value] DisplayName [Data]: Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} [Value] DisplayName [Data]: Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{fb610cea-ba50-4d4b-a717-cf025419035c} [Value] DisplayName [Data]: Intel(R) Chipset Device Software HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1 [Value] DisplayName [Data]: World of Tanks [Value] InstallLocation [Data]: C:\Games\World_of_Tanks\ ================= SCHEDULED TASKS ================= NAME: CCleanerSkipUAC CMD: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) MD5: c2c9e42d6c51e99c1bab44f108e8851c Size: 6868696 Path: %SystemDrive%\program files\ccleaner\ccleaner.exe NAME: HESS Wireless PCI-CTP CMD: C:\WINDOWS\system32\rundll32.exe "C:\Program Files\HESS Wireless PCI-CTP\HESS Wireless PCI-CTP.dll",EHDqqP MD5: 111474c61232202b5b588d2b512cbb25 Size: 61952 Path: %WINDIR%\System32\rundll32.exe NAME: Software Update Application CMD: "C:\ProgramData\OEM\UpgradeTool\ListCheck.exe" MD5: 28a90821caa1d9d50a01176d6ed882d3 Size: 472992 Path: %ALLUSERSPROFILE%\oem\upgradetool\listcheck.exe NAME: SpyHunter4Startup CMD: "C:\Program Files\SpyHunter\SpyHunter4.exe" MD5: 7d552063bca795d842ec755141b75c6e Size: 8193192 Path: %SystemDrive%\Program Files\SpyHunter\SpyHunter4.exe NAME: Uninstaller_SkipUac_RafaA? CMD: C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer NAME: {8C95D251-84A3-4E82-AB18-0E97695C5550} CMD: C:\WINDOWS\system32\pcalua.exe -a "C:\Users\RafaA?\Downloads\Serials_2000_8.1_SR-2\Serials 2000 8.1 SR-2\serials2000.exe" -d "C:\Users\RafaA?\Downloads\Serials_2000_8.1_SR-2\Serials 2000 8.1 SR-2" ================= ROOTKIT FILES ================= ================= ROOTKIT REGISTRY ================= dows\CurrentVersion\Explorer\RunMRU ================= UNINSTALL LOCATIONS ================= HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ashampoo Burning Studio 6 FREE_is1 [Value] DisplayName [Data]: Ashampoo Burning Studio 6 FREE [Value] InstallLocation [Data]: C:\Programy\Ashampoo\Ashampoo Burning Studio 6\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ashampoo WinOptimizer 14_is1 [Value] DisplayName [Data]: Ashampoo WinOptimizer 14 wersja 14.00.02 [Value] InstallLocation [Data]: C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 14\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dashlane Upgrade Service [Value] DisplayName [Data]: Dashlane Upgrade Service [Value] InstallLocation [Data]: C:\Program Files (x86)\Dashlane\Upgrade HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Huawei E5373 [Value] DisplayName [Data]: Huawei E5373 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A} [Value] DisplayName [Data]: CyberLink PowerDVD 12 [Value] InstallLocation [Data]: C:\Program Files (x86)\CyberLink\PowerDVD12 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686} [Value] DisplayName [Data]: Kaspersky Secure Connection [Value] InstallLocation [Data]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2} [Value] DisplayName [Data]: Kaspersky Internet Security [Value] InstallLocation [Data]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 53.0 (x86 pl) [Value] DisplayName [Data]: Mozilla Firefox 53.0 (x86 pl) [Value] InstallLocation [Data]: C:\Programy\firefox HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Defrag_is1 [Value] DisplayName [Data]: Smart Defrag 5 [Value] InstallLocation [Data]: C:\Program Files (x86)\IObit\Smart Defrag\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter 4.24.3.4750 [Value] DisplayName [Data]: SpyHunter4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{050d4fc8-5d48-4b8f-8972-47c82c46020f} [Value] DisplayName [Data]: Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} [Value] DisplayName [Data]: Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1CF84962-50F8-48CA-9082-B70F3A02C686} [Value] DisplayName [Data]: Kaspersky Secure Connection [Value] InstallLocation [Data]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} [Value] DisplayName [Data]: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20CA507E-24AA-4741-87CF-CC1B250790B7} [Value] DisplayName [Data]: Qualcomm Atheros 11ac Wireless LAN Installer [Value] InstallLocation [Data]: C:\Program Files (x86)\Qualcomm Atheros HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0} [Value] DisplayName [Data]: Java 8 Update 131 [Value] InstallLocation [Data]: C:\Program Files (x86)\Java\jre1.8.0_131\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9} [Value] DisplayName [Data]: Microsoft XNA Framework Redistributable 4.0 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} [Value] DisplayName [Data]: Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} [Value] DisplayName [Data]: Java Auto Updater HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A} [Value] DisplayName [Data]: Realtek Card Reader HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} [Value] DisplayName [Data]: Microsoft Visual C++ 2005 Redistributable HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{74d0e5db-b326-4dae-a6b2-445b9de1836e} [Value] DisplayName [Data]: Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476} [Value] DisplayName [Data]: Realtek Ethernet Controller Driver [Value] InstallLocation [Data]: C:\Program Files (x86)\Realtek\NICDRV_8169 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-0000-0000000FF1CE} [Value] DisplayName [Data]: Office 16 Click-to-Run Extensibility Component HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0415-0000-0000000FF1CE} [Value] DisplayName [Data]: Office 16 Click-to-Run Localization Component HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675} [Value] DisplayName [Data]: Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} [Value] DisplayName [Data]: Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A} [Value] DisplayName [Data]: CyberLink PowerDVD 12 [Value] InstallLocation [Data]: C:\Program Files (x86)\CyberLink\PowerDVD12 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B5AD89F2-03D3-4206-8487-018298007DD0} [Value] DisplayName [Data]: abPhoto HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} [Value] DisplayName [Data]: Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845} [Value] DisplayName [Data]: Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} [Value] DisplayName [Data]: Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CCBE9F01-C2C3-469C-A508-2E23A7495E91} [Value] DisplayName [Data]: IntelĀ® Security Assist HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2} [Value] DisplayName [Data]: Kaspersky Internet Security [Value] InstallLocation [Data]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e46eca4f-393b-40df-9f49-076faf788d83} [Value] DisplayName [Data]: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} [Value] DisplayName [Data]: Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} [Value] DisplayName [Data]: Intel(R) Processor Graphics [Value] InstallLocation [Data]: C:\Program Files (x86)\Intel\Intel(R) Processor Graphics HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} [Value] DisplayName [Data]: Realtek High Definition Audio Driver [Value] InstallLocation [Data]: C:\Program Files\Realtek\Audio\HDA HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F193D8D7-3D5E-4DB5-A74C-F8CD5378EE7B} [Value] DisplayName [Data]: LG United Mobile Drivers [Value] InstallLocation [Data]: C:\Program Files (x86)\LG Electronics\LG United Mobile Drivers\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f65db027-aff3-4070-886a-0d87064aabb1} [Value] DisplayName [Data]: Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} [Value] DisplayName [Data]: Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{fb610cea-ba50-4d4b-a717-cf025419035c} [Value] DisplayName [Data]: Intel(R) Chipset Device Software HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1 [Value] DisplayName [Data]: World of Tanks [Value] InstallLocation [Data]: C:\Games\World_of_Tanks\ ================= SCHEDULED TASKS ================= NAME: CCleanerSkipUAC CMD: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) MD5: c2c9e42d6c51e99c1bab44f108e8851c Size: 6868696 Path: %SystemDrive%\program files\ccleaner\ccleaner.exe NAME: HESS Wireless PCI-CTP CMD: C:\WINDOWS\system32\rundll32.exe "C:\Program Files\HESS Wireless PCI-CTP\HESS Wireless PCI-CTP.dll",EHDqqP MD5: 111474c61232202b5b588d2b512cbb25 Size: 61952 Path: %WINDIR%\System32\rundll32.exe NAME: Software Update Application CMD: "C:\ProgramData\OEM\UpgradeTool\ListCheck.exe" MD5: 28a90821caa1d9d50a01176d6ed882d3 Size: 472992 Path: %ALLUSERSPROFILE%\oem\upgradetool\listcheck.exe NAME: SpyHunter4Startup CMD: "C:\Program Files\SpyHunter\SpyHunter4.exe" MD5: 7d552063bca795d842ec755141b75c6e Size: 8193192 Path: %SystemDrive%\Program Files\SpyHunter\SpyHunter4.exe NAME: Uninstaller_SkipUac_RafaA? CMD: C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer NAME: {8C95D251-84A3-4E82-AB18-0E97695C5550} CMD: C:\WINDOWS\system32\pcalua.exe -a "C:\Users\RafaA?\Downloads\Serials_2000_8.1_SR-2\Serials 2000 8.1 SR-2\serials2000.exe" -d "C:\Users\RafaA?\Downloads\Serials_2000_8.1_SR-2\Serials 2000 8.1 SR-2" ================= ROOTKIT FILES ================= ================= ROOTKIT REGISTRY =================