Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Препоръчан отговор

Здравейте и за много години,моят проблем хром бавно отваря забива и се срива- отварят се по няколко страници . В момента съм safe mode иначе забива

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2019
Ran by ВЕС (administrator) on WIN-SKFJ6HLGST2 (03-01-2019 20:43:32)
Running from C:\Users\ВЕС\Downloads
Loaded Profiles: ВЕС (Available Profiles: ВЕС)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\Run: [DHY0GM3ATCSFE7M] => "C:\Program Files\x0h1djdcnoe\3OQCH.exe"
HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\MountPoints2: {41be252d-0f82-11e9-a624-002713343a56} - F:\Lenovo_Suite.exe
HKLM\...\Drivers32: [MSVideo8] => C:\Windows\system32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -> C:\Windows\System32\iedkcs32.dll [2010-11-20] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2019-01-03] (Google Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{840DEA2A-8553-4D25-A5FB-7DB86C5BFBE5}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{EE11610E-0BCC-42A7-A0AC-89B4A3B92BF1}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3512987231-521144983-709920193-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3512987231-521144983-709920193-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10477_754_190103&q={searchTerms}
BHO: YoutubeAdBlock -> {984AFA40-4BEC-457F-AEDE-FE3404A646FA} -> C:\Program Files\VKkhWVSisIE\kwTiXoR.dll => No File

FireFox:
========
FF ProfilePath: C:\Users\ВЕС\AppData\Roaming\K-Meleon\oytl87x0.default [2019-01-03]
FF user.js: detected! => C:\Users\ВЕС\AppData\Roaming\K-Meleon\oytl87x0.default\user.js [2006-04-06]
FF Extension: (NewsFox) - C:\Users\ВЕС\Downloads\k-meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2016-01-04] [Legacy] [not signed]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]

Chrome: 
=======
CHR HomePage: Default -> hxxp://google.bg/
CHR Profile: C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default [2019-01-03]
CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2019-01-03]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-03]
CHR Extension: (Chrome Media Router) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-03]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"qamplvkj" => service was unlocked. <==== ATTENTION

S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [375776 2018-12-12] (Google Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
S2 qamplvkj; C:\Windows\system32\qamplvkj\dfaricjc.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [172280 2019-01-03] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [106144 2019-01-03] (Malwarebytes)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [63760 2019-01-03] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [230120 2019-01-03] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [83648 2019-01-03] (Malwarebytes)
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-04 03:15 - 2019-01-04 03:15 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2019-01-04 03:15 - 2019-01-04 03:15 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2019-01-04 03:14 - 2019-01-04 03:14 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2019-01-04 03:10 - 2019-01-03 18:31 - 000000000 ____D C:\Windows\Panther
2019-01-04 03:03 - 2019-01-04 03:03 - 000000000 ____D C:\Windows.old
2019-01-03 20:43 - 2019-01-03 20:43 - 001783808 _____ (Farbar) C:\Users\ВЕС\Downloads\FRST.exe
2019-01-03 20:43 - 2019-01-03 20:43 - 000007564 _____ C:\Users\ВЕС\Downloads\FRST.txt
2019-01-03 20:43 - 2019-01-03 20:43 - 000000000 ____D C:\FRST
2019-01-03 20:18 - 2019-01-03 20:18 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-01-03 20:18 - 2019-01-03 20:18 - 000083648 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-01-03 20:18 - 2019-01-03 20:18 - 000063760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-01-03 20:03 - 2019-01-03 20:03 - 000000000 ____D C:\Users\ВЕС\AppData\Local\mbam
2019-01-03 20:02 - 2019-01-03 20:42 - 000172280 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-01-03 20:02 - 2019-01-03 20:02 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-01-03 20:02 - 2019-01-03 20:02 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\Users\ВЕС\AppData\Local\mbamtray
2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-03 20:02 - 2018-12-04 08:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-01-03 20:00 - 2019-01-03 20:01 - 081227760 _____ (Malwarebytes ) C:\Users\ВЕС\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2019-01-03 19:40 - 2019-01-03 20:03 - 000000000 ____D C:\ProgramData\RogueKiller
2019-01-03 19:40 - 2019-01-03 19:40 - 029162424 _____ (Adlice Software ) C:\Users\ВЕС\Downloads\RogueKiller_setup.exe
2019-01-03 19:40 - 2019-01-03 19:40 - 000001001 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2019-01-03 19:40 - 2019-01-03 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-01-03 19:40 - 2019-01-03 19:40 - 000000000 ____D C:\Program Files\RogueKiller
2019-01-03 19:34 - 2019-01-03 20:42 - 000265284 _____ C:\Windows\ntbtlog.txt
2019-01-03 19:30 - 2019-01-03 19:30 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\teiqv2gvtfm
2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\imgn0qmwmwh
2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\acysy1vaoki
2019-01-03 19:10 - 2019-01-03 19:10 - 006161408 _____ C:\Users\ВЕС\AppData\Local\dump007.dat
2019-01-03 19:09 - 2019-01-03 19:09 - 000000009 _____ C:\Users\ВЕС\rstr1.ini
2019-01-03 19:08 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\3zxuksmazmq
2019-01-03 19:07 - 2019-01-03 19:07 - 000000258 __RSH C:\Users\ВЕС\ntuser.pol
2019-01-03 19:04 - 2019-01-03 19:04 - 000000000 ____D C:\Windows\system32\qamplvkj
2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\vi5lm2mflim
2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\sq0zlve2tqj
2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\qc1oa2vrskn
2019-01-03 19:02 - 2019-01-03 19:02 - 000000000 ____D C:\Users\ВЕС\AppData\LocalLow\yHNPHHIzKpsCK
2019-01-03 19:01 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\423viiu5lfu
2019-01-03 19:01 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Michael
2019-01-03 19:01 - 2019-01-03 19:19 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\ShopMore
2019-01-03 19:01 - 2019-01-03 19:07 - 000002964 __RSH C:\ProgramData\ntuser.pol
2019-01-03 19:01 - 2019-01-03 19:01 - 000493800 _____ (VideoDriver) C:\Windows\D04DE5140B2D.sys
2019-01-03 19:01 - 2019-01-03 19:01 - 000140800 _____ C:\Users\ВЕС\AppData\Local\installer.dat
2019-01-03 19:01 - 2019-01-03 19:01 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Python
2019-01-03 19:00 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\ezc3lfxnx4j
2019-01-03 19:00 - 2019-01-03 19:00 - 000000003 _____ C:\Users\ВЕС\AppData\Local\wbem.ini
2019-01-03 19:00 - 2019-01-03 19:00 - 000000000 ____D C:\ProgramData\{AC10FE2E-1A46-0496-3E07-15883EE04CD9}
2019-01-03 19:00 - 2019-01-03 19:00 - 000000000 ____D C:\ProgramData\{59403C6F-D807-F1C6-7FC5-457D7F221C2C}
2019-01-03 18:57 - 2019-01-03 18:57 - 000008906 _____ C:\Users\NYBMYXMIG-DECRYPT.txt
2019-01-03 18:57 - 2019-01-03 18:57 - 000008906 _____ C:\NYBMYXMIG-DECRYPT.txt
2019-01-03 18:57 - 2019-01-03 18:57 - 000000000 ____H C:\d85105b2d85102533b.lock
2019-01-03 18:56 - 2019-01-03 18:56 - 000000000 ____D C:\ProgramData\HCRGWPOIZH4OHCKX91M2
2019-01-03 18:56 - 2015-08-03 08:53 - 000384000 _____ (SafeIP) C:\Windows\system32\SafeIPs.dll
2019-01-03 18:55 - 2019-01-03 20:05 - 000000000 ____D C:\Program Files\KMSPico 10.2.1 Final
2019-01-03 18:53 - 2018-12-10 23:04 - 000499424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-01-03 18:48 - 2019-01-03 18:48 - 001259736 _____ (Plarium) C:\Users\ВЕС\Downloads\PlariumPlaySetup (1).exe
2019-01-03 18:46 - 2019-01-03 18:46 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Package Cache
2019-01-03 18:45 - 2019-01-03 19:03 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Mozilla
2019-01-03 18:45 - 2019-01-03 18:45 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\K-Meleon
2019-01-03 18:45 - 2019-01-03 18:45 - 000000000 ____D C:\Users\ВЕС\AppData\Local\K-Meleon
2019-01-03 18:44 - 2019-01-03 18:44 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Plarium
2019-01-03 18:44 - 2019-01-03 18:44 - 000000000 ____D C:\Users\ВЕС\AppData\Local\CEF
2019-01-03 18:39 - 2019-01-03 18:39 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Google
2019-01-03 18:38 - 2019-01-03 19:53 - 000002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-01-03 18:38 - 2019-01-03 19:53 - 000002161 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-01-03 18:37 - 2019-01-03 19:02 - 000000000 ____D C:\Program Files\Google
2019-01-03 18:37 - 2019-01-03 19:00 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Google
2019-01-03 18:37 - 2019-01-03 18:37 - 000057560 _____ C:\Users\ВЕС\AppData\Local\GDIPFONTCACHEV1.DAT
2019-01-03 18:37 - 2019-01-03 18:37 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Deployment
2019-01-03 18:37 - 2019-01-03 18:37 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Apps\2.0
2019-01-03 18:36 - 2014-05-14 17:23 - 001973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-01-03 18:36 - 2014-05-14 17:23 - 000054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2019-01-03 18:36 - 2014-05-14 17:23 - 000045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2019-01-03 18:36 - 2014-05-14 17:17 - 002425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2019-01-03 18:36 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2019-01-03 18:36 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2019-01-03 18:33 - 2019-01-03 19:53 - 000001335 _____ C:\Users\ВЕС\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-01-03 18:33 - 2019-01-03 19:09 - 000000000 ____D C:\Users\ВЕС
2019-01-03 18:33 - 2019-01-03 18:33 - 000000020 ___SH C:\Users\ВЕС\ntuser.ini
2019-01-03 18:33 - 2019-01-03 18:33 - 000000000 ____D C:\Users\ВЕС\AppData\Local\VirtualStore
2019-01-03 18:33 - 2010-11-21 01:46 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Media Center Programs
2019-01-03 16:27 - 2019-01-03 16:27 - 000000000 ____D C:\My Drivers
2018-12-30 08:50 - 2018-12-30 08:50 - 005183296 _____ (Marcin Szeniak ) C:\Users\ВЕС\Downloads\BCUninstaller_4.12.1_setup.exe
2018-12-29 13:35 - 2018-12-29 13:35 - 000000000 ____D C:\SWSetup

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-04 03:15 - 2009-07-14 05:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2019-01-04 03:15 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\sysprep
2019-01-04 03:12 - 2010-11-21 01:46 - 000000000 ____D C:\Windows\CSC
2019-01-04 03:10 - 2009-07-14 05:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2019-01-03 20:30 - 2010-11-20 22:01 - 000713888 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-03 20:30 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2019-01-03 20:18 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-03 20:17 - 2009-07-14 05:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-03 20:17 - 2009-07-14 05:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-03 19:01 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\GroupPolicy
2019-01-03 18:57 - 2018-08-11 19:54 - 000000000 ____D C:\Intel
2019-01-03 18:57 - 2017-10-21 13:53 - 000000000 ____D C:\LFS
2019-01-03 18:57 - 2017-09-25 20:50 - 000000000 ___RD C:\BECKO-PC
2019-01-03 18:57 - 2017-04-14 15:10 - 000036892 ____H C:\iCS Source.suo.nybmyxmig
2019-01-03 18:33 - 2009-07-14 05:33 - 000266808 _____ C:\Windows\system32\FNTCACHE.DAT
2019-01-03 18:31 - 2009-07-14 03:37 - 000000000 __RHD C:\Users\Public\Libraries
2019-01-03 17:30 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\rescache
2019-01-03 15:34 - 2018-08-11 14:17 - 000000000 ____D C:\Users\ВЕС\Downloads\k-meleon
2019-01-01 13:09 - 2018-09-02 13:32 - 000000000 ____D C:\Users\ВЕС\Documents\TalkHelper

==================== Files in the root of some directories =======

1601-01-03 21:26 - 1601-01-03 21:26 - 000186368 ____N (Microsoft Corporation) C:\Users\ВЕС\AppData\Local\aIQEonJ.exe
2019-01-03 19:10 - 2019-01-03 19:10 - 006161408 _____ () C:\Users\ВЕС\AppData\Local\dump007.dat
2019-01-03 19:01 - 2019-01-03 19:01 - 000140800 _____ () C:\Users\ВЕС\AppData\Local\installer.dat
2019-01-03 19:00 - 2019-01-03 19:00 - 000000003 _____ () C:\Users\ВЕС\AppData\Local\wbem.ini

Some files in TEMP:
====================
2019-01-03 18:56 - 2019-01-03 18:56 - 000710464 _____ () C:\Users\ВЕС\AppData\Local\Temp\3.exe
2019-01-03 19:00 - 2019-01-03 19:00 - 001312696 _____ (                                                            ) C:\Users\ВЕС\AppData\Local\Temp\fastdatax.exe
2019-01-03 19:09 - 2019-01-03 20:19 - 000000000 ____D () C:\Users\ВЕС\AppData\Local\Temp\IEShims.dll
2019-01-03 19:00 - 2019-01-03 19:00 - 003520512 _____ () C:\Users\ВЕС\AppData\Local\Temp\installer_mi.exe
2019-01-03 18:56 - 2019-01-03 18:56 - 002715792 _____ (SafeIP, LLC.                                                ) C:\Users\ВЕС\AppData\Local\Temp\update.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-04 03:11

==================== End of FRST.txt ===========================

Addition.txt

Screenshot.png

Линк към коментара
Сподели в други сайтове

Здравейте..! Системата ви е заразена..! Утре сутринта ще прегледам още веднъж дневниците и ще ви напиша скрипт и следващи инструкции..! Лека вечер..! :)

Линк към коментара
Сподели в други сайтове

Здравейте..За начало изпълнете следващия скрипт в Safe Mode..след изпълнението му опитайте да направите нови сканирания в нормален режим..!

 

Фикс с Farbar Recovery Scan Tool
 
icon13.gif Изтеглете прикачения файл
 fixlist.txt и го запазете там, където сте свалили FRST.exe
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.

Press%20the%20FIX%20button_zpsdd5zi3mt.p


Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.
 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

 

pfNZP4A.png  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • FixLog.txt
Линк към коментара
Сподели в други сайтове

Да 

Въпреки  това сега виждам че имам лог файл

Fix result of Farbar Recovery Scan Tool (x86) Version: 01-01-2019
Ran by ВЕС (04-01-2019 16:30:36) Run:1
Running from C:\Users\ВЕС\Downloads
Loaded Profiles: ВЕС (Available Profiles: ВЕС)
Boot Mode: Safe Mode (with Networking)

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\Run: [DHY0GM3ATCSFE7M] => "C:\Program Files\x0h1djdcnoe\3OQCH.exe"
HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\MountPoints2: {41be252d-0f82-11e9-a624-002713343a56} - F:\Lenovo_Suite.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3512987231-521144983-709920193-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10477_754_190103&q={searchTerms}
BHO: YoutubeAdBlock -> {984AFA40-4BEC-457F-AEDE-FE3404A646FA} -> C:\Program Files\VKkhWVSisIE\kwTiXoR.dll => No File
"qamplvkj" => service was unlocked. <==== ATTENTION 
S2 qamplvkj; C:\Windows\system32\qamplvkj\dfaricjc.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\teiqv2gvtfm
2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\imgn0qmwmwh
2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\acysy1vaoki
2019-01-03 19:08 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\3zxuksmazmq
2019-01-03 19:04 - 2019-01-03 19:04 - 000000000 ____D C:\Windows\system32\qamplvkj
2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\vi5lm2mflim
2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\sq0zlve2tqj
2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\qc1oa2vrskn
2019-01-03 19:02 - 2019-01-03 19:02 - 000000000 ____D C:\Users\ВЕС\AppData\LocalLow\yHNPHHIzKpsCK
2019-01-03 19:01 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\423viiu5lfu
2019-01-03 18:57 - 2019-01-03 18:57 - 000008906 _____ C:\Users\NYBMYXMIG-DECRYPT.txt
2019-01-03 18:57 - 2019-01-03 18:57 - 000008906 _____ C:\NYBMYXMIG-DECRYPT.txt
2019-01-03 18:57 - 2019-01-03 18:57 - 000000000 ____H C:\d85105b2d85102533b.lock
2019-01-03 18:56 - 2019-01-03 18:56 - 000000000 ____D C:\ProgramData\HCRGWPOIZH4OHCKX91M2
C:\Windows\system32\qamplvkj\dfaricjc.exe
Task: {28388CE9-2CA7-49CC-9564-0F424E14BEED} - System32\Tasks\DvwLFWwXutwLxJgmB2 => rundll32 "C:\Program Files\ooxzIAzTqruiVIszQdR\yydPZjO.dll",#1
Task: {56D6A7AF-393C-40E2-9FC4-2A3636BD7188} - System32\Tasks\{EF961BFA-57B7-56F3-7C41-CBDA384B27B1} => "msiexec" -package hxxps://refreshnerer711.info/wVM4raQAo.n1e /q
Task: {7AF01070-CEDB-4440-A34C-665C65F672C1} - System32\Tasks\iYMvCriySoqaGgPjbmR2 => rundll32 "C:\Program Files\qUgzYKxVLnesC\lnFhOtc.dll",#1
Task: {8E82EE52-6E07-47A4-94E6-6615304E8C41} - System32\Tasks\{9691CC12-2E74-1BC2-86C6-CA40BD9675B3} => "msiexec" /q /i hxxps://refreshnerer711rb.info/F01BsF0RBXQ.CrC
Task: {97F429C1-49D9-4EE5-82B4-4FC29549D18B} - System32\Tasks\UXshqEpiPQcXH2 => C:\Windows\system32\wscript.exe "C:\ProgramData\BuHcEEPgNwocAWVB\QkkdFBc.wsf"
Task: {DB69F2CB-FE06-4A26-872B-C008C9CFD1BC} - System32\Tasks\mMzvDpxKxjJVUr => rundll32 "C:\Program Files\hUmbquBpttZU2\mNvKUiXnBbMki.dll",#1
AlternateDataStreams: C:\Windows\system32\config\systemprofile:.repos [6509722]
IE trusted site: HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\webcompanion.com -> hxxp://webcompanion.com
reboot:
end

*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully.
"HKU\S-1-5-21-3512987231-521144983-709920193-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DHY0GM3ATCSFE7M" => removed successfully.
"HKU\S-1-5-21-3512987231-521144983-709920193-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => removed successfully.
HKU\S-1-5-21-3512987231-521144983-709920193-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41be252d-0f82-11e9-a624-002713343a56} => removed successfully.
HKLM\Software\Classes\CLSID\{41be252d-0f82-11e9-a624-002713343a56} => not found
HKLM\SOFTWARE\Policies\Google => removed successfully.
HKU\S-1-5-21-3512987231-521144983-709920193-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} => removed successfully.
HKLM\Software\Classes\CLSID\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984AFA40-4BEC-457F-AEDE-FE3404A646FA} => removed successfully.
HKLM\Software\Classes\CLSID\{984AFA40-4BEC-457F-AEDE-FE3404A646FA} => removed successfully.
"qamplvkj" => service was unlocked. <==== ATTENTION => Error: No automatic fix found for this entry.
 

Линк към коментара
Сподели в други сайтове

Не се изпълнил целия фикс...и имам съмнения от къде ....Изчакай малко да направя една корекция ...!

 

Да видим сега дали ще се изпълни ..отново в Safe Mode (with Networking) :


icon13.gif Изтеглете прикачения файл fixlist.txt  и го запазете там, където сте свалили FRST.exe
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.

Press%20the%20FIX%20button_zpsdd5zi3mt.p


Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.
 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

 

pfNZP4A.png  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • FixLog.txt

 

Линк към коментара
Сподели в други сайтове

Fix result of Farbar Recovery Scan Tool (x86) Version: 01-01-2019
Ran by ВЕС (04-01-2019 18:18:30) Run:2
Running from C:\Users\ВЕС\Downloads
Loaded Profiles: ВЕС (Available Profiles: ВЕС)
Boot Mode: Safe Mode (with Networking)

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CMD: sc stop "qamplvkj"
CMD: sc delete "qamplvkj"

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\Run: [DHY0GM3ATCSFE7M] => "C:\Program Files\x0h1djdcnoe\3OQCH.exe"
HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\MountPoints2: {41be252d-0f82-11e9-a624-002713343a56} - F:\Lenovo_Suite.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3512987231-521144983-709920193-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10477_754_190103&q={searchTerms}
BHO: YoutubeAdBlock -> {984AFA40-4BEC-457F-AEDE-FE3404A646FA} -> C:\Program Files\VKkhWVSisIE\kwTiXoR.dll => No File 
S2 qamplvkj; C:\Windows\system32\qamplvkj\dfaricjc.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\teiqv2gvtfm
2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\imgn0qmwmwh
2019-01-03 19:10 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\acysy1vaoki
2019-01-03 19:08 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\3zxuksmazmq
2019-01-03 19:04 - 2019-01-03 19:04 - 000000000 ____D C:\Windows\system32\qamplvkj
2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\vi5lm2mflim
2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\sq0zlve2tqj
2019-01-03 19:02 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\qc1oa2vrskn
2019-01-03 19:02 - 2019-01-03 19:02 - 000000000 ____D C:\Users\ВЕС\AppData\LocalLow\yHNPHHIzKpsCK
2019-01-03 19:01 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\423viiu5lfu
2019-01-03 18:57 - 2019-01-03 18:57 - 000008906 _____ C:\Users\NYBMYXMIG-DECRYPT.txt
2019-01-03 18:57 - 2019-01-03 18:57 - 000008906 _____ C:\NYBMYXMIG-DECRYPT.txt
2019-01-03 18:57 - 2019-01-03 18:57 - 000000000 ____H C:\d85105b2d85102533b.lock
2019-01-03 18:56 - 2019-01-03 18:56 - 000000000 ____D C:\ProgramData\HCRGWPOIZH4OHCKX91M2
C:\Windows\system32\qamplvkj\dfaricjc.exe
Task: {28388CE9-2CA7-49CC-9564-0F424E14BEED} - System32\Tasks\DvwLFWwXutwLxJgmB2 => rundll32 "C:\Program Files\ooxzIAzTqruiVIszQdR\yydPZjO.dll",#1
Task: {56D6A7AF-393C-40E2-9FC4-2A3636BD7188} - System32\Tasks\{EF961BFA-57B7-56F3-7C41-CBDA384B27B1} => "msiexec" -package hxxps://refreshnerer711.info/wVM4raQAo.n1e /q
Task: {7AF01070-CEDB-4440-A34C-665C65F672C1} - System32\Tasks\iYMvCriySoqaGgPjbmR2 => rundll32 "C:\Program Files\qUgzYKxVLnesC\lnFhOtc.dll",#1
Task: {8E82EE52-6E07-47A4-94E6-6615304E8C41} - System32\Tasks\{9691CC12-2E74-1BC2-86C6-CA40BD9675B3} => "msiexec" /q /i hxxps://refreshnerer711rb.info/F01BsF0RBXQ.CrC
Task: {97F429C1-49D9-4EE5-82B4-4FC29549D18B} - System32\Tasks\UXshqEpiPQcXH2 => C:\Windows\system32\wscript.exe "C:\ProgramData\BuHcEEPgNwocAWVB\QkkdFBc.wsf"
Task: {DB69F2CB-FE06-4A26-872B-C008C9CFD1BC} - System32\Tasks\mMzvDpxKxjJVUr => rundll32 "C:\Program Files\hUmbquBpttZU2\mNvKUiXnBbMki.dll",#1
AlternateDataStreams: C:\Windows\system32\config\systemprofile:.repos [6509722]
IE trusted site: HKU\S-1-5-21-3512987231-521144983-709920193-1000\...\webcompanion.com -> hxxp://webcompanion.com
reboot:
end

*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.

========= sc stop "qamplvkj" =========

[SC] ControlService FAILED 1062:

The service has not been started.


========= End of CMD: =========


========= sc delete "qamplvkj" =========

[SC] DeleteService SUCCESS

========= End of CMD: =========

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => not found
"HKU\S-1-5-21-3512987231-521144983-709920193-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DHY0GM3ATCSFE7M" => not found
"HKU\S-1-5-21-3512987231-521144983-709920193-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => not found
HKU\S-1-5-21-3512987231-521144983-709920193-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41be252d-0f82-11e9-a624-002713343a56} => not found
HKLM\Software\Classes\CLSID\{41be252d-0f82-11e9-a624-002713343a56} => not found
HKLM\SOFTWARE\Policies\Google => not found
HKU\S-1-5-21-3512987231-521144983-709920193-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} => not found
HKLM\Software\Classes\CLSID\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984AFA40-4BEC-457F-AEDE-FE3404A646FA} => not found
HKLM\Software\Classes\CLSID\{984AFA40-4BEC-457F-AEDE-FE3404A646FA} => not found
qamplvkj => service not found.
C:\Users\ВЕС\AppData\Roaming\teiqv2gvtfm => moved successfully
C:\Users\ВЕС\AppData\Roaming\imgn0qmwmwh => moved successfully
C:\Users\ВЕС\AppData\Roaming\acysy1vaoki => moved successfully
C:\Users\ВЕС\AppData\Roaming\3zxuksmazmq => moved successfully
C:\Windows\system32\qamplvkj => moved successfully
C:\Users\ВЕС\AppData\Roaming\vi5lm2mflim => moved successfully
C:\Users\ВЕС\AppData\Roaming\sq0zlve2tqj => moved successfully
C:\Users\ВЕС\AppData\Roaming\qc1oa2vrskn => moved successfully
"C:\Users\ВЕС\AppData\LocalLow\yHNPHHIzKpsCK" => not found
C:\Users\ВЕС\AppData\Roaming\423viiu5lfu => moved successfully
"C:\Users\NYBMYXMIG-DECRYPT.txt" => not found
C:\NYBMYXMIG-DECRYPT.txt => moved successfully
C:\d85105b2d85102533b.lock => moved successfully
C:\ProgramData\HCRGWPOIZH4OHCKX91M2 => moved successfully
"C:\Windows\system32\qamplvkj\dfaricjc.exe" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{28388CE9-2CA7-49CC-9564-0F424E14BEED}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28388CE9-2CA7-49CC-9564-0F424E14BEED}" => removed successfully.
C:\Windows\System32\Tasks\DvwLFWwXutwLxJgmB2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DvwLFWwXutwLxJgmB2" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56D6A7AF-393C-40E2-9FC4-2A3636BD7188}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56D6A7AF-393C-40E2-9FC4-2A3636BD7188}" => removed successfully.
C:\Windows\System32\Tasks\{EF961BFA-57B7-56F3-7C41-CBDA384B27B1} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EF961BFA-57B7-56F3-7C41-CBDA384B27B1}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7AF01070-CEDB-4440-A34C-665C65F672C1}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AF01070-CEDB-4440-A34C-665C65F672C1}" => removed successfully.
C:\Windows\System32\Tasks\iYMvCriySoqaGgPjbmR2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iYMvCriySoqaGgPjbmR2" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8E82EE52-6E07-47A4-94E6-6615304E8C41}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E82EE52-6E07-47A4-94E6-6615304E8C41}" => removed successfully.
C:\Windows\System32\Tasks\{9691CC12-2E74-1BC2-86C6-CA40BD9675B3} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9691CC12-2E74-1BC2-86C6-CA40BD9675B3}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{97F429C1-49D9-4EE5-82B4-4FC29549D18B}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97F429C1-49D9-4EE5-82B4-4FC29549D18B}" => removed successfully.
C:\Windows\System32\Tasks\UXshqEpiPQcXH2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UXshqEpiPQcXH2" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB69F2CB-FE06-4A26-872B-C008C9CFD1BC}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB69F2CB-FE06-4A26-872B-C008C9CFD1BC}" => removed successfully.
C:\Windows\System32\Tasks\mMzvDpxKxjJVUr => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\mMzvDpxKxjJVUr" => removed successfully.
C:\Windows\system32\config\systemprofile => ":.repos" ADS removed successfully.
HKU\S-1-5-21-3512987231-521144983-709920193-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12395873 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 5029417 B
Edge => 0 B
Chrome => 218449083 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
LocalService => 66228 B
NetworkService => 66228 B
ВЕС => 71105094 B

RecycleBin => 923852 B
EmptyTemp: => 293.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:18:47 ====

В нормален режим 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2019
Ran by ВЕС (administrator) on WIN-SKFJ6HLGST2 (04-01-2019 18:26:43)
Running from C:\Users\ВЕС\Downloads
Loaded Profiles: ВЕС (Available Profiles: ВЕС)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\...\Drivers32: [MSVideo8] => C:\Windows\system32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -> C:\Windows\System32\iedkcs32.dll [2010-11-20] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2019-01-03] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{840DEA2A-8553-4D25-A5FB-7DB86C5BFBE5}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{EE11610E-0BCC-42A7-A0AC-89B4A3B92BF1}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3512987231-521144983-709920193-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp

FireFox:
========
FF ProfilePath: C:\Users\ВЕС\AppData\Roaming\K-Meleon\oytl87x0.default [2019-01-03]
FF user.js: detected! => C:\Users\ВЕС\AppData\Roaming\K-Meleon\oytl87x0.default\user.js [2006-04-06]
FF Extension: (NewsFox) - C:\Users\ВЕС\Downloads\k-meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2016-01-04] [Legacy] [not signed]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]

Chrome: 
=======
CHR HomePage: Default -> hxxp://google.bg/
CHR Profile: C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default [2019-01-04]
CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2019-01-03]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-03]
CHR Extension: (Chrome Media Router) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-03]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [375776 2018-12-12] (Google Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-12-04] (Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [172280 2019-01-04] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [106144 2019-01-04] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [63760 2019-01-04] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [230120 2019-01-04] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [83648 2019-01-04] (Malwarebytes)
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-04 18:20 - 2019-01-04 18:23 - 000083648 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-01-04 18:20 - 2019-01-04 18:20 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-01-04 18:20 - 2019-01-04 18:20 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-01-04 18:20 - 2019-01-04 18:20 - 000063760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-01-04 18:18 - 2019-01-04 18:18 - 000010173 _____ C:\Users\ВЕС\Downloads\Fixlog.txt
2019-01-04 16:30 - 2019-01-04 16:30 - 000005319 _____ C:\Users\ВЕС\Documents\Fixlog.txt
2019-01-04 16:30 - 2019-01-04 16:30 - 000003620 _____ C:\Users\ВЕС\Documents\fixlist.txt
2019-01-04 03:15 - 2019-01-04 03:15 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2019-01-04 03:15 - 2019-01-04 03:15 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2019-01-04 03:14 - 2019-01-04 03:14 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2019-01-04 03:10 - 2019-01-03 18:31 - 000000000 ____D C:\Windows\Panther
2019-01-04 03:03 - 2019-01-04 03:03 - 000000000 ____D C:\Windows.old
2019-01-03 20:44 - 2019-01-03 20:44 - 000017953 _____ C:\Users\ВЕС\Downloads\Addition.txt
2019-01-03 20:43 - 2019-01-04 18:27 - 000005358 _____ C:\Users\ВЕС\Downloads\FRST.txt
2019-01-03 20:43 - 2019-01-04 18:26 - 000000000 ____D C:\FRST
2019-01-03 20:43 - 2019-01-03 20:43 - 001783808 _____ (Farbar) C:\Users\ВЕС\Downloads\FRST.exe
2019-01-03 20:03 - 2019-01-03 20:03 - 000000000 ____D C:\Users\ВЕС\AppData\Local\mbam
2019-01-03 20:02 - 2019-01-04 16:29 - 000172280 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-01-03 20:02 - 2019-01-03 20:02 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\Users\ВЕС\AppData\Local\mbamtray
2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-03 20:02 - 2018-12-04 08:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-01-03 20:00 - 2019-01-03 20:01 - 081227760 _____ (Malwarebytes ) C:\Users\ВЕС\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2019-01-03 19:40 - 2019-01-03 20:03 - 000000000 ____D C:\ProgramData\RogueKiller
2019-01-03 19:40 - 2019-01-03 19:40 - 029162424 _____ (Adlice Software ) C:\Users\ВЕС\Downloads\RogueKiller_setup.exe
2019-01-03 19:40 - 2019-01-03 19:40 - 000001001 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2019-01-03 19:40 - 2019-01-03 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-01-03 19:40 - 2019-01-03 19:40 - 000000000 ____D C:\Program Files\RogueKiller
2019-01-03 19:34 - 2019-01-04 16:29 - 000383916 _____ C:\Windows\ntbtlog.txt
2019-01-03 19:30 - 2019-01-03 19:30 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2019-01-03 19:10 - 2019-01-03 19:10 - 006161408 _____ C:\Users\ВЕС\AppData\Local\dump007.dat
2019-01-03 19:09 - 2019-01-03 19:09 - 000000009 _____ C:\Users\ВЕС\rstr1.ini
2019-01-03 19:07 - 2019-01-03 19:07 - 000000258 __RSH C:\Users\ВЕС\ntuser.pol
2019-01-03 19:02 - 2019-01-03 19:02 - 000000000 ____D C:\Users\ВЕС\AppData\LocalLow\yHNPHHIzKpsCK
2019-01-03 19:01 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Michael
2019-01-03 19:01 - 2019-01-03 19:19 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\ShopMore
2019-01-03 19:01 - 2019-01-03 19:07 - 000002964 __RSH C:\ProgramData\ntuser.pol
2019-01-03 19:01 - 2019-01-03 19:01 - 000493800 _____ (VideoDriver) C:\Windows\D04DE5140B2D.sys
2019-01-03 19:01 - 2019-01-03 19:01 - 000140800 _____ C:\Users\ВЕС\AppData\Local\installer.dat
2019-01-03 19:01 - 2019-01-03 19:01 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Python
2019-01-03 19:00 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\ezc3lfxnx4j
2019-01-03 19:00 - 2019-01-03 19:00 - 000000003 _____ C:\Users\ВЕС\AppData\Local\wbem.ini
2019-01-03 19:00 - 2019-01-03 19:00 - 000000000 ____D C:\ProgramData\{AC10FE2E-1A46-0496-3E07-15883EE04CD9}
2019-01-03 19:00 - 2019-01-03 19:00 - 000000000 ____D C:\ProgramData\{59403C6F-D807-F1C6-7FC5-457D7F221C2C}
2019-01-03 18:57 - 2019-01-03 18:57 - 000008906 _____ C:\Users\NYBMYXMIG-DECRYPT.txt
2019-01-03 18:56 - 2015-08-03 08:53 - 000384000 _____ (SafeIP) C:\Windows\system32\SafeIPs.dll
2019-01-03 18:55 - 2019-01-03 20:05 - 000000000 ____D C:\Program Files\KMSPico 10.2.1 Final
2019-01-03 18:53 - 2018-12-10 23:04 - 000499424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-01-03 18:48 - 2019-01-03 18:48 - 001259736 _____ (Plarium) C:\Users\ВЕС\Downloads\PlariumPlaySetup (1).exe
2019-01-03 18:46 - 2019-01-03 18:46 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Package Cache
2019-01-03 18:45 - 2019-01-03 19:03 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Mozilla
2019-01-03 18:45 - 2019-01-03 18:45 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\K-Meleon
2019-01-03 18:45 - 2019-01-03 18:45 - 000000000 ____D C:\Users\ВЕС\AppData\Local\K-Meleon
2019-01-03 18:44 - 2019-01-03 18:44 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Plarium
2019-01-03 18:44 - 2019-01-03 18:44 - 000000000 ____D C:\Users\ВЕС\AppData\Local\CEF
2019-01-03 18:39 - 2019-01-03 18:39 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Google
2019-01-03 18:38 - 2019-01-03 19:53 - 000002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-01-03 18:38 - 2019-01-03 19:53 - 000002161 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-01-03 18:37 - 2019-01-03 19:02 - 000000000 ____D C:\Program Files\Google
2019-01-03 18:37 - 2019-01-03 19:00 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Google
2019-01-03 18:37 - 2019-01-03 18:37 - 000057560 _____ C:\Users\ВЕС\AppData\Local\GDIPFONTCACHEV1.DAT
2019-01-03 18:37 - 2019-01-03 18:37 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Deployment
2019-01-03 18:37 - 2019-01-03 18:37 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Apps\2.0
2019-01-03 18:36 - 2014-05-14 17:23 - 001973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-01-03 18:36 - 2014-05-14 17:23 - 000054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2019-01-03 18:36 - 2014-05-14 17:23 - 000045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2019-01-03 18:36 - 2014-05-14 17:17 - 002425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2019-01-03 18:36 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2019-01-03 18:36 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2019-01-03 18:33 - 2019-01-03 19:53 - 000001335 _____ C:\Users\ВЕС\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-01-03 18:33 - 2019-01-03 19:09 - 000000000 ____D C:\Users\ВЕС
2019-01-03 18:33 - 2019-01-03 18:33 - 000000020 ___SH C:\Users\ВЕС\ntuser.ini
2019-01-03 18:33 - 2019-01-03 18:33 - 000000000 ____D C:\Users\ВЕС\AppData\Local\VirtualStore
2019-01-03 18:33 - 2010-11-21 01:46 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Media Center Programs
2019-01-03 16:27 - 2019-01-03 16:27 - 000000000 ____D C:\My Drivers
2018-12-30 08:50 - 2018-12-30 08:50 - 005183296 _____ (Marcin Szeniak ) C:\Users\ВЕС\Downloads\BCUninstaller_4.12.1_setup.exe
2018-12-29 13:35 - 2018-12-29 13:35 - 000000000 ____D C:\SWSetup

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-04 18:24 - 2010-11-20 22:01 - 000713888 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-04 18:24 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2019-01-04 18:19 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-04 16:25 - 2009-07-14 05:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-04 16:25 - 2009-07-14 05:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-04 03:15 - 2009-07-14 05:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2019-01-04 03:15 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\sysprep
2019-01-04 03:12 - 2010-11-21 01:46 - 000000000 ____D C:\Windows\CSC
2019-01-04 03:10 - 2009-07-14 05:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2019-01-03 19:01 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\GroupPolicy
2019-01-03 18:57 - 2018-08-11 19:54 - 000000000 ____D C:\Intel
2019-01-03 18:57 - 2017-10-21 13:53 - 000000000 ____D C:\LFS
2019-01-03 18:57 - 2017-09-25 20:50 - 000000000 ___RD C:\BECKO-PC
2019-01-03 18:57 - 2017-04-14 15:10 - 000036892 ____H C:\iCS Source.suo.nybmyxmig
2019-01-03 18:33 - 2009-07-14 05:33 - 000266808 _____ C:\Windows\system32\FNTCACHE.DAT
2019-01-03 18:31 - 2009-07-14 03:37 - 000000000 __RHD C:\Users\Public\Libraries
2019-01-03 17:30 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\rescache
2019-01-03 15:34 - 2018-08-11 14:17 - 000000000 ____D C:\Users\ВЕС\Downloads\k-meleon
2019-01-01 13:09 - 2018-09-02 13:32 - 000000000 ____D C:\Users\ВЕС\Documents\TalkHelper

==================== Files in the root of some directories =======

1601-01-03 21:26 - 1601-01-03 21:26 - 000186368 ____N (Microsoft Corporation) C:\Users\ВЕС\AppData\Local\aIQEonJ.exe
2019-01-03 19:10 - 2019-01-03 19:10 - 006161408 _____ () C:\Users\ВЕС\AppData\Local\dump007.dat
2019-01-03 19:01 - 2019-01-03 19:01 - 000140800 _____ () C:\Users\ВЕС\AppData\Local\installer.dat
2019-01-03 19:00 - 2019-01-03 19:00 - 000000003 _____ () C:\Users\ВЕС\AppData\Local\wbem.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-04 03:11

==================== End of FRST.txt ============================

Addition.txt

Линк към коментара
Сподели в други сайтове

Сега каква е ситуацията до тук...?

Деинсталиране на нежелани / ненужни програми:

  • Натиснете клавишна комбинация   WindowsKey.png + R на клавиатурата си едновременно. Напишете (копирайте) в полето  appwiz.cpl и кликнете върху OK.
  • В отворилия се списък с инсталирани програми щракнете с десния бутон на мишката върху следната програма:
Цитат
RogueKiller version 13.0.20.0

..и след това кликнете върху Uninstall (Деинсталиране)..!

 

 

GfiJrQ9.png&key=c8330b952021a3c1e5ae3771  Сканиране с Malwarebytes Anti-Malware (MBAM)

Моля изтеглете Malwarebytes Anti -Malware и я запазете на вашия десктоп.

  • Стартирайте файла mb3-setup-consumer- x.x.x.xxxx.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи програмата ще стартира автоматично.
  • Отидете до табът Settings => Protection > и под категорията Scan Options включете опцията "Scan for rootkits" като преместите плъзгача надясно.

xTvORSF.png

  • Отидете до табът Scan, и изберете Threat Scan и след това натиснете бутона Start Scan.

RUSrqgW.png

  • Ще започне проверка за зловреден софтуер.

4CJ90KI.png

  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи ще се появи списъка с резултатите (ако има намерени обекти). Ако програмата е минимизирана докато сканира ще се появи следното съобщение ако има открити заплахи. Натиснете бутона View Scan Results.

37b.png

  • . Натиснете бутона Quarantine Selected.

2CfXEk1.png

  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.

8Jc9dl9.png

  • След рестарта, стартирайте отново Malwarebytes Anti-Malware.
  • Отидете то табът Reports и отворете лог файла с името Scan Report.

X0ha4sd.png

  • Натиснете бутона Export и след това =>  "Copy to Clipboard"

fE9qzai.png

  • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + Vи го публикувайте в следващия си коментар.

 

pfNZP4A.png  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • Дневник от Malwarebytes Anti -Malware

 

Линк към коментара
Сподели в други сайтове

Сега вече системата работи по-добре

 

Malwarebytes
www.malwarebytes.com

-Детайли за регистъра-
Дата на сканиране: 4.01.19 г.
Час на сканиране: 18:54
Файл на регистъра: d14c9b0c-1049-11e9-8809-002713343a56.json

-Информация за софтуера-
Версия: 3.6.1.2711
Версия на компонентите: 1.0.508
Актуализирай версията на пакета: 1.0.8625
Лиценз: Пробен период

-Системна информация-
OS: Windows 7 Service Pack 1
CPU: x86
Файлова система: NTFS
Потребител: WIN-SKFJ6HLGST2\\u00d0\u0092\u00d0\u0095\u00d0\u00a1

-Резюме на сканирането-
Тип сканиране: Threat Scan
Сканирането е стартирано от: Ръчно
Резултат: Завършено
Сканирани обекти: 148014
Открити заплахи: 2
Заплахи под карантина: 2
Изтекло време: 3 мин, 10 сек

-Опции за сканиране-
Памет: Разрешено
Стартиране: Разрешено
Файлова система: Разрешено
Архиви: Разрешено
руткитове: Разрешено
Евристика: Разрешено
PUP: Открий
PUM: Открий

-Детайли за сканирането-
Процес: 0
(Не бяха открити зловредни елементи)

Модул: 0
(Не бяха открити зловредни елементи)

Ключ на регистъра: 0
(Не бяха открити зловредни елементи)

Стойност на регистъра: 0
(Не бяха открити зловредни елементи)

Данни на регистъра: 0
(Не бяха открити зловредни елементи)

Поток данни: 0
(Не бяха открити зловредни елементи)

Папка: 0
(Не бяха открити зловредни елементи)

Файл: 0
(Не бяха открити зловредни елементи)

Физически сектор: 2
Rootkit.Pitou.c.MBR, 0, Смяна при рестартиране, [15352], [514127],0.0.0
Forged physical sector, 0, Смяна при рестартиране, [0], [0],0.0.0

WMI: 0
(Не бяха открити зловредни елементи)


(end)

Линк към коментара
Сподели в други сайтове

Цитат

Rootkit.Pitou.c.MBR, 0, Смяна при рестартиране, [15352], [514127],0.0.0
Forged physical sector, 0, Смяна при рестартиране, [0], [0],0.0.0

Рестартирайте компютъра си ...! И след това на базата на тези записи от последното сканиране:

 

Сканиране с TDSSKiller
 
kaspersky.gif  Моля, изтеглете последната версия на TDSSKiller оттук и я запазете на вашиядекстоп (задължително).
 

  • Кликнете на TDSSKiller.exe за да стартирате приложението
  • Натиснете бутона Start Scan.
  •  Не използвайте компютъра по време на сканирането
  •  Ако сканирането завърши с нищо не е намерено, щракнете върху Затвори, за да излезете.
  • Проверката не би трябвало да отмене повече от 2 минути.
  • Ако подозрителен обект бъде засечен, действието по подразбиране ще бъде Skip, кликнете върху Continue.
  • Ако зловредни обекти бъдат намерени, тогава от падащото меню ще имате три възможности.
    Бъдете сигурни, че избраното действие е Cure и натиснете върху Continue >Рестартирайте за да бъде завършена поправката.

    Забележка: Ако Cure бутона не е наличен от възможностите, тогава моля изберете Skip бутона, не избирайте Delete освен ако не сте инструктирани затова.

Лог файл ще бъде създаден в свободната директория на дял C: . Потърсете за лог с името "TDSSKiller.[Version]_[Date]_[Time]_log.txt" и копирайте съдържанието му в следващия си пост.

Линк към коментара
Сподели в други сайтове

19:28:10.0584 0x0ebc  TDSS rootkit removing tool 3.1.0.25 Dec 24 2018 06:31:07
19:28:15.0968 0x0ebc  ============================================================
19:28:15.0968 0x0ebc  Current date / time: 2019/01/04 19:28:15.0968
19:28:15.0968 0x0ebc  SystemInfo:
19:28:15.0968 0x0ebc  
19:28:15.0968 0x0ebc  OS Version: 6.1.7601 ServicePack: 1.0
19:28:15.0968 0x0ebc  Product type: Workstation
19:28:15.0969 0x0ebc  ComputerName: WIN-SKFJ6HLGST2
19:28:15.0969 0x0ebc  UserName: ВЕС
19:28:15.0969 0x0ebc  Windows directory: C:\Windows
19:28:15.0969 0x0ebc  System windows directory: C:\Windows
19:28:15.0969 0x0ebc  Processor architecture: Intel x86
19:28:15.0969 0x0ebc  Number of processors: 2
19:28:15.0969 0x0ebc  Page size: 0x1000
19:28:15.0969 0x0ebc  Boot type: Normal boot
19:28:15.0970 0x0ebc  CodeIntegrityOptions = 0x00000000
19:28:15.0970 0x0ebc  ============================================================
19:28:20.0907 0x0ebc  KLMD registered as C:\Windows\system32\drivers\65300919.sys
19:28:20.0907 0x0ebc  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.17514, osProperties = 0x0
19:28:21.0166 0x0ebc  System UUID: {A8E52CEA-BEC2-A704-09F4-DDADC690A2B5}
19:28:21.0563 0x0ebc  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:28:21.0581 0x0ebc  ============================================================
19:28:21.0581 0x0ebc  \Device\Harddisk0\DR0:
19:28:21.0581 0x0ebc  MBR partitions:
19:28:21.0581 0x0ebc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:28:21.0581 0x0ebc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC834000
19:28:21.0581 0x0ebc  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC866800, BlocksNum 0x2DA3E000
19:28:21.0582 0x0ebc  ============================================================
19:28:21.0613 0x0ebc  C: <-> \Device\Harddisk0\DR0\Partition2
19:28:21.0641 0x0ebc  D: <-> \Device\Harddisk0\DR0\Partition3
19:28:21.0675 0x0ebc  H: <-> \Device\Harddisk0\DR0\Partition1
19:28:21.0675 0x0ebc  ============================================================
19:28:21.0675 0x0ebc  Initialize success
19:28:21.0675 0x0ebc  ============================================================
19:28:24.0645 0x0744  ============================================================
19:28:24.0645 0x0744  Scan started
19:28:24.0645 0x0744  Mode: Manual; 
19:28:24.0645 0x0744  ============================================================
19:28:24.0646 0x0744  KSN ping started
19:28:27.0396 0x0744  KSN ping finished: true
19:28:28.0829 0x0744  ================ Scan BIOS =================================
19:28:28.0831 0x0744  BIOS info: vendor = Hewlett-Packard, version = 68PCU Ver. F.20, releaseDate = 12/08/2011
19:28:28.0831 0x0744  Base board info: manufacturer = Hewlett-Packard, product = 30DB, version = KBC Version 87.2B
19:28:36.0192 0x0744  [ 86000431CDB982F490384FFA47386F63, B831A27F0DE9D10A6BA8CB5E7E219459525A39BC1E098BC3F4A1E11672591EC8 ] BIOS
19:28:39.0192 0x0744  BIOS - ok
19:28:39.0199 0x0744  ================ Scan system memory ========================
19:28:39.0202 0x0744  System memory - ok
19:28:39.0204 0x0744  ================ Scan services =============================
19:28:39.0800 0x0744  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
19:28:39.0811 0x0744  1394ohci - ok
19:28:39.0843 0x0744  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:28:39.0853 0x0744  ACPI - ok
19:28:39.0872 0x0744  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:28:39.0874 0x0744  AcpiPmi - ok
19:28:39.0904 0x0744  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:28:39.0919 0x0744  adp94xx - ok
19:28:39.0933 0x0744  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:28:39.0940 0x0744  adpahci - ok
19:28:39.0949 0x0744  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:28:39.0954 0x0744  adpu320 - ok
19:28:39.0988 0x0744  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:28:39.0990 0x0744  AeLookupSvc - ok
19:28:40.0048 0x0744  [ 1151FD4FB0216CFED887BFDE29EBD516, 673C2B498744C7EB846F6BD4FDC852B0A9722377D75FD694F7F78E727ADF4563 ] AFD             C:\Windows\system32\drivers\afd.sys
19:28:40.0060 0x0744  AFD - ok
19:28:40.0145 0x0744  [ 7E10E3BB9B258AD8A9300F91214D67B9, CE5FAD7BF78234B64EAADF64DB23F3C342AADB9C5E3B0168E57863F494F30318 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
19:28:40.0173 0x0744  AgereSoftModem - ok
19:28:40.0195 0x0744  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
19:28:40.0197 0x0744  agp440 - ok
19:28:40.0216 0x0744  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
19:28:40.0219 0x0744  aic78xx - ok
19:28:40.0250 0x0744  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
19:28:40.0252 0x0744  ALG - ok
19:28:40.0287 0x0744  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:28:40.0289 0x0744  aliide - ok
19:28:40.0295 0x0744  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
19:28:40.0297 0x0744  amdagp - ok
19:28:40.0304 0x0744  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:28:40.0305 0x0744  amdide - ok
19:28:40.0323 0x0744  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:28:40.0326 0x0744  AmdK8 - ok
19:28:40.0333 0x0744  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:28:40.0336 0x0744  AmdPPM - ok
19:28:40.0356 0x0744  [ E7F4D42D8076EC60E21715CD11743A0D, 91AC020A70964F8783C999BDE8AB8391A3FA3AFC1CD4BC52A43625A2010A53E7 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:28:40.0359 0x0744  amdsata - ok
19:28:40.0367 0x0744  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:28:40.0374 0x0744  amdsbs - ok
19:28:40.0380 0x0744  [ 146459D2B08BFDCBFA856D9947043C81, AC7F2069717601F949B0968EA651899D497170A93B84281B66D3CE5C382DDECB ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:28:40.0381 0x0744  amdxata - ok
19:28:40.0390 0x0744  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
19:28:40.0393 0x0744  AppID - ok
19:28:40.0436 0x0744  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:28:40.0439 0x0744  AppIDSvc - ok
19:28:40.0457 0x0744  [ FB1959012294D6AD43E5304DF65E3C26, CFE906B07FF71A178CF9C254B056C6F5A303DDC511F0E4E1E75808F1D5326495 ] Appinfo         C:\Windows\System32\appinfo.dll
19:28:40.0459 0x0744  Appinfo - ok
19:28:40.0492 0x0744  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:28:40.0497 0x0744  AppMgmt - ok
19:28:40.0503 0x0744  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
19:28:40.0505 0x0744  arc - ok
19:28:40.0529 0x0744  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:28:40.0532 0x0744  arcsas - ok
19:28:40.0553 0x0744  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:28:40.0555 0x0744  AsyncMac - ok
19:28:40.0578 0x0744  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:28:40.0579 0x0744  atapi - ok
19:28:40.0640 0x0744  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:28:40.0653 0x0744  AudioEndpointBuilder - ok
19:28:40.0670 0x0744  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:28:40.0678 0x0744  Audiosrv - ok
19:28:40.0708 0x0744  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:28:40.0712 0x0744  AxInstSV - ok
19:28:40.0782 0x0744  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
19:28:40.0797 0x0744  b06bdrv - ok
19:28:40.0835 0x0744  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
19:28:40.0845 0x0744  b57nd60x - ok
19:28:40.0906 0x0744  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
19:28:40.0909 0x0744  BDESVC - ok
19:28:40.0924 0x0744  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:28:40.0928 0x0744  Beep - ok
19:28:40.0963 0x0744  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
19:28:40.0976 0x0744  BFE - ok
19:28:41.0015 0x0744  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
19:28:41.0031 0x0744  BITS - ok
19:28:41.0037 0x0744  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:28:41.0039 0x0744  blbdrive - ok
19:28:41.0044 0x0744  [ FCAFAEF6798D7B51FF029F99A9898961, BFB37686B1386EB883B99DB6AC342C20514939F8B7A5CEC5D63865B3DC2B4D4F ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:28:41.0047 0x0744  bowser - ok
19:28:41.0060 0x0744  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:28:41.0062 0x0744  BrFiltLo - ok
19:28:41.0067 0x0744  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:28:41.0068 0x0744  BrFiltUp - ok
19:28:41.0085 0x0744  [ 6E11F33D14D020F58D5E02E4D67DFA19, 9563E4E8CE769B7619745F6F6DE618389A1595785023BF1F295AD8301B27F0AF ] Browser         C:\Windows\System32\browser.dll
19:28:41.0089 0x0744  Browser - ok
19:28:41.0100 0x0744  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:28:41.0108 0x0744  Brserid - ok
19:28:41.0131 0x0744  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:28:41.0134 0x0744  BrSerWdm - ok
19:28:41.0139 0x0744  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:28:41.0140 0x0744  BrUsbMdm - ok
19:28:41.0146 0x0744  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:28:41.0147 0x0744  BrUsbSer - ok
19:28:41.0194 0x0744  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
19:28:41.0196 0x0744  BthEnum - ok
19:28:41.0202 0x0744  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:28:41.0204 0x0744  BTHMODEM - ok
19:28:41.0228 0x0744  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:28:41.0231 0x0744  BthPan - ok
19:28:41.0261 0x0744  [ 195C41CC67E9E1CEDD960CCB74925920, 28F6032E75D24A01A0E9932618CC50D14716DDF2954EB1112F10AEC904FB4E39 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
19:28:41.0271 0x0744  BTHPORT - ok
19:28:41.0316 0x0744  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
19:28:41.0319 0x0744  bthserv - ok
19:28:41.0344 0x0744  [ 43B3206DD654E783AA7E4EAD340A43B8, 34D3B4F7FA872F1071F0CB8B4DCC00F1779AEBA74583D21FA7502A165D9209F5 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
19:28:41.0346 0x0744  BTHUSB - ok
19:28:41.0386 0x0744  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:28:41.0388 0x0744  cdfs - ok
19:28:41.0418 0x0744  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:28:41.0421 0x0744  cdrom - ok
19:28:41.0473 0x0744  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:28:41.0476 0x0744  CertPropSvc - ok
19:28:41.0481 0x0744  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
19:28:41.0483 0x0744  circlass - ok
19:28:41.0506 0x0744  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
19:28:41.0513 0x0744  CLFS - ok
19:28:41.0669 0x0744  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:28:41.0679 0x0744  clr_optimization_v2.0.50727_32 - ok
19:28:41.0745 0x0744  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:28:41.0747 0x0744  CmBatt - ok
19:28:41.0757 0x0744  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:28:41.0761 0x0744  cmdide - ok
19:28:41.0786 0x0744  [ 1B675691ED940766149C93E8F4488D68, A55C41B2B343B1CF53D737ED1752D0510052094FFC60FDB833279A8A52398132 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:28:41.0795 0x0744  CNG - ok
19:28:41.0814 0x0744  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:28:41.0815 0x0744  Compbatt - ok
19:28:41.0823 0x0744  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:28:41.0825 0x0744  CompositeBus - ok
19:28:41.0836 0x0744  COMSysApp - ok
19:28:41.0842 0x0744  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:28:41.0844 0x0744  crcdisk - ok
19:28:41.0899 0x0744  [ A585BEBF7D054BD9618EDA0922D5484A, 340DF730E88F8B6A4EF542F620EBA2A720546AFAB4DFFA00F066B7610A1026C5 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:28:41.0908 0x0744  CryptSvc - ok
19:28:41.0985 0x0744  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
19:28:42.0000 0x0744  CSC - ok
19:28:42.0045 0x0744  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
19:28:42.0065 0x0744  CscService - ok
19:28:42.0130 0x0744  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:28:42.0146 0x0744  DcomLaunch - ok
19:28:42.0186 0x0744  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
19:28:42.0192 0x0744  defragsvc - ok
19:28:42.0222 0x0744  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:28:42.0225 0x0744  DfsC - ok
19:28:42.0270 0x0744  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:28:42.0278 0x0744  Dhcp - ok
19:28:42.0304 0x0744  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
19:28:42.0305 0x0744  discache - ok
19:28:42.0333 0x0744  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\drivers\disk.sys
19:28:42.0337 0x0744  Disk - ok
19:28:42.0372 0x0744  [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
19:28:42.0375 0x0744  dmvsc - ok
19:28:42.0422 0x0744  [ 2FE30D71919C51131405797620E0A714, 16060DDC32EF95EB6E37B91D50A96AB53CB0DEBB3DFDCB31975D16361092ABA5 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:28:42.0433 0x0744  Dnscache - ok
19:28:42.0456 0x0744  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:28:42.0466 0x0744  dot3svc - ok
19:28:42.0492 0x0744  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
19:28:42.0499 0x0744  DPS - ok
19:28:42.0537 0x0744  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:28:42.0539 0x0744  drmkaud - ok
19:28:42.0596 0x0744  [ 23F5D28378A160352BA8F817BD8C71CB, 11BF7B7E6276C28EFF74B8AF89B493CBB89B394D2A091708EDA15DA5C342FF19 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:28:42.0616 0x0744  DXGKrnl - ok
19:28:42.0648 0x0744  [ 8EEF52AD831471E323EE7364A8656D35, 815E8D320019F55497B716872DA02BA4DFBA3BE2DD29AF74DA86DD6B0BCE5FA6 ] e1yexpress      C:\Windows\system32\DRIVERS\e1y6032.sys
19:28:42.0654 0x0744  e1yexpress - ok
19:28:42.0689 0x0744  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
19:28:42.0693 0x0744  EapHost - ok
19:28:42.0827 0x0744  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
19:28:42.0951 0x0744  ebdrv - ok
19:28:42.0977 0x0744  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] EFS             C:\Windows\System32\lsass.exe
19:28:42.0980 0x0744  EFS - ok
19:28:43.0101 0x0744  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:28:43.0116 0x0744  ehRecvr - ok
19:28:43.0123 0x0744  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
19:28:43.0127 0x0744  ehSched - ok
19:28:43.0192 0x0744  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:28:43.0205 0x0744  elxstor - ok
19:28:43.0211 0x0744  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:28:43.0212 0x0744  ErrDev - ok
19:28:43.0266 0x0744  [ 582B3D9E30D8EEF562C2B5E4A492B18C, 5FE505A436DA47EDA8945D1C59D5D1CE298B0F53DAACAAB956BC39EA5ADC8F36 ] ESProtectionDriver C:\Windows\system32\drivers\mbae.sys
19:28:43.0269 0x0744  ESProtectionDriver - ok
19:28:43.0326 0x0744  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
19:28:43.0342 0x0744  EventSystem - ok
19:28:43.0369 0x0744  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:28:43.0374 0x0744  exfat - ok
19:28:43.0383 0x0744  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:28:43.0387 0x0744  fastfat - ok
19:28:43.0429 0x0744  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
19:28:43.0443 0x0744  Fax - ok
19:28:43.0469 0x0744  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\drivers\fdc.sys
19:28:43.0471 0x0744  fdc - ok
19:28:43.0487 0x0744  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
19:28:43.0489 0x0744  fdPHost - ok
19:28:43.0513 0x0744  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:28:43.0516 0x0744  FDResPub - ok
19:28:43.0521 0x0744  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:28:43.0523 0x0744  FileInfo - ok
19:28:43.0529 0x0744  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:28:43.0531 0x0744  Filetrace - ok
19:28:43.0536 0x0744  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:28:43.0538 0x0744  flpydisk - ok
19:28:43.0553 0x0744  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:28:43.0559 0x0744  FltMgr - ok
19:28:43.0608 0x0744  [ FA6C66E4364D7DA57AADE5DCC03BB999, 9C0D0A04D2558CF60B7F7185CC9B369CDDD3B1C625960910CECF07611F288378 ] FontCache       C:\Windows\system32\FntCache.dll
19:28:43.0628 0x0744  FontCache - ok
19:28:43.0714 0x0744  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:28:43.0721 0x0744  FontCache3.0.0.0 - ok
19:28:43.0745 0x0744  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:28:43.0751 0x0744  FsDepends - ok
19:28:43.0769 0x0744  [ A574B4360E438977038AAE4BF60D79A2, 7255CCDDDAC4853FA72E6487408C4B7390CBA37549CE952929B2A9CF3327C616 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:28:43.0771 0x0744  Fs_Rec - ok
19:28:43.0783 0x0744  [ 8A73E79089B282100B9393B644CB853B, 844DC5AADFABBD050B967904B796BA06BFD64C9112616EA26229D084F8B3AD41 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:28:43.0790 0x0744  fvevol - ok
19:28:43.0798 0x0744  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:28:43.0804 0x0744  gagp30kx - ok
19:28:43.0989 0x0744  [ 23F7AF7E0512C58467BC37FF4AF356A8, 385AD7844FC75FB319B120303A446359B3FEA4D84BF2F8FA481955E52788E076 ] GoogleChromeElevationService C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
19:28:44.0005 0x0744  GoogleChromeElevationService - ok
19:28:44.0049 0x0744  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:28:44.0065 0x0744  gpsvc - ok
19:28:44.0088 0x0744  gupdate - ok
19:28:44.0098 0x0744  gupdatem - ok
19:28:44.0127 0x0744  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:28:44.0129 0x0744  hcw85cir - ok
19:28:44.0184 0x0744  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:28:44.0193 0x0744  HdAudAddService - ok
19:28:44.0215 0x0744  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:28:44.0218 0x0744  HDAudBus - ok
19:28:44.0222 0x0744  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:28:44.0224 0x0744  HidBatt - ok
19:28:44.0245 0x0744  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:28:44.0248 0x0744  HidBth - ok
19:28:44.0264 0x0744  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:28:44.0267 0x0744  HidIr - ok
19:28:44.0306 0x0744  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
19:28:44.0314 0x0744  hidserv - ok
19:28:44.0332 0x0744  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:28:44.0334 0x0744  HidUsb - ok
19:28:44.0358 0x0744  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:28:44.0363 0x0744  hkmsvc - ok
19:28:44.0390 0x0744  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:28:44.0400 0x0744  HomeGroupListener - ok
19:28:44.0463 0x0744  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:28:44.0472 0x0744  HomeGroupProvider - ok
19:28:44.0493 0x0744  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:28:44.0497 0x0744  HpSAMD - ok
19:28:44.0516 0x0744  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:28:44.0529 0x0744  HTTP - ok
19:28:44.0545 0x0744  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:28:44.0546 0x0744  hwpolicy - ok
19:28:44.0601 0x0744  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:28:44.0604 0x0744  i8042prt - ok
19:28:44.0636 0x0744  [ A3CAE5D281DB4CFF7CFF8233507EE5AD, 2666107220B9F301193F2CF85A3D6B09E6E42CC150152D10A8886E47A3FD9B0D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:28:44.0652 0x0744  iaStorV - ok
19:28:44.0743 0x0744  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:28:44.0765 0x0744  idsvc - ok
19:28:44.0964 0x0744  [ AD626F6964F4D364D226C39E06872DD3, 5D52F89930BB07D4D2D0FC12143BD233B5D2C238527B3B4CAD74736D1EC84218 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
19:28:45.0153 0x0744  igfx - ok
19:28:45.0194 0x0744  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:28:45.0195 0x0744  iirsp - ok
19:28:45.0269 0x0744  [ F95622F161474511B8D80D6B093AA610, F2320E25EB9B4AA9A8366BD3AA23EABEBE111A5610D3A62EBA47D90427D5BC26 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:28:45.0292 0x0744  IKEEXT - ok
19:28:45.0311 0x0744  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:28:45.0312 0x0744  intelide - ok
19:28:45.0327 0x0744  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:28:45.0328 0x0744  intelppm - ok
19:28:45.0350 0x0744  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:28:45.0354 0x0744  IPBusEnum - ok
19:28:45.0359 0x0744  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:28:45.0362 0x0744  IpFilterDriver - ok
19:28:45.0378 0x0744  [ 4D65A07B795D6674312F879D09AA7663, 8D72FE0B51A6FF71F85D2602DB3AE91C8749F70869B6789552F047BA81411EDA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:28:45.0391 0x0744  iphlpsvc - ok
19:28:45.0397 0x0744  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:28:45.0400 0x0744  IPMIDRV - ok
19:28:45.0407 0x0744  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:28:45.0410 0x0744  IPNAT - ok
19:28:45.0415 0x0744  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:28:45.0418 0x0744  IRENUM - ok
19:28:45.0425 0x0744  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:28:45.0427 0x0744  isapnp - ok
19:28:45.0448 0x0744  [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:28:45.0455 0x0744  iScsiPrt - ok
19:28:45.0490 0x0744  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:28:45.0491 0x0744  kbdclass - ok
19:28:45.0507 0x0744  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:28:45.0509 0x0744  kbdhid - ok
19:28:45.0529 0x0744  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] KeyIso          C:\Windows\system32\lsass.exe
19:28:45.0531 0x0744  KeyIso - ok
19:28:45.0537 0x0744  [ 412CEA1AA78CC02A447F5C9E62B32FF1, E06859E2CE2AFA3CE521851F8810778ED1748B812E601A58786605096AACEA81 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:28:45.0540 0x0744  KSecDD - ok
19:28:45.0549 0x0744  [ 26C046977E85B95036453D7B88BA1820, 375B284AFB407CAE417D2090B112A0ED1CCD516ABFDDBFCD5D6AADE859F14ACD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:28:45.0553 0x0744  KSecPkg - ok
19:28:45.0610 0x0744  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:28:45.0621 0x0744  KtmRm - ok
19:28:45.0664 0x0744  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:28:45.0671 0x0744  LanmanServer - ok
19:28:45.0699 0x0744  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:28:45.0707 0x0744  LanmanWorkstation - ok
19:28:45.0777 0x0744  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:28:45.0782 0x0744  lltdio - ok
19:28:45.0820 0x0744  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:28:45.0838 0x0744  lltdsvc - ok
19:28:45.0850 0x0744  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:28:45.0856 0x0744  lmhosts - ok
19:28:45.0890 0x0744  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:28:45.0893 0x0744  LSI_FC - ok
19:28:45.0900 0x0744  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:28:45.0903 0x0744  LSI_SAS - ok
19:28:45.0909 0x0744  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:28:45.0911 0x0744  LSI_SAS2 - ok
19:28:45.0918 0x0744  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:28:45.0922 0x0744  LSI_SCSI - ok
19:28:45.0928 0x0744  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:28:45.0931 0x0744  luafv - ok
19:28:45.0966 0x0744  [ 72F8F21314E57AAAE02CA05BCEC5A57E, 4422573E0E51DD2670D2CF8FE13C3A6CE7C1A167BCD2F0F9627B4E58040C645E ] MBAMChameleon   C:\Windows\System32\Drivers\MbamChameleon.sys
19:28:45.0970 0x0744  MBAMChameleon - ok
19:28:45.0990 0x0744  [ 41E19BD5BF4DC7046A2001BB8A2129B4, 825A80FBA416E266E486CBA3FEA298FEEDA08A56A0D99641A276C5796920A55C ] MBAMFarflt      C:\Windows\system32\DRIVERS\farflt.sys
19:28:45.0992 0x0744  MBAMFarflt - ok
19:28:46.0077 0x0744  [ AEE50C6797E5D1D3D3BEDF3CDD10DCB4, 9BE7DEA30155212703C472030A42E5E584D807181BDB46EDF05699312767DD2D ] MBAMProtection  C:\Windows\system32\DRIVERS\mbam.sys
19:28:46.0082 0x0744  MBAMProtection - ok
19:28:46.0371 0x0744  [ 12B1CB3720AB5570D960D9DCEA6B7D98, BC134EAC9624BDE4590727752B6E73964180A6F5257C68B644482E2B04FE8514 ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
19:28:46.0463 0x0744  MBAMService - ok
19:28:46.0551 0x0744  [ BDAE47F08F10AAED0B629461727290B9, A65885EBACF4BEA453F61452206ACABBD6ABC267B7D8A0DD028BE8C27957C3CA ] MBAMSwissArmy   C:\Windows\System32\Drivers\mbamswissarmy.sys
19:28:46.0557 0x0744  MBAMSwissArmy - ok
19:28:46.0570 0x0744  [ 947EE0BC926E89B68BDA97E46FBB4836, 3957079BD1F06D7BF8F8185E8A10108CA8F2A183384B313BEB1980FD4FB6496F ] MBAMWebProtection C:\Windows\system32\DRIVERS\mwac.sys
19:28:46.0573 0x0744  MBAMWebProtection - ok
19:28:46.0604 0x0744  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:28:46.0609 0x0744  Mcx2Svc - ok
19:28:46.0638 0x0744  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:28:46.0641 0x0744  megasas - ok
19:28:46.0679 0x0744  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:28:46.0687 0x0744  MegaSR - ok
19:28:46.0718 0x0744  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
19:28:46.0722 0x0744  MMCSS - ok
19:28:46.0727 0x0744  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
19:28:46.0728 0x0744  Modem - ok
19:28:46.0749 0x0744  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:28:46.0750 0x0744  monitor - ok
19:28:46.0757 0x0744  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:28:46.0758 0x0744  mouclass - ok
19:28:46.0763 0x0744  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:28:46.0765 0x0744  mouhid - ok
19:28:46.0771 0x0744  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:28:46.0776 0x0744  mountmgr - ok
19:28:46.0784 0x0744  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:28:46.0788 0x0744  mpio - ok
19:28:46.0795 0x0744  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:28:46.0797 0x0744  mpsdrv - ok
19:28:46.0824 0x0744  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:28:46.0840 0x0744  MpsSvc - ok
19:28:46.0848 0x0744  [ CEB46AB7C01C9F825F8CC6BABC18166A, AA98898204FC58878502C170FE6ED8BA681396DDD8BF3689D0C3642DEA87BEF8 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:28:46.0851 0x0744  MRxDAV - ok
19:28:46.0901 0x0744  [ B272B4C3E085EA860C12F2E4FAF2FFA2, DA99D8223D9FB7BFA52E66B73D1E1AA47B76B45A649400F7898E8D65D8672E52 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:28:46.0905 0x0744  mrxsmb - ok
19:28:46.0915 0x0744  [ 9AC33EF26C8A3AD0F117D00EB7301D03, 403445B07DC55F9DF98CA11AC87D4231187A2472A4E107786A5845B213355F0A ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:28:46.0921 0x0744  mrxsmb10 - ok
19:28:46.0930 0x0744  [ E0ABDB5ED7E199E242A7D028E76C1D3A, 4014A1F0720F6D15A2FB0CF4F1F970595BC29929F92F461CDD68E4513F49563E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:28:46.0933 0x0744  mrxsmb20 - ok
19:28:46.0938 0x0744  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:28:46.0939 0x0744  msahci - ok
19:28:46.0948 0x0744  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:28:46.0951 0x0744  msdsm - ok
19:28:46.0970 0x0744  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
19:28:46.0975 0x0744  MSDTC - ok
19:28:46.0982 0x0744  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:28:46.0984 0x0744  Msfs - ok
19:28:46.0990 0x0744  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:28:46.0991 0x0744  mshidkmdf - ok
19:28:46.0997 0x0744  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:28:46.0998 0x0744  msisadrv - ok
19:28:47.0035 0x0744  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:28:47.0048 0x0744  MSiSCSI - ok
19:28:47.0057 0x0744  msiserver - ok
19:28:47.0086 0x0744  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:28:47.0088 0x0744  MSKSSRV - ok
19:28:47.0109 0x0744  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:28:47.0111 0x0744  MSPCLOCK - ok
19:28:47.0117 0x0744  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:28:47.0118 0x0744  MSPQM - ok
19:28:47.0135 0x0744  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:28:47.0140 0x0744  MsRPC - ok
19:28:47.0147 0x0744  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:28:47.0149 0x0744  mssmbios - ok
19:28:47.0154 0x0744  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:28:47.0156 0x0744  MSTEE - ok
19:28:47.0160 0x0744  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:28:47.0162 0x0744  MTConfig - ok
19:28:47.0169 0x0744  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:28:47.0171 0x0744  Mup - ok
19:28:47.0205 0x0744  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
19:28:47.0215 0x0744  napagent - ok
19:28:47.0268 0x0744  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:28:47.0275 0x0744  NativeWifiP - ok
19:28:47.0300 0x0744  [ E7C54812A2AAF43316EB6930C1FFA108, C8A6FC1957FA29A3B372132FEA9145538BC767044A11D77316D3D1A3EAA60630 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:28:47.0383 0x0744  NDIS - ok
19:28:47.0431 0x0744  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:28:47.0433 0x0744  NdisCap - ok
19:28:47.0454 0x0744  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:28:47.0456 0x0744  NdisTapi - ok
19:28:47.0465 0x0744  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:28:47.0467 0x0744  Ndisuio - ok
19:28:47.0474 0x0744  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:28:47.0478 0x0744  NdisWan - ok
19:28:47.0483 0x0744  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:28:47.0485 0x0744  NDProxy - ok
19:28:47.0490 0x0744  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:28:47.0492 0x0744  NetBIOS - ok
19:28:47.0537 0x0744  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:28:47.0549 0x0744  NetBT - ok
19:28:47.0573 0x0744  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] Netlogon        C:\Windows\system32\lsass.exe
19:28:47.0575 0x0744  Netlogon - ok
19:28:47.0631 0x0744  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
19:28:47.0640 0x0744  Netman - ok
19:28:47.0663 0x0744  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
19:28:47.0674 0x0744  netprofm - ok
19:28:47.0707 0x0744  [ F476EC40033CDB91EFBE73EB99B8362D, B17535037BC070F9AE1F6B381C2DBEE27658A8FDE15FB0E061F485EA7C7CBE59 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:28:47.0712 0x0744  NetTcpPortSharing - ok
19:28:47.0896 0x0744  [ 58218EC6B61B1169CF54AAB0D00F5FE2, B76ABB2AD78CE68D30F0F08563B0593D658298CDCF1B138B6E9FB0D64CBCC3C2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
19:28:48.0062 0x0744  netw5v32 - ok
19:28:48.0121 0x0744  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:28:48.0126 0x0744  nfrd960 - ok
19:28:48.0163 0x0744  [ 912084381D30D8B89EC4E293053F4710, 99B8CD043DF531D4B9725ED167F63CED220608B2FED3EE8250C217D15762DFD7 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:28:48.0174 0x0744  NlaSvc - ok
19:28:48.0182 0x0744  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:28:48.0185 0x0744  Npfs - ok
19:28:48.0200 0x0744  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
19:28:48.0203 0x0744  nsi - ok
19:28:48.0214 0x0744  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:28:48.0215 0x0744  nsiproxy - ok
19:28:48.0274 0x0744  [ 33C3093D09017CFE2E219F2472BFF6EB, DE46C7A53C3606F036DED1EE8A81B79CAF3171A7E97DA2F71712E2DA046A262E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:28:48.0303 0x0744  Ntfs - ok
19:28:48.0320 0x0744  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
19:28:48.0322 0x0744  Null - ok
19:28:48.0357 0x0744  [ AF2EEC9580C1D32FB7EAF105D9784061, 6DAAE3BCA048ACD7FFD26A65C793C461933179070F03855FE3DC3C01F968163A ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:28:48.0363 0x0744  nvraid - ok
19:28:48.0370 0x0744  [ 9283C58EBAA2618F93482EB5DABCEC82, 0BC119D4EAFDEA879E4C1CFBA5402499DBD1970EDF963C6D2034D4867C34D15E ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:28:48.0375 0x0744  nvstor - ok
19:28:48.0395 0x0744  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:28:48.0399 0x0744  nv_agp - ok
19:28:48.0404 0x0744  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:28:48.0407 0x0744  ohci1394 - ok
19:28:48.0443 0x0744  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:28:48.0453 0x0744  p2pimsvc - ok
19:28:48.0470 0x0744  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:28:48.0481 0x0744  p2psvc - ok
19:28:48.0487 0x0744  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:28:48.0490 0x0744  Parport - ok
19:28:48.0495 0x0744  [ BF8F6AF06DA75B336F07E23AEF97D93B, 2F2C4314872732550A112BFF2F803484D4A3D697F0D69D352350CE208FD8A1A4 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:28:48.0497 0x0744  partmgr - ok
19:28:48.0504 0x0744  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
19:28:48.0505 0x0744  Parvdm - ok
19:28:48.0513 0x0744  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:28:48.0519 0x0744  PcaSvc - ok
19:28:48.0541 0x0744  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
19:28:48.0545 0x0744  pci - ok
19:28:48.0550 0x0744  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:28:48.0551 0x0744  pciide - ok
19:28:48.0560 0x0744  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:28:48.0565 0x0744  pcmcia - ok
19:28:48.0570 0x0744  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:28:48.0572 0x0744  pcw - ok
19:28:48.0591 0x0744  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:28:48.0607 0x0744  PEAUTH - ok
19:28:48.0663 0x0744  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:28:48.0689 0x0744  PeerDistSvc - ok
19:28:48.0786 0x0744  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
19:28:48.0836 0x0744  pla - ok
19:28:48.0906 0x0744  [ 92DC6E68D2C856C5C2F21AE9E22112B8, EFAA27886A05E57E629A9EFC3671D9D64144795EDF55438A676F5B43E59BE3FC ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:28:48.0924 0x0744  PlugPlay - ok
19:28:48.0946 0x0744  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:28:48.0950 0x0744  PNRPAutoReg - ok
19:28:48.0965 0x0744  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:28:48.0972 0x0744  PNRPsvc - ok
19:28:49.0021 0x0744  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:28:49.0042 0x0744  PolicyAgent - ok
19:28:49.0053 0x0744  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
19:28:49.0059 0x0744  Power - ok
19:28:49.0095 0x0744  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:28:49.0098 0x0744  PptpMiniport - ok
19:28:49.0106 0x0744  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
19:28:49.0108 0x0744  Processor - ok
19:28:49.0169 0x0744  [ 43CA4CCC22D52FB58E8988F0198851D0, DF67BD70D9D82677AE61244B4E54677A5008A7F5EB531DF2A7E7D33F1658EA78 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:28:49.0186 0x0744  ProfSvc - ok
19:28:49.0202 0x0744  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:28:49.0204 0x0744  ProtectedStorage - ok
19:28:49.0244 0x0744  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:28:49.0247 0x0744  Psched - ok
19:28:49.0299 0x0744  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:28:49.0385 0x0744  ql2300 - ok
19:28:49.0432 0x0744  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:28:49.0441 0x0744  ql40xx - ok
19:28:49.0487 0x0744  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
19:28:49.0498 0x0744  QWAVE - ok
19:28:49.0504 0x0744  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:28:49.0507 0x0744  QWAVEdrv - ok
19:28:49.0514 0x0744  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:28:49.0516 0x0744  RasAcd - ok
19:28:49.0541 0x0744  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:28:49.0543 0x0744  RasAgileVpn - ok
19:28:49.0557 0x0744  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
19:28:49.0562 0x0744  RasAuto - ok
19:28:49.0569 0x0744  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:28:49.0572 0x0744  Rasl2tp - ok
19:28:49.0609 0x0744  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
19:28:49.0619 0x0744  RasMan - ok
19:28:49.0644 0x0744  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:28:49.0647 0x0744  RasPppoe - ok
19:28:49.0656 0x0744  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:28:49.0659 0x0744  RasSstp - ok
19:28:49.0700 0x0744  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:28:49.0709 0x0744  rdbss - ok
19:28:49.0715 0x0744  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:28:49.0716 0x0744  rdpbus - ok
19:28:49.0722 0x0744  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:28:49.0723 0x0744  RDPCDD - ok
19:28:49.0759 0x0744  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:28:49.0769 0x0744  RDPDR - ok
19:28:49.0792 0x0744  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:28:49.0794 0x0744  RDPENCDD - ok
19:28:49.0802 0x0744  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:28:49.0804 0x0744  RDPREFMP - ok
19:28:49.0840 0x0744  [ 68A0387F58E226DEEE23D9715955572A, F95BB1D2BB3E79AF47B1C715BB5E3003EEF888AAA963F46F4A2FE8AFBD4F37A4 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:28:49.0842 0x0744  RdpVideoMiniport - ok
19:28:49.0851 0x0744  [ 288B06960D78428FF89E811632684E20, 82FB13C2749637E172381C9C205080921A45453191B6246C5D3FE946A06D17F5 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:28:49.0856 0x0744  RDPWD - ok
19:28:49.0899 0x0744  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:28:49.0904 0x0744  rdyboost - ok
19:28:49.0936 0x0744  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:28:49.0941 0x0744  RemoteAccess - ok
19:28:49.0968 0x0744  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:28:49.0973 0x0744  RemoteRegistry - ok
19:28:49.0990 0x0744  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
19:28:49.0994 0x0744  RFCOMM - ok
19:28:50.0025 0x0744  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:28:50.0029 0x0744  RpcEptMapper - ok
19:28:50.0058 0x0744  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
19:28:50.0060 0x0744  RpcLocator - ok
19:28:50.0084 0x0744  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
19:28:50.0093 0x0744  RpcSs - ok
19:28:50.0144 0x0744  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:28:50.0147 0x0744  rspndr - ok
19:28:50.0181 0x0744  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
19:28:50.0183 0x0744  s3cap - ok
19:28:50.0200 0x0744  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] SamSs           C:\Windows\system32\lsass.exe
19:28:50.0203 0x0744  SamSs - ok
19:28:50.0224 0x0744  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:28:50.0227 0x0744  sbp2port - ok
19:28:50.0260 0x0744  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:28:50.0266 0x0744  SCardSvr - ok
19:28:50.0274 0x0744  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:28:50.0276 0x0744  scfilter - ok
19:28:50.0307 0x0744  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
19:28:50.0327 0x0744  Schedule - ok
19:28:50.0349 0x0744  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:28:50.0351 0x0744  SCPolicySvc - ok
19:28:50.0389 0x0744  [ 0328BE1C7F1CBA23848179F8762E391C, EA80853F04BAE6F46F658B3EFED34BFDDE20E6F2BDA349EBC17EC75DFF19855D ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
19:28:50.0395 0x0744  sdbus - ok
19:28:50.0422 0x0744  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:28:50.0430 0x0744  SDRSVC - ok
19:28:50.0470 0x0744  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:28:50.0472 0x0744  secdrv - ok
19:28:50.0489 0x0744  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
19:28:50.0532 0x0744  seclogon - ok
19:28:50.0561 0x0744  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
19:28:50.0567 0x0744  SENS - ok
19:28:50.0602 0x0744  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:28:50.0607 0x0744  SensrSvc - ok
19:28:50.0614 0x0744  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:28:50.0616 0x0744  Serenum - ok
19:28:50.0639 0x0744  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\drivers\serial.sys
19:28:50.0642 0x0744  Serial - ok
19:28:50.0647 0x0744  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:28:50.0649 0x0744  sermouse - ok
19:28:50.0671 0x0744  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:28:50.0677 0x0744  SessionEnv - ok
19:28:50.0681 0x0744  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:28:50.0683 0x0744  sffdisk - ok
19:28:50.0689 0x0744  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:28:50.0691 0x0744  sffp_mmc - ok
19:28:50.0696 0x0744  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:28:50.0697 0x0744  sffp_sd - ok
19:28:50.0702 0x0744  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:28:50.0704 0x0744  sfloppy - ok
19:28:50.0727 0x0744  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:28:50.0736 0x0744  SharedAccess - ok
19:28:50.0767 0x0744  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:28:50.0777 0x0744  ShellHWDetection - ok
19:28:50.0784 0x0744  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
19:28:50.0787 0x0744  sisagp - ok
19:28:50.0821 0x0744  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:28:50.0823 0x0744  SiSRaid2 - ok
19:28:50.0830 0x0744  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:28:50.0832 0x0744  SiSRaid4 - ok
19:28:50.0846 0x0744  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:28:50.0848 0x0744  Smb - ok
19:28:50.0869 0x0744  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:28:50.0874 0x0744  SNMPTRAP - ok
19:28:50.0879 0x0744  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:28:50.0880 0x0744  spldr - ok
19:28:50.0906 0x0744  [ 866A43013535DC8587C258E43579C764, B2BE846B5167A2ECD1E30C69A81385FCC6EAE6033394D08458A5583D311C4D82 ] Spooler         C:\Windows\System32\spoolsv.exe
19:28:50.0916 0x0744  Spooler - ok
19:28:51.0045 0x0744  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
19:28:51.0168 0x0744  sppsvc - ok
19:28:51.0187 0x0744  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:28:51.0192 0x0744  sppuinotify - ok
19:28:51.0216 0x0744  [ 112127C3B2E64D7680CC39CD0A39DD7E, ABE8B868CFE0EF4DAF886517047DBFD5A9C964983FAA499AC086CCD45BA46366 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:28:51.0224 0x0744  srv - ok
19:28:51.0238 0x0744  [ E5DD784A4EE5EBC72A86C677C988FCDB, 5D54C9AF291F8047DD66C31671F279A5D7EE8BCB5E55640F5F976E16211F59DD ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:28:51.0246 0x0744  srv2 - ok
19:28:51.0253 0x0744  [ CDBE627E16CC9E98F343D73F8E81D258, 25A68A6F943FCBA79A0D97ABC5B2EAEEB65C268F1CB2DD445ABF7E2758DF2802 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:28:51.0256 0x0744  srvnet - ok
19:28:51.0279 0x0744  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:28:51.0286 0x0744  SSDPSRV - ok
19:28:51.0295 0x0744  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:28:51.0300 0x0744  SstpSvc - ok
19:28:51.0305 0x0744  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:28:51.0306 0x0744  stexstor - ok
19:28:51.0375 0x0744  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
19:28:51.0392 0x0744  StiSvc - ok
19:28:51.0441 0x0744  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
19:28:51.0445 0x0744  storflt - ok
19:28:51.0480 0x0744  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:28:51.0482 0x0744  storvsc - ok
19:28:51.0505 0x0744  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:28:51.0506 0x0744  swenum - ok
19:28:51.0550 0x0744  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
19:28:51.0565 0x0744  swprv - ok
19:28:51.0608 0x0744  [ F2AD8960812FD111E20E84659EF19D43, FAC91E940D3735738908447E58792C32E6F86427612114A624041B7213831105 ] Synth3dVsc      C:\Windows\system32\drivers\synth3dvsc.sys
19:28:51.0613 0x0744  Synth3dVsc - ok
19:28:51.0665 0x0744  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
19:28:51.0713 0x0744  SysMain - ok
19:28:51.0731 0x0744  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
19:28:51.0736 0x0744  TabletInputService - ok
19:28:51.0748 0x0744  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:28:51.0757 0x0744  TapiSrv - ok
19:28:51.0778 0x0744  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
19:28:51.0782 0x0744  TBS - ok
19:28:51.0870 0x0744  [ 37E8FA3779668837CA9E2C36D2415949, FDDA99B7501CDBC3032AA12FD8E929F5E3B47DA112D0F8A05E2D833E5609EDEA ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:28:51.0918 0x0744  Tcpip - ok
19:28:51.0994 0x0744  [ 37E8FA3779668837CA9E2C36D2415949, FDDA99B7501CDBC3032AA12FD8E929F5E3B47DA112D0F8A05E2D833E5609EDEA ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:28:52.0018 0x0744  TCPIP6 - ok
19:28:52.0052 0x0744  [ CCA24162E055C3714CE5A88B100C64ED, 9B7712E793B9478BA7A1EF71EA9CC03CCB9C4004C54EAA911F158958519EDCD9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:28:52.0054 0x0744  tcpipreg - ok
19:28:52.0063 0x0744  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:28:52.0065 0x0744  TDPIPE - ok
19:28:52.0070 0x0744  [ 2C10395BAA4847F83042813C515CC289, CBC058AE2EB6AA5905F9D2EF52573E1C06330462952E6D6E7083F8DB2C441E3E ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:28:52.0072 0x0744  TDTCP - ok
19:28:52.0078 0x0744  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:28:52.0081 0x0744  tdx - ok
19:28:52.0087 0x0744  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:28:52.0088 0x0744  TermDD - ok
19:28:52.0130 0x0744  [ 052306FD76793D5D5AB5D9891FD1ADBB, A590F01A42EC979664044B811E7C98F58D6A23AA025B5A1DD0E5F63BF70B2649 ] terminpt        C:\Windows\system32\drivers\terminpt.sys
19:28:52.0135 0x0744  terminpt - ok
19:28:52.0216 0x0744  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
19:28:52.0235 0x0744  TermService - ok
19:28:52.0267 0x0744  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
19:28:52.0271 0x0744  Themes - ok
19:28:52.0288 0x0744  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
19:28:52.0291 0x0744  THREADORDER - ok
19:28:52.0342 0x0744  [ 5AD05191DC8B444A7BA4D79B76C42A30, 6166E939A5A240388EBA5AF7FF335DC413F2BBCF74C2E1D310F4BE2A5454A610 ] TPM             C:\Windows\system32\drivers\tpm.sys
19:28:52.0346 0x0744  TPM - ok
19:28:52.0372 0x0744  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
19:28:52.0379 0x0744  TrkWks - ok
19:28:52.0399 0x0744  TrueSight - ok
19:28:52.0478 0x0744  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:28:52.0491 0x0744  TrustedInstaller - ok
19:28:52.0523 0x0744  [ 254BB140EEE3C59D6114C1A86B636877, EE09D62E90407A40278F2136F640DAB16A4E2BF57D4FB6E05F92CA9CC9CF57C0 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:28:52.0527 0x0744  tssecsrv - ok
19:28:52.0534 0x0744  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:28:52.0537 0x0744  TsUsbFlt - ok
19:28:52.0545 0x0744  [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:28:52.0547 0x0744  TsUsbGD - ok
19:28:52.0579 0x0744  [ 045ACB987C650D8186C6B4A692223860, C1CDDF7DABAE531C53290C7C70F35DD65751B399D269711865AD65F9E4E43B0B ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
19:28:52.0582 0x0744  tsusbhub - ok
19:28:52.0599 0x0744  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:28:52.0602 0x0744  tunnel - ok
19:28:52.0616 0x0744  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:28:52.0618 0x0744  uagp35 - ok
19:28:52.0629 0x0744  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:28:52.0636 0x0744  udfs - ok
19:28:52.0671 0x0744  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:28:52.0674 0x0744  UI0Detect - ok
19:28:52.0689 0x0744  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:28:52.0692 0x0744  uliagpkx - ok
19:28:52.0704 0x0744  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:28:52.0706 0x0744  umbus - ok
19:28:52.0711 0x0744  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:28:52.0713 0x0744  UmPass - ok
19:28:52.0750 0x0744  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
19:28:52.0757 0x0744  UmRdpService - ok
19:28:52.0780 0x0744  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
19:28:52.0790 0x0744  upnphost - ok
19:28:52.0797 0x0744  [ 7E72E7D7E0757D59481D530FD2B0BFAE, 288CAC9F4AC09DEB2B30C6E3A6ACF8D62A75576F62F0EC159D5E1B257419E9DC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:28:52.0799 0x0744  usbccgp - ok
19:28:52.0805 0x0744  [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:28:52.0808 0x0744  usbcir - ok
19:28:52.0814 0x0744  [ CFBCE999C057D78979A181C9C60F208E, D60698EAA8A085214D5945818B0863976CF116EBE523046C344AF4E9392FDF80 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:28:52.0816 0x0744  usbehci - ok
19:28:52.0904 0x0744  [ 9D22AAD9AC6A07C691A1113E5F860868, AC34D36DBB5649650FCD873A792CA1387AE841D4C46781C63C0D29834F9B58E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:28:52.0921 0x0744  usbhub - ok
19:28:52.0934 0x0744  [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:28:52.0938 0x0744  usbohci - ok
19:28:52.0951 0x0744  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
19:28:52.0954 0x0744  usbprint - ok
19:28:52.0965 0x0744  [ BF63EBFC6979FEFB2BC03DF7989A0C1A, AFEF764A3E5D52CDBB5074F0E87F2B5EBCDF8D9B6E8F88EE235602B80145BE31 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:28:52.0968 0x0744  USBSTOR - ok
19:28:52.0973 0x0744  [ 78780C3EBCE17405B1CCD07A3A8A7D72, FBFF3111E22EE0B4BCAFA81F89AAE985135BFF48EEFD130C09B49CCF8A9946B9 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:28:52.0975 0x0744  usbuhci - ok
19:28:53.0015 0x0744  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2, F9B72DE82078FDB5551D48988190F46EECA9B99655C591B7865FEA1AFB31F637 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
19:28:53.0020 0x0744  usbvideo - ok
19:28:53.0046 0x0744  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
19:28:53.0051 0x0744  UxSms - ok
19:28:53.0063 0x0744  [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] VaultSvc        C:\Windows\system32\lsass.exe
19:28:53.0065 0x0744  VaultSvc - ok
19:28:53.0081 0x0744  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:28:53.0083 0x0744  vdrvroot - ok
19:28:53.0104 0x0744  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
19:28:53.0118 0x0744  vds - ok
19:28:53.0124 0x0744  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:28:53.0126 0x0744  vga - ok
19:28:53.0131 0x0744  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:28:53.0134 0x0744  VgaSave - ok
19:28:53.0138 0x0744  VGPU - ok
19:28:53.0172 0x0744  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:28:53.0178 0x0744  vhdmp - ok
19:28:53.0199 0x0744  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
19:28:53.0202 0x0744  viaagp - ok
19:28:53.0208 0x0744  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
19:28:53.0210 0x0744  ViaC7 - ok
19:28:53.0215 0x0744  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:28:53.0217 0x0744  viaide - ok
19:28:53.0249 0x0744  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:28:53.0255 0x0744  vmbus - ok
19:28:53.0260 0x0744  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
19:28:53.0263 0x0744  VMBusHID - ok
19:28:53.0268 0x0744  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:28:53.0270 0x0744  volmgr - ok
19:28:53.0283 0x0744  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:28:53.0290 0x0744  volmgrx - ok
19:28:53.0318 0x0744  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:28:53.0324 0x0744  volsnap - ok
19:28:53.0334 0x0744  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:28:53.0339 0x0744  vsmraid - ok
19:28:53.0422 0x0744  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
19:28:53.0450 0x0744  VSS - ok
19:28:53.0457 0x0744  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:28:53.0458 0x0744  vwifibus - ok
19:28:53.0472 0x0744  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
19:28:53.0483 0x0744  W32Time - ok
19:28:53.0491 0x0744  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:28:53.0494 0x0744  WacomPen - ok
19:28:53.0551 0x0744  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:28:53.0557 0x0744  WANARP - ok
19:28:53.0597 0x0744  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:28:53.0600 0x0744  Wanarpv6 - ok
19:28:53.0660 0x0744  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
19:28:53.0706 0x0744  wbengine - ok
19:28:53.0719 0x0744  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:28:53.0725 0x0744  WbioSrvc - ok
19:28:53.0738 0x0744  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:28:53.0748 0x0744  wcncsvc - ok
19:28:53.0759 0x0744  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:28:53.0764 0x0744  WcsPlugInService - ok
19:28:53.0779 0x0744  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
19:28:53.0780 0x0744  Wd - ok
19:28:53.0797 0x0744  [ 9950E3D0F08141C7E89E64456AE7DC73, DE4B96812B305A63F5874BBF2DC40354FB45B3D96C1D33436E677099760BA448 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:28:53.0808 0x0744  Wdf01000 - ok
19:28:53.0827 0x0744  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:28:53.0833 0x0744  WdiServiceHost - ok
19:28:53.0839 0x0744  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:28:53.0844 0x0744  WdiSystemHost - ok
19:28:53.0886 0x0744  [ A9D880F97530D5B8FEE278923349929D, 6A293E2DB9B7C434EA8B4CD4861E11905D46BD60E014AE27B74DC8C4B2DDF834 ] WebClient       C:\Windows\System32\webclnt.dll
19:28:53.0894 0x0744  WebClient - ok
19:28:53.0915 0x0744  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:28:53.0922 0x0744  Wecsvc - ok
19:28:53.0933 0x0744  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:28:53.0939 0x0744  wercplsupport - ok
19:28:53.0972 0x0744  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
19:28:53.0978 0x0744  WerSvc - ok
19:28:54.0001 0x0744  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:28:54.0003 0x0744  WfpLwf - ok
19:28:54.0009 0x0744  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:28:54.0011 0x0744  WIMMount - ok
19:28:54.0016 0x0744  WinHttpAutoProxySvc - ok
19:28:54.0154 0x0744  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:28:54.0169 0x0744  Winmgmt - ok
19:28:54.0268 0x0744  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
19:28:54.0315 0x0744  WinRM - ok
19:28:54.0397 0x0744  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:28:54.0402 0x0744  WinUsb - ok
19:28:54.0473 0x0744  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:28:54.0502 0x0744  Wlansvc - ok
19:28:54.0523 0x0744  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:28:54.0524 0x0744  WmiAcpi - ok
19:28:54.0566 0x0744  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:28:54.0571 0x0744  wmiApSrv - ok
19:28:54.0665 0x0744  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
19:28:54.0705 0x0744  WMPNetworkSvc - ok
19:28:54.0745 0x0744  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:28:54.0749 0x0744  WPCSvc - ok
19:28:54.0756 0x0744  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:28:54.0761 0x0744  WPDBusEnum - ok
19:28:54.0779 0x0744  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:28:54.0781 0x0744  ws2ifsl - ok
19:28:54.0786 0x0744  WSearch - ok
19:28:54.0796 0x0744  [ E714A1C0354636837E20CCBF00888EE7, 0E31F0DB0AA318E3B0DACD26C0D3B11519B42F2A996AE580BE67FA8B3C42C436 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:28:54.0799 0x0744  WudfPf - ok
19:28:54.0827 0x0744  [ 1023EE888C9B47178C5293ED5336AB69, 62221C80C3F719A585266247482A64F7CB2F5EF69AFA8FA07D563CA2B0A37561 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:28:54.0832 0x0744  WUDFRd - ok
19:28:54.0855 0x0744  [ 8D1E1E529A2C9E9B6A85B55A345F7629, 64B637CFE2AF58A4F7CE6D8C3D603F8EFD527500F7137E0A37840313C712CA93 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:28:54.0861 0x0744  wudfsvc - ok
19:28:54.0880 0x0744  [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:28:54.0888 0x0744  WwanSvc - ok
19:28:54.0899 0x0744  ================ Scan global ===============================
19:28:54.0936 0x0744  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
19:28:54.0956 0x0744  [ A9F564F254E9DDDE120A7135767EC24B, F255DCB4C7F4F941BA27700D66684AD0BA3DF114D6F298E2A909095B71B11D94 ] C:\Windows\system32\winsrv.dll
19:28:54.0970 0x0744  [ A9F564F254E9DDDE120A7135767EC24B, F255DCB4C7F4F941BA27700D66684AD0BA3DF114D6F298E2A909095B71B11D94 ] C:\Windows\system32\winsrv.dll
19:28:55.0008 0x0744  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
19:28:55.0043 0x0744  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
19:28:55.0055 0x0744  [ Global ] - ok
19:28:55.0056 0x0744  ================ Scan MBR ==================================
19:28:55.0073 0x0744  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:28:55.0456 0x0744  \Device\Harddisk0\DR0 - ok
19:28:55.0456 0x0744  ================ Scan VBR ==================================
19:28:55.0461 0x0744  [ CF0C747F614B6EF3F6CCDE0C0BEF3F95 ] \Device\Harddisk0\DR0\Partition1
19:28:55.0465 0x0744  \Device\Harddisk0\DR0\Partition1 - ok
19:28:55.0469 0x0744  [ 4AA3FFE90E2DDB136751BA470540FD44 ] \Device\Harddisk0\DR0\Partition2
19:28:55.0471 0x0744  \Device\Harddisk0\DR0\Partition2 - ok
19:28:55.0475 0x0744  [ 38A5DD394AB14888AD93D013D919244F ] \Device\Harddisk0\DR0\Partition3
19:28:55.0477 0x0744  \Device\Harddisk0\DR0\Partition3 - ok
19:28:55.0478 0x0744  ================ Scan generic autorun ======================
19:28:55.0599 0x0744  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
19:28:55.0642 0x0744  Sidebar - ok
19:28:55.0667 0x0744  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
19:28:55.0671 0x0744  mctadmin - ok
19:28:55.0724 0x0744  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
19:28:55.0745 0x0744  Sidebar - ok
19:28:55.0753 0x0744  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
19:28:55.0756 0x0744  mctadmin - ok
19:28:55.0757 0x0744  Waiting for KSN requests completion. In queue: 320
19:28:56.0757 0x0744  Waiting for KSN requests completion. In queue: 320
19:28:57.0757 0x0744  Waiting for KSN requests completion. In queue: 12
19:28:58.0807 0x0744  Win FW state via NFP2: enabled ( trusted )
19:29:01.0504 0x0744  ============================================================
19:29:01.0504 0x0744  Scan finished
19:29:01.0504 0x0744  ============================================================
19:29:01.0524 0x07c0  Detected object count: 0
19:29:01.0524 0x07c0  Actual detected object count: 0
19:30:37.0304 0x0ee0  Deinitialize success
 

Линк към коментара
Сподели в други сайтове

Супер..! Да направим едни контролни сканирания да огледам последно и ще се ориентираме към финал..! :)

 

Сканиране с Farbar Recovery Scan

  • Моля изтеглете icon1337953436.pngFarbar Recovery Scan Tool (според версията на Windows изберете 32 битовата или 64 битовата версия) и го запазете на десктопа.
  • Стартирайте файла FRST.exe (или FRST64.exe)
  • Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение.
  • Натиснете бутона YClYkft.jpg.
  • Изчакайте търпеливо проверката да приключи.
  • Ще се създадат два лог файла с името - FRST.txt и Addition.txt на десктопа.
  • Копирайте съдържанието на файла FRST.txt в следващия си пост.Прикачете Addition.txt в коментар си (погледнете опцията Прикачване на файлове, когато публикувате мнение).

pfNZP4A.png&key=0a487e0a7cff89c690a32d13  Дневници 

В следващия си отговор, моля да включите (като копирате целите съдържания ) следните дневници:

  • FRST.txt (копирате цялото съдържание)
  • Addition.txt (прикачате..) 
Линк към коментара
Сподели в други сайтове

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2019
Ran by ВЕС (administrator) on WIN-SKFJ6HLGST2 (04-01-2019 19:43:03)
Running from C:\Users\ВЕС\Downloads
Loaded Profiles: ВЕС (Available Profiles: ВЕС)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\...\Drivers32: [MSVideo8] => C:\Windows\system32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -> C:\Windows\System32\iedkcs32.dll [2010-11-20] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2019-01-03] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{840DEA2A-8553-4D25-A5FB-7DB86C5BFBE5}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{EE11610E-0BCC-42A7-A0AC-89B4A3B92BF1}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3512987231-521144983-709920193-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp

FireFox:
========
FF ProfilePath: C:\Users\ВЕС\AppData\Roaming\K-Meleon\oytl87x0.default [2019-01-03]
FF user.js: detected! => C:\Users\ВЕС\AppData\Roaming\K-Meleon\oytl87x0.default\user.js [2006-04-06]
FF Extension: (NewsFox) - C:\Users\ВЕС\Downloads\k-meleon\browser\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2016-01-04] [Legacy] [not signed]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [No File]

Chrome: 
=======
CHR HomePage: Default -> hxxp://google.bg/
CHR Profile: C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default [2019-01-04]
CHR Extension: (Lightshot (скрииншот инструмент)) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2019-01-03]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-03]
CHR Extension: (Chrome Media Router) - C:\Users\ВЕС\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-03]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [375776 2018-12-12] (Google Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [129248 2018-12-04] (Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [172280 2019-01-04] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [106144 2019-01-04] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [63760 2019-01-04] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [230120 2019-01-04] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [83648 2019-01-04] (Malwarebytes)
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-04 19:28 - 2019-01-04 19:30 - 000186628 _____ C:\TDSSKiller.3.1.0.25_04.01.2019_19.28.10_log.txt
2019-01-04 19:27 - 2019-01-04 19:27 - 005073416 _____ (AO Kaspersky Lab) C:\Users\ВЕС\Downloads\tdsskiller.exe
2019-01-04 19:27 - 2019-01-04 19:27 - 000063760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-01-04 19:26 - 2019-01-04 19:26 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-01-04 19:26 - 2019-01-04 19:26 - 000106144 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-01-04 19:26 - 2019-01-04 19:26 - 000083648 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-01-04 18:55 - 2019-01-04 18:55 - 000463872 _____ C:\Windows\system32\LBA-0-128-k
2019-01-04 18:52 - 2019-01-04 18:52 - 000172280 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-01-04 18:52 - 2019-01-04 18:52 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-04 18:52 - 2019-01-04 18:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-04 18:52 - 2018-12-04 08:09 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-01-04 18:51 - 2019-01-04 18:51 - 081227760 _____ (Malwarebytes ) C:\Users\ВЕС\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211 (1).exe
2019-01-04 16:30 - 2019-01-04 16:30 - 000005319 _____ C:\Users\ВЕС\Documents\Fixlog.txt
2019-01-04 16:30 - 2019-01-04 16:30 - 000003620 _____ C:\Users\ВЕС\Documents\fixlist.txt
2019-01-04 03:15 - 2019-01-04 03:15 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2019-01-04 03:15 - 2019-01-04 03:15 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2019-01-04 03:14 - 2019-01-04 03:14 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2019-01-04 03:10 - 2019-01-03 18:31 - 000000000 ____D C:\Windows\Panther
2019-01-04 03:03 - 2019-01-04 03:03 - 000000000 ____D C:\Windows.old
2019-01-03 20:43 - 2019-01-04 19:43 - 000005530 _____ C:\Users\ВЕС\Downloads\FRST.txt
2019-01-03 20:43 - 2019-01-04 19:43 - 000000000 ____D C:\FRST
2019-01-03 20:43 - 2019-01-03 20:43 - 001783808 _____ (Farbar) C:\Users\ВЕС\Downloads\FRST.exe
2019-01-03 20:03 - 2019-01-03 20:03 - 000000000 ____D C:\Users\ВЕС\AppData\Local\mbam
2019-01-03 20:02 - 2019-01-04 18:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\Users\ВЕС\AppData\Local\mbamtray
2019-01-03 20:02 - 2019-01-03 20:02 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-03 20:00 - 2019-01-03 20:01 - 081227760 _____ (Malwarebytes ) C:\Users\ВЕС\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2019-01-03 19:40 - 2019-01-03 19:40 - 029162424 _____ (Adlice Software ) C:\Users\ВЕС\Downloads\RogueKiller_setup.exe
2019-01-03 19:34 - 2019-01-04 16:29 - 000383916 _____ C:\Windows\ntbtlog.txt
2019-01-03 19:30 - 2019-01-03 19:30 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2019-01-03 19:10 - 2019-01-03 19:10 - 006161408 _____ C:\Users\ВЕС\AppData\Local\dump007.dat
2019-01-03 19:09 - 2019-01-03 19:09 - 000000009 _____ C:\Users\ВЕС\rstr1.ini
2019-01-03 19:07 - 2019-01-03 19:07 - 000000258 __RSH C:\Users\ВЕС\ntuser.pol
2019-01-03 19:02 - 2019-01-03 19:02 - 000000000 ____D C:\Users\ВЕС\AppData\LocalLow\yHNPHHIzKpsCK
2019-01-03 19:01 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Michael
2019-01-03 19:01 - 2019-01-03 19:19 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\ShopMore
2019-01-03 19:01 - 2019-01-03 19:07 - 000002964 __RSH C:\ProgramData\ntuser.pol
2019-01-03 19:01 - 2019-01-03 19:01 - 000493800 _____ (VideoDriver) C:\Windows\D04DE5140B2D.sys
2019-01-03 19:01 - 2019-01-03 19:01 - 000140800 _____ C:\Users\ВЕС\AppData\Local\installer.dat
2019-01-03 19:01 - 2019-01-03 19:01 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Python
2019-01-03 19:00 - 2019-01-03 20:05 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\ezc3lfxnx4j
2019-01-03 19:00 - 2019-01-03 19:00 - 000000003 _____ C:\Users\ВЕС\AppData\Local\wbem.ini
2019-01-03 19:00 - 2019-01-03 19:00 - 000000000 ____D C:\ProgramData\{AC10FE2E-1A46-0496-3E07-15883EE04CD9}
2019-01-03 19:00 - 2019-01-03 19:00 - 000000000 ____D C:\ProgramData\{59403C6F-D807-F1C6-7FC5-457D7F221C2C}
2019-01-03 18:57 - 2019-01-03 18:57 - 000008906 _____ C:\Users\NYBMYXMIG-DECRYPT.txt
2019-01-03 18:56 - 2015-08-03 08:53 - 000384000 _____ (SafeIP) C:\Windows\system32\SafeIPs.dll
2019-01-03 18:55 - 2019-01-03 20:05 - 000000000 ____D C:\Program Files\KMSPico 10.2.1 Final
2019-01-03 18:53 - 2018-12-10 23:04 - 000499424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-01-03 18:48 - 2019-01-03 18:48 - 001259736 _____ (Plarium) C:\Users\ВЕС\Downloads\PlariumPlaySetup (1).exe
2019-01-03 18:46 - 2019-01-03 18:46 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Package Cache
2019-01-03 18:45 - 2019-01-03 19:03 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Mozilla
2019-01-03 18:45 - 2019-01-03 18:45 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\K-Meleon
2019-01-03 18:45 - 2019-01-03 18:45 - 000000000 ____D C:\Users\ВЕС\AppData\Local\K-Meleon
2019-01-03 18:44 - 2019-01-03 18:44 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Plarium
2019-01-03 18:44 - 2019-01-03 18:44 - 000000000 ____D C:\Users\ВЕС\AppData\Local\CEF
2019-01-03 18:39 - 2019-01-03 18:39 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Google
2019-01-03 18:38 - 2019-01-03 19:53 - 000002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-01-03 18:38 - 2019-01-03 19:53 - 000002161 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-01-03 18:37 - 2019-01-03 19:02 - 000000000 ____D C:\Program Files\Google
2019-01-03 18:37 - 2019-01-03 19:00 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Google
2019-01-03 18:37 - 2019-01-03 18:37 - 000057560 _____ C:\Users\ВЕС\AppData\Local\GDIPFONTCACHEV1.DAT
2019-01-03 18:37 - 2019-01-03 18:37 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Deployment
2019-01-03 18:37 - 2019-01-03 18:37 - 000000000 ____D C:\Users\ВЕС\AppData\Local\Apps\2.0
2019-01-03 18:36 - 2014-05-14 17:23 - 001973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-01-03 18:36 - 2014-05-14 17:23 - 000054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2019-01-03 18:36 - 2014-05-14 17:23 - 000045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2019-01-03 18:36 - 2014-05-14 17:17 - 002425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2019-01-03 18:36 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2019-01-03 18:36 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2019-01-03 18:33 - 2019-01-03 19:53 - 000001335 _____ C:\Users\ВЕС\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-01-03 18:33 - 2019-01-03 19:09 - 000000000 ____D C:\Users\ВЕС
2019-01-03 18:33 - 2019-01-03 18:33 - 000000020 ___SH C:\Users\ВЕС\ntuser.ini
2019-01-03 18:33 - 2019-01-03 18:33 - 000000000 ____D C:\Users\ВЕС\AppData\Local\VirtualStore
2019-01-03 18:33 - 2010-11-21 01:46 - 000000000 ____D C:\Users\ВЕС\AppData\Roaming\Media Center Programs
2019-01-03 16:27 - 2019-01-03 16:27 - 000000000 ____D C:\My Drivers
2018-12-30 08:50 - 2018-12-30 08:50 - 005183296 _____ (Marcin Szeniak ) C:\Users\ВЕС\Downloads\BCUninstaller_4.12.1_setup.exe
2018-12-29 13:35 - 2018-12-29 13:35 - 000000000 ____D C:\SWSetup

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-04 19:32 - 2010-11-20 22:01 - 000713888 _____ C:\Windows\system32\PerfStringBackup.INI
2019-01-04 19:32 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2019-01-04 19:26 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-04 19:25 - 2009-07-14 05:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-04 19:25 - 2009-07-14 05:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-04 03:15 - 2009-07-14 05:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2019-01-04 03:15 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\sysprep
2019-01-04 03:12 - 2010-11-21 01:46 - 000000000 ____D C:\Windows\CSC
2019-01-04 03:10 - 2009-07-14 05:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2019-01-03 19:01 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\GroupPolicy
2019-01-03 18:57 - 2018-08-11 19:54 - 000000000 ____D C:\Intel
2019-01-03 18:57 - 2017-10-21 13:53 - 000000000 ____D C:\LFS
2019-01-03 18:57 - 2017-09-25 20:50 - 000000000 ___RD C:\BECKO-PC
2019-01-03 18:57 - 2017-04-14 15:10 - 000036892 ____H C:\iCS Source.suo.nybmyxmig
2019-01-03 18:33 - 2009-07-14 05:33 - 000266808 _____ C:\Windows\system32\FNTCACHE.DAT
2019-01-03 18:31 - 2009-07-14 03:37 - 000000000 __RHD C:\Users\Public\Libraries
2019-01-03 17:30 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\rescache
2019-01-03 15:34 - 2018-08-11 14:17 - 000000000 ____D C:\Users\ВЕС\Downloads\k-meleon
2019-01-01 13:09 - 2018-09-02 13:32 - 000000000 ____D C:\Users\ВЕС\Documents\TalkHelper

==================== Files in the root of some directories =======

1601-01-03 21:26 - 1601-01-03 21:26 - 000186368 ____N (Microsoft Corporation) C:\Users\ВЕС\AppData\Local\aIQEonJ.exe
2019-01-03 19:10 - 2019-01-03 19:10 - 006161408 _____ () C:\Users\ВЕС\AppData\Local\dump007.dat
2019-01-03 19:01 - 2019-01-03 19:01 - 000140800 _____ () C:\Users\ВЕС\AppData\Local\installer.dat
2019-01-03 19:00 - 2019-01-03 19:00 - 000000003 _____ () C:\Users\ВЕС\AppData\Local\wbem.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-01-04 03:11

==================== End of FRST.txt ============================

Addition.txt

Линк към коментара
Сподели в други сайтове

Фикс с Farbar Recovery Scan Tool
 
icon13.gif Изтеглете прикачения файл
 fixlist.txt и го запазете там, където сте свалили FRST.exe
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.

Press%20the%20FIX%20button_zpsdd5zi3mt.p


Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.
 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

 

pfNZP4A.png  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • FixLog.txt
Линк към коментара
Сподели в други сайтове

Ами това ще е от мен...Как е системата ви сега..? Нещо да забелязвате и то да ви притеснява..?

 

Линк към коментара
Сподели в други сайтове

Остана само да премахнем програмите които използвахме:

За да премахнете правилно инструмента Farbar Recovery Scan Tool  , преименувайте изпълнимия файл FRST64.exe (или FRST.exe) в Uninstall.exe..!

image.png.9cf9e0ab76b122782aff3552f54c5829.png     =>     image.png.44f957ce25ef61c76206655a46425152.png

Стартирайте  файла Uninstall.exe. Ще бъдете уведомени, че трябва да рестартирате системата, за да изтриете инструмента ..!

image.png.abcc20b28654d54fae08e7451bb5dc3b.png

 

 

Изтеглете DelFix и го стартирайте. Сложете отметка пред:

  • Remove disinfection tools <----- това ще премахне инструментите които сме използвали
  • Create registry backup <----- тази опция ще създадете резервно копие от регистъра на Windows
  • Purge system restore <---  това ще премахне всички предишни точки за възстановяване, ще бъде създадена нова точка  на състоянието на системата в момента.
  • Reset system settings <--- това ще нулира всички настройки на системата и по подразбиране, които са били променени или от нас по време на почистването или от зловреден софтуер / инфекция

DelFix.png

..и след това натиснете бутона Run

  • След като операцията е завърши,ще се създаде дневник
  • Копирате го и го поставите в следващия си отговор

Инструмента ще се самоизтрие след като приключи своята задача!

 

pfNZP4A.png&key=0a487e0a7cff89c690a32d13  Дневници :

В следващия си отговор, моля да включите следните дневници:

  • DelFix 

 

Линк към коментара
Сподели в други сайтове

# DelFix v1.013 - Logfile created 04/01/2019 at 20:29:37
# Updated 17/04/2016 by Xplode
# Username : ВЕС - WIN-SKFJ6HLGST2
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\TDSSKiller.3.1.0.25_04.01.2019_19.28.10_log.txt
Deleted : C:\Users\ВЕС\Downloads\tdsskiller.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #3 [Windows Update | 01/03/2019 17:36:13]
Deleted : RP #4 [Windows Update | 01/03/2019 17:53:03]
Deleted : RP #6 [Restore Point Created by FRST | 01/04/2019 19:05:14]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 

Линк към коментара
Сподели в други сайтове

Прекрасно..! :)  Благодаря ви за коректната работа..!   Маркирам случая за "Решен"...! Пожелавам лека вечер и  безопасен интернет..!  :)

Линк към коментара
Сподели в други сайтове

Добавете отговор

Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

Гост
Напишете отговор в тази тема...

×   Вмъкнахте текст, който съдържа форматиране.   Премахни форматирането на текста

  Разрешени са само 75 емотикони.

×   Съдържанието от линка беше вградено автоматично.   Премахни съдържанието и покажи само линк

×   Съдържанието, което сте написали преди беше възстановено..   Изтрий всичко

×   You cannot paste images directly. Upload or insert images from URL.

  • Разглеждащи това в момента   0 потребители

    • Няма регистрирани потребители разглеждащи тази страница.
  • Подобни теми

    • от Wizard
      Здравейте, имам съмнение, че системата ми е заразена, тъй като наскоро пробваха да ми източат дебитната карта през Фейсбук, въпреки че паролите ми са силни и ги сменям често. Не ходя по порносайтове, но въпреки това... Благодаря предварително за помощта!
      Addition.txt FRST.txt
    • от Yavor Stoyanov
      Здравейте, става дума за Windows 8 64б. 
      Съветвам се с вас и моля за помощ, тъй като компютъра имаше сериозни проблеми с този лаптоп. Като цяло с инсталациите на множество програми беше вкарала няколко гадни червея с които се справих с лекота, но остана проблема с свалянето на файлове като цяло, като дава грешка ( сканирането за вируси не може да бъде завършено). Абсолютно всяка програма която се слага на лаптопа минава през флашка и моя компютър. На лаптопа преди моята намеса имаше инсталирани съвместно множество антивирусни, които премахнах, или поне тези които можах, възможни са останки от тях!
      Пробвах да активирам дефендъра на уиндоус ама и той ми каза да си гледам работата, защото е забранен от груповите правила, а познайте какво не виждам там: раздел Windows Defender
      Прикрепям логовете, и моля за помощ, с вързани ръце съм...
       
      Addition.txt FRST.txt
    • от miroslav24
      Здравейте,странно нещо се случи след като си пуснах компютъра и опитах да си вляза в пощата,установих че при натискане на един бутон се изписват две букви.Прави го само на горния ред и на някои от цифрите.Сканирах с Malwarebytes и публикувам резултата.Не съм предприемал никакви действия по карантиниране или изчистване на намереното.
      Malwarebytes
      www.malwarebytes.com
      -Log Details-
      Scan Date: 11/5/21
      Scan Time: 11:58 AM
      Log File: e0e93651-3e1e-11ec-93b7-180373dd34b3.json
      -Software Information-
      Version: 4.4.10.144
      Components Version: 1.0.1499
      Update Package Version: 1.0.46810
      License: Trial
      -System Information-
      OS: Windows 7 Service Pack 1
      CPU: x64
      File System: NTFS
      User: m-PC\user
      -Scan Summary-
      Scan Type: Threat Scan
      Scan Initiated By: Manual
      Result: Completed
      Objects Scanned: 314020
      Threats Detected: 1
      Threats Quarantined: 0
      Time Elapsed: 5 min, 16 sec
      -Scan Options-
      Memory: Enabled
      Startup: Enabled
      Filesystem: Enabled
      Archives: Enabled
      Rootkits: Disabled
      Heuristics: Enabled
      PUP: Detect
      PUM: Detect
      -Scan Details-
      Process: 0
      (No malicious items detected)
      Module: 0
      (No malicious items detected)
      Registry Key: 0
      (No malicious items detected)
      Registry Value: 0
      (No malicious items detected)
      Registry Data: 0
      (No malicious items detected)
      Data Stream: 0
      (No malicious items detected)
      Folder: 0
      (No malicious items detected)
      File: 1
      Adware.InstallCore, C:\USERS\USER\APPDATA\LOCAL\TEMP\BITC986.TMP.EXE, No Action By User, 517, 640569, 1.0.46810, 760370905C2B1C149042EF74, dds, 01496465, C292D40EF8D20CA5CCCEBA246BE70754, 622A4F58BBAE04994DFA4625E24009DE2B1AE01FE6B7691C6D24BCA0014BAE21
      Physical Sector: 0
      (No malicious items detected)
      WMI: 0
      (No malicious items detected)

      (end)
      прикачам и файлове от сканиране с FRST
       
       
      FRST.txt Addition.txt
    • от valyo_93
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-09-2021
      Ran by Administrator (administrator) on GLBG1543PC04 (Hewlett-Packard HP Compaq 6005 Pro SFF PC) (16-09-2021 11:56:16)
      Running from D:\Users\Administrator\Desktop
      Loaded Profiles: Administrator
      Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) Language: English (United States)
      Default browser: IE
      Boot Mode: Normal
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      () [File not signed] C:\Program Files\Xerox\Xerox WorkCentre 3220\PSU\Scan2pc.exe
      () [File not signed] C:\Windows\System32\xWD35bgnd.exe
      () [File not signed] C:\Windows\Xerox\PanelMgr\SSMMgr.exe
      (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
      (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
      (Advanced Micro Devices Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
      (ATI Technologies Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
      (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
      (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <16>
      (Google LLC -> Google LLC) C:\Program Files\Google\Update\1.3.36.102\GoogleCrashHandler.exe
      (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
      (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
      (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
      (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
      (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
      (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
      (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
      (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
      (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
      (OCS Inventory NG) [File not signed] C:\Program Files\OCS Inventory Agent\OcsService.exe
      (OCS Inventory NG) [File not signed] C:\Program Files\OCS Inventory Agent\OcsSystray.exe
      (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
      (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
      (Skype Software Sarl -> Skype Technologies) C:\Program Files\Skype\Browser\SkypeBrowserHost.exe
      (TeamViewer -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
      (TeamViewer -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
      (TeamViewer -> TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe
      (Xerox Corporation) [File not signed] C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe
      ==================== Registry (Whitelisted) ===================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [IME JPN 2007 Migration] => C:\Program Files\Common Files\microsoft shared\IME12\IMEJP\IMJPKLMG.EXE [63856 2011-09-19] (Microsoft Corporation -> Microsoft Corporation)
      HKLM\...\Run: [Korean IME Migration] => C:\Program Files\Common Files\microsoft shared\IME12\IMEKR\IMKRMIG.EXE [26400 2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
      HKLM\...\Run: [Microsoft Pinyin IME Migration] => C:\Program Files\Common Files\microsoft shared\IME12\IMESC\IMSCMIG.EXE [32112 2011-05-31] (Microsoft Corporation -> Microsoft Corporation)
      HKLM\...\Run: [XeroxScanUtility] => C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe [430080 2008-04-15] (Xerox Corporation) [File not signed]
      HKLM\...\Run: [XeroxEndeavorBackgroundTask] => C:\Windows\system32\xWD35bgnd.exe [80896 2008-04-14] () [File not signed]
      HKLM\...\Run: [Xerox PanelMgr] => C:\Windows\Xerox\PanelMgr\SSMMgr.exe [626688 2010-01-26] () [File not signed]
      HKLM\...\Run: [Stanley-H_XRX_S2P] => C:\Program Files\Xerox\Xerox WorkCentre 3220\PSU\Scan2pc.exe [253952 2010-01-26] () [File not signed]
      HKLM\...\Run: [fssui] => C:\Program Files\Windows Live\Family Safety\fsui.exe [884584 2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-13] (Advanced Micro Devices, Inc.) [File not signed]
      HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-05-31] (Realtek Semiconductor Corp -> Realtek Semiconductor)
      HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
      HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [112920 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
      HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Run: [Google Update] => C:\Users\Librarian\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-04-04] (Google Inc -> Google Inc.)
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\system: [LogonHoursAction] 2
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\system: [DisableTaskMgr] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\system: [NoDispScrSavPage] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\Explorer: [DisablePersonalDirChange] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1005\...\Policies\Explorer: [NoRun] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Software Sarl -> Skype Technologies S.A.)
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Run: [AvastBrowserAutoLaunch_9E0AB01C37B94381383AE0CDA0DCCFE4] => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [2049792 2021-08-20] (Avast Software s.r.o. -> AVAST Software)
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\system: [LogonHoursAction] 2
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\system: [DisableTaskMgr] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\system: [NoDispScrSavPage] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\Explorer: [DisablePersonalDirChange] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\Policies\Explorer: [NoRun] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-1006\...\MountPoints2: {6a2c2d8e-b410-11e3-9029-3cd92b632c53} - G:\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.9B05 PID_0083
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Software Sarl -> Skype Technologies S.A.)
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Run: [AvastBrowserAutoLaunch_8901C211194C0DFF277C9606C1448E31] => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [2049792 2021-08-20] (Avast Software s.r.o. -> AVAST Software)
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\system: [LogonHoursAction] 2
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\system: [DisableTaskMgr] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\system: [NoDispScrSavPage] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\Explorer: [DisablePersonalDirChange] 1
      HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\Policies\Explorer: [NoRun] 1
      HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Software Sarl -> Skype Technologies S.A.)
      HKLM\...\Windows NT x86\Print Processors\sxs2mPC: C:\Windows\System32\spool\prtprocs\W32X86\sxs2mpc.dll [19968 2010-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) 2000 DDK provider)
      HKLM\...\Windows NT x86\Print Processors\XeroxV5Print: C:\Windows\System32\spool\prtprocs\W32X86\x5print.dll [10752 2008-05-09] (Xerox Corporation) [File not signed]
      HKLM\...\Windows NT x86\Print Processors\xp3220: C:\Windows\System32\spool\prtprocs\W32X86\xp3220pp.dll [56320 2009-06-17] (Windows (R) Codename Longhorn DDK provider) [File not signed]
      HKLM\...\Print\Monitors\Language Monitor for Xerox Phaser 6125N: C:\Windows\SYSTEM32\XRZWSLBI.DLL [135284 2009-08-30] (Xerox Co., Ltd.) [File not signed]
      HKLM\...\Print\Monitors\sxs2m Langmon: C:\Windows\SYSTEM32\sxs2ml3.dll [22723 2010-03-29] (Microsoft Windows Hardware Compatibility Publisher -> )
      HKLM\...\Print\Monitors\Xerox PC Fax Port: C:\Windows\SYSTEM32\XeroxFaxPort.dll [94208 2009-04-02] () [File not signed]
      HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
      HKLM\Software\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files\AVAST Software\Browser\Application\92.2.11575.159\Installer\chrmstp.exe [2021-09-03] (Avast Software s.r.o. -> AVAST Software)
      HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\93.0.4577.82\Installer\chrmstp.exe [2021-09-14] (Google LLC -> Google LLC)
      HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
      Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OCS Inventory NG Systray.lnk [2013-09-20]
      ShortcutTarget: OCS Inventory NG Systray.lnk -> C:\Program Files\OCS Inventory Agent\OcsSystray.exe (OCS Inventory NG) [File not signed]
      GroupPolicy: Restriction ? <==== ATTENTION
      GroupPolicy\User: Restriction ? <==== ATTENTION
      GroupPolicyUsers\S-1-5-21-299244719-1399796724-3294634451-1006\User: Restriction <==== ATTENTION
      GroupPolicyUsers\S-1-5-21-299244719-1399796724-3294634451-1005\User: Restriction <==== ATTENTION
      Policies: C:\Users\Administrator\NTUSER.pol: Restriction <==== ATTENTION
      Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
      Policies: C:\Users\Librarian\NTUSER.pol: Restriction <==== ATTENTION
      Policies: C:\Users\Visitor\NTUSER.pol: Restriction <==== ATTENTION
      HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
      ==================== Scheduled Tasks (Whitelisted) ============
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      Task: {08DF9C6D-7CB5-4684-B618-67D60F53BEA0} - System32\Tasks\Del Old File => C:\Windows\Scripts\del.bat [1302 2010-10-30] () [File not signed]
      Task: {30793A5D-DAF8-4DCF-9F2D-90350B4C812B} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [275136 2021-09-07] (Bluestack Systems, Inc -> BlueStack Systems, Inc.)
      Task: {3267B5BB-592E-4EB5-BABA-3B6CFF35A841} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [2049792 2021-08-20] (Avast Software s.r.o. -> AVAST Software)
      Task: {3559AB34-18E1-482D-8F96-4536BA328936} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1546480 2021-06-25] (Avast Software s.r.o. -> Avast Software)
      Task: {3910E168-A173-4EF4-A61E-E5D13CCE99DD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA => C:\Users\Librarian\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-04-04] (Google Inc -> Google Inc.)
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Flash Player NPAPI Notifier" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\Adobe Flash Player PPAPI Notifier" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\Adobe Flash Player Updater" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{40BCF64C-47D6-4908-90A6-7F9040AFF644}" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\{671B1A2E-C698-451F-BF5F-C59EABFF1053}" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\{B082BF56-1FC4-46B4-A49A-712889734CCB}" /ENABLE
      Task: {4ACC36A1-6617-4B18-891A-78E59130F994} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
      Task: {4E4163B2-2F9B-40BC-BCE1-8CA082945A05} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      Task: {59788F2F-057B-497D-AD10-26F6EBE7DD6E} - \GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1001Core -> No File <==== ATTENTION
      Task: {5CC8CDED-13A6-4AB9-B10C-ADC7F2CE961B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [345824 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
      Task: {5F353FD2-DAE7-4B61-B6D2-013DE73E0D84} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4364056 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      Task: {67F3E56F-BF81-40A9-9B43-E0B8D326CF35} - System32\Tasks\{671B1A2E-C698-451F-BF5F-C59EABFF1053} => C:\Program Files\Skype\\Phone\Skype.exe [27784672 2017-06-27] (Skype Software Sarl -> Skype Technologies S.A.)
      Task: {6D041990-9703-495B-922D-A29D1E951CF5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core => C:\Users\Librarian\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-04-04] (Google Inc -> Google Inc.)
      Task: {6D725850-4BEA-4C22-ADFF-0B008091ECAD} - System32\Tasks\delete => C:\Windows\Scripts\del.bat [1302 2010-10-30] () [File not signed]
      Task: {6E99A771-BE6E-4451-865F-6FB9DCBBDFCE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-09-15] (Adobe Inc. -> Adobe)
      Task: {88F25EBE-0AD6-45B2-BB52-208CF5A62B03} - System32\Tasks\Log off => C:\Windows\Scripts\logoff.bat [16 2010-10-31] () [File not signed]
      Task: {982A605B-F3AD-4C0D-8BBF-E7630ADB1F1E} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [2049792 2021-08-20] (Avast Software s.r.o. -> AVAST Software)
      Task: {9F2A0AEF-F85F-4784-A1C3-68726ED402A0} - \GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1001UA -> No File <==== ATTENTION
      Task: {A2DF1937-8BB7-429B-838F-9BB6B671ABA2} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} C:\Program Files\Windows Live\SOXE\wlsoxe.dll [179584 2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      Task: {AED1AD05-FC83-4BAD-945F-721B4890EC84} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_433_pepper.exe [1497656 2020-09-15] (Adobe Inc. -> Adobe)
      Task: {B1AE9B04-84F1-4831-8527-D76B753CBA2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-06-20] (Google Inc -> Google Inc.)
      Task: {BBBB72F5-3A2B-4A01-A640-A5FF57FD1EB6} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_433_Plugin.exe [1502264 2020-09-09] (Adobe Inc. -> Adobe)
      Task: {BD743956-DC62-4307-843F-D62CE84AD182} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
      Task: {C55964AC-A211-4B5D-B595-C77C191E72DB} - System32\Tasks\{B082BF56-1FC4-46B4-A49A-712889734CCB} => "C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain
      Task: {DDA3604F-53D8-4D74-AB76-64F76053088A} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      Task: {EF23F159-7109-499A-A25E-2BF8A8FE9116} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-06-20] (Google Inc -> Google Inc.)
      (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
      Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core.job => C:\Users\Librarian\AppData\Local\Google\Update\GoogleUpdate.exe
      Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA.job => C:\Users\Librarian\AppData\Local\Google\Update\GoogleUpdate.exe
      Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-421337976-2832419435-3520994213-1001Core.job => C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe
      Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-421337976-2832419435-3520994213-1001UA.job => C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Winsock: Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
      Winsock: Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
      Tcpip\..\Interfaces\{A753DA6E-FE95-49B7-AA56-3DC81D3E4609}: [DhcpNameServer] 192.168.0.1
      HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
      FireFox:
      ========
      FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\c21lr0at.default [2018-09-27]
      FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_433.dll [2020-09-09] (Adobe Inc. -> )
      FF Plugin: @IPC/WebClient -> C:\windows\system32\SuperClient2\npSuperClient.dll [2013-09-26] (Chipspoint Electronics Co., Ltd -> )
      FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-09-25] (Oracle America, Inc. -> Oracle Corporation)
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
      FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
      FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-11-26] (Nullsoft, Inc.) [File not signed]
      FF Plugin: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      FF Plugin: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
      FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-1005: @tools.google.com/Google Update;version=3 -> C:\Users\Librarian\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll [2011-11-14] (Google Inc -> Google Inc.)
      FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-1005: @tools.google.com/Google Update;version=9 -> C:\Users\Librarian\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll [2011-11-14] (Google Inc -> Google Inc.)
      FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-1006: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Visitor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies SF -> Unity Technologies ApS)
      FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\services-sync.js [2010-01-01]
      FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\firefox-branding.js [2010-01-01]
      FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\firefox-l10n.js [2010-01-01]
      FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\firefox.js [2013-08-12]
      FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2007-04-03] <==== ATTENTION
      Chrome: 
      =======
      CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2021-09-16]
      CHR Notifications: Default -> hxxps://www.facebook.com
      CHR Extension: (Документи) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-27]
      CHR Extension: (Google Диск) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-08-31]
      CHR Extension: (Google Документи офлайн) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-01]
      CHR Extension: (Avast Online Security) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-08-31]
      CHR Extension: (Skype) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2018-09-27]
      CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-08-31]
      CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-08-31]
      CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
      CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
      CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
      ==================== Services (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
      S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-09-15] (Adobe Inc. -> Adobe)
      S2 AgentService; C:\Program Files\LibraryClient\globalLibx32\service.exe [46592 2012-02-20] () [File not signed]
      R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [176128 2011-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
      R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2011-07-13] (Advanced Micro Devices, Inc.) [File not signed]
      R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7466064 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [575768 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [357656 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      S3 AvastSecureBrowserElevationService; C:\Program Files\AVAST Software\Browser\Application\92.2.11575.159\elevation_service.exe [1197032 2021-08-20] (Avast Software s.r.o. -> AVAST Software)
      R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-06-25] (Avast Software s.r.o. -> AVAST Software)
      R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
      R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
      R2 OCS Inventory Service; C:\Program Files\OCS Inventory Agent\OcsService.exe [38912 2013-04-08] (OCS Inventory NG) [File not signed]
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
      R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [1713536 2011-03-28] (Microsoft Corporation -> Microsoft Corp.)
      ===================== Drivers (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R3 amdiox86; C:\Windows\System32\DRIVERS\amdiox86.sys [37944 2010-02-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
      R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [8395776 2011-07-13] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
      R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [247296 2011-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
      R2 AODDriver4.01; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [39424 2011-06-24] (Advanced Micro Devices) [File not signed]
      R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [33600 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [185776 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [309264 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [206352 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [91664 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [39312 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [153496 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [393016 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [36104 2020-06-18] (AVAST Software s.r.o. -> AVAST Software)
      R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [92752 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [71920 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [690128 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [455920 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [161864 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [278184 2021-09-08] (Avast Software s.r.o. -> AVAST Software)
      R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [259800 2021-09-07] (Bluestack Systems, Inc -> Bluestack System Inc.)
      S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2008-10-28] (Samsung Electronics Co., Ltd.) [File not signed]
      S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [108032 2016-04-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
      R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
      R3 MpKslc0e71772; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5AEB6EB6-B91A-4C67-B3E5-99CBE32CCFF4}\MpKslDrv.sys [36072 2021-09-16] (Microsoft Windows -> Microsoft Corporation)
      S3 nmwcd; C:\Windows\System32\drivers\ccdcmb.sys [18560 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
      S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbo.sys [23168 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
      S3 qcusbser-forge; C:\Windows\System32\DRIVERS\qcusbser.sys [214080 2015-06-08] (Microsoft Windows Hardware Compatibility Publisher -> FORGE Incorporated)
      S3 qcusbwwan-forge; C:\Windows\System32\DRIVERS\qcusbwwan.sys [422976 2015-06-08] (Microsoft Windows Hardware Compatibility Publisher -> FORGE Incorporated)
      R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2008-10-27] (Samsung Electronics) [File not signed]
      S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI Corporation -> MCCI)
      S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8192 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
      S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Windows -> Microsoft Corporation)
      S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8192 2012-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
      U1 aswbdisk; no ImagePath
      S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
      S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
      S3 VGPU; System32\drivers\rdvgkmd.sys [X]
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One month (created) (Whitelisted) =========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2021-09-16 11:55 - 2021-09-16 11:57 - 000000000 ____D C:\FRST
      2021-09-16 11:39 - 2021-09-16 11:39 - 000003872 _____ C:\Windows\system32\Tasks\BlueStacksHelper_nxt
      2021-09-16 11:39 - 2021-09-16 11:39 - 000002153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5 Multi-Instance Manager.lnk
      2021-09-16 11:39 - 2021-09-16 11:39 - 000002141 _____ C:\Users\Public\Desktop\BlueStacks 5 Multi-Instance Manager.lnk
      2021-09-16 11:39 - 2021-09-16 11:39 - 000002005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 5.lnk
      2021-09-16 11:39 - 2021-09-16 11:39 - 000001993 _____ C:\Users\Public\Desktop\BlueStacks 5.lnk
      2021-09-16 11:38 - 2021-09-16 11:38 - 000006890 _____ C:\Users\Administrator\-1.14-windows.xml
      2021-09-16 11:36 - 2021-09-16 11:49 - 000000000 ____D C:\ProgramData\BlueStacks_nxt
      2021-09-16 11:36 - 2021-09-16 11:36 - 000000000 ____D C:\Program Files\BlueStacks_nxt
      2021-09-16 11:33 - 2021-09-16 11:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\BlueStacksSetup
      2021-09-16 11:33 - 2021-09-16 11:36 - 000000000 ____D C:\Users\Administrator\AppData\Local\Bluestacks
      2021-09-16 11:33 - 2021-09-16 11:33 - 000000000 ____D C:\Users\Public\BlueStacks
      2021-09-16 08:54 - 2021-09-16 11:42 - 000000262 _____ C:\Users\Administrator\advanced_ip_scanner_MAC.bin
      2021-09-16 08:54 - 2021-09-16 11:42 - 000000015 _____ C:\Users\Administrator\advanced_ip_scanner_Comments.bin
      2021-09-16 08:54 - 2021-09-16 11:42 - 000000015 _____ C:\Users\Administrator\advanced_ip_scanner_Aliases.bin
      2021-09-16 08:51 - 2013-09-26 14:21 - 000000000 ____D C:\Windows\system32\SuperClient2
      2021-09-16 08:51 - 2013-09-26 14:07 - 000237568 _____ () C:\Windows\system32\SuperClient Save.exe
      2021-09-16 08:48 - 2021-09-16 08:48 - 000000957 _____ C:\Users\Public\Desktop\Advanced IP Scanner.lnk
      2021-09-16 08:48 - 2021-09-16 08:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced IP Scanner v2
      2021-09-16 08:48 - 2021-09-16 08:48 - 000000000 ____D C:\Program Files\Advanced IP Scanner
      2021-09-08 12:11 - 2021-09-08 12:09 - 000287000 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
      2021-09-08 12:11 - 2021-09-08 12:09 - 000161864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
      2021-09-02 09:25 - 2021-09-13 09:22 - 000004464 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
      2021-08-31 14:56 - 2021-08-31 14:56 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Adobe
      ==================== One month (modified) ==================
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2021-09-16 11:56 - 2010-10-25 14:45 - 000000000 ____D C:\Users\Visitor
      2021-09-16 11:56 - 2010-10-25 14:24 - 000000000 ____D C:\Users\Librarian
      2021-09-16 11:52 - 2010-10-31 18:37 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
      2021-09-16 11:45 - 2011-04-04 16:21 - 000000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA.job
      2021-09-16 11:39 - 2010-10-25 14:50 - 000000000 ____D C:\Users\Administrator
      2021-09-16 11:24 - 2013-09-25 11:17 - 000000000 ____D C:\Program Files\Google
      2021-09-16 09:16 - 2009-07-14 07:34 - 000024352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2021-09-16 09:16 - 2009-07-14 07:34 - 000024352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2021-09-16 08:39 - 2017-07-18 16:04 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
      2021-09-16 08:37 - 2017-07-18 16:00 - 000000000 ____D C:\ProgramData\AVAST Software
      2021-09-16 08:37 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
      2021-09-15 15:07 - 2018-09-27 09:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\AVAST Software
      2021-09-14 09:15 - 2017-06-20 14:26 - 000002176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      2021-09-14 09:15 - 2017-06-20 14:26 - 000002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
      2021-09-08 12:13 - 2017-07-18 16:03 - 000278184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
      2021-09-08 12:09 - 2020-07-30 09:14 - 000153496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
      2021-09-08 12:09 - 2020-06-18 16:34 - 000393016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
      2021-09-08 12:09 - 2019-03-21 12:06 - 000206352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
      2021-09-08 12:09 - 2019-03-21 12:06 - 000091664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
      2021-09-08 12:09 - 2017-07-18 16:06 - 000039312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
      2021-09-08 12:09 - 2017-07-18 16:03 - 000455920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
      2021-09-08 12:09 - 2017-07-18 16:03 - 000092752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
      2021-09-08 12:09 - 2017-07-18 16:03 - 000071920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
      2021-09-08 12:08 - 2019-03-21 12:06 - 000309264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
      2021-09-08 12:08 - 2019-03-21 12:06 - 000033600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
      2021-09-08 12:08 - 2017-11-17 09:11 - 000185776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
      2021-09-08 12:08 - 2017-07-18 16:03 - 000690128 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
      2021-09-03 09:26 - 2019-04-12 09:35 - 000003720 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
      2021-09-03 09:26 - 2018-09-27 09:29 - 000002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
      2021-09-03 09:26 - 2018-09-27 09:29 - 000002338 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
      2021-09-03 09:16 - 2010-10-30 10:53 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe
      2021-09-02 12:01 - 2011-04-04 16:21 - 000000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core.job
      2021-09-02 09:04 - 2018-03-28 15:58 - 000004474 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
      2021-09-02 09:04 - 2017-06-20 14:25 - 000003322 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
      2021-09-02 09:04 - 2017-06-20 14:25 - 000003194 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
      2021-09-02 09:04 - 2017-06-20 10:51 - 000004486 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
      2021-09-02 09:04 - 2013-09-25 11:14 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
      2021-09-02 09:04 - 2012-07-26 12:09 - 000003068 _____ C:\Windows\system32\Tasks\{B082BF56-1FC4-46B4-A49A-712889734CCB}
      2021-09-02 09:04 - 2012-03-30 10:56 - 000003950 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{40BCF64C-47D6-4908-90A6-7F9040AFF644}
      2021-09-02 09:04 - 2011-04-04 16:21 - 000003912 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA
      2021-09-02 09:04 - 2011-04-04 16:21 - 000003516 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core
      2021-09-02 09:04 - 2010-10-24 18:33 - 000002866 _____ C:\Windows\system32\Tasks\{671B1A2E-C698-451F-BF5F-C59EABFF1053}
      2021-09-01 12:43 - 2017-12-07 11:48 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
      2021-09-01 12:25 - 2010-10-24 19:51 - 000000000 ____D C:\ProgramData\Adobe
      2021-08-31 14:56 - 2010-10-29 10:05 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
      2021-08-31 14:56 - 2010-10-24 19:26 - 003890712 _____ C:\Windows\system32\perfh01F.dat
      2021-08-31 14:56 - 2010-10-24 19:26 - 003245800 _____ C:\Windows\system32\perfc01F.dat
      2021-08-31 14:56 - 2010-10-24 18:25 - 000006252 _____ C:\Windows\system32\PerfStringBackup.INI
      2021-08-30 23:45 - 2010-10-24 18:20 - 000652664 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
      ==================== Files in the root of some directories ========
      2010-10-29 19:41 - 2010-10-30 10:58 - 000008049 _____ () C:\Users\Administrator\AppData\Roaming\XeroxFaxOptions.xml
      2010-10-26 17:33 - 2010-10-26 17:33 - 000000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
      ==================== SigCheck ============================
      (There is no automatic fix for files that do not pass verification.)

      LastRegBack: 2021-09-09 10:36
      ==================== End of FRST.txt ========================
      Addition.txt
    • от vlado1985
      Здравейте мисля че имам вирус, следкато днес инсталирах една актуализация защото ми показваше че има проблем с сертификатите и не ми се зареждаха някои страници. Следкато инсталирах въпросната актуализация ми се появи този страмен сервиз и немога да го махна. Атктуализацията която качих е тази https://www.microsoft.com/en-us/download/details.aspx?id=45633 от тази страница видях че въпросната актуализация е помогнала на няколко човека и аз я качих на мен https://support.google.com/chrome/thread/128686072/net-err-cert-date-invalid-error?hl=en 
      Прилагам снимки на сервиза който ми се появи


×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване