ListPermissions: C:\Windows\system32\wuaueng.dll
SetDefaultFilePermissions: C:\Windows\system32\wuaueng.dll
ListPermissions: C:\Windows\system32\wuaueng.dll
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1852536608-4100961931-219591902-1001\...\Run: [GoogleChromeAutoLaunch_2C7C08ACC7DE94D8A4468D1F14464A81] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-1852536608-4100961931-219591902-1001\...\Policies\system: [shell] explorer.exe <==== ATTENTION
HKU\S-1-5-21-1852536608-4100961931-219591902-1001\...\MountPoints2: {4a7cb6d9-2055-11ea-a516-380025299513} - "D:\OnePlus_setup.exe" /s
HKU\S-1-5-21-1852536608-4100961931-219591902-1001\...\MountPoints2: {a5b986af-12eb-11ea-a512-b42e993c848f} - "D:\HiSuiteDownLoader.exe" 
Task: {0053f535-35cf-4a2c-8c01-ad6c0b8d2c3c} - no filepath
Task: {010E3C8E-CA1B-41EC-BECC-5BFA09A556D1} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => winrmsrv.exe <==== ATTENTION
Task: {023f8fc5-560f-4b27-86ad-e15074205e11} - no filepath
Task: {03810d9a-edde-4016-bbf4-9dc041858362} - no filepath
Task: {03a62130-3264-4dbe-86ea-3900e798f257} - no filepath
Task: {03bb9a34-5720-464a-9ad8-1873a32d09d7} - no filepath
Task: {048bca53-4f33-4c31-8ec6-583e69efe273} - no filepath
Task: {07a31f1c-3f31-423c-ac42-a6d946d4cb2b} - no filepath
Task: {092e1e60-4d55-4df0-8085-f49a043d8f14} - no filepath
Task: {0a8dbdab-c8a9-44fa-8a3b-8b2104cb1280} - no filepath
Task: {0abfaa3e-cf8d-4825-98cc-9cbcd5cd3ef6} - no filepath
Task: {0da3a7f4-79ac-4e35-b449-b0f784ee98a1} - no filepath
Task: {0ea5cb39-f50c-4c6e-9a23-b5308ec5d136} - no filepath
Task: {0f502ded-409b-40fb-8b4b-b20663aceb52} - no filepath
Task: {105b5978-204a-4aac-9228-a3302ed1e99f} - no filepath
Task: {140fa4fc-6c05-43ad-af93-cd2c0f53af3a} - no filepath
Task: {15bca5ab-a577-4167-9c33-cb507e0fe2ad} - no filepath
Task: {15e41498-8442-4bce-b390-1af26370449d} - no filepath
Task: {168f06fe-899c-48a9-8505-c930b4d12ed4} - no filepath
Task: {18df6682-b544-418e-8ea0-2c0e8153493e} - no filepath
Task: {1a2ecd01-04e6-4906-801a-8450304329dc} - no filepath
Task: {1aecf9bb-1221-4711-bb2f-fcdc87ef5d75} - no filepath
Task: {1f7cd1cc-1c2d-42ad-9cd1-29b27fc280cf} - no filepath
Task: {1fe89311-0aa5-4e80-b21f-0836edcb4933} - no filepath
Task: {209993e2-eaf1-4ab4-8e91-fe70a2712c60} - no filepath
Task: {217b01d7-c78c-4717-b198-6503cb7c9056} - no filepath
Task: {21c2fac0-733a-4376-b4a1-f000adf11d17} - no filepath
Task: {225415c2-8dd0-4901-be55-1d43f69e87cc} - no filepath
Task: {22855e2b-2bed-43ff-aa20-ddc64112ce0c} - no filepath
Task: {24e3b9ac-1725-4d54-aea0-0080a050cc1e} - no filepath
Task: {26b8525b-d40f-4c2c-a361-ae00c80c72b7} - no filepath
Task: {28441b83-c6de-4f25-9ce0-cf4741af339f} - no filepath
Task: {28495ea5-843a-4f11-a381-0b30cb904161} - no filepath
Task: {289c2a66-e51c-4198-ab61-2709ec90ac18} - no filepath
Task: {2a5d99bd-99b6-4995-803e-62d80c77c380} - no filepath
Task: {2b727883-ad27-4a53-8669-9a2088d5007d} - no filepath
Task: {2bf30225-131f-4fa0-b7c5-564769cbd289} - no filepath
Task: {2ccb3e60-6554-4b2e-91ce-71088a383b52} - no filepath
Task: {2e713d22-5e9c-4974-ac11-4089cc6fc8b2} - no filepath
Task: {2e762d3c-5564-4fd5-adc1-720f2d9e5c96} - no filepath
Task: {3117f33b-7065-4784-a4a8-845121ae285b} - no filepath
Task: {318e37f6-7448-4a33-8684-be0016fbc905} - no filepath
Task: {3204629a-a3ec-47cb-9c30-5ed856a69f3f} - no filepath
Task: {32411e0c-cfdb-411b-b8ef-1a7a95f9cf01} - no filepath
Task: {3296c05b-018d-4fdb-b6e1-f60431825317} - no filepath
Task: {337137ef-e9a4-45e5-bd71-d468d6a0cfc5} - no filepath
Task: {35e13c27-5f6a-4ab5-9771-516ce0a00007} - no filepath
Task: {375affed-e27e-4c26-bc5b-40a43711775c} - no filepath
Task: {38f52304-fec1-42e4-85b2-7202cc74a72d} - no filepath
Task: {3c6f6f17-4713-4958-b4f3-770ebd04bb45} - no filepath
Task: {3c9f3ad9-1986-4d7f-b5db-7633cb62dda7} - no filepath
Task: {3d7881ed-8762-4e2d-a120-c9dbd4ce0e00} - no filepath
Task: {3de328fc-6170-4697-a53d-c04583955f38} - no filepath
Task: {3e474194-289b-4e18-a6e8-7c4561a79ea5} - no filepath
Task: {3eceadb2-c9db-458e-86ae-a8d02d217758} - no filepath
Task: {417f29c7-2ad4-415a-8b12-3616af709823} - no filepath
Task: {42963FC0-1243-47A7-8E47-FFF6ED2BFF08} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => winlogui.exe <==== ATTENTION
Task: {44c0104d-2d1a-4da9-9bed-a10cd0208c76} - no filepath
Task: {46418d79-b675-4cc5-b4dc-1400bb494cb3} - no filepath
Task: {47c05a7a-f02e-4d9a-9928-412c36a1b17b} - no filepath
Task: {4ac9505b-f553-4ee9-86ec-a1ed889ab31e} - no filepath
Task: {4ae50839-6cc6-4e57-891a-0a245447e2a9} - no filepath
Task: {4c34b039-c900-4ea7-8439-585f07cebc8d} - no filepath
Task: {4d5e7413-229b-4e5f-8925-0d21481d8702} - no filepath
Task: {4df94ac9-33fd-4ad4-a064-e25438ea2d51} - no filepath
Task: {4e3f7f0f-8d76-43f1-838e-4598b3775b76} - no filepath
Task: {4e4319a2-0f35-47f8-9f2e-8291d463bdc8} - no filepath
Task: {4f3f5770-cf27-4e7d-911a-5c19caeb3472} - no filepath
Task: {51d52c22-92f4-4396-b9af-ebfa54489d0c} - no filepath
Task: {51e2ae56-c5ac-45bd-8de8-1b322df3725f} - no filepath
Task: {534E18BF-7086-4363-B6EE-F00660EE7E2C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {549fa560-c7f1-4068-826a-0a9da0a11d5c} - no filepath
Task: {575f170e-010e-41fd-93ab-de8da5f22c21} - no filepath
Task: {5827ca89-b051-4498-b651-8af19faf76ac} - no filepath
Task: {5937a9c9-1c19-4eea-91b6-ce63d3d19b20} - no filepath
Task: {59de6f35-9b00-4a92-9476-faa70c80f4f9} - no filepath
Task: {5aab1fe8-5f57-4090-8b2a-5c717c48c805} - no filepath
Task: {5b692521-8d05-4bef-9d9e-f333b7285bea} - no filepath
Task: {5d6512de-eb8c-4a41-a01b-d0c45d1c0fea} - no filepath
Task: {5dddca98-5e22-4bb7-9991-c51b0a99afa9} - no filepath
Task: {5e454192-71bf-4981-adfc-4c22f414beb0} - no filepath
Task: {5eb54eed-4847-49cf-9384-5406055dc49b} - no filepath
Task: {5f33280e-6ee5-4c3c-9e81-4f6aea6c85ca} - no filepath
Task: {5f8a9b4a-313d-4713-95a4-74007a68310b} - no filepath
Task: {5faa05bf-6960-4369-891d-7d3cad064c64} - no filepath
Task: {602904a3-6fba-4aa8-9a79-5d454d7ba2dd} - no filepath
Task: {60a986b1-e8a8-4bff-961a-50860da02322} - no filepath
Task: {614a7be5-1a89-454e-9113-9387ae533730} - no filepath
Task: {61b07605-64f4-49be-86a1-b9006aa0ba3f} - no filepath
Task: {62864dbf-5dad-4911-b164-dbe96735a331} - no filepath
Task: {639829d4-8633-4334-8497-b898ae8f52b7} - no filepath
Task: {63b586ac-edb1-4d1a-896e-36aa16c68e69} - no filepath
Task: {63e9f1a0-e42d-4f1c-9388-ef4eea1404b6} - no filepath
Task: {64e3d676-3f95-4ab6-b3c5-0f81d525a25e} - no filepath
Task: {66ab15b0-025e-4a10-9468-00325cf6ec3c} - no filepath
Task: {66cf39f6-4937-4924-8bfd-7b520a656abe} - no filepath
Task: {67f2b98b-4cce-49dd-bba5-f5277cb6ff6f} - no filepath
Task: {6a7b9c74-8b09-45e6-81f4-bad719d582c1} - no filepath
Task: {6a857081-6d51-4171-a799-22563f0383b3} - no filepath
Task: {6f99d279-5046-462e-8ae1-66b9985a029b} - no filepath
Task: {6fd144b4-d55c-4e44-9963-29ee06bb68ee} - no filepath
Task: {6fd813c2-4e9f-49e2-915a-7699d1ae2d9a} - no filepath
Task: {6ff1e2e4-313f-463f-9bab-5733807c79fb} - no filepath
Task: {7073610a-6a04-4a73-913e-1ec5daf779a9} - no filepath
Task: {71ca8d16-d3b7-46f9-b90f-88a81420aba5} - no filepath
Task: {71cb8a06-9602-4251-9a98-f440f6afed50} - no filepath
Task: {72af4593-b903-4305-b182-4dfe1f393a33} - no filepath
Task: {73ce103d-bf7a-4941-9b54-2de0bd4701f7} - no filepath
Task: {755bc01a-6892-4700-8418-0b60ca70deb5} - no filepath
Task: {756d60b2-5f2e-4d4d-bbab-255d2f2de285} - no filepath
Task: {762a3bc9-20e1-4a2f-9ab1-fdef94efa81f} - no filepath
Task: {7649f420-c3e8-4a62-b2c8-46f012ee59de} - no filepath
Task: {76655048-1b13-460a-adba-e97653d27fe9} - no filepath
Task: {76c510ff-4ae7-4cc7-9230-729d4805302c} - no filepath
Task: {772f4df2-119f-4dd3-9afe-2db53da2aa1e} - no filepath
Task: {77645c7d-b4d5-41f6-9bec-720979875d70} - no filepath
Task: {791abb7f-d785-453c-bfb8-209d67a9a0ba} - no filepath
Task: {79e858d3-8fa8-4fec-bfe9-a778d466a986} - no filepath
Task: {7a9216cc-d52c-46b6-bb65-abd901260c72} - no filepath
Task: {7a9db49f-c4c1-43e3-83d6-a10094e02a7d} - no filepath
Task: {7b4716df-9d9b-4e0b-89d8-39d36b742f22} - no filepath
Task: {7c1c87a3-c334-442d-a5b4-896e491cc1d0} - no filepath
Task: {7e1d0bbd-ba3e-4250-b36d-76a1be4cb9b3} - no filepath
Task: {7eb4313b-f2df-4e2a-824b-6aad8d825866} - no filepath
Task: {7f27ca4f-c58a-494a-91f2-50f6272dd690} - no filepath
Task: {8089c756-87f6-464c-88b1-665e90b4a491} - no filepath
Task: {8263D33E-289F-4386-B8CE-386298202C3F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {83607fe2-3dc4-4539-b885-b9875ac2bcc6} - no filepath
Task: {899c6dd1-192f-4746-9bc1-be18ee1a2eea} - no filepath
Task: {8b408d36-eeef-4bb9-aea3-a6c3e461c72a} - no filepath
Task: {8b7acc14-5973-41a6-9cce-43dd3a589841} - no filepath
Task: {8c3a70e7-8eb4-430f-b9c1-923347cb0a04} - no filepath
Task: {8df6e01d-de47-4010-8858-df775fcef887} - no filepath
Task: {8df77c24-d866-4609-8920-938eb935755a} - no filepath
Task: {8E2FE1EF-B61A-4C35-B3D3-880BBBDDF27A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {907cab78-9cc9-425b-9ee8-4749eb2770ca} - no filepath
Task: {9136432e-f177-4796-8c84-7d1471052454} - no filepath
Task: {922a96e7-1a34-4f9c-98ea-59e2fabe2abf} - no filepath
Task: {958629d0-dad4-40d4-9449-c59bfd147032} - no filepath
Task: {95b3fddd-fd10-4c8e-b13f-25024b9e24b1} - no filepath
Task: {95fa9a02-dbe0-4bb8-a045-6169f9b29c44} - no filepath
Task: {97c9b048-39c6-4760-bcfa-ec90e7a621b4} - no filepath
Task: {981DA7E3-4AC3-4371-836F-4D5E67530322} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {9bf1bf30-a461-44c5-a05e-3f8dd37809c0} - no filepath
Task: {9caba5df-4dbd-42f8-9159-60e8c4a8186d} - no filepath
Task: {9cf4a904-ce72-4a8d-b75f-dedd4e7182e2} - no filepath
Task: {a0f7c6e4-9369-4dba-870d-4417b34562a5} - no filepath
Task: {a1104458-b3bb-40fe-9f17-200b0eb26a9d} - no filepath
Task: {a1e78862-699f-4838-b641-ab453552404f} - no filepath
Task: {a26c489c-5733-4f6b-94d2-e232df328768} - no filepath
Task: {a51eb0c1-efa4-4668-98b5-9c72683879b5} - no filepath
Task: {A6B0464F-6097-40F0-8582-CB03972997AD} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {a77bf2c2-533e-430d-bf2b-d9ed8d0b0443} - no filepath
Task: {a8995770-eb07-4fbb-a583-72eaba0f0cb9} - no filepath
Task: {a8c4eabb-bb4c-42fd-8b5b-93b18a833770} - no filepath
Task: {aeebe8ce-3927-427b-8d07-5a70c9f3ab0a} - no filepath
Task: {b02985ca-c65c-4904-9f98-0c45308627cf} - no filepath
Task: {b09b905c-a7be-4da9-bbab-ccc882301e75} - no filepath
Task: {b18a7226-16aa-4241-81ee-80be90c33f6f} - no filepath
Task: {b1ea9549-4a82-41f7-ab77-05ffe6fd2436} - no filepath
Task: {b2ceb612-8f85-4b61-b0f3-f59bd603b5c0} - no filepath
Task: {b5df9170-b00a-457d-88a8-67304770f01c} - no filepath
Task: {b764b129-a684-4ec6-a2ce-d03f7618b869} - no filepath
Task: {b76f35de-bfb9-4fb8-8a19-a35c3ede1f89} - no filepath
Task: {b7dc4fc4-6038-4dcd-9f9b-8070017917ba} - no filepath
Task: {b8459f66-1ec4-40eb-ad9a-6237391b5612} - no filepath
Task: {b91e056d-6671-4ecc-8f5b-3062bc87c15d} - no filepath
Task: {ba367336-22b8-4284-81d8-cd9f23a654f5} - no filepath
Task: {ba3ebe45-0e4e-48aa-80fa-135c3be8ccf3} - no filepath
Task: {bb63fbc6-b916-41a7-87cb-f8b8ead8795b} - no filepath
Task: {beff28a8-facd-4179-b0ee-18ed382dc322} - no filepath
Task: {bfb72dd2-8716-4f08-87af-ea57f46bfbc3} - no filepath
Task: {c1b8698a-3bfc-4be8-a29e-f8c7c35bced4} - no filepath
Task: {c25bd2fd-9e53-4a4d-b495-3f143d776e5b} - no filepath
Task: {c496f2d1-3f00-4539-9ae5-35e76f70301b} - no filepath
Task: {c4ee34c5-f004-4d49-915b-ae8818e7415f} - no filepath
Task: {cb6d68f6-1ae9-49dc-bc87-1171cf017c6e} - no filepath
Task: {cc4dd0bf-61eb-470b-be20-afdc5738ba87} - no filepath
Task: {ccfd8194-2389-49b2-b4e4-0b8b8e0f510e} - no filepath
Task: {cee3a2a8-3614-4922-a278-87d044f48e77} - no filepath
Task: {cfe7e67a-edd1-4d4c-8be0-8ed8b881b4ef} - no filepath
Task: {d00fdb3a-731e-41fe-9ce1-9d92005cb562} - no filepath
Task: {d0be6971-3ad2-4893-868d-c1e7ee35f95b} - no filepath
Task: {d2999eae-9b08-4d48-a43f-cae7c6a9601f} - no filepath
Task: {d320c07b-94b1-46f0-bf03-574d740f3789} - no filepath
Task: {d32848d0-efe4-4cda-bc36-8d950c6d847c} - no filepath
Task: {d44e8e1a-1292-4c27-939c-6848246a39e4} - no filepath
Task: {d56cd985-4ef8-4d88-b00b-92d0e444cc67} - no filepath
Task: {d6a7f8ba-e0d6-48e3-bf16-b4eb42137ca8} - no filepath
Task: {d6d9db5b-d5ae-4689-a9dd-5c809fc499ee} - no filepath
Task: {d72599f3-17c7-4431-9308-d101dc702fa4} - no filepath
Task: {d7557cbc-d61e-480a-8923-eeee6f499ca2} - no filepath
Task: {d77368a3-a59c-48ac-bd62-64c9e51640f3} - no filepath
Task: {dbcb84fd-12d1-48b2-893a-ffbacf2bc140} - no filepath
Task: {dbdb2e3a-4744-42e0-9b3f-3aac85837307} - no filepath
Task: {dbf96dff-8b7e-41c0-bdaa-9b80b0f43e7c} - no filepath
Task: {dc78ef4c-dc83-42fd-921f-d296f027b87f} - no filepath
Task: {de0dd591-b67f-46c8-b003-0096e105218e} - no filepath
Task: {df346f62-6fd5-42f4-bbec-c15d853ec309} - no filepath
Task: {dfc448b5-dc13-4230-a213-d3c7bf5b840c} - no filepath
Task: {e15f4884-f549-46bd-86cf-9f7c808b84b6} - no filepath
Task: {e166666f-8565-44cb-8f11-32ba73ba5154} - no filepath
Task: {e1a1a195-8c18-4ac0-8609-34cd3a97443d} - no filepath
Task: {e2106ed2-d3f4-45c0-9749-d4addaf42e55} - no filepath
Task: {e237ea80-c980-4695-acda-3929e14a8614} - no filepath
Task: {e2b6895e-eb43-4b80-8e4d-b914a45c6d2b} - no filepath
Task: {e3e8394d-e5dc-4d61-9bcd-90fe1324e31f} - no filepath
Task: {e40c7b97-8d5d-4ff3-a020-a5399f6b9d61} - no filepath
Task: {e4aca81c-fd78-4b49-b3b2-123d9dad79f7} - no filepath
Task: {e51ef970-a89b-4f24-9f47-e04c911ad15b} - no filepath
Task: {e62f7122-0f6c-424b-af66-e0b5f34faeb1} - no filepath
Task: {e6e6a578-474b-4616-ac96-905e5f35ea43} - no filepath
Task: {e85be2e7-096a-498b-920c-73b9819922d0} - no filepath
Task: {e9167e55-3b5b-4c2e-bdba-6a3739bcfd32} - no filepath
Task: {ea7d696b-bfbe-4469-acbc-939c85a3716b} - no filepath
Task: {ebad51cd-6299-493a-8948-9bd1df022e48} - no filepath
Task: {ec9c40df-1a3e-4697-abf9-08d47a7a83ec} - no filepath
Task: {ee82c6e8-7be4-4468-a7cb-860701869ab0} - no filepath
Task: {f1e9b1e5-b6b8-42c3-8332-0e516eefe050} - no filepath
Task: {f2e77395-734c-4638-a10c-eaaa146c7fac} - no filepath
Task: {f3a49e7f-e5c0-4844-a6ee-846f8af1bdd3} - no filepath
Task: {f3b7aa32-8549-4de9-9a75-2ee8fb7090de} - no filepath
Task: {f46e1d76-bd1c-46bd-9482-eef88f4683f8} - no filepath
Task: {f4dce344-099d-4922-9fdb-01403b6b1106} - no filepath
Task: {f71769fa-0c45-4b11-adbd-9f96fcd312ec} - no filepath
Task: {f784829e-7f79-48c3-8ba0-a384a20ef505} - no filepath
Task: {f86b9c14-335c-48cc-a82c-f6c573f95185} - no filepath
Task: {f8c291b2-079d-47b6-91f0-c446c4e73b65} - no filepath
Task: {f8d1c205-7f5d-4429-8c5b-3df608ab7ed1} - no filepath
Task: {f9467ce2-1a0b-4c90-b41b-1f0ee7f9bb78} - no filepath
Task: {fe5cdfb0-2792-43f1-9996-04c054eaa11f} - no filepath
Task: {fead4489-c302-4a93-9857-8417c74290db} - no filepath
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: