Премини към съдържанието

    Препоръчан отговор

    Tr1n17r0n    3

    Здравейте!Преди два дни ми преинсталираха Уиндоуса,заради бавно действие и 100% натовареност, съмнения за вируси.Момчето каза че наистина е имало вируси ,но ги е изчистил и ми преинсталира уиндоуса.Но още като го включих и започнах да работя видях че проблема си е същия.100% натовареност на компа и допълнителна екстра,нещата които трия в коша не са видими.Трия ги ,коша показва че е пълен,отивам там но,няма нищо.Иначе има опция за изпразване на кошчето.

    Изтеглих Процес Експлорер -ето снимка.Моля за помощ!

    Без име.jpg

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    techmaniac    11069

    С какъв хардуер е машината ви, трябваше и това да посочите...

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    B-boy/StyLe/    19544

    Здравейте,

    Положението с кошчето показва проблеми с файловата система. Колкото до натоварването, може би има проблеми със системните файлове или проблемна актуализация през Windows Update.

     

    СТЪПКА 1

     

    Проверете дяла и за грешки и лоши сектори и да поправим някои от проблемите с файловата система.

    В полето за търсене CMD => кликнете върху файла CMD.exe и изберете Run as administrator => въведете командата: chkdsk c: /x /f /r => натиснете Enter

    Съгласете се с Y на диалоговия прозорец. Рестартирайте компютъра и би трябвало проверката да започне.След това вижте какви са били резултатите.

    Рапорта от проверката ще намерите тук: В полето за търсене въведете eventvwr.msc => Аpplications => събитие WinInit Event ID 1001. Kопирайте рапорта в следващия си пост.

    Ето как да намерите лог файла.

    Ако с командата ви е трудно просто отворете My Computer => кликнете с десен бутон на дял C:\ и изберете Properties => отидете на Tools => Check Now... => сложете двете отметки и натиснете бутона Start. Рестартирайте системата и изчакайте проверката да приключи (може да мине над час). След това проверете отново и публикувайте лог файла от последната дата.

     

    СТЪПКА 2

     

    Тъй като видях и системни файлове, които не минават цифровата проверка нека да видим какво е положението и при тях:

    В полето за търсене на Windows въведете CMD => кликнете с десен бутон върху CMD.exe и изберете Run as administrator.

    След това с копи/пейст изпълнете една по една командите и след всяка натиснете Enter

    sfc /scannow

    findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

    Сега трябва да се появи sfcdetails.txt на десктопа. Прикачете файла, който ще се появи на десктопа - sfcdetails.txt в следващия си коментар и пишете дали има промяна.

     

    СТЪПКА 3

     

    Изтеглете и стартирайте файла SFCFix.exe.с десен клик на мишката => Run as administraror.

    Следвайте инструкциите, които ще се появят подканващи ви да натиснете произволен клавиш от клавиатурата.

    Ако ви поиска инсталационния диск на места, го поставете в оптичното устройство преди да натиснете ОК.

    Публикувайте лог файла, който ще се появи.

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Tr1n17r0n    3

    Това ли трябваше да копирам?Това е от стъпка 1

     

     

    Log Name:      Application
    Source:        Microsoft-Windows-Wininit
    Date:          20.12.2015 г. 09:36:45 ч.
    Event ID:      1001
    Task Category: None
    Level:         Information
    Keywords:      Classic
    User:          N/A
    Computer:      User-PC
    Description:


    Checking file system on C:
    The type of the file system is NTFS.

    A disk check has been scheduled.
    Windows will now check the disk.                         

    CHKDSK is verifying files (stage 1 of 5)...
      160768 file records processed.                                         

    File verification completed.
      220 large file records processed.                                   

      0 bad file records processed.                                     

      2 EA records processed.                                           

      44 reparse records processed.                                      

    CHKDSK is verifying indexes (stage 2 of 5)...
      214150 index entries processed.                                        

    Index verification completed.
      0 unindexed files scanned.                                        

      0 unindexed files recovered.                                      

    CHKDSK is verifying security descriptors (stage 3 of 5)...
      160768 file SDs/SIDs processed.                                        

    Cleaning up 185 unused index entries from index $SII of file 0x9.
    Cleaning up 185 unused index entries from index $SDH of file 0x9.
    Cleaning up 185 unused security descriptors.
    Security descriptor verification completed.
      26692 data files processed.                                           

    CHKDSK is verifying Usn Journal...
      33746680 USN bytes processed.                                            

    Usn Journal verification completed.
    CHKDSK is verifying file data (stage 4 of 5)...
      160752 files processed.                                                

    File data verification completed.
    CHKDSK is verifying free space (stage 5 of 5)...
      4030737 free clusters processed.                                        

    Free space verification is complete.
    CHKDSK discovered free space marked as allocated in the
    master file table (MFT) bitmap.
    CHKDSK discovered free space marked as allocated in the volume bitmap.
    Windows has made corrections to the file system.

      51344383 KB total disk space.
      34866972 KB in 130032 files.
         92380 KB in 26693 indexes.
             0 KB in bad sectors.
        262079 KB in use by the system.
         65536 KB occupied by the log file.
      16122952 KB available on disk.

          4096 bytes in each allocation unit.
      12836095 total allocation units on disk.
       4030738 allocation units available on disk.

    Internal Info:
    00 74 02 00 40 64 02 00 ee b3 04 00 00 00 00 00  .t..@d..........
    42 00 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  B...,...........
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

    Windows has finished checking your disk.
    Please wait while your computer restarts.

    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
        <EventID Qualifiers="16384">1001</EventID>
        <Version>0</Version>
        <Level>4</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2015-12-20T07:36:45.000000000Z" />
        <EventRecordID>2242</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>Application</Channel>
        <Computer>User-PC</Computer>
        <Security />
      </System>
      <EventData>
        <Data>

    Checking file system on C:
    The type of the file system is NTFS.

    A disk check has been scheduled.
    Windows will now check the disk.                         

    CHKDSK is verifying files (stage 1 of 5)...
      160768 file records processed.                                         

    File verification completed.
      220 large file records processed.                                   

      0 bad file records processed.                                     

      2 EA records processed.                                           

      44 reparse records processed.                                      

    CHKDSK is verifying indexes (stage 2 of 5)...
      214150 index entries processed.                                        

    Index verification completed.
      0 unindexed files scanned.                                        

      0 unindexed files recovered.                                      

    CHKDSK is verifying security descriptors (stage 3 of 5)...
      160768 file SDs/SIDs processed.                                        

    Cleaning up 185 unused index entries from index $SII of file 0x9.
    Cleaning up 185 unused index entries from index $SDH of file 0x9.
    Cleaning up 185 unused security descriptors.
    Security descriptor verification completed.
      26692 data files processed.                                           

    CHKDSK is verifying Usn Journal...
      33746680 USN bytes processed.                                            

    Usn Journal verification completed.
    CHKDSK is verifying file data (stage 4 of 5)...
      160752 files processed.                                                

    File data verification completed.
    CHKDSK is verifying free space (stage 5 of 5)...
      4030737 free clusters processed.                                        

    Free space verification is complete.
    CHKDSK discovered free space marked as allocated in the
    master file table (MFT) bitmap.
    CHKDSK discovered free space marked as allocated in the volume bitmap.
    Windows has made corrections to the file system.

      51344383 KB total disk space.
      34866972 KB in 130032 files.
         92380 KB in 26693 indexes.
             0 KB in bad sectors.
        262079 KB in use by the system.
         65536 KB occupied by the log file.
      16122952 KB available on disk.

          4096 bytes in each allocation unit.
      12836095 total allocation units on disk.
       4030738 allocation units available on disk.

    Internal Info:
    00 74 02 00 40 64 02 00 ee b3 04 00 00 00 00 00  .t..@d..........
    42 00 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  B...,...........
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

    Windows has finished checking your disk.
    Please wait while your computer restarts.
    </Data>
      </EventData>
    </Event>

    Иначе ето снимка на проблемните места

    2 step 1.jpg

    2 step 2.jpg

    2 step 3.jpg

    По стъпка 2 - sfc /scannow  много дълго сканира,така ли трябва да е?

    Редактирано от Tr1n17r0n
    грешка (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Tr1n17r0n    3

    Ето лог файла от първата команда.

    Тази команда не ми я приема.Нищо не прави след нея.Така ли трябва да е?  findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

     

    sfcdetails.txt

    Редактирано от Tr1n17r0n (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Tr1n17r0n    3

    Ето лог файла

    SFCFix version 2.4.5.0 by niemiro.
    Start time: 2015-12-20 17:16:24.385
    Microsoft Windows 7 Service Pack 1 - amd64
    Not using a script file.

     


    AutoAnalysis::
    SUMMARY: No corruptions were detected.
    AutoAnalysis:: directive completed successfully.

     


    Successfully processed all directives.
    SFCFix version 2.4.5.0 by niemiro has completed.
    Currently storing 0 datablocks.
    Finish time: 2015-12-20 17:17:22.495
    ----------------------EOF-----------------------

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Tr1n17r0n    3

    Искам и да ви покажа снимка на Диспечъра на процесора,който постоянно подскача от 1 до 100 процента.Първата снимка и втората е след 10 минути.Това само като съм в този сайт.Без да правя нищо друго.

    процесор.jpg

    процесор 10.jpg

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    B-boy/StyLe/    19544

    Първо от Task Manager-a кликнете с десен бутон на проблемния процес и кликнете на Go to details.

    Сега запомнете PID номера на процеса и затворете Task Manager-a.

    Изтеглете Process Explorer.

    Разархивирайте инструмента и стартирайте файла procexp.exe

    От менюто View сложете отметки пред Show Lower Pane, а на Lower Pane View => сложете отметка пред DLLs.

    От менюто View отидете до "Select Columns" и сложете отметки пред следните елементи:

    Description, Company Name, Image Path, Command Line, Autostart Location и натиснете OK.

    Намерете и посочете PID номера, който намерихте чрез Task Manager-a и натиснете минуса преди процеса за да се покажат всички процеси закачени за него и направете снимка на екрана.

    След това кликнете с двукратен клик върху процеса. Отидете до секцията Services и направете снимка на екрана.

    След това отидете до секцията Threads. Разпънете графата така че да се виждат по-възможност всички обекти/нишки.Направете снимка на прозореца.

    Докато сте в менюто Threads, кликнете с двукратек клик на мишката върху даден обект и направете снимка на Stack прозореца. Вече можете да затворите Threads и Stack прозорците.

    Сега докато сте на процеса, който товари най-много отидете в Process Explorer на File => Save as.

    Запазете документа на десктопа с някакво име.

    След това прикачете всички документи в следващия си коментар.Направените снимки (screenshots) ги качете тук (например или друг удобен за вас хостинг)

    Публикувайте линкове към снимките за да ги разгледамe в следващия си пост.

    • Харесва ми 3

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Tr1n17r0n    3

    Извинявам се обаче на този процес не ми дава опция за десен бутон на мишката ,понеже е от Покажи процесите от всички потребители.Иначе ако е махната отметката не се вижда проблемен процес.Какво да правя?

    ;dnkdjd.jpg

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    B-boy/StyLe/    19544

    "Процес на престой на системата" показва колко е ненатоварен процесора! Колкото по-голям процент е тук, толкова по разтоварен е процесора!

    На втората снимка не разбрах, защо сте махнали отметката от "Покажи процесите за всички потребители".

    Идеята бе по-скоро да кликнете на проблемния svchost.exe (този от първата ви снимка в темата), този над firefox.exe.

    А иначе снимките, които сте публикували тук не сте кликнали на табът "Процеси" за да се види, кой процес товари.

     

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Tr1n17r0n    3

    Тук спекох вече.Намерих процеса.Като натисна Отиди на услугата,мисля че това е Go to details .Ми излиза това от втората снимка.884 ли търсим за PID ?

    32.jpg

    33.jpg

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    B-boy/StyLe/    19544

    Момент, момент...процеса, който сте намерили не натоварва процесора според снимката! Не търсим такъв, който пълни рам паметта, а този, който тормози процесора. Явно вече такъв процес няма, защото във снимките ви до момента не виждам нищо тревожно.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Tr1n17r0n    3

    ОКей,но има нещо такова че процентите постоянно се менят.И процесите мърдат непрекъснато,дори  и нищо да не правя.А това е буквално всяка секунда е нов процент-Процесор: 23%,7%,49%,10%,40%,5%,26%,63%,7%......и така докато в един момент става 100% и отново пада.Това пак повтарям докато не правя нищо.
    Това нормално ли е?А проблема с коша си остава.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    B-boy/StyLe/    19544

    Не е много нормално, но и самата ви система не е кой знае колко добра (видеокартата е вградена доколкото видях) а и кой знае какъв релийз на Windows ви е сложен и как е инсталиран.

    Тъй като темата е в раздел за проверка за зловреден софтуер изпълнете следните стъпки => Системата ми е инфектирана - Какво да правя сега?

    за да видим дали проблема поне се дължи на зловреден софтуер или ако не, да ви препращам в раздел Windows.

     

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    B-boy/StyLe/    19544

    СТЪПКА 1

     

    Изтеглете edit-text.giffixlist.txt и го запазете на десктопа.
    Стартирайте FRST.exe и натиснете бутона Fix веднъж!
    След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
     
    Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

     

    СТЪПКА 2

    Изтеглете и стартирайте следния файл - FixIt

    Рестартирайте системата и пишете как е положението след стъпките до момента. Вижте и дали проблема с кошчето остава.

     

    СТЪПКА 3

    Ако проблема с натоварването на процесора продължава нека да видим дали е причинен от външна програма.

    Следвайте инструкциите и пишете дали проблема го има в този режим => https://support.microsoft.com/bg-bg/kb/929135

    Ако го няма, рестартирайте по-обратния път в Normal Mode и деинсталирайте 360 Total Security и рестартирайте системата.

    Пишете дали това оправя проблема.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Tr1n17r0n    3

    Страшно много благодаря!И коша се оправи.Ще следя натоварването на процесора ,ако продължава ще изпълня стъпка 3.Сега всичко е ОК.

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Tr1n17r0n    3

    Здравейте отново.Аз пак имам същия проблем.Изпълних първа стъпка от съветите на @B-boy/StyLe/  

    от първа страница и ето лог файла .Може ли отново за помощ ?

     

    Checking file system on C:
    The type of the file system is NTFS.

    A disk check has been scheduled.
    Windows will now check the disk.                         

    CHKDSK is verifying files (stage 1 of 5)...
      184320 file records processed.                                          File verification completed.
      397 large file records processed.                                      0 bad file records processed.                                        2 EA records processed.                                              44 reparse records processed.                                       CHKDSK is verifying indexes (stage 2 of 5)...
      239216 index entries processed.                                         Index verification completed.
      0 unindexed files scanned.                                           0 unindexed files recovered.                                       CHKDSK is verifying security descriptors (stage 3 of 5)...
      184320 file SDs/SIDs processed.                                         Cleaning up 85 unused index entries from index $SII of file 0x9.
    Cleaning up 85 unused index entries from index $SDH of file 0x9.
    Cleaning up 85 unused security descriptors.
    Security descriptor verification completed.
      27449 data files processed.                                            CHKDSK is verifying Usn Journal...
      36566040 USN bytes processed.                                             Usn Journal verification completed.
    CHKDSK is verifying file data (stage 4 of 5)...
      184304 files processed.                                                 File data verification completed.
    CHKDSK is verifying free space (stage 5 of 5)...
      3698325 free clusters processed.                                         Free space verification is complete.
    Windows has checked the file system and found no problems.

      51344383 KB total disk space.
      36180492 KB in 123813 files.
         81328 KB in 27450 indexes.
             0 KB in bad sectors.
        289263 KB in use by the system.
         65536 KB occupied by the log file.
      14793300 KB available on disk.

          4096 bytes in each allocation unit.
      12836095 total allocation units on disk.
       3698325 allocation units available on disk.

    Internal Info:
    00 d0 02 00 ea 4e 02 00 f9 6b 04 00 00 00 00 00  .....N...k......
    2f 01 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  /...,...........
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

    Windows has finished checking your disk.
    Please wait while your computer restarts.
     

     

     

    И лог файла на стъпка 2 и 3

    sfcdetails.txt

    SFCFix.txt

    Редактирано от Tr1n17r0n
    И стъпка 2 и 3 (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    B-boy/StyLe/    19544

    Здравейте,

    Тези логове са наред, но за съжаление предишния път не сте публикували съдържанието на лог файла - fixlog.txt за да видя как сме оправили проблема. Сега ще караме на сляпо.

    Изпълнете сканирането с FRST и прикачете двата лог файла => Системата ми е инфектирана - Какво да правя сега?

     

     

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    • Горещи теми в момента

    • Подобни теми

      • от v3cko
        Съмнения за вирус/и - курсорът на мишката на моменти прави странни движения без да съм местил мишката , няколко пъти като съм в хром и ми се отваря интернет експлорър без да съм кликал на него
        Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2017
        Ran by BECKO (administrator) on BECKO-PC (25-09-2017 12:22:36)
        Running from C:\Users\BECKO\Downloads
        Loaded Profiles: BECKO (Available Profiles: BECKO)
        Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Български (България)
        Internet Explorer Version 11 (Default browser: Chrome)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (Lenovo.) C:\Windows\System32\ibmpmsvc.exe
        (Lenovo.) C:\Windows\System32\LPlatSvc.exe
        (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
        (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
        (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
        (Lenovo Group Limited) C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
        (Intel Corporation) C:\Windows\System32\igfxtray.exe
        (Intel Corporation) C:\Windows\System32\hkcmd.exe
        (Intel Corporation) C:\Windows\System32\igfxpers.exe
        (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Intel Corporation) C:\Windows\System32\igfxext.exe
        (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        () C:\Users\BECKO\AppData\Roaming\8b5a5cb069b1cfec65bffb9aafc26fad.exe
        (Microsoft Corporation) C:\Windows\System32\schtasks.exe
        (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
        (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
        ==================== Registry (Whitelisted) ===========================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
        HKLM\...\Run: [TrackPointSrv] => C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [93032 2009-11-24] (Lenovo Group Limited)
        HKU\S-1-5-21-773789430-497128755-430906800-1000\...\Run: [Win32Svc] => C:\Users\BECKO\AppData\Roaming\8b5a5cb069b1cfec65bffb9aafc26fad.exe [280064 2017-09-02] ()
        HKU\S-1-5-21-773789430-497128755-430906800-1000\...\MountPoints2: E - E:\Lenovo_Suite.exe
        HKU\S-1-5-21-773789430-497128755-430906800-1000\...\MountPoints2: {a8400ed0-8faa-11e7-863f-000000f01d00} - E:\Lenovo_Suite.exe
        Startup: C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemSet.exe.lnk [2017-09-22]
        ShortcutTarget: MemSet.exe.lnk -> C:\Windows\MemSave\MemSet.exe ()
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
        Tcpip\..\Interfaces\{DAAE74CA-6078-43E6-B668-40201FAFD495}: [DhcpNameServer] 192.168.0.1
        Internet Explorer:
        ==================
        DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} hxxps://www.dskdirect.bg/com/capicom.cab
        FireFox:
        ========
        FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-01] (Google Inc.)
        FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-01] (Google Inc.)
        Chrome: 
        =======
        CHR HomePage: Default -> hxxp://google.bg/
        CHR StartupUrls: Default -> "hxxps://www.google.bg/"
        CHR Profile: C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default [2017-09-25]
        CHR Extension: (Google Презентации) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-01]
        CHR Extension: (Google Документи) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-01]
        CHR Extension: (Google Диск) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-01]
        CHR Extension: (YouTube) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-01]
        CHR Extension: (Електронни таблици от Google) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-01]
        CHR Extension: (Google Документи офлайн) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-01]
        CHR Extension: (The Great Suspender) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-09-01]
        CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-01]
        CHR Extension: (Gmail) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-01]
        CHR Extension: (Chrome Media Router) - C:\Users\BECKO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-01]
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
        R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [258104 2016-10-07] (Intel Corporation)
        R2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [694352 2017-02-20] (Lenovo.)
        S3 VSStandardCollectorService150; C:\Program Files\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [100984 2017-08-17] (Microsoft Corporation)
        R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [232312 2012-10-30] (Intel Corporation)
        S3 monectdevices; C:\Windows\System32\DRIVERS\monectdevices.sys [14104 2013-12-03] ()
        S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [44496 2016-09-02] (Intel Corporation )
        R3 pimoukbd; C:\Windows\System32\DRIVERS\pimoukbd.sys [32664 2017-09-24] (Christian Gulden)
        R3 Tp4Track; C:\Windows\System32\DRIVERS\tp4track.sys [23152 2009-11-24] (Lenovo Group Limited)
        R3 vjoy; C:\Windows\System32\DRIVERS\vjoy.sys [50224 2016-02-03] (Shaul Eizikovich)
        R3 vmulti; C:\Windows\System32\DRIVERS\vmulti.sys [7168 2013-07-21] (Windows (R) Win 7 DDK provider) [File not signed]
        R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
        R3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
        R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
        S3 VGPU; System32\drivers\rdvgkmd.sys [X]
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-25 12:22 - 2017-09-25 12:23 - 000010653 _____ C:\Users\BECKO\Downloads\FRST.txt
        2017-09-25 12:20 - 2017-09-25 12:22 - 000000000 ____D C:\FRST
        2017-09-25 12:19 - 2017-09-25 12:20 - 001796096 _____ (Farbar) C:\Users\BECKO\Downloads\FRST.exe
        2017-09-25 09:40 - 2017-09-25 09:41 - 055555872 _____ (Microsoft Corporation) C:\Users\BECKO\Downloads\MouseKeyboardCenter_32bit_ENG_3.0.337.exe
        2017-09-25 09:30 - 2017-09-25 09:52 - 000000000 ____D C:\Program Files\Common Files\Logitech
        2017-09-25 09:30 - 2017-09-25 09:30 - 000000000 ____D C:\Program Files\Logitech
        2017-09-25 09:28 - 2017-09-25 09:28 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Logitech
        2017-09-25 09:28 - 2017-09-25 09:28 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Logishrd
        2017-09-25 09:27 - 2017-09-25 09:28 - 015087456 _____ (Logitech Inc.) C:\Users\BECKO\Downloads\lgs510.exe
        2017-09-25 08:15 - 2017-09-25 08:15 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\NuGet
        2017-09-25 08:15 - 2017-09-25 08:15 - 000000000 ____D C:\Users\BECKO\AppData\LocalLow\Temp
        2017-09-24 19:11 - 2017-09-24 19:11 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_pimoukbd_01009.Wdf
        2017-09-24 19:09 - 2017-09-24 19:09 - 000000000 ____D C:\Users\BECKO\AppData\Local\IsolatedStorage
        2017-09-24 19:08 - 2017-09-24 19:37 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pluralinput
        2017-09-24 19:08 - 2017-09-24 19:37 - 000000000 ____D C:\Users\BECKO\AppData\Local\Pluralinput
        2017-09-24 19:08 - 2017-09-24 19:08 - 000032664 _____ (Christian Gulden) C:\Windows\system32\Drivers\pimoukbd.sys
        2017-09-24 19:07 - 2017-09-24 19:08 - 006547544 _____ (Pluralinput) C:\Users\BECKO\Downloads\PluralinputSetup.exe
        2017-09-24 18:53 - 2017-09-24 18:54 - 000000395 _____ C:\Users\BECKO\Downloads\316DAvitescfg.rar
        2017-09-24 13:16 - 2017-09-24 13:18 - 000051056 _____ C:\Users\BECKO\Downloads\NotepadMemoryWriter.zip
        2017-09-24 12:45 - 2017-09-24 12:45 - 000000000 ____D C:\Users\BECKO\source
        2017-09-24 12:44 - 2017-09-24 12:44 - 000000000 ____D C:\Users\BECKO\AppData\Local\.IdentityService
        2017-09-24 12:40 - 2017-09-24 12:56 - 000000000 ____D C:\Users\BECKO\Documents\Visual Studio 2017
        2017-09-24 12:39 - 2017-09-24 12:39 - 000000000 ____D C:\Program Files\Entity Framework Tools
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\3082
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\2052
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1055
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1049
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1046
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1045
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1042
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1041
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1040
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1036
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1033
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1031
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1029
        2017-09-24 12:37 - 2017-09-24 12:37 - 000000000 ____D C:\Windows\system32\1028
        2017-09-24 12:34 - 2017-09-24 12:34 - 000000000 ____D C:\Program Files\NuGet
        2017-09-24 12:25 - 2017-09-24 12:25 - 000000000 ____D C:\Program Files\Microsoft SQL Server
        2017-09-24 12:21 - 2017-09-24 12:21 - 000000000 ____D C:\Program Files\Common Files\Designer
        2017-09-24 12:20 - 2017-09-24 12:36 - 000000000 ____D C:\Program Files\Microsoft SDKs
        2017-09-24 12:20 - 2017-09-24 12:24 - 000000000 ____D C:\Program Files\Windows Kits
        2017-09-24 12:20 - 2017-09-24 12:20 - 000004291 _____ C:\Users\BECKO\Downloads\ProcessMemoryReader.cs
        2017-09-24 12:18 - 2017-09-24 12:18 - 000001665 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk
        2017-09-24 12:18 - 2017-09-24 12:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
        2017-09-24 12:07 - 2017-09-24 12:07 - 000001421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
        2017-09-24 11:58 - 2017-09-24 11:58 - 000001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
        2017-09-24 11:55 - 2017-09-24 11:55 - 000000000 ____D C:\Users\BECKO\AppData\Local\ServiceHub
        2017-09-24 11:54 - 2017-09-24 12:59 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Visual Studio Setup
        2017-09-24 11:54 - 2017-09-24 12:35 - 000000000 ____D C:\Program Files\Microsoft Visual Studio
        2017-09-24 11:54 - 2017-09-24 11:56 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\vstelemetry
        2017-09-24 11:50 - 2017-09-24 11:51 - 001071352 _____ (Microsoft Corporation) C:\Users\BECKO\Downloads\vs_Community.exe
        2017-09-23 18:21 - 2017-09-23 18:21 - 000001588 _____ C:\Users\BECKO\Downloads\setups at.zip
        2017-09-23 17:40 - 2017-09-23 17:40 - 000001057 _____ C:\Users\BECKO\Desktop\LFSShifterV6.0 test - Пряк път.lnk
        2017-09-23 14:07 - 2017-09-23 14:10 - 000000000 ____D C:\LFS Shifter
        2017-09-23 14:01 - 2017-09-23 14:01 - 000867295 _____ C:\Users\BECKO\Downloads\LFS Shifter v6 test.zip
        2017-09-23 13:19 - 2017-09-23 13:19 - 000032166 _____ C:\Users\BECKO\Downloads\XRG_default.zip
        2017-09-23 13:00 - 2017-09-23 13:00 - 000009477 _____ C:\Users\BECKO\Downloads\Mufflord's Setup Pack.RAR
        2017-09-23 13:00 - 2016-10-09 14:24 - 000000132 _____ C:\Users\BECKO\Downloads\XRT_Muff Allround 5.set
        2017-09-23 13:00 - 2016-10-09 13:44 - 000000132 _____ C:\Users\BECKO\Downloads\XFR_Allround.set
        2017-09-23 13:00 - 2016-08-25 18:11 - 000000132 _____ C:\Users\BECKO\Downloads\XRT_Muff old update.set
        2017-09-23 12:34 - 2017-09-23 12:35 - 000000132 _____ C:\Users\BECKO\Downloads\XFG_205 Rallye.set
        2017-09-23 09:13 - 2017-09-23 09:19 - 001669949 _____ C:\Users\BECKO\Downloads\crsctrl.zip
        2017-09-23 09:02 - 2017-09-23 09:03 - 000000000 ____D C:\Users\BECKO\Downloads\setup
        2017-09-23 09:02 - 2017-09-23 09:02 - 000019711 _____ C:\Users\BECKO\Downloads\Real car setups.zip
        2017-09-23 08:25 - 2017-09-23 08:25 - 002996135 _____ C:\Users\BECKO\Downloads\WhelenEpsilonWhelenGamma2.rar
        2017-09-22 19:17 - 2017-09-24 19:09 - 000000000 ____D C:\Users\BECKO\AppData\Local\SquirrelTemp
        2017-09-22 19:17 - 2017-09-22 20:34 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\discord
        2017-09-22 19:17 - 2017-09-22 19:17 - 000002156 _____ C:\Users\BECKO\Desktop\Discord.lnk
        2017-09-22 19:17 - 2017-09-22 19:17 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
        2017-09-22 19:17 - 2017-09-22 19:17 - 000000000 ____D C:\Users\BECKO\AppData\Local\Discord
        2017-09-22 19:15 - 2017-09-22 19:16 - 054332920 _____ (Discord Inc.) C:\Users\BECKO\Downloads\DiscordSetup.exe
        2017-09-22 09:13 - 2017-09-22 09:13 - 000000000 ____D C:\Windows\MemSave
        2017-09-22 09:02 - 2017-09-22 09:13 - 000000000 ____D C:\Users\BECKO\Downloads\memset
        2017-09-22 09:01 - 2017-09-22 09:01 - 000409147 _____ C:\Users\BECKO\Downloads\MemSet41.zip
        2017-09-22 08:59 - 2017-09-22 08:59 - 000445630 _____ C:\Users\BECKO\Downloads\CPU-Tweaker.zip
        2017-09-22 08:47 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
        2017-09-22 08:47 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
        2017-09-22 08:47 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
        2017-09-22 08:46 - 2017-09-22 08:46 - 002353288 _____ C:\Users\BECKO\Downloads\d3dx43.exe
        2017-09-22 08:42 - 2017-09-22 08:42 - 004665640 _____ (techPowerUp (www.techpowerup.com)) C:\Users\BECKO\Downloads\GPU-Z.2.4.0.exe
        2017-09-21 19:00 - 2017-09-21 19:00 - 000000824 _____ C:\Users\BECKO\Desktop\Mary - Пряк път.lnk
        2017-09-21 17:50 - 2017-09-21 17:50 - 000095196 _____ C:\Users\BECKO\Downloads\Mary.zip
        2017-09-21 12:17 - 2012-03-09 19:10 - 000699192 _____ C:\Users\BECKO\Documents\testalloy4.dds
        2017-09-21 12:14 - 2017-09-21 12:18 - 001525785 _____ C:\Users\BECKO\Downloads\20150706193019.rar
        2017-09-21 12:09 - 2017-09-21 12:09 - 000008866 _____ C:\Users\BECKO\Downloads\rims.rar
        2017-09-21 12:07 - 2017-09-21 12:07 - 003503545 _____ C:\Users\BECKO\Downloads\Styling 7.zip
        2017-09-21 08:57 - 2017-09-21 09:00 - 072828153 _____ C:\Users\BECKO\Downloads\TC Stock Car Skins Thread Pack.rar
        2017-09-20 15:54 - 2017-09-20 15:54 - 000000000 ____D C:\Users\BECKO\My Drivers
        2017-09-20 15:54 - 2017-09-20 15:54 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Innovative Solutions
        2017-09-20 15:54 - 2017-09-20 15:54 - 000000000 ____D C:\Users\BECKO\AppData\Local\Innovative Solutions
        2017-09-20 15:54 - 2017-09-20 15:54 - 000000000 ____D C:\My Drivers
        2017-09-20 15:53 - 2017-09-20 15:53 - 003108432 _____ (Innovative Solutions) C:\Users\BECKO\Downloads\Intel-R-ICH7-M-Family-Serial-ATA-Storage-Controller---27C4-Intel-Intel-32-bits.exe
        2017-09-20 15:33 - 2017-09-20 15:55 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\DriverAgentPlus
        2017-09-20 14:59 - 2017-09-20 15:02 - 001724680 _____ ( ) C:\Users\BECKO\Downloads\cpu-z_1.80-en.exe
        2017-09-20 14:38 - 2017-09-20 14:39 - 000329753 _____ C:\Users\BECKO\Downloads\ClockGen.zip
        2017-09-20 11:30 - 2017-09-20 11:30 - 007320888 _____ C:\Users\BECKO\Downloads\200000239_93d3ef34bb13b42983099062e5adff03602d7e8b.cab
        2017-09-20 11:26 - 2017-09-20 11:47 - 000000000 ____D C:\Program Files\DriverToolkit
        2017-09-20 11:26 - 2017-09-20 11:26 - 000000000 ____D C:\Users\BECKO\AppData\Local\DriverToolkit
        2017-09-20 10:14 - 2017-09-20 10:14 - 000001018 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BIOS FINDER.LNK
        2017-09-20 10:14 - 2000-05-22 00:00 - 000608448 _____ (Microsoft Corporation) C:\Windows\system32\COMCTL32.OCX
        2017-09-20 10:14 - 2000-05-22 00:00 - 000115920 _____ (Microsoft Corporation) C:\Windows\system32\MSINET.OCX
        2017-09-20 10:14 - 1999-08-03 20:33 - 000205824 _____ (xyz) C:\Windows\system32\CRESIZE5.OCX
        2017-09-20 10:14 - 1997-12-16 04:00 - 000143872 _____ (Info-ZIP) C:\Windows\system32\unzip32.dll
        2017-09-20 10:14 - 1997-06-23 19:06 - 000123664 _____ (Microsoft Corporation) C:\Windows\system32\MSJInt35.dll
        2017-09-20 10:14 - 1997-06-23 19:06 - 000024848 _____ (Microsoft Corporation) C:\Windows\system32\MSJtEr35.dll
        2017-09-20 10:14 - 1995-07-25 23:00 - 000089600 _____ (Microsoft Corporation) C:\Windows\system32\GRID32.OCX
        2017-09-20 10:11 - 1998-10-15 12:04 - 001355776 _____ (Microsoft Corporation) C:\Windows\system32\MSVBVM50.dll
        2017-09-20 10:11 - 1997-01-16 01:00 - 000071680 _____ (Microsoft Corporation) C:\Windows\ST5UNST.EXE
        2017-09-20 10:11 - 1997-01-16 01:00 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\VB5StKit.dll
        2017-09-20 10:03 - 2017-09-20 10:03 - 003646301 _____ C:\Users\BECKO\Downloads\biosfind.zip
        2017-09-19 14:56 - 2017-09-19 14:56 - 000243989 _____ C:\Users\BECKO\Downloads\bmw-rins.rar
        2017-09-19 10:45 - 2010-06-17 12:02 - 000053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\system32\CSVer.dll
        2017-09-19 10:44 - 2017-09-19 10:44 - 002865688 _____ (Intel Corporation) C:\Users\BECKO\Downloads\INF_allOS_9.1.2.1008_PV.exe
        2017-09-19 10:31 - 2017-09-19 10:32 - 015647865 _____ C:\Users\BECKO\Downloads\UBU_v1_69_5.rar
        2017-09-19 10:20 - 2017-09-19 10:20 - 000000000 ____D C:\Program Files\VulkanRT
        2017-09-19 10:12 - 2017-09-19 10:15 - 257123639 _____ C:\Users\BECKO\Downloads\win64_154519.4678.zip
        2017-09-19 09:43 - 2017-09-19 09:46 - 255391032 _____ (Intel Corporation) C:\Users\BECKO\Downloads\win64_154519.4678.exe
        2017-09-19 09:39 - 2017-09-19 09:39 - 001127996 _____ C:\Users\BECKO\Downloads\Intel_Integrator_Toolkit_6.1.6.zip
        2017-09-19 09:34 - 2017-09-19 09:34 - 000099434 _____ C:\Users\BECKO\Downloads\KeplerBiosTweaker_1.27.zip
        2017-09-18 18:21 - 2017-09-18 18:22 - 000000000 ___HD C:\Windows\AxInstSV
        2017-09-18 18:14 - 2017-09-18 18:14 - 000183559 _____ C:\Users\BECKO\Downloads\capicom.cab
        2017-09-18 18:14 - 2017-09-18 18:14 - 000011073 _____ C:\Users\BECKO\Downloads\xenroll.cab
        2017-09-17 13:57 - 2017-09-17 13:57 - 001015296 _____ C:\Users\BECKO\Downloads\LAGG SWITCH_[unknowncheats.me]_.exe
        2017-09-17 13:45 - 2017-09-17 13:46 - 005251125 _____ C:\Users\BECKO\Downloads\pics.zip
        2017-09-17 11:35 - 2017-09-17 11:35 - 001546533 _____ C:\Users\BECKO\Downloads\XRT_skins.zip
        2017-09-17 10:28 - 2017-09-17 10:32 - 040811322 _____ C:\Users\BECKO\Downloads\Skins.zip
        2017-09-16 16:27 - 2017-09-16 16:27 - 000406668 _____ C:\Users\BECKO\Downloads\XRG_IDS_FAT_FLAME.pdn
        2017-09-15 17:54 - 2017-09-15 17:54 - 003889529 _____ C:\Users\BECKO\Downloads\ZenKiT By tadydrift.rar
        2017-09-15 17:53 - 2017-09-15 17:53 - 005464453 _____ C:\Users\BECKO\Downloads\Team Gripenemy pics.rar
        2017-09-15 17:53 - 2017-09-15 17:53 - 000275230 _____ C:\Users\BECKO\Downloads\Team GripEnemy.rar
        2017-09-15 17:52 - 2017-09-15 17:52 - 000246991 _____ C:\Users\BECKO\Downloads\RFactory EVOLUTION.zip
        2017-09-15 17:20 - 2017-09-15 17:20 - 004713929 _____ C:\Users\BECKO\Downloads\RFactory D1 2010 SkinPack.rar
        2017-09-15 17:10 - 2017-09-15 17:11 - 013464202 _____ C:\Users\BECKO\Downloads\RF XRT-FC kit By TaDy(update).rar
        2017-09-15 17:06 - 2017-09-15 17:06 - 000455977 _____ C:\Users\BECKO\Downloads\MEGA-texture-PACK.rar
        2017-09-15 17:04 - 2017-09-15 17:04 - 002635166 _____ C:\Users\BECKO\Downloads\XRT_Anilator_Kit_update.zip
        2017-09-15 17:03 - 2017-09-15 17:04 - 000574966 _____ C:\Users\BECKO\Downloads\ProStreet Pack 2.rar
        2017-09-12 20:42 - 2017-09-12 20:42 - 000470016 _____ C:\Users\BECKO\Downloads\Tutorial 5.5.exe
        2017-09-12 18:01 - 2017-09-12 18:01 - 000000000 ____D C:\Program Files\Microsoft Synchronization Services
        2017-09-12 18:01 - 2017-09-12 18:01 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
        2017-09-12 17:58 - 2017-09-12 17:58 - 039888608 _____ (Intel Corporation) C:\Users\BECKO\Downloads\Intel Extreme Tuning Utility (Intel XTU)-Version 6.3.0.56.exe
        2017-09-12 17:12 - 2017-09-12 17:15 - 000000000 ____D C:\ProgramData\Intel
        2017-09-12 17:10 - 2017-09-12 17:11 - 010461728 _____ (Intel) C:\Users\BECKO\Downloads\Intel Driver Update Utility Installer.exe
        2017-09-10 17:34 - 2017-09-10 17:34 - 000001314 _____ C:\Users\BECKO\Downloads\Trainer LUA.zip
        2017-09-10 17:32 - 2017-09-10 17:32 - 000000000 ____D C:\Users\BECKO\Downloads\LUA
        2017-09-10 17:31 - 2017-09-10 17:31 - 000001715 _____ C:\Users\BECKO\Downloads\Trainer LUA (UPDATED).zip
        2017-09-10 11:49 - 2017-09-10 11:50 - 001258570 _____ C:\Users\BECKO\Downloads\xfg_complete_interior.zip
        2017-09-10 08:42 - 2017-09-10 08:42 - 001065704 _____ C:\Users\BECKO\Downloads\XF_Interior1.rar
        2017-09-10 08:37 - 2017-09-10 08:37 - 004499750 _____ C:\Users\BECKO\Downloads\Retextured XRT interior.rar
        2017-09-10 07:57 - 2017-09-10 08:25 - 000935389 _____ C:\Users\BECKO\Downloads\Hub.rar
        2017-09-10 07:57 - 2017-09-10 07:57 - 001921131 _____ C:\Users\BECKO\Downloads\Grip.rar
        2017-09-10 07:38 - 2017-09-10 07:38 - 000864710 _____ C:\Users\BECKO\Downloads\LFS_S1_DECALS.rar
        2017-09-10 07:38 - 2017-09-10 07:38 - 000022769 _____ C:\Users\BECKO\Downloads\MSz_logos.rar
        2017-09-10 07:37 - 2017-09-10 07:37 - 000082377 _____ C:\Users\BECKO\Downloads\SUPER_CF.rar
        2017-09-10 07:36 - 2017-09-10 07:36 - 000414511 _____ C:\Users\BECKO\Downloads\scooppack1.zip
        2017-09-10 07:35 - 2017-09-10 07:35 - 001038380 _____ C:\Users\BECKO\Downloads\RF SKYLINES LIGHTS pack.rar
        2017-09-10 07:34 - 2017-09-10 07:34 - 000458826 _____ C:\Users\BECKO\Downloads\xfrhireslight.zip
        2017-09-09 19:59 - 2017-09-09 19:59 - 000033190 _____ C:\Users\BECKO\Downloads\Derby-decals-firebird-big.jpeg
        2017-09-09 14:43 - 2017-09-09 14:43 - 000276289 _____ C:\Users\BECKO\Downloads\TCLights2.zip
        2017-09-09 07:17 - 2017-09-09 07:17 - 000736920 _____ C:\Users\BECKO\Downloads\XRG_Cruise151.pdn
        2017-09-09 06:34 - 2017-09-09 06:34 - 000000000 ____D C:\Users\BECKO\.thumbnails
        2017-09-09 06:33 - 2017-09-09 06:34 - 000000000 ____D C:\Users\BECKO\Downloads\Blender
        2017-09-09 06:29 - 2017-09-09 06:30 - 016372630 _____ C:\Users\BECKO\Downloads\LFS_cars_ready_to_render_BLENDER.rar
        2017-09-09 06:28 - 2017-09-09 06:30 - 104647991 _____ C:\Users\BECKO\Downloads\blender-2.79-rc2-windows32.zip
        2017-09-07 21:15 - 2017-09-07 21:15 - 000902749 _____ C:\Users\BECKO\Downloads\ds-autos_lfs_maxpax-xfr.exe
        2017-09-07 21:15 - 2017-09-07 21:15 - 000000000 ____D C:\Users\BECKO\Downloads\scenes
        2017-09-07 21:15 - 2017-09-07 21:15 - 000000000 ____D C:\Users\BECKO\Downloads\images
        2017-09-07 19:09 - 2017-09-07 19:09 - 000544670 _____ C:\Users\BECKO\Downloads\XFG_interior.zip
        2017-09-07 19:09 - 2017-09-07 19:09 - 000116050 _____ C:\Users\BECKO\Downloads\XRG_interior.zip
        2017-09-07 19:06 - 2017-09-07 19:06 - 000515238 _____ C:\Users\BECKO\Downloads\XFG. XFR leather interior.rar
        2017-09-07 19:01 - 2017-09-07 19:01 - 000325761 _____ C:\Users\BECKO\Downloads\XR_LED_lights_by_Kancel.rar
        2017-09-07 18:11 - 2017-09-25 09:52 - 000000000 ____D C:\Windows\system32\appmgmt
        2017-09-07 05:05 - 2017-09-07 05:05 - 000933207 _____ C:\Users\BECKO\Downloads\Ford_Sierra_Cosworth_Texturepack.rar
        2017-09-06 20:45 - 2017-09-06 20:45 - 000013841 _____ C:\Users\BECKO\Downloads\shaders-20170906T174421Z-001.zip
        2017-09-06 20:43 - 2017-09-06 20:43 - 016777344 _____ C:\Users\BECKO\Downloads\s_window_ALP.dds
        2017-09-06 17:57 - 2017-09-06 17:58 - 001305367 _____ C:\Users\BECKO\Downloads\Autoruns.zip
        2017-09-05 18:48 - 2017-09-05 18:48 - 000000000 ____D C:\ProgramData\Force Dynamics
        2017-09-05 18:45 - 2017-09-19 10:45 - 000000000 ____D C:\Program Files\Intel
        2017-09-05 18:45 - 2016-10-08 02:29 - 000002291 ____N C:\Windows\system32\SetupBD.din
        2017-09-05 18:41 - 2016-10-08 02:29 - 000370752 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
        2017-09-05 18:24 - 2017-09-05 18:24 - 000014200 _____ C:\Windows\system32\results.xml
        2017-09-05 18:20 - 2017-09-05 18:20 - 000000000 ____D C:\Windows\system32\Lang
        2017-09-05 18:20 - 2009-10-19 15:57 - 001002008 _____ (Intel Corporation) C:\Windows\system32\igxpun.exe
        2017-09-05 18:19 - 2017-09-05 18:19 - 023812912 _____ (Intel Corporation) C:\Users\BECKO\Downloads\win7_1512754.exe
        2017-09-04 19:39 - 2017-09-04 19:46 - 550935208 _____ (Live for Speed) C:\Users\BECKO\Downloads\LFS_S3_6R_setup (1).exe
        2017-09-04 18:54 - 2012-02-11 08:37 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
        2017-09-04 18:52 - 2014-07-09 04:29 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
        2017-09-04 18:52 - 2014-07-09 04:29 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
        2017-09-04 18:52 - 2014-07-09 04:29 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
        2017-09-04 18:52 - 2014-07-09 04:29 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
        2017-09-04 18:52 - 2014-07-09 04:29 - 000005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
        2017-09-04 18:49 - 2017-03-07 18:06 - 002746880 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
        2017-09-04 18:49 - 2017-03-07 18:06 - 000221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
        2017-09-04 18:49 - 2017-03-07 18:06 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
        2017-09-04 18:49 - 2016-08-16 23:27 - 000259072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
        2017-09-04 18:49 - 2016-08-16 23:27 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
        2017-09-04 18:49 - 2016-08-16 23:26 - 000285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
        2017-09-04 18:49 - 2016-08-16 23:26 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
        2017-09-04 18:49 - 2016-08-16 23:26 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
        2017-09-04 18:49 - 2016-08-16 23:26 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
        2017-09-04 18:49 - 2016-08-16 23:26 - 000006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
        2017-09-04 03:21 - 2015-07-16 22:12 - 006131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
        2017-09-04 03:21 - 2015-07-16 22:12 - 000856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
        2017-09-04 03:21 - 2015-07-16 22:12 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
        2017-09-04 03:21 - 2015-07-16 18:14 - 000355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
        2017-09-04 03:21 - 2014-12-11 20:47 - 000074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
        2017-09-03 19:56 - 2017-09-03 19:57 - 000000000 ____D C:\Program Files\vJoy
        2017-09-03 19:56 - 2017-09-03 19:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vJoy
        2017-09-03 19:43 - 2016-02-03 12:23 - 000050224 _____ (Shaul Eizikovich) C:\Windows\system32\Drivers\vjoy.sys
        2017-09-03 19:42 - 2017-09-03 19:42 - 007126695 _____ C:\Users\BECKO\Downloads\Receiver2017 EditorVersion.rar
        2017-09-03 16:51 - 2017-09-04 20:02 - 000000534 _____ C:\Users\BECKO\Desktop\LFS.lnk
        2017-09-03 16:51 - 2017-09-03 16:51 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live for Speed
        2017-09-03 16:41 - 2017-09-25 11:46 - 000000000 ____D C:\LFS
        2017-09-03 16:29 - 2017-01-29 07:43 - 550935208 _____ (Live for Speed) C:\Users\BECKO\Downloads\LFS_S3_6R_setup.exe
        2017-09-03 15:11 - 2017-09-03 15:11 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsigndfefe19eac837ef9
        2017-09-03 15:08 - 2017-09-03 15:08 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsign453dc60071486f6d
        2017-09-03 15:03 - 2017-09-03 15:03 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsign9f0a8a46786c1d6c
        2017-09-03 15:03 - 2017-09-03 15:03 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsign6074fc35e5b4c48d
        2017-09-03 13:33 - 2017-09-03 13:33 - 000001410 _____ C:\Users\BECKO\Desktop\PaintDotNet - Пряк път.lnk
        2017-09-03 13:32 - 2017-09-03 14:17 - 000000000 ____D C:\Users\BECKO\AppData\Local\paint.net
        2017-09-03 13:24 - 2017-09-03 13:24 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsign6b42f544879c7727
        2017-09-03 13:23 - 2017-09-03 13:23 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsignf781ccea0b6f3d93
        2017-09-03 13:23 - 2017-09-03 13:23 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsign1e69207d3443abe6
        2017-09-03 12:49 - 2017-09-03 13:21 - 000001498 _____ C:\Users\BECKO\Desktop\Cheat Engine - Пряк път.lnk
        2017-09-03 11:29 - 2017-09-23 13:12 - 000000579 _____ C:\Users\BECKO\Documents\shiftercfg.ini
        2017-09-03 10:13 - 2017-09-03 10:13 - 000119081 _____ C:\Users\BECKO\Downloads\[LCS] Lights.zip
        2017-09-03 08:28 - 2017-09-03 08:28 - 046428288 _____ C:\Users\BECKO\Downloads\Spot Healing Brush.psd
        2017-09-03 08:23 - 2017-09-03 08:23 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsign64eab49f8c2e8f70
        2017-09-03 08:07 - 2017-09-03 08:07 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsign8451f807890aeee4
        2017-09-03 08:01 - 2017-09-03 08:01 - 000000000 ____D C:\Users\BECKO\AppData\LocalLow\Adobe
        2017-09-03 07:57 - 2017-09-03 07:57 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsign632ee564d36a89a5
        2017-09-03 07:56 - 2017-09-03 07:56 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsign09a43f07e233face
        2017-09-03 07:55 - 2017-09-03 07:55 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsign8b9b2ea2429d6807
        2017-09-03 07:55 - 2017-09-03 07:55 - 000000000 ____D C:\Users\BECKO\AppData\Local\Tempzxpsign84c5d6b8cab802da
        2017-09-03 07:54 - 2017-09-03 07:54 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
        2017-09-03 07:52 - 2017-09-03 07:52 - 000000000 ____D C:\Users\BECKO\Documents\Adobe
        2017-09-03 07:37 - 2017-09-03 17:21 - 000000000 ___RD C:\Users\BECKO\Creative Cloud Files
        2017-09-03 07:28 - 2017-09-03 07:28 - 000000000 ____D C:\Users\BECKO\AppData\Local\CEF
        2017-09-03 03:29 - 2017-09-03 03:30 - 000000000 ___SD C:\Windows\system32\CompatTel
        2017-09-03 03:29 - 2017-09-03 03:29 - 000000000 ____D C:\Windows\system32\appraiser
        2017-09-02 23:43 - 2012-08-23 17:46 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\terminpt.sys
        2017-09-02 23:43 - 2012-08-23 17:44 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
        2017-09-02 23:43 - 2012-08-23 14:12 - 000192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
        2017-09-02 23:23 - 2013-10-02 02:45 - 000032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
        2017-09-02 23:22 - 2013-10-02 03:42 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
        2017-09-02 23:22 - 2013-10-02 03:32 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
        2017-09-02 23:22 - 2013-10-02 03:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
        2017-09-02 23:22 - 2013-10-02 03:14 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
        2017-09-02 23:22 - 2013-10-02 03:14 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
        2017-09-02 23:22 - 2013-10-02 01:34 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
        2017-09-02 23:14 - 2017-09-02 23:18 - 000000000 ____D C:\Windows\system32\MRT
        2017-09-02 23:14 - 2017-09-02 23:14 - 137505280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
        2017-09-02 23:02 - 2017-09-02 23:02 - 000000000 ____D C:\Program Files\CONEXANT
        2017-09-02 22:50 - 2017-09-02 22:50 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_tp4track_01009.Wdf
        2017-09-02 22:50 - 2017-09-02 22:50 - 000000000 ____D C:\Program Files\Lenovo
        2017-09-02 22:42 - 2012-07-26 06:21 - 000196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
        2017-09-02 22:42 - 2012-07-26 06:20 - 000613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
        2017-09-02 22:42 - 2012-07-26 06:20 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
        2017-09-02 22:42 - 2012-07-26 06:20 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
        2017-09-02 22:42 - 2012-07-26 06:20 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
        2017-09-02 22:42 - 2012-07-26 05:33 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
        2017-09-02 22:42 - 2012-07-26 05:32 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
        2017-09-02 22:42 - 2012-06-02 17:57 - 000000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
        2017-09-02 22:30 - 2017-04-28 01:50 - 003550208 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
        2017-09-02 22:19 - 2015-12-16 21:43 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
        2017-09-02 22:19 - 2015-12-16 21:43 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
        2017-09-02 22:19 - 2015-12-16 21:43 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
        2017-09-02 22:18 - 2016-03-16 21:28 - 000176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
        2017-09-02 22:18 - 2016-03-16 21:28 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
        2017-09-02 22:18 - 2015-08-05 20:40 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
        2017-09-02 22:18 - 2015-08-05 19:58 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
        2017-09-02 22:18 - 2015-07-22 20:53 - 000635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
        2017-09-02 22:18 - 2015-05-25 21:01 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
        2017-09-02 22:18 - 2015-05-25 21:00 - 000364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
        2017-09-02 22:18 - 2015-05-25 21:00 - 000082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
        2017-09-02 22:18 - 2015-05-25 21:00 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
        2017-09-02 22:18 - 2015-05-25 21:00 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
        2017-09-02 22:18 - 2015-05-25 21:00 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
        2017-09-02 22:18 - 2015-01-09 05:48 - 000635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
        2017-09-02 22:18 - 2015-01-09 05:48 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
        2017-09-02 22:18 - 2015-01-09 05:48 - 000027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
        2017-09-02 22:18 - 2012-12-07 15:26 - 000308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
        2017-09-02 22:18 - 2012-12-07 15:20 - 002576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
        2017-09-02 22:18 - 2012-12-07 13:46 - 000055296 _____ (Microsoft) C:\Windows\system32\cero.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000030720 _____ (Microsoft) C:\Windows\system32\usk.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000021504 _____ (Microsoft) C:\Windows\system32\grb.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
        2017-09-02 22:18 - 2012-12-07 13:46 - 000015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
        2017-09-02 22:17 - 2016-08-29 17:55 - 002972672 _____ (Microsoft Corporation) C:\Windows\explorer.exe
        2017-09-02 22:17 - 2012-10-03 19:42 - 000175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
        2017-09-02 22:17 - 2012-10-03 19:42 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
        2017-09-02 22:17 - 2012-10-03 19:40 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
        2017-09-02 22:17 - 2012-08-21 23:12 - 000245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
        2017-09-02 22:17 - 2011-03-11 08:39 - 000143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
        2017-09-02 22:17 - 2011-03-11 08:39 - 000117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
        2017-09-02 22:17 - 2011-03-11 08:38 - 000332160 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
        2017-09-02 22:17 - 2011-03-11 08:38 - 000080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
        2017-09-02 22:17 - 2011-03-11 08:38 - 000022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
        2017-09-02 22:17 - 2011-03-11 08:33 - 001699328 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
        2017-09-02 22:17 - 2011-03-11 08:31 - 000074240 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
        2017-09-02 22:16 - 2016-07-07 17:57 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
        2017-09-02 22:16 - 2016-03-09 21:40 - 000316416 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
        2017-09-02 22:16 - 2016-03-09 21:34 - 000216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
        2017-09-02 22:16 - 2016-02-05 21:44 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
        2017-09-02 22:16 - 2016-02-05 20:33 - 000015360 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
        2017-09-02 22:16 - 2015-10-29 20:50 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
        2017-09-02 22:16 - 2015-10-29 20:49 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
        2017-09-02 22:16 - 2015-10-29 20:49 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
        2017-09-02 22:16 - 2015-10-29 20:49 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
        2017-09-02 22:16 - 2015-08-27 20:58 - 001391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
        2017-09-02 22:16 - 2015-08-27 20:51 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
        2017-09-02 22:16 - 2015-07-09 20:42 - 001372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
        2017-09-02 22:16 - 2015-07-09 20:42 - 000067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
        2017-09-02 22:16 - 2015-06-03 23:22 - 000355456 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
        2017-09-02 22:16 - 2015-01-29 06:02 - 002311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
        2017-09-02 22:16 - 2014-08-01 14:35 - 000793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
        2017-09-02 22:16 - 2014-02-04 05:07 - 000234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
        2017-09-02 22:16 - 2014-02-04 05:07 - 000149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
        2017-09-02 22:16 - 2014-02-04 05:07 - 000027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
        2017-09-02 22:16 - 2014-02-04 05:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
        2017-09-02 22:16 - 2014-01-28 05:07 - 000185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
        2017-09-02 22:16 - 2013-10-30 05:19 - 000301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
        2017-09-02 22:16 - 2013-10-04 04:58 - 000152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
        2017-09-02 22:16 - 2013-10-04 04:56 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
        2017-09-02 22:16 - 2013-05-10 06:20 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
        2017-09-02 22:16 - 2013-03-19 06:33 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
        2017-09-02 22:16 - 2013-01-24 07:47 - 000196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
        2017-09-02 22:16 - 2012-07-04 22:45 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
        2017-09-02 22:16 - 2011-02-18 08:39 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
        2017-09-02 22:15 - 2017-07-21 17:26 - 000518144 _____ C:\Windows\system32\msjetoledb40.dll
        2017-09-02 22:15 - 2017-07-21 17:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\system32\msjtes40.dll
        2017-09-02 22:15 - 2017-07-15 20:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
        2017-09-02 22:15 - 2017-07-14 06:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
        2017-09-02 22:15 - 2017-07-14 06:00 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
        2017-09-02 22:15 - 2017-07-14 05:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
        2017-09-02 22:15 - 2017-07-14 05:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
        2017-09-02 22:15 - 2017-07-14 05:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
        2017-09-02 22:15 - 2017-07-14 05:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
        2017-09-02 22:15 - 2017-07-14 05:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
        2017-09-02 22:15 - 2017-07-14 05:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
        2017-09-02 22:15 - 2017-07-14 05:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
        2017-09-02 22:15 - 2017-07-14 05:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
        2017-09-02 22:15 - 2017-07-14 05:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
        2017-09-02 22:15 - 2017-07-14 05:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
        2017-09-02 22:15 - 2017-07-14 05:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
        2017-09-02 22:15 - 2017-07-14 05:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
        2017-09-02 22:15 - 2017-07-14 05:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
        2017-09-02 22:15 - 2017-07-14 05:38 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
        2017-09-02 22:15 - 2017-07-14 05:33 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
        2017-09-02 22:15 - 2017-07-14 05:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
        2017-09-02 22:15 - 2017-07-14 05:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
        2017-09-02 22:15 - 2017-07-14 05:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
        2017-09-02 22:15 - 2017-07-14 05:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
        2017-09-02 22:15 - 2017-07-14 05:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
        2017-09-02 22:15 - 2017-07-14 05:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
        2017-09-02 22:15 - 2017-07-14 05:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
        2017-09-02 22:15 - 2017-07-14 05:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
        2017-09-02 22:15 - 2017-07-14 05:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
        2017-09-02 22:15 - 2017-07-14 05:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
        2017-09-02 22:15 - 2017-07-14 05:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
        2017-09-02 22:15 - 2017-07-14 05:12 - 000689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
        2017-09-02 22:15 - 2017-07-14 05:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
        2017-09-02 22:15 - 2017-07-14 05:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
        2017-09-02 22:15 - 2017-07-14 05:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
        2017-09-02 22:15 - 2017-07-14 04:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
        2017-09-02 22:15 - 2017-07-14 04:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
        2017-09-02 22:15 - 2017-07-14 04:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
        2017-09-02 22:15 - 2017-07-01 16:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
        2017-09-02 22:15 - 2017-07-01 16:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\system32\msrepl40.dll
        2017-09-02 22:15 - 2017-07-01 16:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll
        2017-09-02 22:15 - 2017-07-01 16:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\system32\msrd2x40.dll
        2017-09-02 22:15 - 2017-05-12 19:25 - 001251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
        2017-09-02 22:15 - 2017-05-12 19:25 - 000909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
        2017-09-02 22:15 - 2017-05-10 18:12 - 012880896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
        2017-09-02 22:15 - 2017-05-10 18:12 - 002953216 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
        2017-09-02 22:15 - 2017-05-10 18:12 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
        2017-09-02 22:15 - 2017-05-10 18:10 - 000073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
        2017-09-02 22:15 - 2017-05-10 18:01 - 002092032 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
        2017-09-02 22:15 - 2017-05-10 18:00 - 000573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
        2017-09-02 22:15 - 2017-05-10 18:00 - 000136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
        2017-09-02 22:15 - 2017-05-10 18:00 - 000093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
        2017-09-02 22:15 - 2017-05-10 18:00 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
        2017-09-02 22:15 - 2017-01-18 18:35 - 000922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
        2017-09-02 22:15 - 2017-01-18 18:35 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
        2017-09-02 22:15 - 2016-11-09 19:17 - 002365440 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
        2017-09-02 22:15 - 2016-09-15 17:51 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
        2017-09-02 22:15 - 2016-08-21 16:05 - 000935424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
        2017-09-02 22:15 - 2016-08-12 19:47 - 011410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
        2017-09-02 22:15 - 2016-06-14 18:21 - 003209216 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
        2017-09-02 22:15 - 2016-06-14 18:21 - 000988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
        2017-09-02 22:15 - 2016-06-14 18:21 - 000744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
        2017-09-02 22:15 - 2016-01-21 03:51 - 000057280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
        2017-09-02 22:15 - 2015-04-11 06:07 - 000054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
        2017-09-02 22:15 - 2014-10-30 04:45 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
        2017-09-02 22:15 - 2013-08-05 04:56 - 000133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
        2017-09-02 22:15 - 2012-01-04 11:58 - 000442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
        2017-09-02 22:15 - 2011-12-30 08:27 - 000478720 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
        2017-09-02 22:15 - 2011-06-16 07:33 - 000180224 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
        2017-09-02 22:14 - 2017-08-01 18:16 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
        2017-09-02 22:14 - 2017-07-29 17:50 - 000074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
        2017-09-02 22:14 - 2017-07-21 17:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\system32\msexch40.dll
        2017-09-02 22:14 - 2017-07-21 17:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\system32\mstext40.dll
        2017-09-02 22:14 - 2017-07-14 18:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
        2017-09-02 22:14 - 2017-07-14 18:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
        2017-09-02 22:14 - 2017-07-14 18:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
        2017-09-02 22:14 - 2017-07-14 18:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
        2017-09-02 22:14 - 2017-07-14 18:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
        2017-09-02 22:14 - 2017-07-14 18:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
        2017-09-02 22:14 - 2017-07-14 18:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
        2017-09-02 22:14 - 2017-07-14 18:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
        2017-09-02 22:14 - 2017-07-14 18:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
        2017-09-02 22:14 - 2017-07-14 18:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
        2017-09-02 22:14 - 2017-07-14 18:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
        2017-09-02 22:14 - 2017-07-14 18:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
        2017-09-02 22:14 - 2017-07-14 17:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
        2017-09-02 22:14 - 2017-07-14 17:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
        2017-09-02 22:14 - 2017-07-14 17:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
        2017-09-02 22:14 - 2017-07-14 17:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
        2017-09-02 22:14 - 2017-07-08 18:19 - 000250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
        2017-09-02 22:14 - 2017-07-08 17:51 - 002402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
        2017-09-02 22:14 - 2017-07-07 18:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
        2017-09-02 22:14 - 2017-07-07 18:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
        2017-09-02 22:14 - 2017-07-07 18:15 - 000296680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
        2017-09-02 22:14 - 2017-07-07 18:15 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
        2017-09-02 22:14 - 2017-07-07 18:15 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
        2017-09-02 22:14 - 2017-07-07 18:13 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
        2017-09-02 22:14 - 2017-07-07 18:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 000973312 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
        2017-09-02 22:14 - 2017-07-07 18:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
        2017-09-02 22:14 - 2017-07-07 17:52 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
        2017-09-02 22:14 - 2017-07-07 17:52 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
        2017-09-02 22:14 - 2017-07-07 17:52 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
        2017-09-02 22:14 - 2017-07-07 17:52 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
        2017-09-02 22:14 - 2017-07-07 17:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
        2017-09-02 22:14 - 2017-07-07 17:50 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
        2017-09-02 22:14 - 2017-07-07 17:48 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
        2017-09-02 22:14 - 2017-07-07 17:48 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
        2017-09-02 22:14 - 2017-07-07 17:48 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
        2017-09-02 22:14 - 2017-07-07 17:47 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
        2017-09-02 22:14 - 2017-07-07 17:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
        2017-09-02 22:14 - 2017-07-07 17:47 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
        2017-09-02 22:14 - 2017-07-07 17:47 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
        2017-09-02 22:14 - 2017-07-01 16:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\system32\mswdat10.dll
        2017-09-02 22:14 - 2017-07-01 16:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\system32\mswstr10.dll
        2017-09-02 22:14 - 2017-07-01 16:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\system32\msxbde40.dll
        2017-09-02 22:14 - 2017-07-01 16:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\system32\mspbde40.dll
        2017-09-02 22:14 - 2017-07-01 16:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
        2017-09-02 22:14 - 2017-07-01 16:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\system32\msltus40.dll
        2017-09-02 22:14 - 2017-07-01 16:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\system32\msjint40.dll
        2017-09-02 22:14 - 2017-07-01 16:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\msjter40.dll
        2017-09-02 22:14 - 2017-06-15 23:18 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
        2017-09-02 22:14 - 2017-06-13 01:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
        2017-09-02 22:14 - 2017-06-13 01:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
        2017-09-02 22:14 - 2017-06-13 01:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
        2017-09-02 22:14 - 2017-06-13 01:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
        2017-09-02 22:14 - 2017-06-13 01:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
        2017-09-02 22:14 - 2017-06-13 01:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
        2017-09-02 22:14 - 2017-06-13 01:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
        2017-09-02 22:14 - 2017-06-10 18:39 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
        2017-09-02 22:14 - 2017-06-09 18:17 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
        2017-09-02 22:14 - 2017-06-06 18:12 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
        2017-09-02 22:14 - 2017-06-02 10:57 - 000497152 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
        2017-09-02 22:14 - 2017-05-30 07:39 - 001309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
        2017-09-02 22:14 - 2017-05-30 07:39 - 000240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
        2017-09-02 22:14 - 2017-05-30 07:39 - 000187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
        2017-09-02 22:14 - 2017-05-21 07:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
        2017-09-02 22:14 - 2017-05-16 18:16 - 000730856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
        2017-09-02 22:14 - 2017-05-16 18:16 - 000218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
        2017-09-02 22:14 - 2017-05-16 18:12 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
        2017-09-02 22:14 - 2017-05-12 21:07 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
        2017-09-02 22:14 - 2017-05-12 21:03 - 000629760 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
        2017-09-02 22:14 - 2017-05-12 21:03 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
        2017-09-02 22:14 - 2017-05-12 21:03 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
        2017-09-02 22:14 - 2017-05-12 21:03 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
        2017-09-02 22:14 - 2017-05-12 21:03 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
        2017-09-02 22:14 - 2017-05-12 20:43 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
        2017-09-02 22:14 - 2017-05-10 18:16 - 000091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
        2017-09-02 22:14 - 2017-05-10 18:00 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
        2017-09-02 22:14 - 2017-05-10 18:00 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
        2017-09-02 22:14 - 2017-05-10 18:00 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
        2017-09-02 22:14 - 2017-05-09 18:11 - 000779776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
        2017-09-02 22:14 - 2017-05-09 18:01 - 000066048 _____ C:\Windows\system32\PrintBrmUi.exe
        2017-09-02 22:14 - 2017-05-07 18:14 - 000078568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
        2017-09-02 22:14 - 2017-05-07 17:53 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
        2017-09-02 22:14 - 2017-04-21 18:15 - 000805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 001417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 18:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 17:54 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
        2017-09-02 22:14 - 2017-04-17 17:51 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
        2017-09-02 22:14 - 2017-04-17 17:48 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 17:48 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 17:48 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-17 17:48 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
        2017-09-02 22:14 - 2017-04-12 18:26 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
        2017-09-02 22:14 - 2017-04-12 18:25 - 001176064 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
        2017-09-02 22:14 - 2017-04-12 18:25 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
        2017-09-02 22:14 - 2017-04-12 18:25 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
        2017-09-02 22:14 - 2017-04-05 18:00 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
        2017-09-02 22:14 - 2017-04-05 18:00 - 000311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
        2017-09-02 22:14 - 2017-04-05 18:00 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
        2017-09-02 22:14 - 2017-04-04 17:52 - 000338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
        2017-09-02 22:14 - 2017-03-30 17:58 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
        2017-09-02 22:14 - 2017-03-10 19:20 - 001508352 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
        2017-09-02 22:14 - 2017-03-10 19:20 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
        2017-09-02 22:14 - 2017-03-10 18:52 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
        2017-09-02 22:14 - 2017-03-10 18:51 - 000148992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
        2017-09-02 22:14 - 2017-03-10 18:51 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
        2017-09-02 22:14 - 2017-03-07 19:17 - 000067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
        2017-09-02 22:14 - 2017-03-04 04:14 - 001329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
        2017-09-02 22:14 - 2017-03-04 04:14 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
        2017-09-02 22:14 - 2017-02-09 19:14 - 000575488 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
        2017-09-02 22:14 - 2017-02-09 19:14 - 000481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
        2017-09-02 22:14 - 2017-02-09 19:14 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
        2017-09-02 22:14 - 2017-02-09 19:14 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
        2017-09-02 22:14 - 2017-02-09 18:51 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
        2017-09-02 22:14 - 2017-01-13 20:45 - 000741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
        2017-09-02 22:14 - 2017-01-13 20:45 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
        2017-09-02 22:14 - 2017-01-11 20:43 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
        2017-09-02 22:14 - 2017-01-11 20:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
        2017-09-02 22:14 - 2016-11-20 19:19 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
        2017-09-02 22:14 - 2016-11-20 17:07 - 000373896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
        2017-09-02 22:14 - 2016-11-10 19:19 - 000811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
        2017-09-02 22:14 - 2016-11-09 19:24 - 000105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
        2017-09-02 22:14 - 2016-11-09 19:17 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
        2017-09-02 22:14 - 2016-11-09 19:17 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
        2017-09-02 22:14 - 2016-11-09 19:17 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
        2017-09-02 22:14 - 2016-11-09 19:17 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
        2017-09-02 22:14 - 2016-11-09 18:55 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
        2017-09-02 22:14 - 2016-10-11 18:18 - 001027584 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
        2017-09-02 22:14 - 2016-10-11 18:18 - 000829952 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
        2017-09-02 22:14 - 2016-10-11 18:18 - 000701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
        2017-09-02 22:14 - 2016-10-11 18:18 - 000430080 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
        2017-09-02 22:14 - 2016-10-11 18:18 - 000202240 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
        2017-09-02 22:14 - 2016-10-11 18:18 - 000126976 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
        2017-09-02 22:14 - 2016-10-11 18:18 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
        2017-09-02 22:14 - 2016-10-11 18:18 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
        2017-09-02 22:14 - 2016-10-11 18:18 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
        2017-09-02 22:14 - 2016-10-11 18:18 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
        2017-09-02 22:14 - 2016-10-11 18:18 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
        2017-09-02 22:14 - 2016-10-11 18:18 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
        2017-09-02 22:14 - 2016-10-11 18:18 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
        2017-09-02 22:14 - 2016-10-11 17:51 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
        2017-09-02 22:14 - 2016-10-11 16:33 - 000187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
        2017-09-02 22:14 - 2016-10-11 16:18 - 000419648 _____ C:\Windows\system32\locale.nls
        2017-09-02 22:14 - 2016-10-08 16:05 - 000534600 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
        2017-09-02 22:14 - 2016-10-07 18:12 - 002291712 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
        2017-09-02 22:14 - 2016-10-07 18:12 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
        2017-09-02 22:14 - 2016-10-05 17:50 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
        2017-09-02 22:14 - 2016-09-12 23:49 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
        2017-09-02 22:14 - 2016-09-08 23:34 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
        2017-09-02 22:14 - 2016-09-08 23:34 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
        2017-09-02 22:14 - 2016-09-08 17:49 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
        2017-09-02 22:14 - 2016-09-08 17:49 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
        2017-09-02 22:14 - 2016-08-12 19:47 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
        2017-09-02 22:14 - 2016-08-12 19:31 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
        2017-09-02 22:14 - 2016-08-12 19:31 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
        2017-09-02 22:14 - 2016-08-12 19:31 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
        2017-09-02 22:14 - 2016-08-12 19:21 - 000437248 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
        2017-09-02 22:14 - 2016-08-06 18:15 - 001178112 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
        2017-09-02 22:14 - 2016-08-06 18:15 - 000249344 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
        2017-09-02 22:14 - 2016-08-06 18:15 - 000214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
        2017-09-02 22:14 - 2016-08-06 18:15 - 000146944 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
        2017-09-02 22:14 - 2016-08-06 18:15 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
        2017-09-02 22:14 - 2016-08-06 17:53 - 000199168 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
        2017-09-02 22:14 - 2016-08-06 17:53 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
        2017-09-02 22:14 - 2016-08-06 17:53 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 001005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000474624 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000442368 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000195072 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
        2017-09-02 22:14 - 2016-06-14 18:21 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
        2017-09-02 22:14 - 2016-06-14 18:17 - 000593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
        2017-09-02 22:14 - 2016-06-14 18:05 - 000100352 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
        2017-09-02 22:14 - 2016-06-14 18:05 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
        2017-09-02 22:14 - 2016-06-14 18:05 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
        2017-09-02 22:14 - 2016-06-14 17:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
        2017-09-02 22:14 - 2016-06-14 17:55 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
        2017-09-02 22:14 - 2016-06-14 17:54 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
        2017-09-02 22:14 - 2016-05-12 16:04 - 000249352 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
        2017-09-02 22:14 - 2016-03-24 01:42 - 000409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
        2017-09-02 22:14 - 2016-03-24 01:39 - 000470704 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
        2017-09-02 22:13 - 2012-10-09 20:40 - 000193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
        2017-09-02 22:13 - 2012-10-09 20:40 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
        2017-09-02 22:01 - 2017-05-03 18:15 - 000081640 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
        2017-09-02 22:01 - 2017-05-03 18:10 - 000987648 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
        2017-09-02 22:01 - 2017-05-03 16:05 - 001327616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
        2017-09-02 22:01 - 2017-05-03 16:05 - 000505856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
        2017-09-02 22:01 - 2017-05-03 16:05 - 000446464 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
        2017-09-02 22:01 - 2017-05-03 16:05 - 000275456 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
        2017-09-02 22:01 - 2017-05-03 16:05 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
        2017-09-02 22:01 - 2017-05-03 16:05 - 000182784 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
        2017-09-02 22:01 - 2017-05-03 16:05 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
        2017-09-02 22:01 - 2017-03-23 05:06 - 001602048 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
        2017-09-02 21:24 - 2013-12-04 05:03 - 000428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
        2017-09-02 21:24 - 2013-12-04 05:03 - 000423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
        2017-09-02 21:24 - 2013-12-04 05:03 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
        2017-09-02 21:24 - 2013-12-04 05:03 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
        2017-09-02 21:24 - 2013-12-04 05:02 - 000390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
        2017-09-02 21:24 - 2013-12-04 04:54 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
        2017-09-02 21:24 - 2013-12-04 04:54 - 000572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
        2017-09-02 21:24 - 2013-12-04 04:54 - 000510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
        2017-09-02 21:24 - 2013-12-04 04:54 - 000508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
        2017-09-02 18:47 - 2017-09-02 18:47 - 000386758 _____ C:\Users\BECKO\Downloads\XR_Interior1(yeni)(2).rar
        2017-09-02 18:41 - 2017-09-03 17:28 - 000000000 ____D C:\ProgramData\Adobe
        2017-09-02 18:40 - 2017-09-03 17:28 - 000000000 ____D C:\Program Files\Common Files\Adobe
        2017-09-02 18:37 - 2017-09-03 17:21 - 000000000 ____D C:\Users\BECKO\AppData\Local\Adobe
        2017-09-02 18:36 - 2017-09-02 18:36 - 000814168 _____ (Adobe Systems Incorporated) C:\Users\BECKO\Downloads\CreativeCloudSet-Up.exe
        2017-09-02 18:34 - 2017-09-03 15:54 - 048763957 _____ C:\Users\BECKO\Downloads\XRT_Publicpack.psd
        2017-09-02 17:36 - 2013-11-26 11:16 - 003419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
        2017-09-02 10:43 - 2017-09-02 10:43 - 000001689 _____ C:\Users\BECKO\Desktop\jpg2dds - Пряк път.lnk
        2017-09-02 10:41 - 2017-09-02 10:41 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Easy2Convert
        2017-09-02 10:34 - 2017-09-02 10:34 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\WinRAR
        2017-09-02 10:34 - 2017-09-02 10:34 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
        2017-09-02 10:34 - 2017-09-02 10:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
        2017-09-02 10:32 - 2017-09-02 10:32 - 000933207 _____ C:\Users\BECKO\Downloads\Ford Sierra Cosworth Texturepack.rar
        2017-09-02 10:29 - 2016-04-14 16:49 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
        2017-09-02 10:29 - 2016-04-09 07:20 - 001230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
        2017-09-02 10:10 - 2015-07-30 20:57 - 001987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
        2017-09-02 10:07 - 2015-12-09 00:54 - 002285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
        2017-09-02 10:06 - 2015-02-04 05:54 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
        2017-09-02 09:50 - 2017-09-02 09:50 - 000280064 _____ () C:\Users\BECKO\AppData\Roaming\8b5a5cb069b1cfec65bffb9aafc26fad.exe
        2017-09-02 08:06 - 2017-09-02 08:06 - 000000032 ___SH C:\Windows\system32\build.conf
        2017-09-02 08:06 - 2017-09-02 08:06 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\WindowsLoader
        2017-09-02 08:04 - 2017-09-02 08:04 - 002883863 _____ C:\Users\BECKO\Downloads\Windows_7_Loader.zip
        2017-09-02 07:06 - 2017-09-02 07:06 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\monect
        2017-09-02 07:05 - 2017-09-25 10:00 - 000000000 ____D C:\ProgramData\Package Cache
        2017-09-02 07:04 - 2017-09-02 07:04 - 032690791 _____ C:\Users\BECKO\Downloads\PCRemoteReceiverSetup_5_6_0_1.zip
        2017-09-02 04:16 - 2014-07-01 01:14 - 000008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
        2017-09-02 04:16 - 2014-03-10 00:47 - 000099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
        2017-09-02 04:15 - 2014-06-06 09:16 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
        2017-09-02 04:15 - 2014-03-10 00:47 - 000619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
        2017-09-02 04:14 - 2012-03-01 08:46 - 000019824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
        2017-09-02 04:14 - 2012-03-01 08:29 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
        2017-09-02 03:23 - 2017-09-02 03:23 - 000645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
        2017-09-02 03:23 - 2017-09-02 03:23 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
        2017-09-02 03:23 - 2017-09-02 03:23 - 000182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
        2017-09-02 03:23 - 2017-09-02 03:23 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
        2017-09-02 03:22 - 2017-09-02 03:23 - 000616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
        2017-09-02 03:22 - 2017-09-02 03:22 - 000233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
        2017-09-02 03:22 - 2017-09-02 03:22 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
        2017-09-02 03:22 - 2017-09-02 03:22 - 000139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
        2017-09-02 03:22 - 2017-09-02 03:22 - 000116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
        2017-09-02 03:22 - 2017-09-02 03:22 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
        2017-09-02 03:22 - 2017-09-02 03:22 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
        2017-09-02 03:22 - 2017-09-02 03:22 - 000074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
        2017-09-02 03:22 - 2017-09-02 03:22 - 000069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
        2017-09-02 03:22 - 2017-09-02 03:22 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
        2017-09-02 03:22 - 2017-09-02 03:22 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
        2017-09-02 03:22 - 2017-09-02 03:22 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
        2017-09-02 03:22 - 2017-09-02 03:22 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
        2017-09-02 03:22 - 2017-09-02 03:22 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
        2017-09-02 03:22 - 2017-09-02 03:22 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
        2017-09-02 03:22 - 2017-09-02 03:22 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
        2017-09-02 03:19 - 2017-09-02 03:19 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
        2017-09-02 03:14 - 2017-09-02 03:14 - 001158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 001080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
        2017-09-02 03:14 - 2017-09-02 03:14 - 000002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
        2017-09-02 03:10 - 2017-09-02 03:10 - 001505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
        2017-09-02 03:07 - 2015-07-30 16:13 - 000103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
        2017-09-01 23:07 - 2016-05-11 18:19 - 000363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
        2017-09-01 23:07 - 2016-02-09 12:50 - 000021504 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
        2017-09-01 23:07 - 2016-02-03 20:59 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
        2017-09-01 23:07 - 2013-07-03 06:36 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
        2017-09-01 23:07 - 2013-07-03 06:36 - 000025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
        2017-09-01 23:07 - 2013-02-12 06:32 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
        2017-09-01 23:06 - 2016-06-25 22:53 - 000297472 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
        2017-09-01 23:06 - 2016-06-25 22:53 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
        2017-09-01 23:06 - 2016-06-25 22:42 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
        2017-09-01 23:06 - 2016-06-25 22:41 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
        2017-09-01 23:06 - 2016-06-25 22:41 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
        2017-09-01 23:06 - 2016-02-04 21:41 - 000296448 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
        2017-09-01 23:06 - 2015-11-11 21:39 - 001242624 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
        2017-09-01 23:06 - 2015-11-11 21:39 - 000487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
        2017-09-01 23:06 - 2015-08-05 20:41 - 000751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
        2017-09-01 23:06 - 2015-07-09 20:42 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
        2017-09-01 23:06 - 2015-07-09 20:42 - 000179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
        2017-09-01 23:06 - 2014-11-11 05:44 - 000186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
        2017-09-01 23:06 - 2012-11-02 08:11 - 000376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
        2017-09-01 23:06 - 2011-03-03 08:38 - 000270336 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
        2017-09-01 23:06 - 2011-03-03 08:38 - 000132608 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
        2017-09-01 23:06 - 2011-03-03 08:36 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
        2017-09-01 23:05 - 2016-05-12 18:18 - 000606720 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
        2017-09-01 23:05 - 2016-05-12 18:18 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
        2017-09-01 23:05 - 2016-05-12 18:18 - 000351744 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
        2017-09-01 23:05 - 2016-05-12 18:18 - 000274944 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
        2017-09-01 23:05 - 2016-05-12 18:18 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
        2017-09-01 23:05 - 2016-05-12 18:18 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
        2017-09-01 23:05 - 2016-05-12 18:18 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
        2017-09-01 23:05 - 2016-05-12 17:57 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
        2017-09-01 23:05 - 2016-05-12 17:57 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
        2017-09-01 23:05 - 2015-07-15 20:55 - 001159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
        2017-09-01 23:05 - 2014-03-04 12:17 - 000538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
        2017-09-01 23:05 - 2014-03-04 12:17 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
        2017-09-01 23:05 - 2014-03-04 12:17 - 000049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
        2017-09-01 23:05 - 2014-03-04 12:17 - 000048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
        2017-09-01 23:05 - 2014-03-04 12:17 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
        2017-09-01 23:05 - 2014-03-04 12:17 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
        2017-09-01 23:05 - 2014-03-04 12:17 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
        2017-09-01 23:05 - 2013-10-19 04:36 - 000159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
        2017-09-01 23:05 - 2013-10-12 05:04 - 000121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
        2017-09-01 23:05 - 2013-10-12 05:03 - 000163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
        2017-09-01 23:05 - 2013-10-12 04:15 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
        2017-09-01 23:05 - 2013-10-12 04:15 - 000126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
        2017-09-01 23:05 - 2011-08-17 07:24 - 000465408 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
        2017-09-01 23:05 - 2011-08-17 07:19 - 000075776 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
        2017-09-01 23:03 - 2015-10-13 07:50 - 000712640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
        2017-09-01 23:03 - 2014-09-04 08:04 - 000372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
        2017-09-01 23:02 - 2016-07-22 17:51 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
        2017-09-01 23:02 - 2016-01-22 09:04 - 000642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
        2017-09-01 23:02 - 2016-01-22 09:04 - 000535040 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
        2017-09-01 23:02 - 2015-11-03 21:55 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
        2017-09-01 23:02 - 2015-04-18 05:56 - 000342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
        2017-09-01 23:02 - 2015-03-04 07:10 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
        2017-09-01 23:02 - 2014-06-18 04:51 - 000646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
        2017-09-01 23:02 - 2013-05-13 06:08 - 000903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
        2017-09-01 23:02 - 2013-05-13 06:08 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
        2017-09-01 23:02 - 2012-07-05 00:16 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
        2017-09-01 23:02 - 2012-07-05 00:14 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
        2017-09-01 23:02 - 2012-07-05 00:14 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
        2017-09-01 23:01 - 2015-12-09 00:53 - 000509952 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
        2017-09-01 23:01 - 2015-04-13 06:19 - 000259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
        2017-09-01 23:01 - 2014-06-19 01:23 - 001131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
        2017-09-01 23:01 - 2014-06-19 01:23 - 000156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
        2017-09-01 23:01 - 2014-06-19 01:23 - 000081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
        2017-09-01 23:01 - 2011-08-27 07:26 - 000233472 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
        2017-09-01 23:01 - 2011-05-24 13:44 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
        2017-09-01 23:01 - 2011-02-12 08:35 - 000191488 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
        2017-09-01 23:01 - 2010-12-23 08:54 - 000850944 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
        2017-09-01 23:01 - 2010-12-23 08:50 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
        2017-09-01 23:00 - 2015-11-14 01:50 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
        2017-09-01 23:00 - 2015-11-14 01:50 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
        2017-09-01 23:00 - 2015-11-14 01:49 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
        2017-09-01 23:00 - 2015-11-05 22:02 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
        2017-09-01 23:00 - 2015-11-05 12:48 - 000117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
        2017-09-01 23:00 - 2015-07-15 05:55 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
        2017-09-01 23:00 - 2015-02-03 06:12 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
        2017-09-01 23:00 - 2014-12-19 05:43 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
        2017-09-01 23:00 - 2014-10-25 04:32 - 000067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
        2017-09-01 23:00 - 2014-07-17 04:40 - 000157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
        2017-09-01 23:00 - 2014-07-17 04:39 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
        2017-09-01 23:00 - 2014-07-17 04:39 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
        2017-09-01 23:00 - 2014-07-17 04:03 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
        2017-09-01 23:00 - 2013-10-12 05:03 - 000656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
        2017-09-01 23:00 - 2013-10-12 05:01 - 000679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
        2017-09-01 23:00 - 2013-10-12 05:01 - 000216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
        2017-09-01 23:00 - 2013-07-26 04:55 - 000180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
        2017-09-01 23:00 - 2013-07-12 13:07 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
        2017-09-01 23:00 - 2012-09-26 01:47 - 000078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
        2017-09-01 23:00 - 2012-04-26 07:45 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
        2017-09-01 23:00 - 2012-04-26 07:41 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
        2017-09-01 23:00 - 2012-03-17 10:27 - 000056176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
        2017-09-01 23:00 - 2011-12-16 10:52 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
        2017-09-01 23:00 - 2011-06-15 11:55 - 000319488 _____ (Microsoft Corporation) C:\Windows\system32\odbcjt32.dll
        2017-09-01 23:00 - 2011-06-15 11:55 - 000163840 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
        2017-09-01 23:00 - 2011-06-15 11:55 - 000122880 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
        2017-09-01 23:00 - 2011-06-15 11:55 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
        2017-09-01 23:00 - 2011-06-15 11:55 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
        2017-09-01 22:59 - 2016-05-11 18:19 - 000351744 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
        2017-09-01 22:59 - 2016-05-11 18:19 - 000231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
        2017-09-01 22:59 - 2016-05-11 18:19 - 000206336 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
        2017-09-01 22:59 - 2016-05-11 18:01 - 000026624 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
        2017-09-01 22:59 - 2016-05-11 17:52 - 000188928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
        2017-09-01 22:59 - 2015-12-09 00:54 - 001620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
        2017-09-01 22:59 - 2015-12-09 00:54 - 001568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
        2017-09-01 22:59 - 2015-12-09 00:54 - 001325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
        2017-09-01 22:59 - 2015-12-09 00:54 - 000902144 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
        2017-09-01 22:59 - 2015-12-09 00:54 - 000815616 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
        2017-09-01 22:59 - 2015-12-09 00:54 - 000740352 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
        2017-09-01 22:59 - 2015-12-09 00:54 - 000739328 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
        2017-09-01 22:59 - 2015-12-09 00:54 - 000665088 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
        2017-09-01 22:59 - 2015-12-09 00:54 - 000541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
        2017-09-01 22:59 - 2015-12-09 00:54 - 000358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
        2017-09-01 22:59 - 2015-12-09 00:54 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
        2017-09-01 22:59 - 2015-12-09 00:53 - 000970240 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
        2017-09-01 22:59 - 2015-12-09 00:53 - 000829952 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
        2017-09-01 22:59 - 2015-12-09 00:53 - 000728576 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
        2017-09-01 22:59 - 2015-12-09 00:53 - 000609280 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
        2017-09-01 22:59 - 2015-12-09 00:53 - 000415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
        2017-09-01 22:59 - 2015-12-09 00:53 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
        2017-09-01 22:59 - 2015-12-09 00:53 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
        2017-09-01 22:59 - 2015-12-09 00:53 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
        2017-09-01 22:59 - 2015-12-09 00:53 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
        2017-09-01 22:59 - 2015-12-09 00:53 - 000193536 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
        2017-09-01 22:59 - 2015-12-09 00:53 - 000153600 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
        2017-09-01 22:59 - 2015-12-09 00:53 - 000079872 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
        2017-09-01 22:59 - 2015-12-09 00:53 - 000067584 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
        2017-09-01 22:59 - 2015-12-09 00:53 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
        2017-09-01 22:59 - 2015-12-09 00:53 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
        2017-09-01 22:59 - 2015-12-09 00:43 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
        2017-09-01 22:59 - 2015-12-09 00:11 - 000177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
        2017-09-01 22:59 - 2015-12-09 00:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
        2017-09-01 22:59 - 2015-06-02 02:47 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
        2017-09-01 22:59 - 2015-04-24 20:56 - 000530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
        2017-09-01 22:59 - 2014-12-08 05:46 - 000308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
        2017-09-01 22:59 - 2014-12-06 06:50 - 000242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
        2017-09-01 22:59 - 2014-10-14 04:50 - 000523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
        2017-09-01 22:59 - 2013-06-26 01:56 - 000527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
        2017-09-01 22:59 - 2012-11-29 01:57 - 000047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
        2017-09-01 22:59 - 2012-11-29 01:57 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
        2017-09-01 22:59 - 2012-11-29 01:57 - 000000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
        2017-09-01 22:59 - 2012-10-03 19:42 - 000156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
        2017-09-01 22:59 - 2012-10-03 19:42 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
        2017-09-01 22:59 - 2011-03-11 08:33 - 001164288 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
        2017-09-01 22:59 - 2011-03-11 08:33 - 001137664 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
        2017-09-01 22:16 - 2012-02-17 08:34 - 000826880 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
        2017-09-01 22:16 - 2012-02-17 07:13 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
        2017-09-01 20:37 - 2017-09-01 20:37 - 000000000 ____D C:\Program Files\Analog Devices
        2017-09-01 20:36 - 2017-09-01 20:36 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
        2017-09-01 20:36 - 2009-05-18 13:32 - 000381440 _____ (Analog Devices, Inc.) C:\Windows\system32\Drivers\ADIHdAud.sys
        2017-09-01 20:36 - 2009-05-18 13:27 - 000032768 _____ (Analog Devices) C:\Windows\system32\adidrm.dll
        2017-09-01 20:36 - 2009-01-27 16:08 - 000139264 _____ (Andrea Electronics Corporation) C:\Windows\system32\AEADIAPO.dll
        2017-09-01 20:36 - 2008-07-15 13:09 - 000090112 _____ (Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
        2017-09-01 20:36 - 2008-02-28 16:17 - 000034304 _____ (Analog Devices, Inc.) C:\Windows\system32\SmaxCo.dll
        2017-09-01 20:36 - 2007-12-05 07:56 - 000364544 _____ (Andrea Electronics Corporation) C:\Windows\system32\AEADIExt.dll
        2017-09-01 20:36 - 2007-01-10 14:40 - 000050176 _____ (Andrea Electronics Corporation) C:\Windows\system32\AEADIAPR.dll
        2017-09-01 20:35 - 2017-09-01 20:35 - 004695672 _____ (Lenovo Group Limited ) C:\Users\BECKO\Downloads\7ka216ww.exe
        2017-09-01 20:29 - 2017-09-01 20:30 - 000000000 ____D C:\ProgramData\dllescort
        2017-09-01 20:18 - 2017-09-01 20:18 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Google
        2017-09-01 20:15 - 2017-09-01 20:15 - 000002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
        2017-09-01 20:15 - 2017-09-01 20:15 - 000002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
        2017-09-01 20:14 - 2017-09-03 07:24 - 000058016 _____ C:\Users\BECKO\AppData\Local\GDIPFONTCACHEV1.DAT
        2017-09-01 20:14 - 2017-09-01 20:38 - 000000000 ____D C:\Users\BECKO\AppData\Local\Google
        2017-09-01 20:14 - 2017-09-01 20:15 - 000000000 ____D C:\Program Files\Google
        2017-09-01 20:14 - 2017-09-01 20:14 - 000000000 ____D C:\Users\BECKO\AppData\Local\Deployment
        2017-09-01 20:14 - 2017-09-01 20:14 - 000000000 ____D C:\Users\BECKO\AppData\Local\Apps\2.0
        2017-09-01 20:11 - 2017-09-03 17:27 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Adobe
        2017-09-01 20:11 - 2017-09-01 20:11 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Macromedia
        2017-09-01 20:10 - 2017-09-01 20:10 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
        2017-09-01 20:10 - 2017-09-01 20:10 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
        2017-09-01 20:09 - 2017-09-01 20:10 - 000000000 ____D C:\Windows\system32\Macromed
        2017-09-01 19:51 - 2017-09-01 19:18 - 000000000 ____D C:\Windows\Panther
        2017-09-01 19:37 - 2017-09-01 19:37 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
        2017-09-01 19:19 - 2017-09-01 19:19 - 000001393 _____ C:\Users\BECKO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
        2017-09-01 19:18 - 2017-09-24 12:45 - 000000000 ____D C:\Users\BECKO
        2017-09-01 19:18 - 2017-09-20 11:03 - 000000000 ____D C:\Users\BECKO\AppData\Local\VirtualStore
        2017-09-01 19:18 - 2017-09-01 19:18 - 000000020 ___SH C:\Users\BECKO\ntuser.ini
        2017-09-01 19:18 - 2011-04-12 04:36 - 000000000 ____D C:\Users\BECKO\AppData\Roaming\Media Center Programs
        2017-09-01 18:59 - 2017-09-01 18:59 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
        2017-09-01 18:58 - 2017-09-01 18:58 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
        2017-09-01 18:57 - 2017-09-01 18:57 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
        2017-08-30 17:29 - 2017-08-31 17:45 - 000000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z...ZZZ...Z.ZZ
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-25 09:55 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
        2017-09-25 03:28 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
        2017-09-25 03:28 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
        2017-09-24 18:44 - 2017-08-01 08:22 - 000000000 ____D C:\Program Files\Cheat Engine 6.7
        2017-09-24 12:21 - 2009-07-14 05:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
        2017-09-24 12:17 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\MSBuild
        2017-09-22 13:27 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
        2017-09-22 09:46 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\NDF
        2017-09-18 18:22 - 2009-07-14 07:52 - 000000000 ____D C:\Windows\Downloaded Program Files
        2017-09-05 19:48 - 2016-09-16 12:58 - 000000000 ____D C:\Intel
        2017-09-05 18:17 - 2010-11-21 00:01 - 000765700 _____ C:\Windows\system32\PerfStringBackup.INI
        2017-09-04 23:26 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\rescache
        2017-09-04 03:39 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\AppCompat
        2017-09-03 17:33 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\PolicyDefinitions
        2017-09-03 03:34 - 2009-07-14 07:33 - 000267016 _____ C:\Windows\system32\FNTCACHE.DAT
        2017-09-03 03:30 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\DVD Maker
        2017-09-03 03:30 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\tracing
        2017-09-03 03:30 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\migwiz
        2017-09-03 03:30 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\Dism
        2017-09-03 03:30 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
        2017-09-02 09:42 - 2009-07-14 05:37 - 000000000 ____D C:\Program Files\Common Files\System
        2017-09-02 09:41 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\Windows Defender
        2017-09-01 19:56 - 2009-07-14 05:37 - 000000000 __RHD C:\Users\Public\Libraries
        2017-09-01 19:51 - 2009-07-14 07:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template
        2017-09-01 18:58 - 2009-07-14 07:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
        2017-09-01 18:58 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\sysprep
        2017-09-01 18:53 - 2011-04-12 04:37 - 000000000 ____D C:\Windows\CSC
        ==================== Files in the root of some directories =======
        2017-09-02 09:50 - 2017-09-02 09:50 - 000280064 _____ () C:\Users\BECKO\AppData\Roaming\8b5a5cb069b1cfec65bffb9aafc26fad.exe
        Some files in TEMP:
        ====================
        2017-09-20 15:53 - 2017-09-20 15:54 - 006087840 _____ (Innovative Solutions                                        ) C:\Users\BECKO\AppData\Local\Temp\tmp-drivermax9399034.exe
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-09-20 03:59
        ==================== End of FRST.txt ============================
         
        Addition_25-09-2017 12.25.58.txt
      • от CaptainJord
        Здравейте, реших да си направя профилактика на компютъра ми, нямам съмнение, но просто ей така да пробвам. Бях си свалил програмата ,,RegRun Reanimator ', която я има в сайта, откри някакви злонамерени файлове и ги изчистих. За по-сигурно реших да проверя и по този ,,по-дълбок'' начин. Надявам се да съм постъпил правилно.
        FRST - log
        Addition - log
         
      • от RudeBoy
        Здравейте,
        Направих една голяма глупост - изтеглих и опитах да отворя кийген за една програма. Явно е бил фалшив, защото компютърът ми се напълни с какво ли не. Сканирах с Panda, премахна много неща, но има още. Като браузвам в нета, постоянно ми се отварят рекламни страници, при кликване на всеки линк. Отварят се дори и от само себе си, при затворен браузър. Имам системен диск, в краен случай съм готов да преинсталирам, но ако мога да се справя с ваша помощ, ще е чудесно  .
        Прикачвам логовете:
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2017
        Ran by mcpph (administrator) on DESKTOP-P7903MO (17-09-2017 12:39:55)
        Running from C:\Users\mcpph\Desktop
        Loaded Profiles: mcpph (Available Profiles: mcpph)
        Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
        Internet Explorer Version 11 (Default browser: Opera)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
        (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
        (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
        (@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
        (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
        () C:\ProgramData\WinSxA.exe
        (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
        (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
        (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
        (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
        (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Opera Software) C:\Program Files\Opera\47.0.2631.80\opera.exe
        (Intel Corporation) C:\Program Files\Intel\STCServ\STCServ.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
        HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [144520 2017-07-19] (Panda Security, S.L.)
        HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
        HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
        HKU\S-1-5-21-3410296404-4140097037-1986194597-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
        HKU\S-1-5-21-3410296404-4140097037-1986194597-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\ENDLES~1.SCR [5133824 2015-12-01] (Extreme Internet Software)
        BootExecute: 
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
        Tcpip\..\Interfaces\{399be296-21bc-4c44-b88b-015636c079a7}: [DhcpNameServer] 192.168.100.1
        Internet Explorer:
        ==================
        HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
        FireFox:
        ========
        FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
        FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
        FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
        FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
        Opera: 
        =======
        OPR Extension: (Adguard AdBlocker) - C:\Users\mcpph\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2017-09-04]
        OPR Extension: (Quick Searcher) - C:\Users\mcpph\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-09-17]
        StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-12-29] (Foxit Software Inc.)
        S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [365040 2017-03-18] (Intel Corporation)
        S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
        S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
        R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [109024 2017-07-19] (Panda Security, S.L.)
        R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
        R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48784 2017-07-19] (Panda Security, S.L.)
        R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI) [File not signed]
        R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
        R2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [8095456 2015-03-16] (Intel Corporation)
        S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
        S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
        R2 WinSxA; C:\ProgramData\WinSxA.exe [423080 2017-09-17] ()
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
        S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [33448 2016-12-07] ()
        S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
        S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] ()
        S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
        R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
        S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-09-17] (Malwarebytes)
        S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
        R1 NNSALPC; C:\Windows\system32\DRIVERS\NNSALPC.sys [106976 2017-04-07] (Panda Security, S.L.)
        R1 NNSHTTP; C:\Windows\system32\DRIVERS\NNSHTTP.sys [211936 2017-04-07] (Panda Security, S.L.)
        R1 NNSHTTPS; C:\Windows\system32\DRIVERS\NNSHTTPS.sys [121312 2017-04-07] (Panda Security, S.L.)
        R1 NNSIDS; C:\Windows\system32\DRIVERS\NNSIDS.sys [125920 2017-04-07] (Panda Security, S.L.)
        R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [89960 2017-03-17] (Panda Security, S.L.)
        R1 NNSPICC; C:\Windows\system32\DRIVERS\NNSPICC.sys [118240 2017-04-07] (Panda Security, S.L.)
        R1 NNSPIHSW; C:\Windows\system32\DRIVERS\NNSPIHSW.sys [91104 2017-04-07] (Panda Security, S.L.)
        R1 NNSPOP3; C:\Windows\system32\DRIVERS\NNSPOP3.sys [135648 2017-04-07] (Panda Security, S.L.)
        R1 NNSPROT; C:\Windows\system32\DRIVERS\NNSPROT.sys [336352 2017-04-07] (Panda Security, S.L.)
        R1 NNSPRV; C:\Windows\system32\DRIVERS\NNSPRV.sys [226272 2017-04-07] (Panda Security, S.L.)
        R1 NNSSMTP; C:\Windows\system32\DRIVERS\NNSSMTP.sys [123360 2017-04-07] (Panda Security, S.L.)
        R1 NNSSTRM; C:\Windows\system32\DRIVERS\NNSSTRM.sys [280032 2017-04-07] (Panda Security, S.L.)
        R1 NNSTLSC; C:\Windows\system32\DRIVERS\NNSTLSC.sys [125408 2017-04-07] (Panda Security, S.L.)
        R2 PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [179168 2017-07-19] (Panda Security, S.L.)
        R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [140256 2017-07-19] (Panda Security, S.L.)
        R1 PSINKNC; C:\Windows\system32\DRIVERS\PSINKNC.sys [207328 2017-07-19] (Panda Security, S.L.)
        R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [133600 2017-07-19] (Panda Security, S.L.)
        R2 PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [146912 2017-07-19] (Panda Security, S.L.)
        R2 PSINReg; C:\Windows\system32\DRIVERS\PSINReg.sys [117216 2017-07-19] (Panda Security, S.L.)
        U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [72648 2017-05-22] (Panda Security, S.L.)
        R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
        S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
        S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
        S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
        S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
        S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-17 12:39 - 2017-09-17 12:40 - 000010125 _____ C:\Users\mcpph\Desktop\FRST.txt
        2017-09-17 12:39 - 2017-09-17 12:39 - 002398720 _____ (Farbar) C:\Users\mcpph\Desktop\FRST64.exe
        2017-09-17 12:39 - 2017-09-17 12:39 - 000000000 ____D C:\FRST
        2017-09-17 12:08 - 2017-09-17 12:13 - 000001024 _____ C:\Windows\system32\Drivers\etc\hosts.bak
        2017-09-17 12:04 - 2017-09-17 12:05 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Zara
        2017-09-17 12:04 - 2017-09-17 12:04 - 000423080 _____ C:\ProgramData\WinSxA.exe
        2017-09-17 12:04 - 2017-09-17 12:04 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\spbggb0is40
        2017-09-17 12:04 - 2017-09-17 12:04 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\0sziqug0wpx
        2017-09-17 12:03 - 2017-09-17 12:07 - 000001654 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореrа Вrоwsеr.lnk
        2017-09-16 08:28 - 2017-09-16 21:13 - 000000000 ____D C:\Users\mcpph\AppData\Local\Samsung
        2017-09-16 08:28 - 2017-09-16 08:28 - 000000000 ____D C:\Users\Public\Documents\NativeFus_Log
        2017-09-16 08:28 - 2017-09-16 08:28 - 000000000 ____D C:\Users\mcpph\Documents\samsung
        2017-09-16 08:27 - 2017-09-16 08:27 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
        2017-09-15 21:10 - 2017-09-16 21:13 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Samsung
        2017-09-15 21:10 - 2016-07-22 10:21 - 000164992 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
        2017-09-15 21:10 - 2016-07-22 10:21 - 000130688 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus.sys
        2017-09-15 21:09 - 2017-09-16 21:13 - 000000000 ____D C:\ProgramData\Samsung
        2017-09-15 21:09 - 2017-09-15 21:10 - 000000000 ____D C:\Program Files (x86)\Samsung
        2017-09-15 21:09 - 2016-05-18 14:49 - 004659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
        2017-09-15 21:09 - 2016-05-18 14:49 - 000144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
        2017-09-15 21:08 - 2017-09-15 21:08 - 000000000 ____D C:\Users\mcpph\AppData\Local\Downloaded Installations
        2017-09-12 15:13 - 2017-09-12 15:13 - 000000911 _____ C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ExifPro 2.1.lnk
        2017-09-12 09:35 - 2017-09-17 12:07 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
        2017-09-12 09:35 - 2017-09-12 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
        2017-09-12 09:35 - 2017-09-12 09:35 - 000000000 ____D C:\ProgramData\Malwarebytes
        2017-09-12 09:35 - 2017-09-12 09:35 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
        2017-09-12 09:35 - 2015-10-05 09:50 - 000109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
        2017-09-12 09:35 - 2015-10-05 09:50 - 000064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
        2017-09-12 09:35 - 2015-10-05 09:50 - 000025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
        2017-09-05 23:33 - 2017-09-05 23:33 - 000000000 ____D C:\Program Files\Reference Assemblies
        2017-09-05 23:33 - 2017-09-05 23:33 - 000000000 ____D C:\Program Files\MSBuild
        2017-09-05 23:33 - 2017-09-05 23:33 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
        2017-09-05 23:33 - 2017-09-05 23:33 - 000000000 ____D C:\Program Files (x86)\MSBuild
        2017-09-05 23:33 - 2017-02-10 11:26 - 001166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
        2017-09-05 23:33 - 2017-02-10 11:26 - 000124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
        2017-09-05 23:33 - 2017-02-10 11:26 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
        2017-09-05 23:33 - 2017-02-10 11:21 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
        2017-09-05 23:33 - 2017-02-10 11:21 - 000103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
        2017-09-05 23:33 - 2017-02-10 11:21 - 000035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
        2017-09-05 23:27 - 2017-09-05 23:27 - 000000000 ____D C:\Users\mcpph\AppData\Local\ElevatedDiagnostics
        2017-09-05 23:24 - 2017-09-05 23:24 - 000000000 ____D C:\Windows\SysWOW64\directx
        2017-09-05 23:21 - 2017-09-05 23:21 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\WinRAR
        2017-09-04 22:44 - 2017-09-04 22:45 - 000000000 _____ C:\Recovery.txt
        2017-09-04 19:29 - 2017-09-04 08:51 - 000000000 ____D C:\Windows\Panther
        2017-09-04 18:30 - 2017-09-04 18:30 - 000000000 _SHDL C:\Documents and Settings
        2017-09-04 18:29 - 2017-09-17 12:36 - 000000006 ____H C:\Windows\Tasks\SA.DAT
        2017-09-04 18:29 - 2017-09-17 09:31 - 000000000 ____D C:\Windows\system32\SleepStudy
        2017-09-04 18:29 - 2017-09-04 18:29 - 000000000 ____D C:\Windows\ServiceProfiles
        2017-09-04 18:29 - 2017-09-04 09:56 - 000267480 _____ C:\Windows\system32\FNTCACHE.DAT
        2017-09-04 17:53 - 2017-09-04 17:54 - 000000000 ____D C:\Users\mcpph\AppData\Local\Easy CD-DA Extractor
        2017-09-04 17:53 - 2017-09-04 17:53 - 000000000 ____D C:\ProgramData\TEMP
        2017-09-04 17:53 - 2017-09-04 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy CD-DA Extractor 16
        2017-09-04 17:53 - 2017-09-04 17:53 - 000000000 ____D C:\ProgramData\Easy CD-DA Extractor
        2017-09-04 17:53 - 2017-09-04 17:53 - 000000000 ____D C:\Program Files\Easy CD-DA Extractor 16
        2017-09-04 17:50 - 2017-09-04 17:50 - 000000000 ____D C:\Users\mcpph\AppData\Local\Kolor
        2017-09-04 17:50 - 2017-09-04 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolor
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Mozilla
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\IObit
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\LocalLow\Mozilla
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Local\Turbo.net
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Local\Mozilla
        2017-09-04 17:48 - 2017-09-04 17:48 - 000000000 ____D C:\Users\mcpph\AppData\Local\CrashDumps
        2017-09-04 14:36 - 2017-09-04 17:50 - 000000000 ____D C:\Program Files\Kolor
        2017-09-04 11:30 - 2017-09-04 11:30 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
        2017-09-04 11:23 - 2017-09-04 11:23 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Yamicsoft
        2017-09-04 11:23 - 2017-09-04 11:23 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yamicsoft
        2017-09-04 11:23 - 2017-09-04 11:23 - 000000000 ____D C:\Users\mcpph\AppData\Local\DBG
        2017-09-04 11:23 - 2017-09-04 11:23 - 000000000 ____D C:\Program Files\Yamicsoft
        2017-09-04 10:15 - 2017-09-04 10:15 - 000000000 ____D C:\Users\mcpph\Documents\Adobe
        2017-09-04 10:13 - 2017-09-04 10:13 - 000000000 ____D C:\Program Files\Common Files\Adobe
        2017-09-04 10:08 - 2017-09-04 10:13 - 000000000 ____D C:\Program Files\Adobe
        2017-09-04 10:08 - 2017-09-04 10:08 - 000001029 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk
        2017-09-04 10:08 - 2017-09-04 10:08 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
        2017-09-04 10:07 - 2017-09-04 10:13 - 000000000 ____D C:\ProgramData\Adobe
        2017-09-04 10:07 - 2017-09-04 10:07 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Macromedia
        2017-09-04 10:04 - 2017-09-04 10:04 - 000000000 ____D C:\Users\mcpph\AppData\Local\4kdownload.com
        2017-09-04 10:04 - 2017-09-04 10:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
        2017-09-04 10:04 - 2017-09-04 10:04 - 000000000 ____D C:\Program Files (x86)\4KDownload
        2017-09-04 09:58 - 2017-09-04 09:58 - 000001531 ____H C:\Windows\EPMBatch.ept
        2017-09-04 09:55 - 2017-09-16 21:13 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
        2017-09-04 09:55 - 2017-09-04 09:55 - 000000000 ___HD C:\Program Files (x86)\Temp
        2017-09-04 09:55 - 2017-09-04 09:55 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
        2017-09-04 09:55 - 2017-09-04 09:55 - 000000000 ____D C:\Program Files\Realtek
        2017-09-04 09:55 - 2017-09-04 09:55 - 000000000 ____D C:\Program Files (x86)\Realtek
        2017-09-04 09:55 - 2015-06-18 18:45 - 004496600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
        2017-09-04 09:55 - 2015-06-18 17:59 - 002862488 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
        2017-09-04 09:55 - 2015-06-17 19:47 - 002930904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
        2017-09-04 09:55 - 2015-06-17 14:45 - 003234520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
        2017-09-04 09:55 - 2015-06-15 17:39 - 001748184 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
        2017-09-04 09:55 - 2015-05-27 17:38 - 002825944 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
        2017-09-04 09:55 - 2015-05-26 11:59 - 000166616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
        2017-09-04 09:55 - 2015-05-25 15:18 - 003195416 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
        2017-09-04 09:55 - 2015-05-18 14:47 - 002702040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
        2017-09-04 09:55 - 2015-05-15 19:27 - 002918104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
        2017-09-04 09:55 - 2015-05-15 16:32 - 001316056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
        2017-09-04 09:55 - 2014-11-11 13:44 - 000631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
        2017-09-04 09:55 - 2014-06-09 10:59 - 000560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
        2017-09-04 09:55 - 2014-04-10 12:19 - 002041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
        2017-09-04 09:55 - 2014-01-08 15:25 - 000397592 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
        2017-09-04 09:55 - 2013-10-11 12:47 - 000113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
        2017-09-04 09:55 - 2012-06-08 16:21 - 000897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
        2017-09-04 09:55 - 2012-06-08 16:21 - 000753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
        2017-09-04 09:55 - 2012-03-08 11:47 - 000108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
        2017-09-04 09:55 - 2011-12-20 15:32 - 000331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
        2017-09-04 09:55 - 2011-12-16 14:57 - 000065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
        2017-09-04 09:55 - 2011-11-22 16:28 - 000014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
        2017-09-04 09:55 - 2010-11-08 07:31 - 000078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
        2017-09-04 09:55 - 2010-09-27 09:34 - 000318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
        2017-09-04 09:55 - 2009-11-24 09:55 - 000518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
        2017-09-04 09:55 - 2009-11-24 09:55 - 000211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
        2017-09-04 09:55 - 2009-11-24 09:55 - 000198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
        2017-09-04 09:55 - 2009-11-24 09:55 - 000155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
        2017-09-04 09:55 - 2009-11-18 07:13 - 000060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
        2017-09-04 09:54 - 2017-09-13 19:40 - 000000000 ____D C:\Program Files\Recuva
        2017-09-04 09:54 - 2017-09-04 09:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
        2017-09-04 09:51 - 2017-09-17 12:32 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\vlc
        2017-09-04 09:51 - 2017-09-04 09:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
        2017-09-04 09:51 - 2017-09-04 09:51 - 000000000 ____D C:\Program Files (x86)\VideoLAN
        2017-09-04 09:50 - 2017-09-04 09:50 - 000000000 ____D C:\Users\mcpph\AppData\Local\Foxit Reader
        2017-09-04 09:49 - 2017-09-04 09:50 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Foxit Software
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\Users\Public\Foxit Software
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Foxit AgentInformation
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\ProgramData\Foxit Software
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
        2017-09-04 09:49 - 2017-09-04 09:49 - 000000000 ____D C:\Program Files (x86)\Foxit Software
        2017-09-04 09:48 - 2017-09-04 09:48 - 000000000 ____D C:\Users\mcpph\AppData\Local\Viber
        2017-09-04 09:47 - 2017-09-16 12:23 - 000000000 ____D C:\Users\mcpph\Documents\ViberDownloads
        2017-09-04 09:45 - 2017-09-16 12:22 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\ViberPC
        2017-09-04 09:45 - 2017-09-04 09:45 - 000001033 _____ C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk
        2017-09-04 09:45 - 2017-09-04 09:45 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
        2017-09-04 09:45 - 2017-09-04 09:45 - 000000000 ____D C:\Users\mcpph\AppData\Local\Viber Media S.à r.l
        2017-09-04 09:45 - 2017-09-04 09:45 - 000000000 ____D C:\Users\mcpph\AppData\Local\Package Cache
        2017-09-04 09:41 - 2017-09-04 09:41 - 000000691 _____ C:\Users\mcpph\Desktop\VIDEO.lnk
        2017-09-04 09:40 - 2017-09-04 09:40 - 000000716 _____ C:\Users\mcpph\Desktop\DOWNLOAD.lnk
        2017-09-04 09:40 - 2017-09-04 09:40 - 000000691 _____ C:\Users\mcpph\Desktop\AUDIO.lnk
        2017-09-04 09:40 - 2017-09-04 09:40 - 000000000 ____D C:\ProgramData\ShellIcons
        2017-09-04 09:39 - 2017-09-04 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
        2017-09-04 09:39 - 2017-09-04 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 12.5
        2017-09-04 09:39 - 2017-09-04 09:39 - 000000000 ____D C:\Program Files\Speccy
        2017-09-04 09:38 - 2017-09-04 09:38 - 000000000 ____D C:\Program Files (x86)\EaseUS
        2017-09-04 09:38 - 2017-08-08 17:49 - 004027072 _____ C:\Windows\system32\BootMan.exe
        2017-09-04 09:38 - 2017-08-08 17:49 - 003037376 _____ C:\Windows\SysWOW64\BootMan.exe
        2017-09-04 09:38 - 2016-12-07 13:26 - 000033448 _____ C:\Windows\system32\epmntdrv.sys
        2017-09-04 09:38 - 2016-07-11 10:01 - 000101984 _____ C:\Windows\system32\setupempdrvx64.exe
        2017-09-04 09:38 - 2016-07-11 10:01 - 000088160 _____ C:\Windows\SysWOW64\setupempdrv03.exe
        2017-09-04 09:38 - 2016-07-11 10:01 - 000010848 _____ C:\Windows\system32\EuGdiDrv.sys
        2017-09-04 09:38 - 2016-07-11 10:01 - 000010208 _____ C:\Windows\SysWOW64\EuGdiDrv.sys
        2017-09-04 09:38 - 2016-07-08 15:28 - 000248832 _____ C:\Windows\SysWOW64\epmntdrv.pdb
        2017-09-04 09:38 - 2016-01-14 10:05 - 000021496 _____ C:\Windows\SysWOW64\epmntdrv.sys
        2017-09-04 09:38 - 2014-11-18 14:46 - 000021088 _____ C:\Windows\SysWOW64\EuEpmGdi.dll
        2017-09-04 09:38 - 2014-11-18 14:46 - 000017504 _____ C:\Windows\system32\EuEpmGdi.dll
        2017-09-04 09:37 - 2017-09-04 09:37 - 000000000 ____D C:\Users\mcpph\AppData\Local\FastStone
        2017-09-04 09:37 - 2017-09-04 09:37 - 000000000 ____D C:\ProgramData\FastStone
        2017-09-04 09:36 - 2017-09-04 09:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture
        2017-09-04 09:36 - 2017-09-04 09:38 - 000000000 ____D C:\Program Files (x86)\FastStone Capture
        2017-09-04 09:31 - 2017-09-12 22:12 - 000004650 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
        2017-09-04 09:31 - 2017-09-12 21:38 - 000004422 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
        2017-09-04 09:30 - 2017-09-12 22:12 - 000000000 ____D C:\Users\mcpph\AppData\Local\Adobe
        2017-09-04 09:27 - 2017-09-04 09:37 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\FastStone
        2017-09-04 09:26 - 2017-09-04 09:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
        2017-09-04 09:26 - 2017-09-04 09:26 - 000000000 ____D C:\Program Files (x86)\FastStone Image Viewer
        2017-09-04 09:14 - 2017-09-09 17:38 - 000000000 ____D C:\Program Files\Opera
        2017-09-04 09:14 - 2017-09-09 07:08 - 000003958 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1504505679
        2017-09-04 09:14 - 2017-09-04 09:14 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Opera Software
        2017-09-04 09:14 - 2017-09-04 09:14 - 000000000 ____D C:\Users\mcpph\AppData\Local\Opera Software
        2017-09-04 09:12 - 2017-09-04 10:04 - 000003834 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
        2017-09-04 09:12 - 2017-09-04 09:12 - 000003604 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
        2017-09-04 09:12 - 2017-09-04 09:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
        2017-09-04 09:12 - 2017-09-04 09:12 - 000000000 ____D C:\ProgramData\Intel(R) Update Manager
        2017-09-04 09:11 - 2017-09-06 10:25 - 000000000 ____D C:\Users\mcpph\AppData\Local\Share Link
        2017-09-04 09:11 - 2017-09-04 10:04 - 000000000 ____D C:\ProgramData\Intel
        2017-09-04 09:11 - 2017-09-04 09:11 - 000003394 _____ C:\Windows\System32\Tasks\IntelBootstrapCCDashExe
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Connect Center
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\Program Files\WinRAR
        2017-09-04 09:11 - 2017-09-04 09:11 - 000000000 ____D C:\Program Files (x86)\ASUS
        2017-09-04 09:09 - 2017-09-12 15:13 - 000000000 ____D C:\Program Files\ExifPro 2.1
        2017-09-04 09:09 - 2017-09-04 09:09 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\MiK
        2017-09-04 09:09 - 2017-09-04 09:09 - 000000000 ____D C:\Users\mcpph\AppData\Local\MicrosoftEdge
        2017-09-04 09:09 - 2017-09-04 09:09 - 000000000 ____D C:\ProgramData\MiK
        2017-09-04 09:06 - 2017-09-04 09:25 - 000000551 _____ C:\Users\mcpph\Desktop\PHOTOS.lnk
        2017-09-04 09:06 - 2017-09-04 09:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Endless Slideshow Screensaver
        2017-09-04 09:06 - 2017-09-04 09:06 - 000000000 ____D C:\Program Files (x86)\Endless Slideshow Screensaver
        2017-09-04 09:06 - 2015-12-01 16:11 - 005133824 _____ (Extreme Internet Software) C:\Windows\Endless-Slideshow.scr
        2017-09-04 09:06 - 2013-02-06 18:30 - 000337408 _____ (www.imageen.com) C:\Windows\dcrawlib.dll
        2017-09-04 09:06 - 2012-05-21 13:43 - 001274880 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\libeay32.dll
        2017-09-04 09:06 - 2012-05-21 13:43 - 000330752 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\ssleay32.dll
        2017-09-04 09:06 - 2007-06-23 08:29 - 000084992 _____ C:\Windows\jbiglib.dll
        2017-09-04 09:06 - 2005-08-30 07:00 - 003919872 _____ C:\Windows\imagemagick.dll
        2017-09-04 08:59 - 2017-09-04 14:36 - 000000000 ____D C:\ProgramData\Package Cache
        2017-09-04 08:59 - 2017-09-04 08:59 - 000000000 ___RD C:\Program Files (x86)\Skype
        2017-09-04 08:59 - 2017-09-04 08:59 - 000000000 ____D C:\Users\mcpph\Tracing
        2017-09-04 08:59 - 2017-09-04 08:59 - 000000000 ____D C:\ProgramData\Skype
        2017-09-04 08:59 - 2017-09-04 08:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
        2017-09-04 08:49 - 2017-09-04 08:49 - 000002870 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
        2017-09-04 08:49 - 2017-09-04 08:49 - 000002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Protection.lnk
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Panda Security
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Protection
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\Program Files\CCleaner
        2017-09-04 08:49 - 2017-09-04 08:49 - 000000000 ____D C:\Program Files (x86)\Panda Security
        2017-09-04 08:49 - 2017-07-19 05:31 - 000207328 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINKNC.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000179168 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINAflt.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000146912 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProt.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000140256 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINFile.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000133600 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProc.sys
        2017-09-04 08:49 - 2017-07-19 05:31 - 000117216 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINReg.sys
        2017-09-04 08:49 - 2017-05-22 08:01 - 000072648 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
        2017-09-04 08:48 - 2017-09-04 08:49 - 000000000 ____D C:\ProgramData\Panda Security
        2017-09-04 08:43 - 2017-09-04 08:43 - 000000716 _____ C:\Users\mcpph\Desktop\SOFTWARE.lnk
        2017-09-04 08:40 - 2017-09-09 18:51 - 000000000 ____D C:\Wallpaper
        2017-09-04 08:37 - 2017-09-04 08:37 - 000004608 _____ C:\Windows\SECOH-QAD.exe
        2017-09-04 08:37 - 2017-09-04 08:37 - 000003584 _____ C:\Windows\SECOH-QAD.dll
        2017-09-04 08:37 - 2017-09-04 08:37 - 000003476 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
        2017-09-04 08:37 - 2017-09-04 08:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
        2017-09-04 08:37 - 2017-09-04 08:37 - 000000000 ____D C:\Program Files\KMSpico
        2017-09-04 08:37 - 2010-12-06 05:16 - 000090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
        2017-09-04 08:36 - 2017-09-17 12:39 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Skype
        2017-09-04 08:36 - 2017-09-17 12:20 - 001259196 _____ C:\Windows\system32\PerfStringBackup.INI
        2017-09-04 08:36 - 2017-09-04 08:51 - 000000000 ___RD C:\Users\mcpph\OneDrive
        2017-09-04 08:36 - 2017-09-04 08:36 - 000000000 ____D C:\Users\mcpph\AppData\Local\Comms
        2017-09-04 08:35 - 2017-09-04 09:12 - 000000000 ____D C:\Program Files (x86)\Intel
        2017-09-04 08:35 - 2017-09-04 09:11 - 000000000 ____D C:\Program Files\Intel
        2017-09-04 08:35 - 2017-09-04 08:36 - 000000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
        2017-09-04 08:35 - 2017-09-04 08:35 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
        2017-09-04 08:35 - 2017-09-04 08:35 - 000000000 ____D C:\Intel
        2017-09-04 08:35 - 2017-09-04 08:35 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
        2017-09-04 08:35 - 2017-09-04 08:23 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
        2017-09-04 08:35 - 2017-09-04 08:23 - 000000000 __SHD C:\Users\mcpph\IntelGraphicsProfiles
        2017-09-04 08:35 - 2017-03-18 08:35 - 000095216 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
        2017-09-04 08:35 - 2017-03-18 08:35 - 000091120 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
        2017-09-04 08:34 - 2017-09-04 17:49 - 000000000 ____D C:\Users\mcpph\AppData\Roaming\Adobe
        2017-09-04 08:34 - 2017-09-04 17:47 - 000000000 ____D C:\Users\mcpph\AppData\Local\Packages
        2017-09-04 08:34 - 2017-09-04 08:35 - 000000000 ____D C:\Users\mcpph\AppData\Local\ConnectedDevicesPlatform
        2017-09-04 08:34 - 2017-09-04 08:34 - 000000000 __RHD C:\Users\Public\AccountPictures
        2017-09-04 08:34 - 2017-09-04 08:34 - 000000000 ____D C:\Users\mcpph\AppData\Local\VirtualStore
        2017-09-04 08:34 - 2017-09-04 08:34 - 000000000 ____D C:\Users\mcpph\AppData\Local\TileDataLayer
        2017-09-04 08:34 - 2017-09-04 08:34 - 000000000 ____D C:\Users\mcpph\AppData\Local\Publishers
        2017-09-04 08:33 - 2017-09-13 19:41 - 000000000 ____D C:\Users\mcpph
        2017-09-04 08:33 - 2017-09-04 08:33 - 000000020 ___SH C:\Users\mcpph\ntuser.ini
        2017-09-04 08:33 - 2017-09-04 08:33 - 000000000 ____D C:\ProgramData\USOShared
        2017-09-04 08:32 - 2017-07-12 07:39 - 000942592 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
        2017-09-04 08:32 - 2017-03-18 23:56 - 002233344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
        2017-09-04 08:32 - 2017-03-18 07:59 - 004164608 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0002.dll
        2017-09-04 08:32 - 2017-03-18 07:55 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0002.dll
        2017-09-04 08:32 - 2017-03-18 07:54 - 001914368 _____ (Microsoft Corporation) C:\Windows\system32\MLS2.dll
        2017-09-04 08:32 - 2017-03-18 07:43 - 004164608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsLexicons0002.dll
        2017-09-04 08:32 - 2017-03-18 07:40 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsData0002.dll
        2017-09-04 08:32 - 2017-03-18 07:39 - 001868288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MLS2.dll
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-17 12:36 - 2017-03-18 14:40 - 000524288 _____ C:\Windows\system32\config\BBI
        2017-09-17 12:22 - 2017-03-19 00:01 - 000000000 ____D C:\Windows\INF
        2017-09-12 22:12 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\SysWOW64\Macromed
        2017-09-12 22:12 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\Macromed
        2017-09-05 23:33 - 2017-03-18 23:51 - 000000000 ____D C:\Windows\CbsTemp
        2017-09-05 08:03 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\appcompat
        2017-09-04 19:28 - 2017-03-19 00:03 - 000028672 _____ C:\Windows\system32\config\BCD-Template
        2017-09-04 18:30 - 2017-03-18 14:40 - 000000000 ____D C:\Windows\system32\Sysprep
        2017-09-04 18:29 - 2017-03-19 05:31 - 000000000 ____D C:\Windows\HoloShell
        2017-09-04 18:29 - 2017-03-19 00:03 - 000000000 ___RD C:\Windows\PrintDialog
        2017-09-04 18:29 - 2017-03-19 00:03 - 000000000 ___RD C:\Windows\MiracastView
        2017-09-04 18:29 - 2017-03-19 00:03 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
        2017-09-04 18:29 - 2017-03-18 14:40 - 000032768 _____ C:\Windows\system32\config\ELAM
        2017-09-04 17:47 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\AppReadiness
        2017-09-04 11:34 - 2017-03-19 00:03 - 000000000 ___HD C:\Program Files\WindowsApps
        2017-09-04 10:07 - 2017-03-19 00:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
        2017-09-04 08:49 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
        2017-09-04 08:49 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\GroupPolicy
        2017-09-04 08:47 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\Cursors
        2017-09-04 08:33 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\WinBioDatabase
        2017-09-04 08:33 - 2017-03-19 00:03 - 000000000 ____D C:\ProgramData\USOPrivate
        2017-09-04 08:32 - 2017-03-19 05:30 - 000000000 ____D C:\Windows\OCR
        2017-09-04 08:32 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\spool
        2017-09-04 08:32 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\system32\FxsTmp
        2017-09-04 08:31 - 2017-03-19 00:03 - 000000000 ____D C:\Windows\rescache
        2017-09-04 08:31 - 2017-03-19 00:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
        ==================== Files in the root of some directories =======
        2017-09-17 12:04 - 2017-09-17 12:04 - 000423080 _____ () C:\ProgramData\WinSxA.exe
        Files to move or delete:
        ====================
        C:\ProgramData\WinSxA.exe

        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\SysWOW64\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-09-04 18:29
        ==================== End of FRST.txt ============================
        Addition.txt
        Panda_report.txt
      • от pesho66
        Привет Имам проблем с дяловете на хард дисковете , вероятно става въпрос за някои вирус .Темата е пренасочена от Инфо за проблема
         
        Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
        Ran by BigUser (administrator) on BIGUSER-PC (03-09-2017 11:52:48)
        Running from C:\Users\BigUser\Downloads
        Loaded Profiles: BigUser (Available Profiles: BigUser)
        Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
        Internet Explorer Version 8 (Default browser: FF)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (AMD) C:\Windows\System32\atiesrxx.exe
        (AMD) C:\Windows\System32\atieclxx.exe
        (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
        (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
        (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
        (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
        (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
        (Transaction Software, D 81737 Munich) C:\BMWgroup\ETKLokal\transbase\tbmux32.exe
        (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
        (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
        (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
        HKU\S-1-5-21-2627889718-3068437435-1976458178-1000\...\Run: [Viber] => C:\Users\BigUser\AppData\Local\Viber\Viber.exe [30896208 2017-08-22] (Viber Media S.à r.l.)
        HKU\S-1-5-21-2627889718-3068437435-1976458178-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [17420464 2012-07-13] (Skype Technologies S.A.)
        HKU\S-1-5-21-2627889718-3068437435-1976458178-1000\...\MountPoints2: G - G:\setup.exe
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
        Tcpip\..\Interfaces\{0C599813-3678-49A7-B4FE-517D8BC490A4}: [DhcpNameServer] 192.168.0.1
        Internet Explorer:
        ==================
        HKU\S-1-5-21-2627889718-3068437435-1976458178-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yandex.ru/?win=260&clid=2255931
        SearchScopes: HKU\S-1-5-21-2627889718-3068437435-1976458178-1000 -> DefaultScope d2356acc-c842-11e6-bdf2-00262d527177 URL = hxxps://yandex.ru/search/?win=260&clid=2255932&text={searchTerms}
        SearchScopes: HKU\S-1-5-21-2627889718-3068437435-1976458178-1000 -> d2356acc-c842-11e6-bdf2-00262d527177 URL = hxxps://yandex.ru/search/?win=260&clid=2255932&text={searchTerms}
        BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
        BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
        BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
        BHO-x32: Instair -> {0D778FDC-FAD7-4B1D-AB88-7A76A562D65C} -> C:\Program Files\Instair\Instair.dll [2016-12-23] ()
        BHO-x32: QuickStores-Toolbar -> {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
        BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
        BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
        Toolbar: HKLM-x32 - QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
        Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
        Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
        Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
        Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
        Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
        Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
        Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
        Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
        Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
        FireFox:
        ========
        FF ProfilePath: C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2017-09-03]
        FF NewTab: Mozilla\Firefox\Profiles\nahd6ha2.default -> chrome://fvd.speeddial/content/fvd_about_blank.html
        FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Яндекс
        FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Яндекс
        FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> chrome://fvd.speeddial/content/fvd_about_blank.html
        FF Extension: (AdBlocker Ultimate) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-12-28]
        FF Extension: (Instair) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\contact@instair.net [2016-12-23] [not signed]
        FF Extension: (Nimbus Screen Capture - editable screenshots.) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2016-12-23]
        FF Extension: (Speed Dial [FVD] - New Tab Page, Sync...) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\pavel.sherbakov@gmail.com [2017-09-02]
        FF Extension: (Save as PDF) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2016-12-23]
        FF Extension: (Google Translator for Firefox) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\translator@zoli.bod.xpi [2017-02-12]
        FF Extension: (Google  Image Search) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2016-12-23]
        FF Extension: (DownThemAll!) - C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-12-23]
        FF SearchPlugin: C:\Users\BigUser\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-143319.xml [2016-12-22]
        FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
        FF Plugin: @videolan.org/vlc,version=3.0.0-git -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-06-17] (VideoLAN)
        FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-27] (Google, Inc.)
        FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
        FF Plugin-x32: @mobilityflow.com/tvp,version=1.0.1 -> C:\Program Files (x86)\Mobilityflow\Torrent Video Player\npvlc.dll [2012-11-19] (VideoLAN)
        FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-07-24] (Nitro PDF)
        FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-01] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-01] (Google Inc.)
        FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2007-05-10] (Adobe Systems Inc.)
        FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
        Chrome:
        =======
        CHR DefaultProfile: Default
        CHR HomePage: Default -> yandex.ru/?__PARAM__from=chromehp
        CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT2481034&SearchSource=48","hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={6189A548-5277-11E2-A19C-005056C00008}","hxxp://www.delta-search.com/?affID=119292&babsrc=HP_ss&mntrId=6ada26500000000000002eeee680fd43","hxxp://www.yandex.ru/?win=125&clid=2041421","hxxp://isearch.omiga-plus.com/?type=hp&ts=1405529599&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ATNSAF254578V","hxxp://isearch.omiga-plus.com/?type=hp&ts=1405530061&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ATNSAF254578V","hxxp://www.mystartsearch.com/?type=hp&ts=1418069766&from=smt&uid=SamsungXSSDX840XPROXSeries_S1ATNSAF254578V"
        CHR DefaultSearchURL: Default -> hxxps://yandex.ru/search/?__PARAM__from=chromesearch&text={searchTerms}
        CHR DefaultSearchKeyword: Default -> yandex.ru
        CHR DefaultSuggestURL: Default -> hxxps://suggest.yandex.net/suggest-ff.cgi?uil=ru&part={searchTerms}
        CHR Session Restore: Default -> is enabled.
        CHR Profile: C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default [2017-01-11]
        CHR Extension: (Google Презентации) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-22]
        CHR Extension: (Google Диск) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-22]
        CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-12-22]
        CHR Extension: (YouTube) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-22]
        CHR Extension: (Adblock Plus) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-22]
        CHR Extension: (Google Търсене) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-12-22]
        CHR Extension: (Електронни таблици от Google) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-22]
        CHR Extension: (Google Документи офлайн) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-22]
        CHR Extension: (AdBlock) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-07]
        CHR Extension: (Запазване в Google Диск) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2016-12-22]
        CHR Extension: (Numerics Calculator & Converter) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2016-12-22]
        CHR Extension: (Google Карти) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-12-22]
        CHR Extension: (Save to Pocket) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-12-22]
        CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-22]
        CHR Extension: (Gmail) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-22]
        CHR Extension: (Chrome Media Router) - C:\Users\BigUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-22]
        CHR HKLM-x32\...\Chrome\Extension: [geidjeefddhgefeplhdlegoldlgiodon] - hxxp://clients2.google.com/service/update2/crx
        CHR HKLM-x32\...\Chrome\Extension: [lgdnilodcpljomelbbnpgdogdbmclbni] - hxxp://clients2.google.com/service/update2/crx
        CHR HKLM-x32\...\Chrome\Extension: [pjfkgjlnocfakoheoapicnknoglipapd] - hxxp://clients2.google.com/service/update2/crx
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software)
        S2 SwOffScheduler; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2011-05-28] (Airytec) [File not signed]
        S2 SwOffWeb; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2011-05-28] (Airytec) [File not signed]
        R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
        R2 Transbase; C:\BMWgroup\ETKLokal\transbase\tbmux32.exe [385024 2004-08-05] (Transaction Software, D 81737 Munich) [File not signed]
        S2 Transbase TECDOC CD 1_2015 Service; F:\TECDOC_CD\1_2015\db\tbmux32.exe [360448 2014-05-08] (Transaction Software, D 81829 Munich) [File not signed]
        R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
        R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
        R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
        S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 esgiguard; F:\My Programs\Антиспам-програми Firewalls\SpyHunter\esgiguard.sys [15920 2016-08-25] (Enigma Software Group USA, LLC.)
        S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] ()
        S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2014-07-23] (Windows (R) Win 7 DDK provider)
        U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
        S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2016-04-19] (Western Digital Technologies)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-03 11:52 - 2017-09-03 11:53 - 000015913 _____ C:\Users\BigUser\Downloads\FRST.txt
        2017-09-03 11:52 - 2017-09-03 11:52 - 000000000 ____D C:\FRST
        2017-09-03 11:50 - 2017-09-03 11:50 - 002395648 _____ (Farbar) C:\Users\BigUser\Downloads\FRST64.exe
        2017-09-03 11:45 - 2017-09-03 11:46 - 000008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
        2017-09-02 21:11 - 2017-09-02 21:11 - 000002515 _____ C:\Users\Public\Desktop\Skype.lnk
        2017-09-02 21:11 - 2017-09-02 21:11 - 000000000 ___RD C:\Program Files (x86)\Skype
        2017-09-02 21:11 - 2017-09-02 21:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
        2017-09-02 21:08 - 2017-09-02 21:08 - 000000000 ____D C:\Windows\system32\appmgmt
        2017-09-02 20:54 - 2017-09-02 21:07 - 000000000 ____D C:\Users\BigUser\Desktop\b
        2017-09-02 16:04 - 2017-09-02 16:05 - 000000000 ____D C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Pro
        2017-09-02 16:04 - 2017-09-02 16:04 - 000002007 _____ C:\Users\BigUser\AppData\Roaming\Microsoft\Windows\Start Menu\ScreenHunter 5.1 Pro.lnk
        2017-09-02 16:04 - 2017-09-02 16:04 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 5 Pro
        2017-09-02 16:04 - 2017-09-02 16:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 5 Pro
        2017-09-01 13:25 - 2017-09-01 13:25 - 000000000 ____D C:\Users\BigUser\AppData\Local\Viber Media S.à r.l
        2017-09-01 13:24 - 2017-09-01 13:25 - 000000000 ____D C:\Users\BigUser\AppData\Local\Viber
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-03 11:52 - 2009-07-14 07:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
        2017-09-03 11:52 - 2009-07-14 07:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
        2017-09-03 11:48 - 2009-07-14 08:13 - 000781782 _____ C:\Windows\system32\PerfStringBackup.INI
        2017-09-03 11:48 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
        2017-09-03 11:45 - 2016-12-22 15:11 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\ViberPC
        2017-09-03 11:44 - 2016-12-22 15:11 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\Skype
        2017-09-03 11:44 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
        2017-09-03 10:59 - 2016-12-22 14:56 - 000000000 ____D C:\Program Files (x86)\Steam
        2017-09-03 10:24 - 2016-12-23 21:46 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\Nitro PDF
        2017-09-03 10:06 - 2017-03-05 01:31 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\vlc
        2017-09-02 21:20 - 2016-12-22 14:40 - 000000000 ____D C:\Users\BigUser\Documents\ViberDownloads
        2017-09-02 21:11 - 2016-12-22 15:11 - 000000000 ____D C:\ProgramData\Skype
        2017-09-02 20:54 - 2016-12-22 14:25 - 000000000 ____D C:\Users\BigUser
        2017-09-02 11:19 - 2016-12-26 23:20 - 000000000 ____D C:\BMWScan140
        2017-09-01 17:37 - 2017-02-26 23:56 - 000000000 ____D C:\Users\BigUser\AppData\Roaming\uTorrent
        2017-09-01 17:37 - 2017-02-26 23:56 - 000000000 ____D C:\Users\BigUser\AppData\LocalLow\uTorrent
        2017-09-01 13:20 - 2016-12-22 14:50 - 000002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
        2017-09-01 13:20 - 2016-12-22 14:50 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
        2017-09-01 13:13 - 2016-12-22 14:50 - 000003430 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
        2017-09-01 13:13 - 2016-12-22 14:50 - 000003302 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
        ==================== Files in the root of some directories =======
        2016-12-22 15:25 - 2014-04-29 18:36 - 000000036 _____ () C:\Users\BigUser\AppData\Local\installLang.ini
        2016-12-25 21:14 - 2016-12-26 20:40 - 012390794 _____ () C:\ProgramData\OfflineCatalogue_1_2015_TECDOC_CD.log
        Some files in TEMP:
        ====================
        2010-11-18 23:27 - 2010-11-18 23:27 - 000587776 _____ (Igor Pavlov) C:\Users\BigUser\AppData\Local\Temp\7za.exe
        2016-12-26 18:35 - 2013-09-04 16:01 - 023454528 ____N (                                   ) C:\Users\BigUser\AppData\Local\Temp\AdbeRdr_en_US.exe
        2016-12-22 15:29 - 2016-12-22 15:29 - 000059904 _____ () C:\Users\BigUser\AppData\Local\Temp\bitool.dll
        2013-07-29 01:22 - 2013-07-29 01:22 - 000107520 _____ () C:\Users\BigUser\AppData\Local\Temp\KEYGEN-FFF.exe
        2016-12-22 15:27 - 2013-10-16 23:55 - 000036864 _____ (noOrg) C:\Users\BigUser\AppData\Local\Temp\lanbox.exe
        2015-07-31 07:06 - 2015-07-31 07:06 - 000242864 ____R (Microsoft Corporation) C:\Users\BigUser\AppData\Local\Temp\ose00000.exe
        2014-11-08 11:33 - 2015-01-08 00:48 - 000601088 _____ () C:\Users\BigUser\AppData\Local\Temp\Quarantine.exe
        2010-03-31 22:17 - 2010-03-31 22:17 - 000435544 _____ (AB-Tools.com                                                ) C:\Users\BigUser\AppData\Local\Temp\QuickStores_Unlocker.exe
        2012-11-02 12:08 - 2012-11-02 12:08 - 000118784 _____ () C:\Users\BigUser\AppData\Local\Temp\xmlUpdater.exe
        2016-12-22 15:33 - 2016-09-08 18:01 - 000237920 _____ () C:\Users\BigUser\AppData\Local\Temp\YandexWorking.exe
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\Windows\system32\winlogon.exe => File is digitally signed
        C:\Windows\system32\wininit.exe => File is digitally signed
        C:\Windows\SysWOW64\wininit.exe => File is digitally signed
        C:\Windows\explorer.exe => File is digitally signed
        C:\Windows\SysWOW64\explorer.exe => File is digitally signed
        C:\Windows\system32\svchost.exe => File is digitally signed
        C:\Windows\SysWOW64\svchost.exe => File is digitally signed
        C:\Windows\system32\services.exe => File is digitally signed
        C:\Windows\system32\User32.dll => File is digitally signed
        C:\Windows\SysWOW64\User32.dll => File is digitally signed
        C:\Windows\system32\userinit.exe => File is digitally signed
        C:\Windows\SysWOW64\userinit.exe => File is digitally signed
        C:\Windows\system32\rpcss.dll => File is digitally signed
        C:\Windows\system32\dnsapi.dll => File is digitally signed
        C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
        C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
        LastRegBack: 2017-04-04 01:52
        ==================== End of FRST.txt ============================
         
         
         
        Addition.txt
      • от Филипов
        Не е мой. Поради това мога да се забавя с реакцията. Нещо иска да поправя компютъра / упдейтва драйвери.
        Едното го премахмах от Add/Remove Programs и се замени от друг подобен боклук.
        Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2017
        Ran by User 1 (administrator) on HOME-5D870EAA9B (01-09-2017 21:38:43)
        Running from C:\Documents and Settings\User 1\Desktop
        Loaded Profiles: User 1 & UpdatusUser (Available Profiles: User 1 & UpdatusUser)
        Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
        Internet Explorer Version 8 (Default browser: FF)
        Boot Mode: Normal
        Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
        ==================== Processes (Whitelisted) =================
        (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
        (VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
        (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
        (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
        () C:\Documents and Settings\User 1\Application Data\System Monitor\sm.exe
        (Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
        (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
        (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
        (Jawego) C:\Program Files\PC Protector Plus\PCProtectorPlus.exe
        (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
        (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
        (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
        (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
        ==================== Registry (Whitelisted) ====================
        (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
        HKLM\...\Run: [AudioDeck] => C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe [528384 2007-08-09] (VIA Technologies, Inc.)
        HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
        HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
        HKLM\...\Run: [PC Protector Plus_startup] => C:\Program Files\PC Protector Plus\PCProtectorPlus.exe [6239680 2016-09-26] (Jawego)
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [25479680 2017-03-20] (Skype Technologies S.A.)
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\Run: [SMReminder] => C:\Documents and Settings\User 1\Application Data\System Monitor\sm.exe [2959312 2017-08-30] ()
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\Run: [securedriverupdaterDUReminder] => C:\Program Files\Secure Driver Updater\SDU.exe -rem
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\MountPoints2: {350a9c3e-b665-11e6-a11e-0008c7399231} - D:\LGAutoRun.exe
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\...\MountPoints2: {c9e26fc6-0281-11e3-9c1b-000b6a1cfcf7} - CMD /C START SysConfig.{645FF040-5081-101B-9F08-00AA002F954E}\sysconfig-x932851.dat
        ==================== Internet (Whitelisted) ====================
        (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
        Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
        Tcpip\..\Interfaces\{ED529269-1461-4DBF-ADAD-F0E66CE70B2A}: [DhcpNameServer] 192.168.1.1
        Internet Explorer:
        ==================
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://gbg.bg/
        HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
        URLSearchHook: [S-1-5-21-1757981266-1275210071-1644491937-1004] ATTENTION => Default URLSearchHook is missing
        BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
        DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
        Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
        Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
        FireFox:
        ========
        FF ProfilePath: C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750 [2017-09-01]
        FF Session Restore: C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750 -> is enabled.
        FF Extension: (Enhancer for YouTube™) - C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2017-06-19]
        FF Extension: (YouTube Video and Audio Downloader) - C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-06-20]
        FF Extension: (Low Quality Flash) - C:\Documents and Settings\User 1\Application Data\Mozilla\Firefox\Profiles\gc0jjwq8.default-1486387067750\Extensions\low_quality_flash@pie2k.com [2017-06-19]
        FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
        FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-18] [not signed]
        FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-09-01] ()
        FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
        FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
        FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
        FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
        FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
        Chrome:
        =======
        CHR DefaultProfile: Default
        CHR HKLM\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
        CHR HKU\S-1-5-21-1757981266-1275210071-1644491937-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
        ==================== Services (Whitelisted) ====================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-09-01] (Adobe Systems Incorporated) [File not signed]
        ===================== Drivers (Whitelisted) ======================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
        S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
        S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2013-08-17] (Phoenix Technologies) [File not signed]
        S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
        R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
        R3 N100; C:\WINDOWS\System32\DRIVERS\n100325.sys [128000 2001-08-17] (Compaq Computer Corporation)
        S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
        S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [33512 2013-02-14] (AnchorFree Inc)
        R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [26880 2002-12-27] (VIA Technologies, Inc.)
        R3 VIAudio; C:\WINDOWS\System32\drivers\vinyl97.sys [207488 2007-06-27] (VIA Technologies, Inc.)
        ==================== NetSvcs (Whitelisted) ===================
        (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

        ==================== One Month Created files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-01 21:38 - 2017-09-01 21:39 - 000008769 _____ C:\Documents and Settings\User 1\Desktop\FRST.txt
        2017-09-01 21:38 - 2017-09-01 21:38 - 000000000 ____D C:\FRST
        2017-09-01 21:32 - 2017-09-01 21:32 - 001792512 _____ (Farbar) C:\Documents and Settings\User 1\Desktop\FRST.exe
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000780 _____ C:\Documents and Settings\All Users\Desktop\PC Protector Plus.lnk
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000326 _____ C:\WINDOWS\Tasks\PC Protector Plus_runnag.job
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Program Files\PC Protector Plus
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\User 1\Local Settings\Application Data\Jawego
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\User 1\Application Data\PCPRJ
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\User 1\Application Data\Jawego
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PC Protector Plus
        2017-09-01 20:57 - 2017-09-01 20:57 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Jawego
        2017-09-01 20:57 - 2016-09-26 17:26 - 000022464 _____ C:\WINDOWS\system32\pcplusnative32.exe
        ==================== One Month Modified files and folders ========
        (If an entry is included in the fixlist, the file/folder will be moved.)
        2017-09-01 21:39 - 2013-08-11 14:47 - 000000000 ____D C:\Documents and Settings\User 1\Local Settings\Temp
        2017-09-01 21:37 - 2013-08-11 16:29 - 000000000 ____D C:\Documents and Settings\User 1\Application Data\Skype
        2017-09-01 21:23 - 2013-08-11 15:11 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
        2017-09-01 21:15 - 2015-01-05 17:01 - 000000986 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
        2017-09-01 20:57 - 2017-06-20 16:22 - 000000000 ____D C:\Documents and Settings\User 1\Application Data\System Monitor
        2017-09-01 20:53 - 2014-02-16 19:52 - 000003564 _____ C:\WINDOWS\wincmd.ini
        2017-09-01 20:52 - 2016-12-17 02:04 - 000000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d257f0bb9fdf30.job
        2017-09-01 20:52 - 2015-01-05 17:01 - 000000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
        2017-09-01 20:52 - 2014-06-19 14:26 - 000000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
        2017-09-01 20:52 - 2013-08-11 14:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
        2017-09-01 20:52 - 2008-04-14 12:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
        2017-09-01 20:51 - 2013-08-11 14:47 - 000000178 ___SH C:\Documents and Settings\User 1\ntuser.ini
        2017-09-01 20:51 - 2013-08-11 14:43 - 000032540 _____ C:\WINDOWS\SchedLgU.Txt
        2017-09-01 16:23 - 2017-08-01 10:23 - 005763072 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
        2017-09-01 16:23 - 2013-08-11 15:11 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
        2017-09-01 16:23 - 2013-08-11 15:11 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
        2017-09-01 16:23 - 2013-08-11 14:34 - 000000000 ____D C:\WINDOWS\system32\Macromed
        2017-08-08 15:00 - 2014-06-19 14:26 - 000000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
        ==================== Files in the root of some directories =======
        2014-12-11 13:44 - 2014-12-11 13:44 - 000031611 ____C () C:\Program Files\third-party_attributions.txt
        2015-09-20 04:55 - 2017-05-03 22:21 - 000009728 _____ () C:\Documents and Settings\User 1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
        ==================== Bamital & volsnap ======================
        (There is no automatic fix for files that do not pass verification.)
        C:\WINDOWS\explorer.exe => File is digitally signed
        C:\WINDOWS\system32\winlogon.exe => File is digitally signed
        C:\WINDOWS\system32\svchost.exe => File is digitally signed
        C:\WINDOWS\system32\services.exe => File is digitally signed
        C:\WINDOWS\system32\User32.dll => File is digitally signed
        C:\WINDOWS\system32\userinit.exe => File is digitally signed
        C:\WINDOWS\system32\rpcss.dll => File is digitally signed
        C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
        C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
        ==================== End of FRST.txt ============================
        Addition.txt
    • Разглеждащи в момента   0 потребители

      Няма регистрирани потребители разглеждащи тази страница.

    • Дарение

    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.