Перейти к содержанию

Файлы зашифрованы с расширением .[ooosferaplus@protonmail.com].nae2iNg6


Рекомендуемые сообщения

Решил проверить архив фотографий на своём НАС-е (ZyXel 325) и оказалось что большинсво файлов зашифрованны с расширением [ooosferaplus@protonmail.com].nae2iNg6. При этом без разбора фото, видео, документы. Произошло это 26.10.2019, так как это дата изменения для большинсва файлов. Прошу помочь расшифровать так как там огромное количество семейных фото и видео.

Благодарю.

CollectionLog-2019.11.16-20.15.zip

Примеры файлов.7z

Ссылка на комментарий
Поделиться на другие сайты

Здравствуйте!

 

Если есть записка с требованием выкупа (текстовый или htm|hta файл), упакуйте в архив и прикрепите к следующему сообщению.

Ссылка на комментарий
Поделиться на другие сайты

Скачайте Farbar Recovery Scan Tool (или с зеркала) и сохраните на Рабочем столе.

 

Примечание: необходимо выбрать версию, совместимую с вашей операционной системой. Если вы не уверены, какая версия подойдет для вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на вашей системе.

Когда программа запустится, нажмите Yes для соглашения с предупреждением.

 

Нажмите кнопку Scan.

После окончания сканирования будут созданы отчеты FRST.txt и Addition.txt в той же папке, откуда была запущена программа. Прикрепите отчеты к своему следующему сообщению.

Подробнее читайте в этом руководстве.

Ссылка на комментарий
Поделиться на другие сайты

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2019
Ran by zerud (administrator) on DESKTOP-D9L3BCA (Micro-Star International Co., Ltd. MS-7B79) (18-11-2019 21:49:07)
Running from C:\Users\zerud\Desktop
Loaded Profiles: zerud (Available Profiles: zerud)
Platform: Windows 10 Enterprise Version 1809 17763.864 (X64) Language: Русский (Россия)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0348545.inf_amd64_95fdd360f07b1ba4\B348697\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0348545.inf_amd64_95fdd360f07b1ba4\B348697\atiesrxx.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Code Sector -> Code Sector) C:\Program Files\TeraCopy\TeraCopyService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:\Program Files (x86)\GIGABYTE\RGBFusion\Check_Kill.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:\Program Files (x86)\GIGABYTE\RGBFusion\RGBFusion.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGABYTE Technology Co.,Ltd.) C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\AORUS.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google) C:\Users\zerud\AppData\Local\Google\Chrome\User Data\SwReporter\77.224.200\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\zerud\AppData\Local\Google\Chrome\User Data\SwReporter\77.224.200\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\zerud\AppData\Local\Google\Chrome\User Data\SwReporter\77.224.200\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\zerud\AppData\Local\Google\Chrome\User Data\SwReporter\77.224.200\software_reporter_tool.exe
(Kristjan Skutta -> ) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(Kristjan Skutta -> ) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper64.exe
(Mailbird, Inc. -> Mailbird) C:\Program Files\Mailbird\Mailbird.exe
(Mailbird, Inc. -> The CefSharp Authors) C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\LocalDB\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1910.4-0\NisSrv.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\APP Manager\AppManager.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MysticLight\LEDKeeper.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MysticLight\MysticLight2_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\APP Manager\AppManager_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe
(MiniTool Software Limited -> ) C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe
(MiniTool Software Limited -> ) C:\Program Files (x86)\MiniTool ShadowMaker\SchedulerService.exe
(NZXT, Inc. -> ) C:\Program Files\NZXT CAM\resources\app.asar.unpacked\node_modules\@nzxt\rust-cam\dist\native\target\release\service.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe
(Realtek Semiconductor Corp -> Realtek) C:\Windows\SwUSB.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SafeNet Canada, Inc. -> SafeNet, Inc.) C:\Windows\System32\hasplms.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIN3E.EXE
(Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Veeam Software AG -> Veeam Software Group GmbH) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Manager.exe
(Veeam Software AG -> Veeam Software Group GmbH) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe
(Veeam Software AG -> Veeam Software Group GmbH) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Tray.exe
(Veeam Software AG -> Veeam Software Group GmbH) C:\Program Files\Veeam\Endpoint Backup\x64\VeeamAgent.exe
(Veeam Software AG -> Veeam Software Group GmbH) C:\Program Files\Veeam\Endpoint Backup\x64\VeeamAgent.exe
(Veeam Software AG -> Veeam Software Group GmbH) C:\Program Files\Veeam\Endpoint Backup\x64\VeeamAgent.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9246656 2018-01-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Veeam.EndPoint.Tray.exe] => C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Tray.exe [1038104 2019-06-10] (Veeam Software AG -> Veeam Software Group GmbH)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6260544 2019-11-14] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [iSUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation) [File not signed]
HKLM-x32\...\Run: [APP Manager] => C:\Program Files (x86)\MSI\APP Manager\AppManager.exe [3705520 2019-05-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [601784 2019-11-01] (Razer USA Ltd. -> Razer Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [835760 2019-06-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26290352 2019-11-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKLM-x32\...\RunOnce: [selLed] => C:\Program Files (x86)\GIGABYTE\RGBFusion\RunLed.exe [50096 2019-04-29] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
HKU\S-1-5-21-2881313420-551894818-2833485957-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [3284944 2019-11-14] (Valve -> Valve Corporation)
HKU\S-1-5-21-2881313420-551894818-2833485957-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-2881313420-551894818-2833485957-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [47774856 2019-10-24] (Google LLC -> )
HKU\S-1-5-21-2881313420-551894818-2833485957-1001\...\Run: [Mailbird] => C:\Program Files\Mailbird\Mailbird.exe [8374440 2019-11-15] (Mailbird, Inc. -> Mailbird)
HKU\S-1-5-21-2881313420-551894818-2833485957-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIN3E.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2881313420-551894818-2833485957-1001\...\Run: [iSUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) [File not signed]
HKU\S-1-5-21-2881313420-551894818-2833485957-1001\...\Run: [skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [83525184 2019-10-03] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2881313420-551894818-2833485957-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35997584 2019-11-16] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2881313420-551894818-2833485957-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.97\Installer\chrmstp.exe [2019-11-12] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update UWP App.lnk [2019-11-18]
ShortcutAndArgument: Update UWP App.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe => -WindowStyle Hidden -NoLogo -NonInteractive -InputFormat None -NoProfile -ExecutionPolicy Bypass -Command "& 'C:\Program Files (x86)\LastPass\AppxUpgrade.ps1' -PackagePath 'C:\Program Files (x86)\LastPass\lpwinmetro.appxbundle' -PackageName 'LastPass.LastPass
Startup: C:\Users\zerud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE AORUS GRAPHICS ENGINE.lnk [2019-11-10]
ShortcutTarget: GIGABYTE AORUS GRAPHICS ENGINE.lnk -> C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\autorun.exe () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0458C828-33E2-4111-B6FD-BBFF981B9B15} - System32\Tasks\NahimicTask32 => C:\Windows\system32\..\SysWOW64\NahimicSvc32.exe
Task: {04658A3A-B816-4C6D-ABB4-116A483B5FD5} - System32\Tasks\{382206AF-3B40-4179-A5AB-6282A401826A} => C:\Users\zerud\AppData\Local\Temp\F09C9CDF-72F9-48B4-8D3F-EF0AAD38272F\ga_service.exe <==== ATTENTION
Task: {07751ABC-3285-4769-9575-EE6E3E7810CC} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
Task: {0FE03731-6606-4350-945A-EBB0FA21D865} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {19C87C14-B575-4665-B707-6D7879D90DB4} - System32\Tasks\Sapphire TRIXX => C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe
Task: {1C168C09-D9DA-4AF4-B2C3-40CCD7F21600} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {243C22B2-9B15-4385-BA36-AD855E1BA46F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-12] (Google Inc -> Google Inc.)
Task: {2B97DC1B-7673-4AE1-9B58-7C352CCEFEA4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\mrt.exe [128443096 2019-11-12] (Microsoft Windows -> Microsoft Corporation)
Task: {2C3C97DB-A000-4ADF-AD18-06CD17CBBEF4} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61112 2019-11-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {2F34302E-67B0-48D9-8D33-F04184CA9699} - System32\Tasks\MSI_Toast_Server => C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe [31904 2018-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
Task: {30A9517A-608C-48E8-9033-3036EF1DAE3F} - System32\Tasks\MSILEDKeeper_Host => C:\Program Files (x86)\MSI\MysticLight\LEDKeeper.exe [1068688 2019-08-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {32BD8D5F-8347-48C3-966E-58B6164BD48E} - System32\Tasks\NahimicSvc64Run => C:\Windows\system32\NahimicSvc64.exe
Task: {515FDB40-D546-413A-A9DA-BA076737E3A8} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {5506BB9B-3309-48BD-9B3C-359B84A6126B} - System32\Tasks\update-S-1-5-21-2881313420-551894818-2833485957-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: )
Task: {5559E4E4-CF6C-4FE4-97DA-4C0422BA44E6} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61112 2019-11-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {5790EAB6-96FA-4F15-B6CE-598E45EBC526} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {6D518E4F-7073-4DE9-96DF-43F12945F8CF} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1146000 2019-03-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {78D8C2F9-D144-448B-B23E-CD8EE75B2DA6} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-11-13] (Advanced Micro Devices, Inc.) [File not signed]
Task: {84844848-4A63-4665-908E-A4EB605F5255} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-10-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {8882EDA5-D1EE-40CD-89E4-5C56F6635255} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {9035F795-ACE3-4C22-A08D-F071BA925A9F} - System32\Tasks\NahimicVRSvc64Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRSvc64.exe
Task: {9561EF97-5DF1-4018-B6A0-B377F640256C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-12] (Google Inc -> Google Inc.)
Task: {9A3BB2CB-1375-4541-ACB5-6A3579539109} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-11-13] (Advanced Micro Devices, Inc.) [File not signed]
Task: {A6B779B9-8889-4DF4-B558-583C40F78BE0} - System32\Tasks\EPSON L222 Series Update {2EE5CE22-8C09-4558-8FE4-BEB75322185A} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSN3E.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {A8A5B613-9A89-4669-BF1B-7497D28AA3B7} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: )
Task: {AC29203E-1C53-46CC-A2C2-C90B22F5F97E} - System32\Tasks\NahimicTask64 => C:\Windows\system32\.\NahimicSvc64.exe
Task: {BCA50AAB-BF96-47BF-990A-5E2B88CFD670} - System32\Tasks\LastPassUpdater => C:\Program Files (x86)\LastPass\Updater\Updater.exe [2866880 2019-11-15] (LogMeIn, Inc. -> )
Task: {BF0ACA72-C667-40CA-90E0-C86D74172284} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [68280 2019-11-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {BF832DD5-122B-43CA-92F9-A30D7297869B} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {C86B9FE7-5B28-4EA6-B2DF-C9AF2E72FED7} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-10-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {C88C1074-F514-4403-B936-E47BABCEEBE2} - System32\Tasks\StartIsBack health check => C:\Program Files (x86)\StartIsBack\startscreen.exe [54728 2019-04-15] (Stanislav Zinukhov -> www.startisback.com)
Task: {C9E194A8-B6D5-4532-BD96-56253C0ED49B} - System32\Tasks\NahimicVRSvc32Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\NahimicVRSvc32.exe
Task: {DA2A0716-E73A-40D2-BE51-3A03328C150C} - System32\Tasks\Launcher GIGABYTE AORUS GRAPHICS ENGINE => C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\AORUS.exe [32859056 2019-09-19] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGABYTE Technology Co.,Ltd.)
Task: {DE605CE1-C1DE-4280-9228-E513FE770909} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E2F74676-3F58-4489-B047-5BD99597DF2B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {E65F3023-FC7C-4E9D-8D40-8D4F2FA1068D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E7581F75-04B4-4758-A759-A77DE7FE31A0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EC35024F-A43F-44B6-97E4-680E7384F220} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [665848 2019-06-27] (Advanced Micro Devices INC. -> )
Task: {F06D2057-E823-44FA-9EA4-8C8BBE349910} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe
Task: {F43B95F2-5D3E-45EA-91AA-231207D32D06} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\EPSON L222 Series Update {2EE5CE22-8C09-4558-8FE4-BEB75322185A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSN3E.EXE:/EXE:{2EE5CE22-8C09-4558-8FE4-BEB75322185A} /F:UpdateWORKGROUP\DESKTOP-D9L3BCA$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\update-S-1-5-21-2881313420-551894818-2833485957-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0b00026d-378f-41c2-a945-9b61cf648506}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{13fc698f-9cb0-49ba-87fc-93104ca6ab63}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{41e97637-fb19-4fdb-a9ca-828ee6065b7b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{43675c54-d4d9-40ee-8b5a-f3ad6c368d82}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{43675c54-d4d9-40ee-8b5a-f3ad6c368d82}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8c93b754-4d1d-498b-94ca-78f4909e250d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8d613715-2b3e-4079-9c43-91ee0f50af3b}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://ovgorskiy.ru/
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://ovgorskiy.ru/
HKU\S-1-5-21-2881313420-551894818-2833485957-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://ovgorskiy.ru/
HKU\S-1-5-21-2881313420-551894818-2833485957-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=625119&clocalename=ru-RU
SearchScopes: HKU\S-1-5-19 -> {20AF1251-6C0C-4817-88AE-3C13D116E2C4} URL = hxxp://ru.wikipedia.org/w/index.php?title=%D0%A1%D0%BB%D1%83%D0%B6%D0%B5%D0%B1%D0%BD%D0%B0%D1%8F:Search&search={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {FB5D130A-FBB2-477D-A6B5-865B55FD5B1C} URL = hxxp://yandex.ru/yandsearch?text={searchTerms}&from=os
SearchScopes: HKU\S-1-5-20 -> {20AF1251-6C0C-4817-88AE-3C13D116E2C4} URL = hxxp://ru.wikipedia.org/w/index.php?title=%D0%A1%D0%BB%D1%83%D0%B6%D0%B5%D0%B1%D0%BD%D0%B0%D1%8F:Search&search={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {FB5D130A-FBB2-477D-A6B5-865B55FD5B1C} URL = hxxp://yandex.ru/yandsearch?text={searchTerms}&from=os
SearchScopes: HKU\S-1-5-21-2881313420-551894818-2833485957-1001 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2233627
SearchScopes: HKU\S-1-5-21-2881313420-551894818-2833485957-1001 -> {20AF1251-6C0C-4817-88AE-3C13D116E2C4} URL = hxxp://ru.wikipedia.org/w/index.php?title=%D0%A1%D0%BB%D1%83%D0%B6%D0%B5%D0%B1%D0%BD%D0%B0%D1%8F:Search&search={searchTerms}
SearchScopes: HKU\S-1-5-21-2881313420-551894818-2833485957-1001 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2233627
SearchScopes: HKU\S-1-5-21-2881313420-551894818-2833485957-1001 -> {FB5D130A-FBB2-477D-A6B5-865B55FD5B1C} URL = hxxp://yandex.ru/yandsearch?text={searchTerms}&from=os
BHO: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Bonus\OldNewExplorer v1.1.8.4\OldNewExplorer64.dll [2018-10-12] (www.startisback.com) [File not signed]
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\Bonus\OldNewExplorer v1.1.8.4\OldNewExplorer32.dll [2018-10-12] (www.startisback.com) [File not signed]
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-10-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2018-09-26] (Foxit Software Incorporated -> )
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-18] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM-x32 - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2018-09-26] (Foxit Software Incorporated -> )
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: mab3s9bl.default
FF ProfilePath: C:\Users\zerud\AppData\Roaming\Mozilla\Firefox\Profiles\mab3s9bl.default [2019-09-26]
FF ProfilePath: C:\Users\zerud\AppData\Roaming\Mozilla\Firefox\Profiles\sjud282c.default-release [2019-09-26]
FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2018-08-15] [Legacy]
FF HKLM\...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi [2018-08-15]
FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF HKLM-x32\...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2019-06-15] [Legacy] [not signed]
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-10-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-10-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\zerud\AppData\Roaming\mozilla\plugins\npatgpc.dll [2019-02-22]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Notifications: Default -> hxxps://login.gearbest.com; hxxps://transcoin.me; hxxps://www.reddit.com
CHR Profile: C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default [2019-11-18]
CHR Extension: (Slides) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-12]
CHR Extension: (Docs) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-12]
CHR Extension: (Google Drive) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-12]
CHR Extension: (Turn Off the Lights for YouTube™) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2019-11-15]
CHR Extension: (Gismeteo) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfegaehidkkcfaikpaijcdahnpikhobf [2018-10-12]
CHR Extension: (DuckDuckGo) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2019-09-14]
CHR Extension: (YouTube) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-12]
CHR Extension: (Send to Kindle for Google Chrome) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2018-10-12]
CHR Extension: (Listen Trackers) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\cldddmmadmohokhnmodjcimfbijpkdep [2018-10-12]
CHR Extension: (Cashback service Megabonus) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbfipcjecamggjfabeaclacjoohfjhhn [2019-11-15]
CHR Extension: (Dropbox for Gmail) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2019-10-24]
CHR Extension: (AliTools shopping assistant) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\eenflijjbchafephdplkdmeenekabdfb [2019-11-13]
CHR Extension: (AliTrust Tools) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekogignpeomkkfiehlgaikppganhncme [2018-10-12]
CHR Extension: (Sheets) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-12]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-11-08]
CHR Extension: (Picture in Picture for every website) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepbieccgbieoeaigepkojmogpkjfpin [2019-10-16]
CHR Extension: (Video Adblocker for Youtube™ Extension) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\hflefjhkfeiaignkclmphmokmmbhbhik [2018-10-12]
CHR Extension: (Darkness - Beautiful Dark Themes) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\imilbobhamcfahccagbncamhpnbkaenm [2019-05-24]
CHR Extension: (Disconnect) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2019-08-29]
CHR Extension: (Slickdeals: Automatic Coupons and Deals) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpdapbcmfllbpojmkefcikllfeoahglb [2019-11-15]
CHR Extension: (WordPress.com) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2018-10-12]
CHR Extension: (The Great Suspender) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2019-08-24]
CHR Extension: (Evernote Web) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2018-10-12]
CHR Extension: (Desktop, formerly Drive) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo [2018-10-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-09-30]
CHR Extension: (imo free video calls and text) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocaebkdojpikfmhmnekiflipcicedobi [2018-10-12]
CHR Extension: (Picasa) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2018-10-12]
CHR Extension: (Gmail) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-11-07]
CHR Profile: C:\Users\zerud\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-11-10]
CHR Profile: C:\Users\zerud\AppData\Local\Google\Chrome\User Data\System Profile [2019-11-10]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2018-08-15]
CHR HKU\S-1-5-21-2881313420-551894818-2833485957-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKU\S-1-5-21-2881313420-551894818-2833485957-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [moihledlmchhofenpacbhphnbnpakgmo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2018-08-15]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\u0348545.inf_amd64_95fdd360f07b1ba4\B348697\atiesrxx.exe [509144 2019-11-14] (Advanced Micro Devices, Inc. -> AMD)
R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [43008 2019-11-12] (AMD) [File not signed]
R2 CAMService; C:\Program Files\NZXT CAM\resources\app.asar.unpacked\node_modules\@nzxt\rust-cam\dist\native\target\release\service.exe [547968 2019-11-07] (NZXT, Inc. -> )
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-10-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-10-12] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-11-14] (Dropbox, Inc -> Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803456 2019-05-24] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2019-08-21] (FUTUREMARK INC -> Futuremark)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1232968 2019-11-07] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6841416 2019-10-02] (GOG Sp. z o.o. -> GOG.com)
R2 hasplms; C:\Windows\system32\hasplms.exe [4599312 2017-05-12] (SafeNet Canada, Inc. -> SafeNet, Inc.)
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService_x64.exe [2669240 2018-01-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2343600 2019-10-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService_x64.exe [2725048 2017-12-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2255544 2018-11-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2507952 2019-10-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2136248 2018-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [2740912 2019-10-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [86688 2018-07-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_AppManager_Service; C:\Program Files (x86)\MSI\APP Manager\AppManager_Service.exe [2055352 2019-01-04] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2323632 2019-11-07] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MTAgentService; C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe [766176 2019-01-18] (MiniTool Software Limited -> )
R2 MTSchedulerService; C:\Program Files (x86)\MiniTool ShadowMaker\SchedulerService.exe [223960 2019-01-18] (MiniTool Software Limited -> )
R2 MysticLight2_Service; C:\Program Files (x86)\MSI\MysticLight\MysticLight2_Service.exe [34976 2018-12-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2425136 2019-11-16] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3303736 2019-11-16] (Electronic Arts, Inc. -> Electronic Arts)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [447080 2019-07-24] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [943240 2019-07-24] (Razer USA Ltd. -> Razer Inc.)
R2 RunSwUSB; C:\Windows\runSW.exe [44760 2014-12-12] (Realtek Semiconductor Corp -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5378320 2019-10-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12054872 2019-10-10] (TeamViewer GmbH -> TeamViewer GmbH)
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [110416 2017-05-05] (Code Sector -> Code Sector)
S3 VBoxSDS; F:\VB\VBoxSDS.exe [692992 2019-05-13] (Oracle Corporation -> Oracle Corporation)
R2 VeeamEndpointBackupSvc; C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe [134424 2019-06-10] (Veeam Software AG -> Veeam Software Group GmbH)
R2 Wallpaper Engine Service; C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [354808 2019-05-07] (Kristjan Skutta -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [3201616 2019-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MsMpEng.exe [103168 2019-11-03] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [45320 2019-07-14] (Advanced Micro Devices INC. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [24528 2019-04-18] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\u0348545.inf_amd64_95fdd360f07b1ba4\B348697\atikmdag.sys [60670680 2019-11-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\u0348545.inf_amd64_95fdd360f07b1ba4\B348697\atikmpag.sys [598232 2019-11-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [103456 2019-10-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDPCIDev; C:\Windows\System32\drivers\AMDPCIDev.sys [32728 2019-07-24] (Advanced Micro Devices INC. -> Advanced Micro Devices)
S0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [138064 2019-06-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R2 AMDRyzenMasterDriver; C:\Program Files\AMD\Performance Profile Client\RyzenMaster\AMDRyzenMasterDriver.sys [70304 2017-11-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R2 AMDRyzenMasterDriverV14; C:\Program Files\AMD\RyzenMaster\bin\AMDRyzenMasterDriver.sys [70432 2019-08-29] (Advanced Micro Devices INC. -> Advanced Micro Devices)
R3 AmdTools64; C:\Windows\System32\drivers\AmdTools64.sys [58216 2018-03-23] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-18] (ChengDu AoMei Tech Co., Ltd -> ) [File not signed]
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [108152 2019-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [59904 2015-02-06] (Microsoft Windows Hardware Compatibility Publisher -> www.winchiphead.com)
R1 EneIo; C:\Windows\system32\drivers\ene.sys [17624 2019-05-22] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [34744 2019-02-18] (CHENGDU YIWO Tech Development Co., Ltd. -> )
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [31296 2018-01-16] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFl; C:\Windows\System32\drivers\EPMVolFl.sys [30136 2019-04-12] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows ® Codename Longhorn DDK provider)
R0 EPMVolFlt; C:\Windows\System32\drivers\EPMVolFlt.sys [30320 2017-11-23] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows ® Codename Longhorn DDK provider)
R0 EPMVolFlt; C:\Windows\SysWOW64\drivers\EPMVolFlt.sys [28776 2017-11-23] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows ® Codename Longhorn DDK provider)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R3 gdrv2; C:\Windows\gdrv2.sys [32600 2019-09-20] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 GPCIDrv; C:\Users\zerud\AppData\Local\Temp\7zS22EF.tmp\N2080_FW_Upgrade_Tool_V003\GPCIDrv64.sys [14376 2018-10-26] (Giga-Byte Technology -> ) <==== ATTENTION
U4 GVCIDrv; C:\Program Files (x86)\GIGABYTE\RGBFusion\GVCIDrv64.sys [16712 2019-01-15] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [1287464 2017-05-12] (SafeNet, Inc. -> SafeNet, Inc.)
R1 HWiNFO; C:\Windows\system32\drivers\HWiNFO64A.SYS [59888 2019-11-07] (Martin Malik - REALiX -> REALiX)
S3 I2cHkBurn; C:\Windows\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (Feature Integration Technology -> FINTEK Corp.)
S3 ladfGSS; C:\Windows\system32\drivers\ladfGSS.sys [45168 2018-10-05] (Logitech Inc -> Logitech Inc.)
S3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)
S3 netr28ux; C:\Windows\System32\drivers\netr28ux.sys [2224128 2018-09-15] (Microsoft Windows -> MediaTek Inc.)
S3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [14288 2017-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_MysticLight; C:\Program Files (x86)\MSI\MysticLight\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 phaudlwr; C:\Windows\system32\DRIVERS\phaudlwr.sys [114608 2009-10-20] (PHAUD -> Philips Applied Technologies)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1154336 2019-06-19] (Realtek Semiconductor Corp. -> Realtek )
S3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [4635352 2015-07-03] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
S3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [49032 2019-01-16] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_0203; C:\Windows\System32\drivers\RzDev_0203.sys [51688 2018-04-22] (Razer USA Ltd. -> Razer Inc)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [52240 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 rzjoystk; C:\Windows\System32\drivers\rzjoystk.sys [19968 2012-10-18] (Microsoft Windows Hardware Compatibility Publisher -> Razer USA Ltd)
R3 rzjstk; C:\Windows\System32\drivers\rzjstk.sys [36376 2016-10-30] (Razer USA Ltd. -> Razer Inc)
R3 rzkeypadendpt; C:\Windows\System32\drivers\rzkeypadendpt.sys [45592 2016-10-30] (Razer USA Ltd. -> Razer Inc)
R3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [48144 2016-10-30] (Razer USA Ltd. -> Razer Inc)
S3 RzSynapse; C:\Windows\System32\drivers\RzSynapse.sys [166400 2012-10-18] (Razer USA Ltd) [File not signed]
S3 SIUSBXP; C:\Windows\system32\drivers\SiUSBXp.sys [19456 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Silicon Laboratories)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [189584 2018-10-14] (RH Software -> Ray Hinchliffe)
R3 SPC530; C:\Windows\system32\drivers\SPC530.sys [583168 2008-05-21] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 SPC530m; C:\Windows\system32\drivers\SPC530m.sys [8192 2008-05-21] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 SSGDIO; C:\Windows\SysWOW64\DRIVERS\ssgdio64.sys [14608 2018-10-15] (ATI Technologies, Inc -> ATI Technologies Inc.)
S3 TRLNDISMON; C:\Windows\system32\DRIVERS\TRLNDISMON.sys [31392 2015-03-23] (Tarlogic Security SL -> Tarlogic)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [236352 2019-05-13] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [247736 2019-05-13] (Oracle Corporation -> Oracle Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [829320 2019-02-21] (IDRIX -> IDRIX)
R1 vncmirror; C:\Windows\System32\drivers\vncmirror.sys [4608 2011-08-18] (Microsoft Windows Hardware Compatibility Publisher -> RealVNC Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-11-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [351968 2019-11-03] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2019-11-03] (Microsoft Windows -> Microsoft Corporation)
R3 WinRing0_1_2_0; C:\Program Files (x86)\GIGABYTE\RGBFusion\MODAPI.sys [14544 2019-11-18] (Noriyuki MIYAZAKI -> OpenLibSys.org)
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 CM_VENDER_CMD; \??\C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [X]
S3 VGAOCTool; \??\C:\Users\zerud\AppData\Local\Temp\VGAOCTool.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-18 21:49 - 2019-11-18 21:49 - 000055393 _____ C:\Users\zerud\Desktop\FRST.txt
2019-11-18 21:49 - 2019-11-18 21:49 - 000000000 ____D C:\FRST
2019-11-18 21:48 - 2019-11-18 21:48 - 002260480 _____ (Farbar) C:\Users\zerud\Desktop\FRST64.exe
2019-11-18 21:47 - 2019-11-18 21:47 - 026546176 _____ C:\Windows\system32\config\SYSTEM.{818B933F-250F-4810-8866-DAD00B28C1B4}
2019-11-18 21:47 - 2019-11-18 21:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2019-11-17 22:42 - 2019-11-17 22:42 - 001569029 _____ C:\Users\zerud\Desktop\qrSZgPSD.jpeg
2019-11-17 19:20 - 2019-11-17 19:20 - 000000248 _____ C:\Users\zerud\Desktop\RUINER.url
2019-11-17 19:03 - 2019-11-17 19:03 - 000000000 ____D C:\Users\zerud\AppData\LocalLow\Sabotage Studio
2019-11-17 19:01 - 2019-11-17 19:01 - 000000000 ____D C:\Users\zerud\AppData\Local\Ruiner
2019-11-17 17:37 - 2019-11-17 17:37 - 000001553 _____ C:\Users\zerud\Desktop\starwarsjedifallenorder.exe.lnk
2019-11-17 17:26 - 2019-11-17 17:26 - 000003160 _____ C:\Windows\system32\Tasks\StartCN
2019-11-17 17:26 - 2019-11-17 17:26 - 000003080 _____ C:\Windows\system32\Tasks\StartDVR
2019-11-17 17:26 - 2019-11-17 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2019-11-17 17:15 - 2019-11-17 17:15 - 028295000 _____ (AMD Inc.) C:\Users\zerud\Downloads\radeon-software-adrenalin-2019-19.11.2-minimalsetup-191114_64bit.exe
2019-11-16 21:20 - 2019-11-16 22:16 - 000001788 _____ C:\Users\Public\Desktop\NZXT CAM.lnk
2019-11-16 21:20 - 2019-11-16 21:20 - 000001756 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NZXT CAM.lnk
2019-11-16 21:20 - 2019-11-16 21:20 - 000000000 ____D C:\Program Files\NZXT CAM
2019-11-16 20:30 - 2019-11-16 20:30 - 000000000 ____D C:\Users\zerud\AppData\Roaming\www.shadowexplorer.com
2019-11-16 18:45 - 2019-11-16 18:45 - 000109360 _____ C:\Users\zerud\Downloads\Star Wars Jedi Fallen Order Deluxe Edition.torrent
2019-11-16 16:26 - 2019-11-16 16:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-11-14 19:03 - 2019-11-14 19:04 - 000000000 ____D C:\Users\zerud\AppData\Local\Viber
2019-11-14 14:57 - 2019-11-14 14:57 - 001073104 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2019-11-14 14:57 - 2019-11-14 14:57 - 001073104 _____ C:\Windows\system32\vulkan-1.dll
2019-11-14 14:57 - 2019-11-14 14:57 - 000929904 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2019-11-14 14:57 - 2019-11-14 14:57 - 000929904 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-11-14 14:57 - 2019-11-14 14:57 - 000852184 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2019-11-14 14:57 - 2019-11-14 14:57 - 000852184 _____ C:\Windows\system32\vulkaninfo.exe
2019-11-14 14:57 - 2019-11-14 14:57 - 000709848 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-11-14 14:57 - 2019-11-14 14:57 - 000709848 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-11-14 14:57 - 2019-11-14 14:57 - 000574680 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2019-11-14 14:57 - 2019-11-14 14:57 - 000493784 _____ C:\Windows\system32\dgtrayicon.exe
2019-11-14 14:57 - 2019-11-14 14:57 - 000485592 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2019-11-14 14:57 - 2019-11-14 14:57 - 000480984 _____ C:\Windows\system32\GameManager64.dll
2019-11-14 14:57 - 2019-11-14 14:57 - 000417496 _____ C:\Windows\system32\EEURestart.exe
2019-11-14 14:57 - 2019-11-14 14:57 - 000184528 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2019-11-14 14:57 - 2019-11-14 14:57 - 000163544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2019-11-14 14:57 - 2019-11-14 14:57 - 000153304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2019-11-14 14:57 - 2019-11-14 14:57 - 000138968 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2019-11-14 14:57 - 2019-11-14 14:57 - 000091344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mcl64.dll
2019-11-14 14:57 - 2019-11-14 14:57 - 000075992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mcl32.dll
2019-11-14 14:57 - 2019-11-14 14:57 - 000047320 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2019-11-14 14:57 - 2019-11-14 14:57 - 000044248 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2019-11-14 14:57 - 2019-11-14 14:57 - 000020392 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 068016040 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 059441088 _____ C:\Windows\system32\amdcomgr64.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 049336744 _____ C:\Windows\SysWOW64\amdcomgr.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 003916712 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 003518376 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 001686624 _____ (AMD) C:\Windows\system32\amf-mft-mjpeg-decoder64.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 001365984 _____ (AMD) C:\Windows\SysWOW64\amf-mft-mjpeg-decoder32.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 001243560 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000941992 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000769448 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000761560 _____ (AMD) C:\Windows\system32\atieclxx.exe
2019-11-14 14:56 - 2019-11-14 14:56 - 000554696 _____ C:\Windows\system32\amdmiracast.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000554408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000473512 _____ C:\Windows\system32\amdgfxinfo64.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000469416 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000467368 _____ C:\Windows\system32\amdlogum.exe
2019-11-14 14:56 - 2019-11-14 14:56 - 000440536 _____ C:\Windows\system32\atieah64.exe
2019-11-14 14:56 - 2019-11-14 14:56 - 000384424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000382376 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000353192 _____ C:\Windows\SysWOW64\atieah32.exe
2019-11-14 14:56 - 2019-11-14 14:56 - 000349400 _____ C:\Windows\system32\clinfo.exe
2019-11-14 14:56 - 2019-11-14 14:56 - 000242904 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000214744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000179584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000159448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000158424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000136408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000135592 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000128952 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000128736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000126168 _____ (AMD) C:\Windows\system32\atimuixx.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000124840 _____ C:\Windows\system32\atidxx64.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000122280 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000121768 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000108560 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000108352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000107936 _____ C:\Windows\SysWOW64\atidxx32.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000106400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2019-11-14 14:56 - 2019-11-14 14:56 - 000071080 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll
2019-11-14 14:55 - 2019-11-14 14:55 - 000135664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2019-11-14 14:55 - 2019-11-14 14:55 - 000120064 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2019-11-14 14:19 - 2019-11-14 14:19 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-11-14 14:19 - 2019-11-14 14:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-11-14 14:19 - 2019-11-14 14:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-11-14 14:19 - 2019-11-14 14:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-11-13 01:55 - 2019-11-13 01:55 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2019-11-13 01:55 - 2019-11-13 01:55 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2019-11-13 01:49 - 2019-11-13 01:49 - 000555880 _____ C:\Windows\SysWOW64\atiapfxx.blb
2019-11-13 01:49 - 2019-11-13 01:49 - 000555880 _____ C:\Windows\system32\atiapfxx.blb
2019-11-12 21:29 - 2019-11-12 21:03 - 000003205 _____ C:\Users\zerud\Desktop\12112019190307308.pdf
2019-11-12 20:26 - 2019-11-12 20:26 - 023455232 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 022137120 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 019014144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 012960256 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 012258816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 011724288 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 009941504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 009667896 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 007872000 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 007700696 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 007656072 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 007645392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 006934016 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 006547896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 006318328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 006065152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 005770240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 005608336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 005575168 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 005573232 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 005436696 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 004873216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 004866560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.AI.MachineLearning.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 004661760 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 004413936 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 004303872 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 004049920 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 003906560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 003872336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 003703296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 003656792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 003637760 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 003624448 _____ (Microsoft Corporation) C:\Windows\system32\tellib.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 003576832 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 003550384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 003496448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.AI.MachineLearning.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 003387392 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 003363640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 003333632 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 003082752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 002918200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 002871824 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 002848768 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 002765312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 002707968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 002699976 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 002698752 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 002645504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 002628112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 002421248 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 002393600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcGenral.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 002348544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 002192384 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 002109960 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 002072176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 002050560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.CloudStore.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001994976 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001966096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 001933408 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001929728 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001918792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001904128 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001751432 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001729024 _____ (Microsoft Corporation) C:\Windows\system32\CoreShell.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001726480 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001708544 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001702600 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-11-12 20:26 - 2019-11-12 20:26 - 001677808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001674480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001668784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001668752 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001666440 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001644544 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001608192 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001538560 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 001486472 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001473296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 001465472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001388032 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001388032 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001346216 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-11-12 20:26 - 2019-11-12 20:26 - 001331536 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001319936 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001294792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001291264 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001267240 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2019-11-12 20:26 - 2019-11-12 20:26 - 001262592 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001258512 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 001200920 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001183504 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 001180248 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001098136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001054712 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 001054224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ClipSp.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 001050112 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 001049608 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 001024712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 001022464 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000981504 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000948224 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000936960 _____ (Microsoft Corporation) C:\Windows\system32\assignedaccessmanagersvc.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000927232 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000888560 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000877568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000869888 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000862008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 000856424 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000834048 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000811536 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000808960 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000808272 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000807424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 000801792 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000782968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000775768 _____ (Microsoft Corporation) C:\Windows\system32\pkeyhelper.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000774144 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000773208 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000764928 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000750592 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000747536 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000741688 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_StorageSense.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000729088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000703488 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000680184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000676352 _____ (Microsoft Corporation) C:\Windows\system32\sud.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000667664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 000664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000661264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000652088 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sud.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000638480 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000629248 _____ (Microsoft Corporation) C:\Windows\system32\AssignedAccessManager.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000613376 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000604344 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000596992 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000595968 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000591160 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000590336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActivationManager.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000588816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 000579072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 000575488 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000574464 _____ (Microsoft Corporation) C:\Windows\system32\wpnprv.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000553784 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000553472 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000551936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 000548864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000547328 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000542320 _____ (Microsoft Corporation) C:\Windows\system32\policymanager.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000536320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000535080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 000533504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000520704 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Notifications.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000520208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Vid.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 000514600 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000513544 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000509968 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000505640 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000495616 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000486400 _____ C:\Windows\system32\AssignedAccessCsp.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000481280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000474936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2019-11-12 20:26 - 2019-11-12 20:26 - 000473832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000465416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000462352 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000462336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmenrollengine.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000455168 _____ (Microsoft Corporation) C:\Windows\system32\upnphost.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000450632 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000445752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000435512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 000430592 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000427832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 000420864 _____ (Microsoft Corporation) C:\Windows\system32\SettingsEnvironment.Desktop.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000415760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000415744 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000408064 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000394240 _____ (Microsoft Corporation) C:\Windows\system32\Search.ProtocolHandler.MAPI2.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000389408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000385848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000383288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 000367104 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000360960 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\AcGenral.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000349184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000331264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnphost.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000324624 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\ComposableShellProxyStub.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000303104 _____ (Microsoft Corporation) C:\Windows\system32\dmenterprisediagnostics.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000292352 _____ (Microsoft Corporation) C:\Windows\system32\CapabilityAccessManager.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000284672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000281088 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.AppDefaults.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000273408 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000263360 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000262152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 000256000 _____ (Microsoft Corporation) C:\Windows\system32\wpnservice.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000249856 _____ (Gracenote, Inc.) C:\Windows\SysWOW64\gnsdk_fp.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000240640 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000226816 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_CapabilityAccess.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2019-11-12 20:26 - 2019-11-12 20:26 - 000214528 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000213304 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000201528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 000198968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spacedump.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 000198144 _____ (Microsoft Corporation) C:\Windows\system32\policymanagerprecheck.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000193336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000182784 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000180736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2019-11-12 20:26 - 2019-11-12 20:26 - 000178176 _____ (Microsoft Corporation) C:\Windows\system32\prntvpt.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\spacebridge.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000166400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spacebridge.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000164368 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000161792 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000160272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 000154624 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_AppExecutionAlias.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000152896 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ComposableShellProxyStub.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_BackgroundApps.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000141736 _____ (Microsoft Corporation) C:\Windows\system32\wldp.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prntvpt.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000138112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000132608 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 000122368 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000120352 _____ (Microsoft Corporation) C:\Windows\system32\OpenWith.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000118480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wldp.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000112168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 000111104 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000110080 _____ (Microsoft Corporation) C:\Windows\system32\WinHvPlatform.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\CapabilityAccessManagerClient.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000105832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpenWith.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000101888 _____ (Microsoft Corporation) C:\Windows\system32\CoreShellExtFramework.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000090632 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000087080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhvr.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\ApiSetHost.AppExecutionAlias.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000086840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 000086744 _____ (Microsoft Corporation) C:\Windows\system32\taskhostw.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dtdump.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000080400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2019-11-12 20:26 - 2019-11-12 20:26 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000071696 _____ (Microsoft Corporation) C:\Windows\system32\win32appinventorycsp.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CapabilityAccessManagerClient.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000068096 _____ (Microsoft Corporation) C:\Windows\system32\udhisapi.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000061480 _____ (Microsoft Corporation) C:\Windows\system32\hvhostsvc.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\AssignedAccessRuntime.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\udhisapi.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\dwm.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000047616 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AssignedAccessRuntime.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\compact.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\WiredNetworkCSP.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compact.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000038912 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000036368 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2019-11-12 20:26 - 2019-11-12 20:26 - 000023768 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000020144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nsi.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2019-11-12 20:26 - 2019-11-12 20:26 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2019-11-12 20:26 - 2019-11-12 20:26 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2019-11-12 20:26 - 2019-11-12 20:26 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2019-11-12 20:26 - 2019-11-12 20:26 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2019-11-12 20:26 - 2019-11-12 20:26 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2019-11-12 20:26 - 2019-11-12 20:26 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2019-11-12 20:26 - 2019-11-12 20:26 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2019-11-12 20:26 - 2019-11-12 20:26 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2019-11-11 20:28 - 2019-11-11 21:58 - 3539598269 _____ C:\Users\zerud\Desktop\kumatria 25.09.2015.zip
2019-11-11 20:28 - 2019-11-11 21:19 - 1689699487 _____ C:\Users\zerud\Desktop\Cosmic Party Report.zip
2019-11-10 20:13 - 2019-11-10 20:13 - 000000000 ____D C:\Users\zerud\AppData\Local\AbzuGame
2019-11-10 17:39 - 2019-11-10 17:39 - 000000000 ____D C:\Users\zerud\AppData\Local\TheChase
2019-11-10 17:25 - 2019-11-10 17:26 - 028290000 _____ (AMD Inc.) C:\Users\zerud\Downloads\radeon-software-adrenalin-2019-19.11.1-minimalsetup-191104_64bit.exe
2019-11-10 17:22 - 2019-11-10 17:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AORUS
2019-11-10 17:21 - 2019-11-10 17:21 - 000003464 _____ C:\Windows\system32\Tasks\Launcher GIGABYTE AORUS GRAPHICS ENGINE
2019-11-10 17:21 - 2019-11-10 17:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2019-11-10 13:34 - 2019-11-10 13:34 - 034800121 _____ C:\Users\zerud\Desktop\VID_20191110_132952.mp4
2019-11-10 13:25 - 2019-11-10 13:25 - 000000430 _____ C:\Users\zerud\Desktop\new 6.txt
2019-11-09 00:43 - 2019-11-09 00:43 - 000000000 ____D C:\Users\zerud\AppData\Local\QUBE
2019-11-09 00:33 - 2019-11-09 00:33 - 000000000 ____D C:\Users\zerud\AppData\Local\nuclearthrone
2019-11-08 00:08 - 2019-11-08 00:08 - 000000261 _____ C:\Users\zerud\Desktop\Nuclear Throne.url
2019-11-07 22:43 - 2019-11-07 22:43 - 007976792 _____ (Tim Kosse) C:\Users\zerud\Downloads\FileZilla_3.45.1_win64-setup.exe
2019-11-07 17:12 - 2019-11-07 17:12 - 000064704 _____ C:\Users\zerud\Desktop\received_435646610426763.jpeg
2019-11-07 17:04 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2019-11-07 17:04 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2019-11-07 17:04 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2019-11-07 17:04 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2019-11-07 17:04 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2019-11-07 17:04 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2019-11-07 17:04 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2019-11-07 17:04 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2019-11-07 17:04 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2019-11-07 17:04 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2019-11-07 17:04 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2019-11-07 17:04 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2019-11-07 17:04 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2019-11-07 17:04 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2019-11-07 17:04 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2019-11-07 17:04 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2019-11-07 17:04 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2019-11-07 17:04 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2019-11-07 17:04 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2019-11-07 17:04 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2019-11-07 17:04 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2019-11-07 17:04 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2019-11-07 17:04 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2019-11-07 17:04 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2019-11-07 17:04 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2019-11-07 17:04 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2019-11-07 17:04 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2019-11-07 17:04 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2019-11-07 17:04 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2019-11-07 17:04 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2019-11-07 17:04 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2019-11-07 17:04 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2019-11-07 17:04 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2019-11-07 17:04 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2019-11-07 17:04 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2019-11-07 17:04 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2019-11-07 17:04 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2019-11-07 17:04 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2019-11-07 17:04 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2019-11-07 17:04 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2019-11-07 17:04 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2019-11-07 17:04 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2019-11-07 17:04 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2019-11-07 17:04 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2019-11-07 17:04 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2019-11-07 17:04 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2019-11-07 17:04 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2019-11-07 17:04 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2019-11-07 17:04 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2019-11-07 17:04 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2019-11-07 17:04 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2019-11-07 17:04 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2019-11-07 17:04 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2019-11-07 17:04 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2019-11-07 17:04 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2019-11-07 17:04 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2019-11-07 17:04 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2019-11-07 17:04 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2019-11-07 17:04 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2019-11-07 17:04 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2019-11-07 17:04 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2019-11-07 17:04 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2019-11-07 17:04 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2019-11-07 17:04 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2019-11-07 17:04 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2019-11-07 17:04 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2019-11-07 17:04 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2019-11-07 17:04 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2019-11-07 17:03 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2019-11-07 17:03 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2019-11-07 17:03 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2019-11-07 17:03 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2019-11-07 17:03 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2019-11-07 17:03 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2019-11-07 17:03 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2019-11-07 17:03 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2019-11-07 17:03 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2019-11-07 17:03 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2019-11-07 17:03 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2019-11-07 17:03 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2019-11-07 17:03 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2019-11-07 17:03 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2019-11-07 17:03 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2019-11-07 17:03 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2019-11-07 17:03 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2019-11-07 17:03 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2019-11-07 17:03 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2019-11-07 17:03 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2019-11-07 17:03 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2019-11-07 17:03 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2019-11-07 17:03 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2019-11-07 17:03 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2019-11-07 17:03 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2019-11-07 17:03 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2019-11-07 17:03 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2019-11-07 17:03 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2019-11-07 17:03 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2019-11-07 17:03 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2019-11-07 17:03 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2019-11-07 17:03 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2019-11-07 17:03 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2019-11-07 17:03 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2019-11-07 17:03 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2019-11-07 17:03 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2019-11-07 17:03 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2019-11-07 17:03 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2019-11-07 17:03 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2019-11-07 17:03 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2019-11-07 17:03 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2019-11-07 17:03 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2019-11-07 17:03 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2019-11-07 17:03 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2019-11-07 17:03 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2019-11-07 17:03 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2019-11-07 17:03 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2019-11-07 17:03 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2019-11-07 17:03 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2019-11-07 17:03 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2019-11-07 17:03 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2019-11-07 17:03 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2019-11-07 17:03 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2019-11-07 17:03 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2019-11-07 17:03 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2019-11-07 17:03 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2019-11-07 17:03 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2019-11-07 17:03 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2019-11-07 17:03 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2019-11-07 17:03 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2019-11-07 17:03 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2019-11-07 17:03 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2019-11-07 17:03 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2019-11-07 17:03 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2019-11-07 17:03 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2019-11-07 17:03 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2019-11-07 17:03 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2019-11-07 17:03 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2019-11-07 17:03 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2019-11-07 17:03 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2019-11-07 17:03 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2019-11-07 17:03 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2019-11-07 17:03 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2019-11-07 17:03 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2019-11-07 17:03 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2019-11-07 17:03 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2019-11-07 17:03 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2019-11-07 17:03 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2019-11-07 17:03 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2019-11-07 17:03 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2019-11-07 17:03 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2019-11-07 17:03 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2019-11-07 17:03 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2019-11-07 17:03 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2019-11-07 17:03 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2019-11-07 17:03 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2019-11-07 17:03 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2019-11-07 17:03 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2019-11-07 17:03 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2019-11-07 17:03 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2019-11-07 17:03 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2019-11-07 17:03 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2019-11-07 17:03 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2019-11-07 17:03 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2019-11-07 17:03 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2019-11-07 17:03 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2019-11-07 17:03 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2019-11-07 17:03 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2019-11-07 17:03 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2019-11-07 17:03 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2019-11-07 17:03 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2019-11-07 17:03 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2019-11-07 17:03 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2019-11-07 17:03 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2019-11-07 17:03 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2019-11-07 17:03 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2019-11-07 17:03 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2019-11-07 17:03 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2019-11-07 17:03 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2019-11-07 17:03 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2019-11-07 16:46 - 2019-11-07 16:46 - 000000000 ____D C:\Users\zerud\AppData\Roaming\Doublefine
2019-11-06 00:19 - 2019-11-06 00:19 - 000000000 ____D C:\Users\zerud\AppData\LocalLow\David OReilly
2019-11-06 00:12 - 2019-11-06 00:12 - 000000252 _____ C:\Users\zerud\Desktop\Costume Quest.url
2019-11-03 20:31 - 2019-11-03 20:32 - 133102855 _____ C:\Users\zerud\Desktop\MOV_0069.MP4
2019-11-03 20:31 - 2019-11-03 20:31 - 058965124 _____ C:\Users\zerud\Desktop\VID_20181003_114646.mp4
2019-11-03 20:30 - 2019-11-03 20:34 - 1875473691 _____ C:\Users\zerud\Desktop\Spiridusii ora 9.30 data 28.mp4
2019-10-25 20:54 - 2019-10-25 20:54 - 000000000 ____D C:\Users\zerud\AppData\Local\Indiana
2019-10-25 20:53 - 2019-10-25 20:53 - 000000716 _____ C:\Users\Public\Desktop\The Outer Worlds.lnk
2019-10-25 20:53 - 2019-10-25 20:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Outer Worlds
2019-10-23 21:39 - 2019-10-23 21:39 - 000000649 _____ C:\Users\zerud\Documents\3.cpu1

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-18 21:47 - 2019-08-23 21:18 - 000001108 _____ C:\Users\Public\Desktop\My LastPass Vault.lnk
2019-11-18 21:47 - 2019-04-14 19:11 - 000003818 _____ C:\Windows\system32\Tasks\LastPassUpdater
2019-11-18 21:47 - 2019-04-14 19:11 - 000000000 ____D C:\Program Files (x86)\LastPass
2019-11-18 21:47 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\AppReadiness
2019-11-18 21:45 - 2019-10-01 21:34 - 000003112 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2019-11-18 21:45 - 2018-10-12 20:04 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-11-18 21:45 - 2018-10-12 15:29 - 000000000 ____D C:\Users\Все пользователи\Veeam
2019-11-18 21:45 - 2018-10-12 15:29 - 000000000 ____D C:\ProgramData\Veeam
2019-11-18 21:45 - 2018-10-12 15:09 - 000000000 ____D C:\Program Files (x86)\Steam
2019-11-18 21:45 - 2018-10-12 14:37 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-18 21:45 - 2018-09-15 09:33 - 000000000 ____D C:\Users\Все пользователи\regid.1991-06.com.microsoft
2019-11-18 21:45 - 2018-09-15 09:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-11-18 00:33 - 2018-09-15 08:09 - 000524288 _____ C:\Windows\system32\config\BBI
2019-11-18 00:32 - 2018-10-12 18:13 - 000000000 ____D C:\Users\zerud\AppData\Roaming\Origin
2019-11-18 00:32 - 2018-10-12 18:10 - 000000000 ____D C:\Users\Все пользователи\Origin
2019-11-18 00:32 - 2018-10-12 18:10 - 000000000 ____D C:\ProgramData\Origin
2019-11-17 23:26 - 2018-10-12 20:17 - 000000000 ____D C:\Users\zerud\AppData\Roaming\vlc
2019-11-17 23:20 - 2019-03-30 15:46 - 000007597 _____ C:\Users\zerud\AppData\Local\Resmon.ResmonCfg
2019-11-17 22:31 - 2018-10-12 20:12 - 000000000 ____D C:\Users\zerud\AppData\Roaming\TeraCopy
2019-11-17 21:08 - 2018-10-12 20:18 - 000000000 ____D C:\Users\zerud\AppData\Roaming\AIMP
2019-11-17 21:06 - 2018-10-12 19:40 - 000000000 ____D C:\Users\zerud\AppData\Local\D3DSCache
2019-11-17 20:57 - 2018-10-12 14:37 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-11-17 17:34 - 2018-10-12 14:48 - 001753388 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-17 17:34 - 2018-09-15 18:44 - 000770744 _____ C:\Windows\system32\perfh019.dat
2019-11-17 17:34 - 2018-09-15 18:44 - 000151892 _____ C:\Windows\system32\perfc019.dat
2019-11-17 17:34 - 2018-09-15 09:31 - 000000000 ____D C:\Windows\INF
2019-11-17 17:30 - 2018-10-12 15:08 - 000000000 ____D C:\Users\zerud\AppData\LocalLow\AMD
2019-11-17 17:26 - 2019-10-01 21:30 - 000003304 _____ C:\Windows\system32\Tasks\StartCNBM
2019-11-17 17:26 - 2018-10-12 19:28 - 000000000 ____D C:\Program Files (x86)\AMD
2019-11-17 17:26 - 2018-10-12 14:50 - 000000000 ____D C:\Program Files\AMD
2019-11-17 17:25 - 2018-10-12 14:57 - 000000000 ____D C:\Users\zerud\AppData\Local\AMD
2019-11-17 17:16 - 2018-10-12 19:41 - 000000060 _____ C:\Users\Все пользователи\SoftwareUpdateTemp.xml
2019-11-17 17:16 - 2018-10-12 19:41 - 000000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2019-11-17 17:15 - 2019-09-16 21:48 - 000000000 ____D C:\AMD
2019-11-16 22:16 - 2019-10-17 20:57 - 000001124 _____ C:\Users\zerud\Desktop\mp3DirectCut.lnk
2019-11-16 22:16 - 2019-10-04 23:09 - 000001023 _____ C:\Users\Public\Desktop\3DMark.lnk
2019-11-16 22:16 - 2019-09-20 20:57 - 000002219 _____ C:\Users\Public\Desktop\AMD Ryzen Master.lnk
2019-11-16 22:16 - 2019-09-19 20:58 - 000000897 _____ C:\Users\zerud\Desktop\HWiNFO64.lnk
2019-11-16 22:16 - 2019-09-19 17:53 - 000001110 _____ C:\Users\Public\Desktop\GOG Galaxy.lnk
2019-11-16 22:16 - 2019-08-27 13:12 - 000002115 _____ C:\Users\Public\Desktop\КОМПАС-3D v17.lnk
2019-11-16 22:16 - 2019-08-17 16:39 - 000001242 _____ C:\Users\zerud\Desktop\Command Center.lnk
2019-11-16 22:16 - 2019-07-18 20:56 - 000000907 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-11-16 22:16 - 2019-04-16 21:06 - 000001379 _____ C:\Users\Public\Desktop\Skype.lnk
2019-11-16 22:16 - 2019-04-13 18:19 - 000002240 _____ C:\Users\zerud\Desktop\Epson Easy Photo Print.lnk
2019-11-16 22:16 - 2019-04-13 18:19 - 000001003 _____ C:\Users\zerud\Desktop\EPSON Scan.lnk
2019-11-16 22:16 - 2019-03-26 22:26 - 000001019 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2019-11-16 22:16 - 2018-12-31 17:07 - 000001016 _____ C:\Users\zerud\Desktop\Acrylic Wi-Fi Professional.lnk
2019-11-16 22:16 - 2018-12-08 19:53 - 000001028 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk
2019-11-16 22:16 - 2018-11-16 18:58 - 000001027 _____ C:\Users\zerud\Desktop\Viber.lnk
2019-11-16 22:16 - 2018-11-07 22:46 - 000001040 _____ C:\Users\Public\Desktop\VueScan x64.lnk
2019-11-16 22:16 - 2018-10-12 20:18 - 000000964 _____ C:\Users\Public\Desktop\AIMP.lnk
2019-11-16 22:16 - 2018-10-12 20:17 - 000000960 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-11-16 22:16 - 2018-10-12 19:13 - 000002099 _____ C:\Users\Public\Desktop\MSI APP Manager.lnk
2019-11-16 22:16 - 2018-10-12 15:16 - 000001794 _____ C:\Users\zerud\Desktop\Scans.lnk
2019-11-16 21:57 - 2018-10-25 21:07 - 000000000 ____D C:\Program Files (x86)\Origin
2019-11-16 21:36 - 2019-08-30 20:43 - 000000000 ____D C:\Users\zerud\AppData\Roaming\NZXT CAM
2019-11-16 16:27 - 2018-02-23 21:34 - 000000000 ____D C:\Program Files\Mailbird
2019-11-16 16:26 - 2018-10-12 17:46 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-11-16 00:43 - 2018-10-12 17:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2019-11-16 00:43 - 2018-10-12 17:47 - 000000000 ____D C:\MSI
2019-11-15 22:50 - 2018-09-15 09:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-11-14 19:04 - 2018-11-16 18:58 - 000000000 ____D C:\Users\zerud\AppData\Roaming\ViberPC
2019-11-14 19:03 - 2018-10-12 15:16 - 000000000 ____D C:\Users\zerud\Documents\ViberDownloads
2019-11-14 18:56 - 2018-12-22 18:40 - 000000000 ____D C:\Users\Все пользователи\LogiShrd
2019-11-14 18:56 - 2018-12-22 18:40 - 000000000 ____D C:\ProgramData\LogiShrd
2019-11-14 18:56 - 2018-12-22 18:37 - 000000000 ____D C:\Users\zerud\AppData\Roaming\Logishrd
2019-11-14 14:57 - 2019-09-30 15:06 - 000382168 _____ C:\Windows\SysWOW64\GameManager32.dll
2019-11-14 14:57 - 2019-09-30 15:06 - 000020392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2019-11-14 14:56 - 2019-10-07 14:45 - 001243560 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2019-11-14 14:56 - 2019-09-30 15:06 - 001714600 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2019-11-13 22:19 - 2018-10-12 21:22 - 000748816 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-11-13 22:10 - 2018-10-12 14:47 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-11-13 22:10 - 2018-10-12 14:47 - 000000000 ___RD C:\Users\zerud\3D Objects
2019-11-13 22:09 - 2018-10-12 14:37 - 000364000 _____ C:\Windows\system32\FNTCACHE.DAT
2019-11-13 00:22 - 2018-09-15 09:33 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2019-11-13 00:22 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-11-13 00:22 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\system32\oobe
2019-11-13 00:22 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\system32\appraiser
2019-11-13 00:22 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\ShellExperiences
2019-11-13 00:22 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-11-13 00:22 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\bcastdvr
2019-11-13 00:22 - 2018-09-15 08:09 - 000000000 ____D C:\Windows\system32\Dism
2019-11-12 23:07 - 2019-10-02 21:26 - 000000142 _____ C:\Users\zerud\Documents\3.sfsm
2019-11-12 21:10 - 2018-10-12 15:08 - 000002297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-12 20:33 - 2018-12-08 19:53 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-11-12 20:33 - 2018-10-12 20:06 - 000000000 ____D C:\Users\zerud\AppData\Local\TeamViewer
2019-11-12 20:30 - 2018-10-12 17:03 - 000000000 ____D C:\Windows\system32\MRT
2019-11-12 20:27 - 2018-10-12 17:03 - 128443096 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-11-12 20:27 - 2018-09-15 09:23 - 000000000 ____D C:\Windows\CbsTemp
2019-11-12 20:22 - 2018-10-12 20:04 - 000000000 ____D C:\Users\zerud\AppData\Roaming\TeamViewer
2019-11-10 17:38 - 2018-10-12 15:48 - 000000000 ____D C:\Users\zerud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-11-10 17:21 - 2019-09-20 22:14 - 000000000 ____D C:\Program Files (x86)\GIGABYTE
2019-11-10 14:10 - 2018-10-12 20:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2019-11-07 22:54 - 2019-09-19 17:53 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2019-11-07 22:45 - 2018-10-17 23:19 - 000000000 ____D C:\Users\zerud\AppData\Roaming\FileZilla
2019-11-07 22:43 - 2018-10-17 23:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2019-11-07 22:43 - 2018-10-17 23:19 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2019-11-07 22:34 - 2018-10-12 17:59 - 000059888 _____ (REALiX) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2019-11-07 22:34 - 2018-10-12 17:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2019-11-07 22:34 - 2018-10-12 17:58 - 000000000 ____D C:\Program Files\HWiNFO64
2019-11-07 17:04 - 2019-02-08 21:33 - 000000816 _____ C:\Users\Public\Desktop\Apex Legends.lnk
2019-11-05 21:04 - 2018-10-12 15:07 - 000003490 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-11-05 21:04 - 2018-10-12 15:07 - 000003366 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-11-05 21:04 - 2018-10-12 15:07 - 000000000 ____D C:\Program Files (x86)\Google
2019-11-04 22:35 - 2019-04-13 21:41 - 000000000 ____D C:\Users\zerud\AppData\Roaming\Telegram Desktop
2019-11-04 17:29 - 2019-10-07 14:45 - 001243560 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\SETEAE4.tmp
2019-11-04 17:29 - 2019-09-30 15:06 - 001714624 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\SETE928.tmp
2019-11-04 17:29 - 2019-09-30 15:06 - 000382376 _____ C:\Windows\SysWOW64\SETEA88.tmp
2019-11-04 17:29 - 2019-09-30 15:06 - 000020608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SETEA50.tmp
2019-11-03 20:19 - 2018-10-15 19:59 - 000000000 ____D C:\Users\zerud\AppData\Local\Downloaded Installations
2019-11-03 20:19 - 2018-10-12 17:47 - 000000000 ____D C:\Program Files (x86)\MSI
2019-11-03 20:13 - 2018-10-12 19:56 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2881313420-551894818-2833485957-1001
2019-11-03 20:13 - 2018-10-12 19:56 - 000000000 ___RD C:\Users\zerud\OneDrive
2019-11-03 20:13 - 2018-10-12 14:45 - 000002411 _____ C:\Users\zerud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-11-03 20:05 - 2018-10-12 14:37 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-10-23 21:39 - 2019-05-18 21:46 - 000000651 _____ C:\Users\zerud\Documents\1.cpu1
2019-10-23 21:31 - 2019-01-13 17:38 - 000000000 ____D C:\Users\zerud\Documents\CardRecovery
2019-10-23 20:19 - 2018-10-12 14:45 - 000000000 ____D C:\Users\zerud
2019-10-21 20:50 - 2018-10-16 21:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mailbird
2019-10-21 20:49 - 2018-11-08 22:02 - 000000000 ____D C:\Users\zerud\AppData\Roaming\Mailbird

==================== Files in the root of some directories ========

2003-09-08 15:53 - 2003-09-08 15:53 - 000000000 ____H () C:\ProgramData\sdpsenv.dat
2003-09-08 15:53 - 2003-09-08 15:53 - 000000000 ____H () C:\Users\Все пользователи\sdpsenv.dat
2018-11-20 23:57 - 2018-11-21 00:09 - 000003584 _____ () C:\Users\zerud\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-01-02 23:39 - 2019-01-02 23:47 - 000007064 _____ () C:\Users\zerud\AppData\Local\digikamrc
2019-03-30 15:46 - 2019-11-17 23:20 - 000007597 _____ () C:\Users\zerud\AppData\Local\Resmon.ResmonCfg
2018-10-12 18:04 - 2018-10-12 18:04 - 000000003 _____ () C:\Users\zerud\AppData\Local\updater.log
2018-10-12 18:04 - 2018-10-12 18:40 - 000000425 _____ () C:\Users\zerud\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2019
Ran by zerud (18-11-2019 21:50:09)
Running from C:\Users\zerud\Desktop
Windows 10 Enterprise Version 1809 17763.864 (X64) (2018-10-12 12:41:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

DefaultAccount (S-1-5-21-2881313420-551894818-2833485957-503 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2881313420-551894818-2833485957-504 - Limited - Disabled)
zerud (S-1-5-21-2881313420-551894818-2833485957-1001 - Administrator - Enabled) => C:\Users\zerud
Администратор (S-1-5-21-2881313420-551894818-2833485957-500 - Administrator - Disabled)
Гость (S-1-5-21-2881313420-551894818-2833485957-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM\...\{793A6554-A614-46E2-8381-EE34BC9F7F60}) (Version: 2.10.6799.0 - UL) Hidden
3DMark (HKLM-x32\...\{8ffabc1c-e7a8-4b49-b024-1eab1a3b562c}) (Version: 2.10.6799.0 - UL)
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Acrylic Wi-Fi Professional v3.0 (HKU\S-1-5-21-2881313420-551894818-2833485957-1001\...\{FBD2EDDA-2B1B-49A2-9147-99CBCC5F10E5}_is1) (Version: 3.0 - Tarlogic Security S.L.)
AIMP (HKLM-x32\...\AIMP) (Version: v4.51.2084, 01.12.2018 - AIMP DevTeam)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.0.246 - Amazon)
AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 2.0.2.1271 - Advanced Micro Devices, Inc.)
AMD Ryzen Master SDK (HKLM\...\{DBD50508-5F75-416B-995D-C42433A00944}) (Version: 2.1.0.1236 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.11.2 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{D8561EEF-2B90-4BDB-B197-16E96924E6AA}) (Version: 1.7.29.0115 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 1.7.29.0115 - Advanced Micro Devices, Inc.)
AOMEI Partition Assistant Technician Edition 5.6 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF3D3}_is1) (Version: - AOMEI Technology Co., Ltd.)
AORUS ENGINE (HKLM-x32\...\AORUS ENGINE_is1) (Version: 1.7.3.0 - GIGABYTE Technology Co.,Inc.)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.2.4 - Electronic Arts, Inc.)
Backup and Sync from Google (HKLM\...\{93EBD8BA-7A14-4636-8F1F-E929ADF2C3A9}) (Version: 3.47.7654.0300 - Google, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
CardRecovery 6.10 (HKLM-x32\...\{88D68A69-D247-466B-90DD-575F6BE16230}_is1) (Version: - WinRecovery Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.60 - Piriform)
Cheat Engine 6.8.3 (HKLM\...\Cheat Engine 6.8.3_is1) (Version: - Cheat Engine)
Control (HKLM-x32\...\Control_is1) (Version: - torrent-igruha.org)
CPUID CPU-Z MSI 1.86 (HKLM\...\CPUID CPU-Z MSI_is1) (Version: 1.86 - CPUID, Inc.)
CPUID HWMonitor 1.40 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.40 - CPUID, Inc.)
Discord (HKU\S-1-5-21-2881313420-551894818-2833485957-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 85.4.155 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden
EaseUS Partition Master 12.9 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: 12.9 - lrepacks.ru)
EaseUS Partition Master Unlimited (HKLM\...\{150C0A2F-3B9B-419C-8135-423BE38A0C06}_is1) (Version: 13.5 - EaseUS)
ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 2.0.8 - ENE TECHNOLOGY INC.) Hidden
ENE RGB HAL (HKLM\...\{87316426-A33E-41E9-942B-968E928A9A47}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{9f93601b-15ea-4e69-8d7c-dfa0f29ae04e}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{1CD178C9-BB49-4E59-9DA6-3C152E2A9844}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{fe81cfd3-9db4-409d-b0f9-26707d1423c6}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32\...\{A1B90F92-F861-485D-B03A-3A071A8D13C0}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{F05A434E-D3CF-4B44-9D3E-779D42090781}) (Version: 2.8.0.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{0854CD22-DF5E-4587-B977-6FC9DB57B63D}) (Version: 4.5.0 - Seiko Epson Corporation)
EVERSPACE (HKLM-x32\...\EVERSPACE_is1) (Version: - )
FileZilla Client 3.45.1 (HKLM-x32\...\FileZilla Client) (Version: 3.45.1 - Tim Kosse)
Foxit PhantomPDF (HKLM-x32\...\{430E16F4-C1F7-11E8-A5E9-000C296BF2A5}) (Version: 9.3.0.10826 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.6.0.25114 - Foxit Software Inc.)
Futuremark SystemInfo (HKLM-x32\...\{3324DFF8-F84D-4761-94B2-B30610FC987F}) (Version: 5.21.735.0 - Futuremark)
Geeks3D FurMark 1.20.8.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.97 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
HWiNFO64 Version 6.14 (HKLM\...\HWiNFO64_is1) (Version: 6.14 - Martin Malik - REALiX)
Imaging Edge (Remote/Viewer/Edit) (HKLM\...\{5B49EE2C-967E-4DFB-9294-8A40C652A78B}) (Version: 1.3.01.09120 - Sony Imaging Products & Solutions, Inc.)
IP-TV Player 49.3 (HKLM-x32\...\IP-TV_Player) (Version: 49.3 - ADSL Club Co Ltd)
Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
LastPass (HKLM-x32\...\{2003C320-BA2F-4998-991C-8E919CA7DDB5}) (Version: 4.36.1.1328 - LogMeIn)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Mailbird (HKLM\...\{CCB734DD-3977-466D-9E46-08243761EB1B}) (Version: 2.7.0 - Mailbird)
MergeModule_x64 (HKLM\...\{12DCC5A7-0100-4433-B4FF-217A3C5DC83B}) (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (HKLM-x32\...\{42251A8D-C4AE-4D3B-8A50-948CB98A0969}) (Version: 10.5.00 - Sony Corporation) Hidden
Microsoft Office профессиональный плюс 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2881313420-551894818-2833485957-1001\...\OneDriveSetup.exe) (Version: 19.174.0902.0013 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{C18B132E-4032-4425-826A-24B1CA9DFF0C}) (Version: 11.4.7001.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{7ED2561C-FBC2-421E-A2B5-C7BEFD623145}) (Version: 11.4.7001.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{CECCBAE9-1880-411E-9D28-8E562F6DAAE2}) (Version: 11.4.7001.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
MiniTool ShadowMaker (HKLM-x32\...\MT-75D7C412-925B-4AD0-90DC-5E4FEE22EAE1_is1) (Version: 3.1 - MiniTool)
Movavi Video Editor 15 Plus (HKU\S-1-5-21-2881313420-551894818-2833485957-1001\...\Movavi Video Editor 15 Plus) (Version: 15.1.0 - Movavi)
MSI APP Manager (HKLM-x32\...\{00F47104-12BA-4E58-A7E6-F456C1BA338E}}_is1) (Version: 1.0.0.32 - MSI)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 3.0.0.99 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.63 - MSI)
MSI MysticLight (HKLM-x32\...\{93874B70-6C5E-446A-AF4D-E5AC776A0386}}_is1) (Version: 3.0.0.66 - MSI)
MSI X Boost (HKLM-x32\...\{515143BB-7A11-4D85-B941-D520AAAA099C}_is1) (Version: 1.0.0.46 - MSI)
MyHomeLib v.2.3 (HKLM-x32\...\{B9B6C409-01CB-4AB6-8E4F-403B49A25B56}_is1) (Version: - )
NAS Starter Utility (HKLM-x32\...\NAS Starter Utility) (Version: - ZyXEL)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.1 - Vitalwerks Internet Solutions LLC)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.7.1 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NZXT CAM 4.0.13 (HKLM\...\ac0666ae-ee66-5310-ac01-9d6348133b2d) (Version: 4.0.13 - NZXT, Inc.)
ONINAKI (HKU\S-1-5-21-2881313420-551894818-2833485957-1001\...\ONINAKI) (Version: - HOODLUM)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Oracle VM VirtualBox 6.0.8 (HKLM\...\{C549898A-9AA8-4CF6-8290-EF5DB8ECA766}) (Version: 6.0.8 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.55.33574 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Patriot Viper M2 SSD RGB (HKLM\...\{0886A906-0625-4A43-930D-AA92F6665AF4}) (Version: 1.00.00 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{0edb50a3-501b-40f9-b197-0d143fdef576}) (Version: 1.00.00 - Patriot Memory)
Philips SPC530NC Webcam (HKLM-x32\...\{C0F89603-69E7-4408-8D9C-35256481D785}) (Version: 1.00.000 - Philips)
Photos2Folders version 0.4 (HKLM-x32\...\{FED74376-0983-4D85-99A1-3380E0863EB9}_is1) (Version: 0.4 - Acrojax Solutions Inc.)
PMB_ModeEditor (HKLM-x32\...\{E95982CA-945F-41F2-B156-A603897AB242}) (Version: 10.3.00 - Sony Corporation) Hidden
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 - Advanced Micro Devices, Inc.) Hidden
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.3.1 r3321 - Rainmeter)
RAMMon (HKLM\...\{D0E36B69-687C-43B3-93BA-5E4B6E531023}_is1) (Version: - PassMark Software)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.10.6 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.24.10 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.35.510.2019 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8351 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0269 - REALTEK Semiconductor Corp.)
RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.19.0917.1 - GIGABYTE)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.3.1.2010 - Samsung Electronics)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
SD Card Formatter (HKLM-x32\...\{A61131DC-B92D-4AD8-A925-E2D6D5FE217C}) (Version: 5.0.1 - SD Association)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Skype, версия 8.53 (HKLM-x32\...\Skype_is1) (Version: 8.53 - Skype Technologies S.A.)
Sony RAW Driver (HKLM-x32\...\{166FCF01-AC98-4288-A01C-90BEB808C059}) (Version: 2.0.00.08130 - Sony Corporation)
StartIsBack++ (HKLM-x32\...\StartIsBack) (Version: 2.8.5 - startisback.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.7.1965 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Telegram Desktop version 1.8.15 (HKU\S-1-5-21-2881313420-551894818-2833485957-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.8.15 - Telegram FZ-LLC)
TeraCopy version 3.3 beta (HKLM\...\TeraCopy_is1) (Version: 3.3 beta - Code Sector)
The Outer Worlds (HKLM-x32\...\The Outer Worlds_is1) (Version: - torrent-igruha.org)
UBitMenu RU (HKLM-x32\...\{B5FF6D40-F83D-4fa7-A264-AB5038B847F9}_is1) (Version: 01.04 - UBit Schweiz AG)
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 3.5.0.0 - Manuel Hoefs (Zottel))
Veeam Agent for Microsoft Windows (HKLM\...\{E3CBA089-8F1B-4275-B865-5082DE85D6F9}) (Version: 3.0.2.1170 - Veeam Software Group GmbH)
Viber (HKLM-x32\...\{6CB3CA37-2A07-43D8-96F6-9E512E4E82C6}) (Version: 9.8.5.7 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-2881313420-551894818-2833485957-1001\...\{9571e578-1020-4bf7-af69-115ab1bd32ab}) (Version: 9.8.5.7 - Viber Media Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
VueScan x64 (HKLM\...\VueScan x64) (Version: - )
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
Засоби перевірки правопису Microsoft Office 2016 – українська (HKLM-x32\...\{90160000-001F-0422-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
КОМПАС-3D v17.1 x64 (HKLM\...\{814ECA5C-ADA1-4CA3-ACB3-195856E146D9}) (Version: 17.1.0 - АСКОН)
Отмена установки принтера EPSON L222 Series (HKLM\...\EPSON L222 Series) (Version: - SEIKO EPSON Corporation)
Пакет драйверов Windows - Corsair Components, Inc. (SIUSBXP) USB (07/14/2017 3.3) (HKLM\...\A2206C09905C467F30CB24DCBB49F056D7F0A290) (Version: 07/14/2017 3.3 - Corsair Components, Inc.)
Пакет драйверов Windows - Hewlett-Packard Image (12/28/2006 8.0.0.0) (HKLM\...\4C806F98217A7FD4E853F458FF399F052625F21C) (Version: 12/28/2006 8.0.0.0 - Hewlett-Packard)
Средства проверки правописания Microsoft Office 2016 — русский (HKLM-x32\...\{90160000-001F-0419-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

Packages:
=========
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [2019-11-15] (Dolby Laboratories)
LastPass -> C:\Program Files\WindowsApps\LastPass.LastPass_3.0.7.0_x64__sbg7naapqq8fj [2019-07-18] (LastPass)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-27] (Microsoft Corporation) [MS Ad]
Nahimic -> C:\Program Files\WindowsApps\A-Volute.Nahimic_1.3.6.0_x64__w2gh52qy24etm [2019-11-03] (A-Volute)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.181.0_x64__dt26b99r8h8gj [2019-08-07] (Realtek Semiconductor Corp)
Transmission Client -> C:\Program Files\WindowsApps\AdviseSolutionsiGoteborgA.TransmissionClient_0.9.3.0_x64__0ff2ygrw5sx1m [2019-05-26] (Advise Solutions i Goteborg AB)
Почта и Календарь -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe [2019-11-06] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2881313420-551894818-2833485957-1001_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0xEF676B658465D401FD25AC54D930D501DB0000006201000000000000 => No File
CustomCLSID: HKU\S-1-5-21-2881313420-551894818-2833485957-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => E:\admin\Dropbox [2017-02-07 12:23]
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-10-24] (Google LLC -> Google)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2019-06-17] (Notepad++ -> )
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2018-09-26] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2019-06-28] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-10-24] (Google LLC -> Google)
ContextMenuHandlers1: [TakeOwnershipMenu] -> {659E506B-0AC2-410E-A94C-A326FF199883} => C:\Program Files (x86)\TakeOwnershipPro\TakeOwnershipPro_x64.dll [2017-08-07] (Top Password Software,Inc. -> TODO: ) [File not signed]
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
ContextMenuHandlers1: [WinMerge] -> [CC]{4E716236-AA30-4C65-B225-D68BBA81E9C2} => -> No File
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
ContextMenuHandlers2: [WinMerge] -> [CC]{4E716236-AA30-4C65-B225-D68BBA81E9C2} => -> No File
ContextMenuHandlers3: [sTKContextMenu] -> {90DD7445-E924-4c6e-92AC-01F8C3A7E0C7} => C:\Program Files (x86)\Amazon\SendToKindle\stkContextMenu_246.dll [2019-02-13] (Amazon Services LLC -> Amazon.com, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-10-24] (Google LLC -> Google)
ContextMenuHandlers4: [TakeOwnershipMenu] -> {659E506B-0AC2-410E-A94C-A326FF199883} => C:\Program Files (x86)\TakeOwnershipPro\TakeOwnershipPro_x64.dll [2017-08-07] (Top Password Software,Inc. -> TODO: ) [File not signed]
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
ContextMenuHandlers4: [WinMerge] -> [CC]{4E716236-AA30-4C65-B225-D68BBA81E9C2} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2019-11-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org) [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2018-09-26] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2019-06-28] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> )
FolderExtensions: [] -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} => C:\Bonus\OldNewExplorer v1.1.8.4\OldNewExplorer64.dll [2018-10-12] (www.startisback.com) [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lame] => C:\Windows\system32\lame.ax [245760 2005-08-01] () [File not signed]
HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\system32\xvidvfw.dll [139264 2004-07-03] () [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] ( ) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\zerud\Links\Google Диск.lnk -> E:\admin\Google Диск () <==== Cyrillic
Shortcut: C:\Users\zerud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 15 Plus\Сайт Movavi Video Editor 15 Plus.lnk -> C:\Users\zerud\AppData\Roaming\Movavi Video Editor 15 Plus\Movavi Video Editor 15 Plus.url () <==== Cyrillic
Shortcut: C:\Users\zerud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 15 Plus\Удалить Movavi Video Editor 15 Plus.lnk -> C:\Users\zerud\AppData\Roaming\Movavi Video Editor 15 Plus\uninst.exe (Movavi) <==== Cyrillic
Shortcut: C:\Users\zerud\AppData\Roaming\Microsoft\Windows\SendTo\Передача файлов через Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) <==== Cyrillic
Shortcut: C:\Users\Public\Desktop\КОМПАС-3D v17.lnk -> C:\Program Files\ASCON\KOMPAS-3D v17\Bin\KOMPAS.Exe (ASCON-Design systems, LLC (Russia)) <==== Cyrillic

==================== Loaded Modules (Whitelisted) =============

2019-11-10 17:21 - 2019-08-05 13:26 - 000025088 _____ () [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\BSL430.dll
2019-11-10 17:21 - 2019-08-05 13:26 - 000225792 _____ () [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvFireware.dll
2019-05-18 23:54 - 2019-01-18 14:57 - 000094720 _____ () [File not signed] C:\Program Files (x86)\MiniTool ShadowMaker\coresync.dll
2019-06-04 19:36 - 2005-07-18 12:43 - 000160256 _____ () [File not signed] C:\Program Files (x86)\MSI\APP Manager\unrar.dll
2018-10-12 17:50 - 2005-07-18 13:43 - 000160256 _____ () [File not signed] C:\Program Files (x86)\MSI\Live Update\unrar.dll
2018-10-12 17:47 - 2017-08-02 13:48 - 000237568 _____ () [File not signed] C:\Program Files (x86)\MSI\MysticLight\LEDControl.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 003598336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-03-13 03:47 - 2018-03-13 03:47 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2018-03-13 03:47 - 2018-03-13 03:47 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll
2019-06-19 09:25 - 2019-06-19 09:25 - 000209920 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\AacHal_x86.dll
2018-03-20 13:34 - 2018-03-20 13:34 - 000265728 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\SB_SMBUS_SDK.dll
2019-06-28 09:51 - 2019-06-28 09:51 - 000184832 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE_EHD_M2_HAL\AacHal_x86.dll
2019-10-21 12:32 - 2019-11-15 22:47 - 001128960 _____ () [File not signed] C:\Program Files\Mailbird\x64\CefSharp.BrowserSubprocess.Core.dll
2019-10-21 12:31 - 2019-11-15 22:47 - 001715200 _____ () [File not signed] C:\Program Files\Mailbird\x64\CefSharp.Core.dll
2019-04-25 20:01 - 2019-04-25 20:01 - 110338560 _____ () [File not signed] C:\Program Files\Mailbird\x64\libcef.dll
2018-12-28 12:29 - 2015-03-12 05:00 - 000406528 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMLMCT.DLL
2018-12-28 12:39 - 2015-03-12 05:00 - 000409088 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMXLMCT.DLL
2019-05-18 23:54 - 2019-01-18 14:57 - 000061952 _____ (Chengdu Speed Digital Technology Co..Ltd.) [File not signed] C:\Program Files (x86)\MiniTool ShadowMaker\ChannelNetFileInfo.dll
2019-05-18 23:54 - 2019-01-18 14:57 - 000174592 _____ (Chengdu Speed Digital Technology Co..Ltd.) [File not signed] C:\Program Files (x86)\MiniTool ShadowMaker\FileInfoCommon.dll
2019-11-10 17:21 - 2019-08-05 13:27 - 002010112 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GbtCpuLib.dll
2019-11-10 17:21 - 2019-08-05 13:27 - 000155648 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\yccV2.dll
2019-04-15 16:24 - 2019-04-15 16:24 - 000155648 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\yccV2.DLL
2019-11-10 17:21 - 2019-08-16 16:46 - 000289280 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GVBIOSLib.dll
2019-11-10 17:21 - 2019-08-05 13:26 - 000628736 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvComW.dll
2019-11-10 17:21 - 2019-08-05 13:26 - 000013312 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvCrypt.dll
2019-11-10 17:21 - 2019-09-10 09:47 - 000445952 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GVDisplay.dll
2019-11-10 17:21 - 2019-08-05 13:26 - 000240640 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvIllumLib.dll
2019-11-10 17:21 - 2019-08-05 13:26 - 000218112 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvOrderLib.dll
2019-08-16 16:46 - 2019-08-16 16:46 - 000289280 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GVBIOSLib.dll
2019-09-02 11:37 - 2019-09-02 11:37 - 000445952 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GVDisplay.dll
2018-09-11 19:53 - 2018-09-11 19:53 - 000237056 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GvIllumLib.dll
2019-09-03 14:01 - 2019-09-03 14:01 - 002057728 _____ (GIGABYTE) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\AACDDR_Lib.dll
2019-08-30 21:45 - 2019-08-30 21:45 - 002057216 _____ (GIGABYTE) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\AACSSD_Lib.dll
2019-04-13 18:19 - 2019-04-13 18:19 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2018-08-30 16:26 - 2018-08-30 16:26 - 000053760 _____ (MS) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\MsIo32_Galax.dll
2018-03-02 17:51 - 2018-03-02 17:51 - 001545728 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Mailbird\x64\SQLite.Interop.dll
2019-08-27 13:13 - 2019-08-27 13:13 - 001017344 _____ (SafeNet Inc.) [File not signed] C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\haspvlib_46707.dll
2015-12-17 10:11 - 2015-12-17 10:11 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2009-10-21 16:39 - 2009-10-21 16:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
2018-10-12 18:04 - 2017-05-23 13:59 - 000494080 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.dll
2018-10-12 18:04 - 2017-05-23 13:59 - 000256000 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\uploader.dll
2019-04-25 20:01 - 2019-04-25 20:01 - 000814592 _____ (The Chromium Authors) [File not signed] C:\Program Files\Mailbird\x64\chrome_elf.dll
2019-05-18 23:55 - 2016-09-25 14:12 - 000884736 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\MiniTool ShadowMaker\sqldrivers\qsqlite.dll
2019-11-12 19:03 - 2019-11-12 19:03 - 005999104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 006413824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 001141760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 000339968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 004143104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 003840000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 000349184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 080959488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 005622272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 000190464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 002825216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2019-11-10 17:21 - 2019-08-27 13:22 - 000224256 _____ (TODO: ) [File not signed] C:\Program Files (x86)\GIGABYTE\AORUS ENGINE\GvAutoUpdate.dll
2017-10-05 15:26 - 2017-10-05 15:26 - 002247168 _____ (TODO: ) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\CRtive.dll
2018-12-08 08:22 - 2018-12-08 08:22 - 002059264 _____ (TODO: ) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GHidApi.dll
2019-09-18 15:48 - 2019-09-18 15:48 - 000433664 _____ (TODO: ) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GvLedLib.dll
2019-09-05 16:22 - 2019-09-05 16:22 - 002105344 _____ (TODO: ) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\SMBCtrl.dll
2019-05-18 23:54 - 2019-01-18 14:57 - 001482240 _____ (TODO: ) [File not signed] C:\Program Files (x86)\MiniTool ShadowMaker\core7z.dll
2017-07-24 16:36 - 2017-07-24 16:36 - 000481792 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\SDKDLL.dll
2019-08-30 16:33 - 2016-10-03 12:43 - 000399872 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\MSI\MysticLight\Lib\SDKDLL.dll
2018-10-12 14:36 - 2018-10-12 13:57 - 000253952 _____ (www.startisback.com) [File not signed] C:\Bonus\OldNewExplorer v1.1.8.4\OldNewExplorer32.dll
2018-10-12 14:36 - 2018-10-12 13:57 - 000259072 _____ (www.startisback.com) [File not signed] C:\Bonus\OldNewExplorer v1.1.8.4\OldNewExplorer64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\sdpsenv.dat:naughtypirates [322]
AlternateDataStreams: C:\Users\zerud\AppData\Local\Temp:$DATA​ [16]
AlternateDataStreams: C:\Users\Все пользователи\sdpsenv.dat:naughtypirates [322]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-02-20 14:16 - 2019-08-29 21:23 - 000001180 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Users\zerud\AppData\Local\Microsoft\WindowsApps;;C:\Program Files (x86)\AOMEI Backupper;C:\Users\zerud\AppData\Local\Microsoft\WindowsApps;C:\Users\zerud\AppData\Local\Microsoft\WindowsApps;
HKU\S-1-5-21-2881313420-551894818-2833485957-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\zerud\Pictures\1920x1080 Wallpapers\smoke_multi-colored_lines_patterns_bright_37683_1920x1080.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Update UWP App.lnk"
HKLM\...\StartupApproved\Run: => "NahimicVRSvc64"
HKLM\...\StartupApproved\Run: => "NahimicVRSvc32"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "Command Center"
HKLM\...\StartupApproved\Run32: => "NahimicVRSvc32"
HKU\S-1-5-21-2881313420-551894818-2833485957-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2881313420-551894818-2833485957-1001\...\StartupApproved\Run: => "CorsairLink4"
HKU\S-1-5-21-2881313420-551894818-2833485957-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DE8C17BB91984CA4D102599CEBFB318B"
HKU\S-1-5-21-2881313420-551894818-2833485957-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-2881313420-551894818-2833485957-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-2881313420-551894818-2833485957-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4D592908-E79D-4CB9-A954-D48EE303EB2C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{19BAA1BE-D3C7-4A14-82F5-579FFCF0805D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{BC7DB4C7-5260-4F5B-82F3-2BA81A801714}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{82A06B80-EF18-4C35-B577-569D8711723E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{C4137FDE-100B-4C35-B1D9-AE2831C5ACC9}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [uDP Query User{C512F24F-3DB1-4C7E-A836-EFFA069CC63E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{34BAB2B7-85F9-4A4D-8431-51B8047A2AD8}C:\program files\amd\cnext\cnext\radeonsettings.exe] => (Allow) C:\program files\amd\cnext\cnext\radeonsettings.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
FirewallRules: [uDP Query User{8D6DD9BB-0643-4037-9EC2-508F177557CA}C:\program files\amd\cnext\cnext\radeonsettings.exe] => (Allow) C:\program files\amd\cnext\cnext\radeonsettings.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
FirewallRules: [{D6CD349B-D444-4A14-91C3-45BDACCCFDB7}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0196577E-A4A9-4B3F-A400-E7DD013197BE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{14F41AA5-5B4B-409E-8595-B0E62F8975A1}F:\origin\download cache\apex\r5apex.exe] => (Allow) F:\origin\download cache\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [uDP Query User{67915188-8472-4DAE-9910-05FA125FBCF6}F:\origin\download cache\apex\r5apex.exe] => (Allow) F:\origin\download cache\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [TCP Query User{190CC410-683D-4C9A-910A-918D89FD540C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [uDP Query User{45629346-D0E2-4591-A734-4262DB57BFAD}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{7D098819-5A16-4AE3-B403-5343D8C01F37}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [uDP Query User{504EC0EE-DC44-4007-A746-59FD9E6A3F94}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{79454FC0-70E6-4EEE-A117-CE45D7768529}] => (Allow) F:\SteamLibrary\steamapps\common\Hunt Showdown\hunt.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{C17E3A55-EC2B-4864-8F04-52826D3E2BE1}] => (Allow) F:\SteamLibrary\steamapps\common\Hunt Showdown\hunt.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{CE892952-6F42-4CF1-9A01-28E9E034E887}] => (Allow) F:\SteamLibrary\steamapps\common\ASTRONEER Early Access\Astro.exe () [File not signed]
FirewallRules: [{FA9A78A9-43ED-4720-A989-D03898C88CBB}] => (Allow) F:\SteamLibrary\steamapps\common\ASTRONEER Early Access\Astro.exe () [File not signed]
FirewallRules: [TCP Query User{B689652C-42C0-43D0-BC96-D5D93C906E45}F:\battle.net\overwatch\overwatch.exe] => (Allow) F:\battle.net\overwatch\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [uDP Query User{73AF50B7-3D3D-4022-8573-F36EDA7C9908}F:\battle.net\overwatch\overwatch.exe] => (Allow) F:\battle.net\overwatch\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{5AF7452D-9965-4E0B-B3F2-81E8664D6F66}] => (Allow) F:\SteamLibrary\steamapps\common\Dawn of War Dark Crusade\darkcrusade.exe (Relic Entertainment, Inc. -> Sega Corporation)
FirewallRules: [{9836E3A8-18CC-455F-88B2-62F96F703522}] => (Allow) F:\SteamLibrary\steamapps\common\Dawn of War Dark Crusade\darkcrusade.exe (Relic Entertainment, Inc. -> Sega Corporation)
FirewallRules: [{374CB4B3-9C1C-4218-8928-C88FC401A2F3}] => (Allow) F:\SteamLibrary\steamapps\common\Offworld Trading Company\StardockLauncher.exe (STARDOCK SYSTEMS, INC. -> Stardock Corporation)
FirewallRules: [{F744FC7C-C9B2-4F82-9294-33BCC8B9FD18}] => (Allow) F:\SteamLibrary\steamapps\common\Offworld Trading Company\StardockLauncher.exe (STARDOCK SYSTEMS, INC. -> Stardock Corporation)
FirewallRules: [TCP Query User{C8EEAE9C-D410-4ACA-AC7E-C9DF5DCE9523}F:\steamlibrary\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [uDP Query User{08C31BB1-B88D-4806-9BCB-10B373CF4FC6}F:\steamlibrary\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\astroneer early access\astro\binaries\win64\astro-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{AA6587C9-6B81-45B2-906B-7A3388A7A2D6}] => (Allow) LPort=26789
FirewallRules: [{550C1313-0AAF-4B88-B84B-2342F8F4F6D9}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Recovery.exe (Veeam Software AG -> Veeam Software Group GmbH)
FirewallRules: [{FA25175F-3FB9-496A-8FFA-CAE731ADC146}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe (Veeam Software AG -> Veeam Software Group GmbH)
FirewallRules: [{5C0DC425-CA9F-4726-9C79-37A57DD948F2}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe (Veeam Software AG -> Veeam Software Group GmbH)
FirewallRules: [{6F42F3F2-6CD0-4E21-AB11-8B02BF430116}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x64\VeeamAgent.exe (Veeam Software AG -> Veeam Software Group GmbH)
FirewallRules: [{3BCEACE4-763B-4B85-8BFF-FD573A944FE0}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x64\VeeamAgent.exe (Veeam Software AG -> Veeam Software Group GmbH)
FirewallRules: [{CF8A95E5-F744-417A-89AA-F181A2F4237D}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x86\VeeamAgent.exe (Veeam Software AG -> Veeam Software Group GmbH)
FirewallRules: [{D562DA63-6578-4A73-913C-1E6C2DECA7D1}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\x86\VeeamAgent.exe (Veeam Software AG -> Veeam Software Group GmbH)
FirewallRules: [{5D07FF66-6672-41A2-8F33-51364EC7ED71}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\VeeamDeploymentSvc.exe (Veeam Software AG -> Veeam Software Group GmbH)
FirewallRules: [{38852B4A-B06E-4AE8-A218-8F150ECF5CE6}] => (Allow) C:\Program Files\Veeam\Endpoint Backup\VeeamDeploymentSvc.exe (Veeam Software AG -> Veeam Software Group GmbH)
FirewallRules: [TCP Query User{5E99D89C-4B81-4DD7-82B4-10A57242D5E4}F:\league of legends\game\league of legends.exe] => (Allow) F:\league of legends\game\league of legends.exe (Riot Games, Inc. -> )
FirewallRules: [uDP Query User{4B6AB546-5AE5-4E88-B415-4504994B31E9}F:\league of legends\game\league of legends.exe] => (Allow) F:\league of legends\game\league of legends.exe (Riot Games, Inc. -> )
FirewallRules: [TCP Query User{216DF7DA-D93B-4A76-B34C-E724FF286DBE}C:\program files (x86)\zyxel\nas starter utility\nas starter utility.exe] => (Allow) C:\program files (x86)\zyxel\nas starter utility\nas starter utility.exe () [File not signed]
FirewallRules: [uDP Query User{10A266DA-EB10-45E5-AD31-747DB348E3EE}C:\program files (x86)\zyxel\nas starter utility\nas starter utility.exe] => (Allow) C:\program files (x86)\zyxel\nas starter utility\nas starter utility.exe () [File not signed]
FirewallRules: [{FD93B6B7-8315-44F5-B3B5-9AB03090283C}] => (Allow) C:\Windows\system32\hasplms.exe (SafeNet Canada, Inc. -> SafeNet, Inc.)
FirewallRules: [{7B019DA2-A255-496F-842E-ECB880A74F79}] => (Allow) C:\program files (x86)\nzxt\cam\cam.desktop.exe No File
FirewallRules: [{34718C9E-E2CF-4E71-A934-9BAB47B560D0}] => (Allow) C:\program files (x86)\nzxt\cam\cam.desktop.exe No File
FirewallRules: [{D0CBC73A-EFCD-422D-8805-623A2CE06544}] => (Allow) F:\SteamLibrary\steamapps\common\Elite Dangerous\EDLaunch.exe (Frontier Developments Plc -> Frontier Developments)
FirewallRules: [{13735E34-017B-4AE7-894C-21A7DD6DCF62}] => (Allow) F:\SteamLibrary\steamapps\common\Elite Dangerous\EDLaunch.exe (Frontier Developments Plc -> Frontier Developments)
FirewallRules: [TCP Query User{B0B32185-D34A-4380-94CB-FE78AFAF3674}F:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) F:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe (Frontier Developments plc) [File not signed]
FirewallRules: [uDP Query User{A5819D5F-8517-49E4-B60E-51650FAEE0A8}F:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) F:\steamlibrary\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe (Frontier Developments plc) [File not signed]
FirewallRules: [{9A35767A-FFA8-451F-B738-1CE3A7B9CDD9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Kristjan Skutta -> )
FirewallRules: [{0D78E916-28BB-4072-8AAF-C03D19875E45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Kristjan Skutta -> )
FirewallRules: [TCP Query User{2A949650-7CDD-45A7-A3AD-8DA1603F09C2}F:\the surge 2\bin\thesurge2.exe] => (Allow) F:\the surge 2\bin\thesurge2.exe No File
FirewallRules: [uDP Query User{7BFDF35F-3B03-494C-A36E-49B8D690F5FF}F:\the surge 2\bin\thesurge2.exe] => (Allow) F:\the surge 2\bin\thesurge2.exe No File
FirewallRules: [TCP Query User{A7C2DAA7-AC7B-4CBC-80A3-6C958D5AA42A}F:\last_wood_v0.8.20f1\lastwood.exe] => (Allow) F:\last_wood_v0.8.20f1\lastwood.exe No File
FirewallRules: [uDP Query User{A191DFF0-E611-45FD-BA47-790D450B62C5}F:\last_wood_v0.8.20f1\lastwood.exe] => (Allow) F:\last_wood_v0.8.20f1\lastwood.exe No File
FirewallRules: [{B5F4AA82-844A-48ED-BFDC-2FA7AC5EAAEF}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A58F5FE3-ECB5-4E0C-8BC3-77DE00499A2F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0AC5B073-72C2-4B69-A0D5-6C8742273427}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Kristjan Skutta -> )
FirewallRules: [{893E8BE6-2458-43CC-924F-EF970CF490B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Kristjan Skutta -> )
FirewallRules: [{089965E9-ACA4-4DA7-BEA6-2A7EFE3CFC0E}] => (Allow) F:\Origin\Download Cache\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{2052A2A8-9B0E-4563-9206-B657A9112CCA}] => (Allow) F:\Origin\Download Cache\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{81DFA5DF-A538-4D06-9475-1AC8EC7A7CD9}F:\steamlibrary\steamapps\common\kurtzpel\thechase\binaries\win64\thechase-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\kurtzpel\thechase\binaries\win64\thechase-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [uDP Query User{B34C6C07-62AD-4029-9FA0-EB882D6BB6CD}F:\steamlibrary\steamapps\common\kurtzpel\thechase\binaries\win64\thechase-win64-shipping.exe] => (Allow) F:\steamlibrary\steamapps\common\kurtzpel\thechase\binaries\win64\thechase-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{0C2402BD-A2D9-4251-AB86-1A46D1395162}] => (Allow) C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> )
FirewallRules: [{03DB7993-FA91-46B3-9EBE-7F0951870D4F}] => (Allow) C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> )
FirewallRules: [{33ADD664-5D92-4883-BF7B-5E3BFB938B75}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{AF3E6AA7-1EEF-4E5F-AE6F-2516402C4867}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B1954935-6014-41BB-A3AA-D58FA16898BD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{E01F39C3-42B5-4BDC-A8BF-E4E5AF7E3CF8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{5EC1E9BD-0487-425E-844D-0B549E79DF72}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{AB73F717-EA80-4B4A-834E-95A625DD120B}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{671A6A65-513E-4672-8E3C-ED3F8A7E3440}] => (Allow) C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> )
FirewallRules: [{DF93F8F5-0E88-4B07-A75A-91833532C996}] => (Allow) C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> )
FirewallRules: [{A75CB6D2-C2EF-4A32-ACE7-E4904C07F08F}] => (Allow) LPort=26820
FirewallRules: [{3C8E314F-3433-4BD9-BC25-D7B648D299C7}] => (Allow) LPort=26822

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

Name: PCI контроллер шифрации/дешифрации
Description: PCI контроллер шифрации/дешифрации
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/17/2019 07:01:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: Ruiner-Win64-Shipping.exe, версия: 1.0.0.0, метка времени: 0x5dc2bc67
Имя сбойного модуля: Ruiner-Win64-Shipping.exe, версия: 1.0.0.0, метка времени: 0x5dc2bc67
Код исключения: 0xc0000005
Смещение ошибки: 0x0000000000485ce0
Идентификатор сбойного процесса: 0x2e58
Время запуска сбойного приложения: 0x01d59d689a39c4ac
Путь сбойного приложения: F:\RUINER\.egstore\bps\Install\Ruiner\Binaries\Win64\Ruiner-Win64-Shipping.exe
Путь сбойного модуля: F:\RUINER\.egstore\bps\Install\Ruiner\Binaries\Win64\Ruiner-Win64-Shipping.exe
Идентификатор отчета: 0e9999fd-8c3d-4118-b48c-2c9c241261a0
Полное имя сбойного пакета:
Код приложения, связанного со сбойным пакетом:

Error: (11/17/2019 05:16:38 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Не удалось создать точку восстановления (Процесс = C:\AMD\Packages\Apps\Radeon-Software-Adrenalin-2019-19.11.2-vc1764-64bit-191114\vcredist_x64\VC_redist.x64.exe /q /norestart; Описание = Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429; HR = 0x80070422).

Error: (11/16/2019 04:26:55 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Объект или свойство не найдено.

Error: (11/16/2019 04:26:55 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Объект или свойство не найдено.

Error: (11/13/2019 10:20:01 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Не удалось создать точку восстановления (Процесс = C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreation; Описание = Запланированная контрольная точка; HR = 0x80070422).

Error: (11/12/2019 08:27:18 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Не удалось создать точку восстановления (Процесс = C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv; Описание = Центр обновления Windows; HR = 0x80070422).

Error: (11/12/2019 08:24:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Не удалось создать точку восстановления (Процесс = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.850_none_7e18264b4d00f498\TiWorker.exe -Embedding; Описание = Установщик модулей Windows; HR = 0x80070422).

Error: (11/12/2019 08:24:13 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Не удалось создать точку восстановления (Процесс = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.793_none_7defe5934d1eb33a\TiWorker.exe -Embedding; Описание = Установщик модулей Windows; HR = 0x80070422).


System errors:
=============
Error: (11/18/2019 09:47:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Параметры разрешений для конкретного приложения не дают разрешения Локально Запуск для приложения COM-сервера с CLSID
Windows.SecurityCenter.SecurityAppBroker
и APPID
Недоступно
пользователю NT AUTHORITY\СИСТЕМА с ИД безопасности (S-1-5-18) и адресом LocalHost (с использованием LRPC), выполняемого в контейнере приложения Недоступно с ИД безопасности (Недоступно). Это разрешение безопасности можно изменить с помощью средства администрирования служб компонентов.

Error: (11/18/2019 09:47:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Параметры разрешений для конкретного приложения не дают разрешения Локально Запуск для приложения COM-сервера с CLSID
Windows.SecurityCenter.WscBrokerManager
и APPID
Недоступно
пользователю NT AUTHORITY\СИСТЕМА с ИД безопасности (S-1-5-18) и адресом LocalHost (с использованием LRPC), выполняемого в контейнере приложения Недоступно с ИД безопасности (Недоступно). Это разрешение безопасности можно изменить с помощью средства администрирования служб компонентов.

Error: (11/18/2019 09:47:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Параметры разрешений для конкретного приложения не дают разрешения Локально Запуск для приложения COM-сервера с CLSID
Windows.SecurityCenter.WscDataProtection
и APPID
Недоступно
пользователю NT AUTHORITY\СИСТЕМА с ИД безопасности (S-1-5-18) и адресом LocalHost (с использованием LRPC), выполняемого в контейнере приложения Недоступно с ИД безопасности (Недоступно). Это разрешение безопасности можно изменить с помощью средства администрирования служб компонентов.

Error: (11/18/2019 09:46:09 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D9L3BCA)
Description: Параметры разрешений для конкретного приложения не дают разрешения Локально Активация для приложения COM-сервера с CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
и APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
пользователю DESKTOP-D9L3BCA\zerud с ИД безопасности (S-1-5-21-2881313420-551894818-2833485957-1001) и адресом LocalHost (с использованием LRPC), выполняемого в контейнере приложения Недоступно с ИД безопасности (Недоступно). Это разрешение безопасности можно изменить с помощью средства администрирования служб компонентов.

Error: (11/18/2019 09:45:53 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D9L3BCA)
Description: Параметры разрешений для конкретного приложения не дают разрешения Локально Активация для приложения COM-сервера с CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
и APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
пользователю DESKTOP-D9L3BCA\zerud с ИД безопасности (S-1-5-21-2881313420-551894818-2833485957-1001) и адресом LocalHost (с использованием LRPC), выполняемого в контейнере приложения Недоступно с ИД безопасности (Недоступно). Это разрешение безопасности можно изменить с помощью средства администрирования служб компонентов.

Error: (11/18/2019 09:45:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы "luafv" из-за ошибки
Загрузка драйвера была заблокирована

Error: (11/18/2019 12:32:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Служба "AMD User Experience Program Launcher" неожиданно прервана. Это произошло (раз): 1.

Error: (11/17/2019 09:34:05 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D9L3BCA)
Description: Параметры разрешений для конкретного приложения не дают разрешения Локально Активация для приложения COM-сервера с CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
и APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
пользователю DESKTOP-D9L3BCA\zerud с ИД безопасности (S-1-5-21-2881313420-551894818-2833485957-1001) и адресом LocalHost (с использованием LRPC), выполняемого в контейнере приложения Недоступно с ИД безопасности (Недоступно). Это разрешение безопасности можно изменить с помощью средства администрирования служб компонентов.


Windows Defender:
===================================
Date: 2019-11-17 23:02:37.981
Description:
Антивирусная программа "Защитник Windows" обнаружил вредоносные или иные потенциально нежелательные программы.
Дополнительные сведения см. в:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Gael.D&threatid=2147602574&enterprise=0
Имя: Virus:Win32/Gael.D
ИД: 2147602574
Важность: Критический
Категория: Вирус
Путь: file:_\\HMS\Volume1\soft\Games\Dungeon_of_the_Endless_v0.1.1_setup.exe
Происхождение обнаружения: Сетевая папка
Тип обнаружения: Конкретный
Источник обнаружения: Защита в реальном времени:
Пользователь: DESKTOP-D9L3BCA\zerud
Имя процесса: C:\Windows\explorer.exe
Версия сигнатуры: AV: 1.305.2289.0, AS: 1.305.2289.0, NIS: 1.305.2289.0
Версия модуля: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-17 23:02:37.885
Description:
Антивирусная программа "Защитник Windows" обнаружил вредоносные или иные потенциально нежелательные программы.
Дополнительные сведения см. в:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Gael.D&threatid=2147602574&enterprise=0
Имя: Virus:Win32/Gael.D
ИД: 2147602574
Важность: Критический
Категория: Вирус
Путь: file:_\\HMS\Volume1\soft\Games\Aquaria111.2008.12.12.exe
Происхождение обнаружения: Сетевая папка
Тип обнаружения: Конкретный
Источник обнаружения: Защита в реальном времени:
Пользователь: DESKTOP-D9L3BCA\zerud
Имя процесса: C:\Windows\explorer.exe
Версия сигнатуры: AV: 1.305.2289.0, AS: 1.305.2289.0, NIS: 1.305.2289.0
Версия модуля: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-17 23:02:37.223
Description:
Антивирусная программа "Защитник Windows" обнаружил вредоносные или иные потенциально нежелательные программы.
Дополнительные сведения см. в:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Gael.D&threatid=2147602574&enterprise=0
Имя: Virus:Win32/Gael.D
ИД: 2147602574
Важность: Критический
Категория: Вирус
Путь: file:_\\HMS\Volume1\soft\Games\hotlinemiami_pc_1369759653.exe
Происхождение обнаружения: Сетевая папка
Тип обнаружения: Конкретный
Источник обнаружения: Защита в реальном времени:
Пользователь: DESKTOP-D9L3BCA\zerud
Имя процесса: C:\Windows\explorer.exe
Версия сигнатуры: AV: 1.305.2289.0, AS: 1.305.2289.0, NIS: 1.305.2289.0
Версия модуля: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-17 23:02:37.025
Description:
Антивирусная программа "Защитник Windows" обнаружил вредоносные или иные потенциально нежелательные программы.
Дополнительные сведения см. в:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Gael.D&threatid=2147602574&enterprise=0
Имя: Virus:Win32/Gael.D
ИД: 2147602574
Важность: Критический
Категория: Вирус
Путь: file:_\\HMS\Volume1\soft\Games\LIMBO_installer.exe
Происхождение обнаружения: Сетевая папка
Тип обнаружения: Конкретный
Источник обнаружения: Защита в реальном времени:
Пользователь: DESKTOP-D9L3BCA\zerud
Имя процесса: C:\Windows\explorer.exe
Версия сигнатуры: AV: 1.305.2289.0, AS: 1.305.2289.0, NIS: 1.305.2289.0
Версия модуля: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-17 23:02:36.852
Description:
Антивирусная программа "Защитник Windows" обнаружил вредоносные или иные потенциально нежелательные программы.
Дополнительные сведения см. в:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Gael.D&threatid=2147602574&enterprise=0
Имя: Virus:Win32/Gael.D
ИД: 2147602574
Важность: Критический
Категория: Вирус
Путь: file:_\\HMS\Volume1\soft\Games\SuperMeatBoySetup.exe
Происхождение обнаружения: Сетевая папка
Тип обнаружения: Конкретный
Источник обнаружения: Защита в реальном времени:
Пользователь: DESKTOP-D9L3BCA\zerud
Имя процесса: C:\Windows\explorer.exe
Версия сигнатуры: AV: 1.305.2289.0, AS: 1.305.2289.0, NIS: 1.305.2289.0
Версия модуля: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-03 20:04:15.753
Description:
При попытке Антивирусная программа "Защитник Windows" обновить подпись произошла ошибка.
Новая версия подписи:
Предыдущая версия подписи: 1.305.576.0
Источник обновления: Центр Майкрософт по защите от вредоносных программ
Тип подписи: Антивирусная программа
Тип обновления: Полное
Пользователь: NT AUTHORITY\NETWORK SERVICE
Текущая версия подсистемы:
Предыдущая версия подсистемы: 1.1.16500.1
Код ошибки: 0x80072ee7
Описание ошибки: Не удается разрешить имя или адрес сервера

Date: 2019-11-03 20:04:15.752
Description:
При попытке Антивирусная программа "Защитник Windows" обновить подпись произошла ошибка.
Новая версия подписи:
Предыдущая версия подписи: 1.305.576.0
Источник обновления: Центр Майкрософт по защите от вредоносных программ
Тип подписи: Антишпионская программа
Тип обновления: Полное
Пользователь: NT AUTHORITY\NETWORK SERVICE
Текущая версия подсистемы:
Предыдущая версия подсистемы: 1.1.16500.1
Код ошибки: 0x80072ee7
Описание ошибки: Не удается разрешить имя или адрес сервера

Date: 2019-11-03 20:04:15.752
Description:
При попытке Антивирусная программа "Защитник Windows" обновить подпись произошла ошибка.
Новая версия подписи:
Предыдущая версия подписи: 1.305.576.0
Источник обновления: Центр Майкрософт по защите от вредоносных программ
Тип подписи: Антивирусная программа
Тип обновления: Полное
Пользователь: NT AUTHORITY\NETWORK SERVICE
Текущая версия подсистемы:
Предыдущая версия подсистемы: 1.1.16500.1
Код ошибки: 0x80072ee7
Описание ошибки: Не удается разрешить имя или адрес сервера

Date: 2019-11-03 20:04:15.749
Description:
При попытке Антивирусная программа "Защитник Windows" обновить подпись произошла ошибка.
Новая версия подписи:
Предыдущая версия подписи: 1.305.576.0
Источник обновления: Центр Майкрософт по защите от вредоносных программ
Тип подписи: Антивирусная программа
Тип обновления: Полное
Пользователь: NT AUTHORITY\NETWORK SERVICE
Текущая версия подсистемы:
Предыдущая версия подсистемы: 1.1.16500.1
Код ошибки: 0x80072ee7
Описание ошибки: Не удается разрешить имя или адрес сервера

Date: 2019-11-03 20:04:15.749
Description:
При попытке Антивирусная программа "Защитник Windows" обновить подпись произошла ошибка.
Новая версия подписи:
Предыдущая версия подписи: 1.305.576.0
Источник обновления: Центр Майкрософт по защите от вредоносных программ
Тип подписи: Антишпионская программа
Тип обновления: Полное
Пользователь: NT AUTHORITY\NETWORK SERVICE
Текущая версия подсистемы:
Предыдущая версия подсистемы: 1.1.16500.1
Код ошибки: 0x80072ee7
Описание ошибки: Не удается разрешить имя или адрес сервера

CodeIntegrity:
===================================

Date: 2019-11-18 21:49:59.877
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2019-11-18 21:49:59.877
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2019-11-18 21:49:59.774
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2019-11-18 21:49:59.773
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2019-11-18 21:49:59.255
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2019-11-18 21:49:59.255
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2019-11-18 21:49:58.789
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2019-11-18 21:49:58.789
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. A.F0 09/26/2019
Motherboard: Micro-Star International Co., Ltd. X470 GAMING PLUS (MS-7B79)
Processor: AMD Ryzen 5 3600 6-Core Processor
Percentage of memory in use: 19%
Total physical RAM: 32716.06 MB
Available physical RAM: 26269.5 MB
Total Virtual: 37580.06 MB
Available Virtual: 27952.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:475.83 GB) (Free:341.61 GB) NTFS
Drive e: () (Network) (Total:3667.08 GB) (Free:791.41 GB)
Drive f: (Games SSD) (Fixed) (Total:489.05 GB) (Free:216.34 GB) NTFS

\\?\Volume{06e0d424-f86a-484b-b278-c9cd2086dea7}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{0ea43a3e-a327-49fd-88c5-b59176ccc146}\ () (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 489 GB) (Disk ID: 626A5F65)
Partition 1: (Not Active) - (Size=489 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

 


Вот ешё интересные файлы: https://yadi.sk/d/1gnH0EgyXYgeTA

Ссылка на комментарий
Поделиться на другие сайты

 

 

Прикрепите отчеты к своему следующему сообщению.

Вас просили прикрепить отчеты, а не копировать их содержимое. 

Ссылка на комментарий
Поделиться на другие сайты

Расширенная форма - Выбрать файл - Загрузить.

 

Боюсь, что мы ничем не сможем помочь.

На всякий случай и при наличии лицензии на любой из продуктов Касперского создайте запрос на расшифровку.

 

Также попробуйте обратиться по этой ссылке (на английском, можно с Гугл-переводчиком).

Ссылка на комментарий
Поделиться на другие сайты

Пожалуйста, войдите, чтобы комментировать

Вы сможете оставить комментарий после входа в



Войти
  • Похожий контент

    • jserov96
      От jserov96
      Шифровальщик запустился скорее всего из планировщика заданий ровно в 21:00 16 ноября в субботу.  Время указано на основе найденных зашифрованных файлов. Шифровальщик нашел все скрытые диски, подключил все бекапы, зашифровал все содержимое .vhd бекапов, и сами бекапы тоже зашифровал. Сервер отключен, диск с бекапами снят, зашифрованные .vhd файлы перенесены на другой диск, чтобы попробовать вытащить файлы. Шифровальщик шифрует первый 20000h байт файла и дописывает 300h байт в огромные файлы, видимо сделано для ускорения шифрования всего диска. Особенность: выполняемые файлы не шифруются!
      vx2.rar
    • 4ikotillo
      От 4ikotillo
      Добрый день, обнаружил на своем сетевом хранилище зашифрованные файлы. Файлы были зашиврованы не во всех директориях, а только в тех у которых были права на вход пользователя guest. Я не нашел источник заразы, проверил все компьютеры дома, все чисто. Само шифрование длилось порядка 4 часов и не все файлы были зашиврованны. Видимо зараженное устройство только какое-то время было в моей сети. Прилагаю примеры зашиврованных файлов, мне известно только то что они все имею расширение 4utjb34h. Спасибо за любую помощь.
      4utjb34h.zip FRST.txt
    • Шаманов_Артём
      От Шаманов_Артём
      Доброго дня. Поймали данный шедевр на компы, подскажите пожалуйста, какие действия предпринимать, куда бежать, куда писать?
       
      Сообщение от модератора thyrex Перенесено из данной темы
    • InnaC
      От InnaC
      Файлы на сервере 1С и он же файловый сервер зашифрованы. Файлы получили расширение Demetro9990@cock.li.
      Можно ли их как-то спасти?
      FRST.txt Addition.txt
    • ligiray
      От ligiray
      Добрый день
       
      Зашифровались файлы, стали с расширением .kasper
       
      И появился файл Readme с текстом:
      kasper Ransmoware
      ATTENTION!
      At the moment, your system is not protected.
      We can fix itand restore files.
      To get started, send a file to decrypt trial.
      You can trust us after opening the test file.
      2.Do not use free programs to unlock.
      To restore the system write to both : kasperskyrans@gmail.com        and      kasperskyrans@outlook.com
      Telegram id:@kasperrecovery
      Your Decryption ID: C3C29BC3926D6E30
       
      Нужна помощь, заранее спасибо
×
×
  • Создать...