fejlkode 0x80070424
Antal indlæg: 40

Når jeg skal downloade f.eks. java skriver den “programmet indeholdt en virus og blev slettet. den gør det samme uanset hvad der skal downloades.
jeg tænkte så på om det kunne være noget med firewall, men den kan jeg ikke ændre på da den skriver “nogle af indstillingerne kan ikke ændres. fejlkolde 0x80070424

Hvad kan jeg så gøre?

hilsen Tobias

Administrator
Antal indlæg: 8333

Hej, og velkommmen til smile

Vil du godt afholde dig fra, selv at ændre på PCen mens vi arbejder med den.

Det kan forvirre og komplicere det unødigt excaim

Hvis der er noget du ikke forstår, eller et program ikke vil køre - så stop - og fortæl mig det excaim

———

Du skal helst downloade fra en anden PC excaim

Fjern Alle USB nøgler og Externe Harddiske før du kører programmet.

Hent og gem RogueKiller på dit skrivebord.

Den kan også hentes her

Husk at vælge den rigtige version. (32 eller 64 bit)

Deaktiver dit sikkerhedprogram, mens du kører den excaim

Luk alle vinduer og kør “RogueKiller” (Hvis den blokeres, kør den flere gange)

Hvis den slet ikke vil køre, prøv at omdøbe den til winlogon.exe

Mht.: Vista og Windows 7/8 - Højreklik på filen - Kør som Administrator.

Lad det indledende scan køre.

Tryk SCAN.

Når den har scannet færdig, så luk programmet.

Du skal ikke fjerne noget excaim

Den laver en log “RKreport[0].txt” på dit Skrivebord. Kopier den herind i dit næste indlæg.

———

Til 32 bit Windows, hent Farbar Recovery Scan Tool og gem den på Skrivebordet.

Til 64 bit Windows, hent Farbar Recovery Scan Tool x64 og gem den på Skrivebordet.

Start Farbar Recovery Scan Tool og klik på Scan.

Når scanningen er færdig, har du 2 log filer på Skrivebordet -  FRST.txt og Addition.txt som du bedes kopiere herind.

Send dem i separate indlæg, da de kan være meget lange excaim

Signatur

Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !

Antal indlæg: 40

den første log
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-01-2014
Ran by Tobias Jakobsen (administrator) on TOBIASJAKOBSEN on 27-01-2014 12:24:39
Running from C:\Users\Tobias Jakobsen\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Danish
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(cake bake) C:\Program Files (x86)\WBDesktop.Updater.1.0.0.16.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-09-27] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Windows Security] - C:\Users\Tobias Jakobsen\AppData\Roaming\WinSecure32.exe [139264 2013-12-07] ()
HKLM\...\RunOnce: [*Restore] - C:\windows\System32\rstrui.exe /runonce [296960 2010-11-21] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [7701] - C:\ProgramData\mssjtun.exe [144384 2010-11-21] ( (Nero StartSmart Essentials))
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 1
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 1
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 1
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 1
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKCU\...\Run: [Remote Control Server] - C:\Program Files (x86)\Remote Control Server\Remote Control Server.exe [2222080 2013-06-18] (Steppschuh)
HKCU\...\Run: [iLivid] - -autorun
HKCU\...\Run: [{5888000E-0A4D-0A8E-DCDA-350A1F564B38}] - [x]
HKCU\...\Run: [ActiveUpdate] - C:\ProgramData\ActiveU0\rpeulaaql .exe [0 ] ()
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [Screen Saver Pro 3.1] - C:\Users\Tobias Jakobsen\AppData\Roaming\ScreenSaverPro.scr
HKCU\...\Run: [Tgckcd] - C:\Users\Tobias Jakobsen\AppData\Roaming\Microsoft\Tgckcd.exe
HKCU\...\Run: [nass0123] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8325143\nass0123.exe [42845 2013-11-24] ()
HKCU\...\Run: [nass0124] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345143\nass0124.exe [43155 2013-11-24] ()
HKCU\...\Run: [sjdbpro1] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12986119\sjdbpro61.exe [147456 2013-11-24] (NAT Software, Germany.)
HKCU\...\Run: [nass0125] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345543\nass0125.exe [43465 2013-11-24] ()
HKCU\...\Run: [nass0126] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345546\nass0126.exe [43780 2013-11-24] ()
HKCU\...\Run: [nass0127] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345547\nass017.exe [44090 2013-11-24] ()
HKCU\...\Run: [12h330] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-120221\12133d.exe [41075 2013-11-24] ()
HKCU\...\Run: [d3d30] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-121151\12d3d.exe [41465 2013-11-24] ()
HKCU\...\Run: [n31335121] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3313547\n1a334121.exe [41730 2013-11-24] ()
HKCU\...\Run: [na0ss0121] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-825347\na0ss0121.exe [41930 2013-11-24] ()
HKCU\...\Run: [nafejh1] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-98614471\nafejh1.exe [41785 2013-11-24] ()
HKCU\...\Run: [nafejh] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9861447\nafejh.exe [41475 2013-11-24] ()
HKCU\...\Run: [Adobe System Incorporated] - C:\Users\Tobias Jakobsen\AppData\Local\Temp\Adobe\Reader_sl.exe [207161 2014-01-26] () <===== ATTENTION
HKCU\...\Run: [Qgckca] - C:\Users\Tobias Jakobsen\AppData\Roaming\Identities\Qgckca.exe [98816 2013-11-25] (BolderVerter Corp ©)
HKCU\...\Run: [t0r1allsvu] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-14196119\t0r1allsvu.exe [119296 2013-11-28] (BlueStack Systems, Inc.)
HKCU\...\Run: [breninfo] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897169\breninfo.exe [123392 2013-11-29] (BlueStack Systems, Inc.)
HKCU\...\Run: [andmeow] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8971975\andmew.exe [127488 2013-11-29] (BlueStack Systems, Inc.)
HKCU\...\Run: [Windows Update Service] - C:\Users\Tobias Jakobsen\AppData\Local\Temp\windows\winsys.exe [548902 2013-12-03] (Flash ) <===== ATTENTION
HKCU\...\Run: [Egckco] - C:\Users\Tobias Jakobsen\AppData\Roaming\Identities\Egckco.exe [101376 2014-01-26] (Jemfeque Corp ©)
HKCU\...\Run: [andm3eow2] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-83971975\and3mew2.exe [126464 2013-12-12] (BlueStack Systems, Inc.)
HKCU\...\Run: [andmeow2] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-82971975\andmew2.exe [128000 2013-12-25] (BlueStack Systems, Inc.)
HKCU\...\Run: [Service] - C:\Users\Tobias Jakobsen\AppData\Roaming\ieTnd\ltc.exe [8704 2013-12-05] ()
HKCU\...\Run: [Windows Firewall Management] - C:\RECYCLER\barcode.exe [87040 2014-01-26] (mIRC Co. Ltd.)
HKCU\...\Run: [Windows Mode Recovery] - C:\RECYCLER\winmode.exe [94208 2013-12-12] (flash )
HKCU\...\Run: [Windows Security] - C:\Users\Tobias Jakobsen\AppData\Roaming\WinSecure32.exe [139264 2013-12-07] ()
HKCU\...\Run: [asaba3tsh] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe [41005 2013-12-28] ()
HKCU\...\Run: [asaba3tsh1] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-19714475\asaba3tsh1.exe [42730 2013-12-11] ()
HKCU\...\Run: [ababbdq] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-19449463\ababbdq.exe [91136 2013-12-11] (PortableApps.com)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-06-08] (Google Inc.)
HKCU\...\Run: [Window Remote Managements] - C:\RECYCLER\wpnedit.exe [96768 2014-01-26] (Nero StartSmart Essentials)
HKCU\...\Run: [Windows Services Management] - C:\RECYCLER\swcode.exe [82944 2014-01-26] (AntiVir Avast)
HKCU\...\Run: [Windows Remote Management] - C:\RECYCLER\proedit.exe [79360 2014-01-26] (Nero StartSmart Essentials)
HKCU\...\Run: [1ne331] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10967196\1ne331.exe [84480 2014-01-26] (Skype)
HKCU\...\Run: [xetcwow] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897fewj\xetcwow.exe [122368 2014-01-26] (BlueStack Systems, Inc.)
HKCU\...\Winlogon: [Shell] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897fewj\xetcwow.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10967196\1ne331.exe,C:\RECYCLER\proedit.exe,C:\RECYCLER\swcode.exe,C:\RECYCLER\wpnedit.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-19449463\ababbdq.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-19714475\asaba3tsh1.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe,C:\RECYCLER\winmode.exe,C:\RECYCLER\barcode.exe,C:\RECYCLER\wivsys.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-82971975\andmew2.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-83971975\and3mew2.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8971975\andmew.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897169\breninfo.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-14196119\t0r1allsvu.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9861447\nafejh.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-98614471\nafejh1.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-825347\na0ss0121.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3313547\n1a334121.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-121151\12d3d.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-120221\12133d.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345547\nass017.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345546\nass0126.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345543\nass0125.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12986119\sjdbpro61.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345143\nass0124.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8325143\nass0123.exe [42845 2013-11-24] () <==== ATTENTION
HKCU\...\Policies\Explorer\Run: [Windows Update] - “C:\Users\Tobias Jakobsen\AppData\Roaming\Identities\cjtss\cjtss.exe” -shell No File
HKCU\...\Policies\Explorer: [DisableLocalMachineRun] 1
HKCU\...\Policies\Explorer: [DisableCurrentUserRun] 1
HKCU\...\Policies\Explorer: [DisableLocalMachineRunOnce] 1
HKCU\...\Policies\Explorer: [DisableCurrentUserRunOnce] 1
HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
HKCU\...\CurrentVersion\Windows: [Load] c:\users\tobias~1\dxitmvin.exe <===== ATTENTION
MountPoints2: {906d3d23-96fb-11e2-9650-74de2b42f6e2} - E:\AutoRun.exe
MountPoints2: {906d3d38-96fb-11e2-9650-74de2b42f6e2} - E:\AutoRun.exe
MountPoints2: {a222aacb-5c3d-11e3-a499-d6c036c6461e} - E:\AutoRun.exe
AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll => File Not Found
Startup: C:\Users\Tobias Jakobsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skærmklipper og startprogram til OneNote 2010.lnk
ShortcutTarget: Skærmklipper og startprogram til OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.searchya.com/?q={searchTerms}&f=4&a=grupo1y&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyEyEyByEyC0FtC0EtCyDtN0D0Tzu0CyEtBtAtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1N1C2Y1E1FtC2U&cr=1535671832&ir;=
SearchScopes: HKLM-x32 - {33C2D6EA-09E6-0048-4E04-1B25E6D09A89} URL = http://search.chatzum.com/?q={searchTerms}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&ptr=100&q={searchTerms}&crg=3.1010000.10039&barid;={E1776938-F2BF-11E2-961C-9512A285CA34}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol.com/?q={searchTerms}&affID=121845&tt=050412_30b&babsrc=SP_ss_Btisdt7&mntrId=A650582C80139263
SearchScopes: HKCU - {546CBD2C-F95A-486F-BE79-B890FA3B9BF4} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale;=&apn;_ptnrs=&apn_dtid=OSJ000&apn_uid=3F2EC6E0-05F0-45A2-A0FA-13D6C0F82E80&apn_sauid=1BC7C085-B47B-49DE-A295-0D8346A6C027&
SearchScopes: HKCU - {71EE3EDC-E9F9-32FC-D6E9-25871F13F88A} URL = http://isearch.avg.com/search?cid={11099402-3BC1-486A-B42A-DF20ACC966CC}&mid=ec540e6789bf47d09efa6939b2a09d9c-7626ba83a4bc795ea2ef60dd37c4d0609179c1a6&lang=da&ds=AVG&pr=fr&d=2012-07-31 18:23:02&v=14.2.0.1&pid=avg&sg;=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.chatzum.com/?q={SearchTerms}
SearchScopes: HKCU - {A7FD8CAD-AED1-4ECF-B743-D855D6D3C0C0} URL = http://tuvaro.com/ws/?source=9e9471a2&tbp=rbox&toolbarid=base&u=a6501e15000000000000582c80139263&q={searchTerms}
SearchScopes: HKCU - {AE21207F-07DC-4C12-B5FC-297AA978D584} URL = http://search.softonic.com/MOY00007/tb_v1?q={searchTerms}&SearchSource=4&cc;=&mi=a6501e15000000000000582c80139263&r=984
SearchScopes: HKCU - {E2F3ED2F-8189-45F5-9EBA-6AC1E644D2D2} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3205709
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid;={E1776938-F2BF-11E2-961C-9512A285CA34}&crg=3.1010000.10039&st=23&ptr=100
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: WebCake - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\Betcat\WebCakeIEClient.dll (Bake-Cake)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {62D40876-DF18-411F-9D34-A9DD7A197BC5} -  No File
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be “%SystemRoot%\system32\NLAapi.dll”
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be “%SystemRoot%\System32\mswsock.dll”
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be “%SystemRoot%\system32\NLAapi.dll”
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be “%SystemRoot%\System32\mswsock.dll”
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Winsock: Catalog9-x64 11 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 89.150.129.22 89.150.129.10

Chrome:
=======
CHR HomePage: hxxp://search.babylon.com/?affID=121845&tt=050412_30b&babsrc=HP_ss_sps&mntrId=A650582C80139263
CHR DefaultSearchKeyword: babylon.com
CHR DefaultSearchProvider: Babylon
CHR DefaultSearchURL: http://search.babylon.com/?q={searchTerms}&affID=121845&tt=050412_30b&babsrc=SP_ss_sps&mntrId=A650582C80139263
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Tobias Jakobsen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (      “name”: “”,) - C:\Users\Tobias Jakobsen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibgfbdggapddbjjbopabhlhianklajie\1.0.5_0\chromeNPAPI.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Tobias Jakobsen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (BrotherSoft Extreme3) - C:\Users\Tobias Jakobsen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol [2012-11-04]
CHR Extension: (New Tab) - C:\Users\Tobias Jakobsen\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnpmlnedpdikbgdghljdepnljfpkhccn [2012-07-01]
CHR Extension: (Delta Toolbar) - C:\Users\Tobias Jakobsen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-06-09]
CHR Extension: (WebCake) - C:\Users\Tobias Jakobsen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh [2013-06-09]
CHR Extension: (ChatZum.com -  Easy Pictures zoom) - C:\Users\Tobias Jakobsen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpcjmidkkgldeplajgnbpjkfpmpeepb [2012-07-01]
CHR Extension: (AVG Security Toolbar) - C:\Users\Tobias Jakobsen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-08-11]
CHR Extension: (Google Wallet) - C:\Users\Tobias Jakobsen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (Gmail) - C:\Users\Tobias Jakobsen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-27]
CHR HKCU\...\Chrome\Extension: [bhnjjbcnbmjmhgpliahlamecmbejpaol] - C:\Users\Tobias Jakobsen\AppData\Local\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx [2012-10-24]
CHR HKLM-x32\...\Chrome\Extension: [bhnjjbcnbmjmhgpliahlamecmbejpaol] - C:\Users\Tobias Jakobsen\AppData\Local\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx [2012-10-24]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Tobias Jakobsen\AppData\Roaming\BabSolution\CR\Delta.crx [2013-06-08]
CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\WebCakeLayers.crx [2013-08-15]
CHR HKLM-x32\...\Chrome\Extension: [ibgfbdggapddbjjbopabhlhianklajie] - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx [2011-11-29]

==================== Services (Whitelisted) =================

R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655712 2011-12-23] ()
R2 WebCake Desktop Updater; C:\Program Files (x86)\WBDesktop.Updater.1.0.0.16.exe [51992 2013-08-17] (cake bake)
U2 *etadpug; “C:\Program Files (x86)\Google\Desktop\Install\{5855b7b8-1bc1-c404-1767-734aba14a7e3}\  \...\???\{5855b7b8-1bc1-c404-1767-734aba14a7e3}\GoogleUpdate.exe” < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [229376 2012-02-03] (Huawei Technologies Co., Ltd.)
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
U2 nvUpdatusService;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
U2 Stereo Service;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-27 12:24 - 2014-01-27 12:25 - 00025016 _____ C:\Users\Tobias Jakobsen\Desktop\FRST.txt
2014-01-27 12:24 - 2014-01-27 12:24 - 00000000 ____D C:\FRST
2014-01-27 12:24 - 2014-01-27 12:23 - 02078208 _____ (Farbar) C:\Users\Tobias Jakobsen\Desktop\FRST64.exe
2014-01-27 12:24 - 2014-01-27 12:17 - 04380160 _____ C:\Users\Tobias Jakobsen\Desktop\RogueKillerX64.exe
2014-01-27 12:20 - 2014-01-27 12:20 - 00036359 _____ C:\Users\Tobias Jakobsen\Desktop\RKreport[0]_S_01272014_122028.txt
2014-01-27 12:18 - 2014-01-27 12:21 - 00000000 ____D C:\Users\Tobias Jakobsen\Desktop\RK_Quarantine
2014-01-26 23:54 - 2014-01-26 23:54 - 00207161 _____ C:\Users\Tobias Jakobsen\AppData\Roaming\DCA.exe
2014-01-26 23:54 - 2014-01-26 23:54 - 00084480 _____ (Skype) C:\Users\Tobias Jakobsen\AppData\Roaming\39C.exe
2014-01-26 23:53 - 2014-01-26 23:53 - 00122368 _____ (BlueStack Systems, Inc.) C:\Users\Tobias Jakobsen\AppData\Roaming\FBAF.exe
2014-01-26 22:34 - 2014-01-26 22:37 - 00000766 _____ C:\windows\DirectX.log
2014-01-26 21:34 - 2014-01-26 21:34 - 00000000 ____D C:\Program Files (x86)\GUM398.tmp
2014-01-26 20:32 - 2014-01-26 20:32 - 00000000 ____D C:\ProgramData\Oracle
2014-01-23 16:43 - 2014-01-23 16:43 - 00084480 _____ (Skype) C:\Users\Tobias Jakobsen\AppData\Roaming\F5B7.exe
2014-01-01 15:44 - 2014-01-01 15:45 - 00807464 _____ C:\windows\Minidump\010114-20560-01.dmp

==================== One Month Modified Files and Folders =======

2014-01-27 12:25 - 2014-01-27 12:24 - 00025016 _____ C:\Users\Tobias Jakobsen\Desktop\FRST.txt
2014-01-27 12:24 - 2014-01-27 12:24 - 00000000 ____D C:\FRST
2014-01-27 12:23 - 2014-01-27 12:24 - 02078208 _____ (Farbar) C:\Users\Tobias Jakobsen\Desktop\FRST64.exe
2014-01-27 12:22 - 2011-09-27 05:06 - 00473630 _____ C:\windows\system32\perfh006.dat
2014-01-27 12:22 - 2011-09-27 05:06 - 00081206 _____ C:\windows\system32\perfc006.dat
2014-01-27 12:22 - 2009-07-14 06:13 - 01273064 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-27 12:21 - 2014-01-27 12:18 - 00000000 ____D C:\Users\Tobias Jakobsen\Desktop\RK_Quarantine
2014-01-27 12:20 - 2014-01-27 12:20 - 00036359 _____ C:\Users\Tobias Jakobsen\Desktop\RKreport[0]_S_01272014_122028.txt
2014-01-27 12:18 - 2013-06-09 09:17 - 00023374 _____ C:\windows\setupact.log
2014-01-27 12:17 - 2014-01-27 12:24 - 04380160 _____ C:\Users\Tobias Jakobsen\Desktop\RogueKillerX64.exe
2014-01-27 12:10 - 2012-04-11 18:10 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-27 12:09 - 2011-09-27 15:50 - 00000946 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-27 12:08 - 2013-11-20 19:27 - 00195541 _____ C:\FaceProv.log
2014-01-26 23:54 - 2014-01-26 23:54 - 00207161 _____ C:\Users\Tobias Jakobsen\AppData\Roaming\DCA.exe
2014-01-26 23:54 - 2014-01-26 23:54 - 00084480 _____ (Skype) C:\Users\Tobias Jakobsen\AppData\Roaming\39C.exe
2014-01-26 23:54 - 2013-11-25 00:21 - 00207161 _____ C:\Users\Tobias Jakobsen\AppData\Roaming\c731200
2014-01-26 23:54 - 2011-09-27 13:49 - 01904921 _____ C:\windows\WindowsUpdate.log
2014-01-26 23:53 - 2014-01-26 23:53 - 00122368 _____ (BlueStack Systems, Inc.) C:\Users\Tobias Jakobsen\AppData\Roaming\FBAF.exe
2014-01-26 23:39 - 2009-07-14 05:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-26 23:39 - 2009-07-14 05:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-26 23:03 - 2011-11-10 03:06 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-26 22:37 - 2014-01-26 22:34 - 00000766 _____ C:\windows\DirectX.log
2014-01-26 22:33 - 2012-05-10 21:11 - 00000000 ____D C:\Users\Tobias Jakobsen\AppData\Local\Windows Live
2014-01-26 21:52 - 2011-11-22 11:51 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-26 21:46 - 2011-09-27 16:06 - 00102623 _____ C:\windows\system32\fastboot.set
2014-01-26 21:45 - 2011-09-27 15:50 - 00000942 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-26 21:45 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-26 21:34 - 2014-01-26 21:34 - 00000000 ____D C:\Program Files (x86)\GUM398.tmp
2014-01-26 21:29 - 2011-11-10 02:03 - 00000000 ____D C:\Users\Tobias Jakobsen
2014-01-26 21:27 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\NDF
2014-01-26 21:27 - 2009-07-14 04:20 - 00000000 ____D C:\windows\AppCompat
2014-01-26 21:25 - 2009-07-14 04:20 - 00000000 ____D C:\windows\registration
2014-01-26 21:24 - 2011-11-10 11:37 - 00000000 ____D C:\Users\Tobias Jakobsen\AppData\Roaming\Sports Interactive
2014-01-26 21:20 - 2011-12-21 12:07 - 00000000 __RHD C:\MSOCache
2014-01-26 20:32 - 2014-01-26 20:32 - 00000000 ____D C:\ProgramData\Oracle
2014-01-23 16:43 - 2014-01-23 16:43 - 00084480 _____ (Skype) C:\Users\Tobias Jakobsen\AppData\Roaming\F5B7.exe
2014-01-20 22:04 - 2011-11-22 11:54 - 00330093 _____ C:\Users\Tobias Jakobsen\danid.log
2014-01-14 11:56 - 2012-02-12 14:22 - 00000000 ____D C:\Users\Tobias Jakobsen\Desktop\Ansøgning
2014-01-01 15:45 - 2014-01-01 15:44 - 00807464 _____ C:\windows\Minidump\010114-20560-01.dmp
ZeroAccess:
C:\Users\Tobias Jakobsen\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Files to move or delete:
====================
C:\Users\Tobias Jakobsen\AppData\Local\Temp\Adobe\Reader_sl.exe
C:\Users\Tobias Jakobsen\AppData\Local\Temp\windows\winsys.exe
C:\ProgramData\mscmyqjnl.exe
C:\ProgramData\msctymo.exe
C:\ProgramData\msgmcgu.exe
C:\ProgramData\msgnam.exe
C:\ProgramData\mshkfu.exe
C:\ProgramData\mslvthra.exe
C:\ProgramData\msovaya.exe
C:\ProgramData\mssjtun.exe
C:\ProgramData\Y8RTEpy7N.dat


Some content of TEMP:
====================
C:\Users\Tobias Jakobsen\AppData\Local\Temp\051A0C98.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\0A6E484F.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\18858674.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\1AC513EF.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\1DAB0B69.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\1DEB7E79.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\27E9611F.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\2D327A32.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\2D51DA08.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\2EA64425.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\3248754E.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\324A334E.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\36C39A76.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\36C4FBAC.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\38AFB2BC.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\38B29E42.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\38B3C4C8.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\412EE0B3.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\4388AF11.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\46E6CB22.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\476FA3EC.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\50DD3074.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\529F41A5.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\532C8A21.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\55B81057.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\55C8220B.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\55E38151.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\55E80481.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\5BC04A17.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\5C794312.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\65F57F35.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\67F59A9E.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\6jmcl.exe
C:\Users\Tobias Jakobsen\AppData\Local\Temp\75320AFB.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\892223A6.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\8D5F847A.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\8D676BB3.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\8u0ml.exe
C:\Users\Tobias Jakobsen\AppData\Local\Temp\93D1D291.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\A32B8BD4.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\B2B19C6C.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\BF46BD2A.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\bifpo.exe
C:\Users\Tobias Jakobsen\AppData\Local\Temp\CB0773C0.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\CC0C4716.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\CCFBD27F.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\D2A5ACC7.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\D5A9CB5A.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\D5ABE75B.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\D8D3D20D.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\D9987BB2.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\DFEBF6E9.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\DFF2FCC9.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\dilwv.exe
C:\Users\Tobias Jakobsen\AppData\Local\Temp\E471FC1F.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\E999C3F7.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\EEC0CBC6.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\egjvq.exe
C:\Users\Tobias Jakobsen\AppData\Local\Temp\f3bn4.exe
C:\Users\Tobias Jakobsen\AppData\Local\Temp\F3CC9014.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\FA24964C.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\FA537902.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\FD222AEE.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\ji0jp.exe
C:\Users\Tobias Jakobsen\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\qc88j.exe
C:\Users\Tobias Jakobsen\AppData\Local\Temp\tw1vf.exe
C:\Users\Tobias Jakobsen\AppData\Local\Temp\unyug.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2014-01-20 19:15

==================== End Of Log ============================

Antal indlæg: 40

de skal så byttes om. dette er den første log:

RogueKiller V8.8.3 _x64_ [Jan 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tobias Jakobsen [Admin rights]
Mode : Scan—Date : 01/27/2014 12:20:28
| ARK || FAK || MBR |

¤¤¤ Bad processes : 16 ¤¤¤
[SUSP PATH] ouc.exe—C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [7] -> KILLED [TermProc]
[SVCHOST] svchost.exe—C:\Windows\SysWOW64\svchost.exe [7] -> KILLED [TermProc]
[SUSP PATH] whokj.exe—C:\Users\Tobias Jakobsen\AppData\Local\Temp\whokj.exe [x] -> KILLED [TermProc]
[SUSP PATH] osvwg.exe—C:\Users\Tobias Jakobsen\AppData\Local\Temp\osvwg.exe [x] -> KILLED [TermProc]
[SUSP PATH] a7tw4.exe—C:\Users\Tobias Jakobsen\AppData\Local\Temp\a7tw4.exe [x] -> KILLED [TermProc]
[SUSP PATH] qflz5.exe—C:\Users\Tobias Jakobsen\AppData\Local\Temp\qflz5.exe [x] -> KILLED [TermProc]
[SUSP PATH] 87ga0.exe—C:\Users\Tobias Jakobsen\AppData\Local\Temp\87ga0.exe [x] -> KILLED [TermProc]
[SUSP PATH] f6n6z.exe—C:\Users\Tobias Jakobsen\AppData\Local\Temp\f6n6z.exe [x] -> KILLED [TermProc]
[SUSP PATH] 3y0m3.exe—C:\Users\Tobias Jakobsen\AppData\Local\Temp\3y0m3.exe [x] -> KILLED [TermProc]
[SUSP PATH] r35yz.exe—C:\Users\Tobias Jakobsen\AppData\Local\Temp\r35yz.exe [x] -> KILLED [TermProc]
[SUSP PATH] l1rrz.exe—C:\Users\Tobias Jakobsen\AppData\Local\Temp\l1rrz.exe [x] -> KILLED [TermProc]
[SUSP PATH] 39C.exe—C:\Users\Tobias Jakobsen\AppData\Roaming\39C.exe [-] -> KILLED [TermProc]
[SUSP PATH] FBAF.exe—C:\Users\Tobias Jakobsen\AppData\Roaming\FBAF.exe [-] -> KILLED [TermProc]
[HIDDEN] winsys.exe—C:\Users\TOBIAS~1\AppData\Local\Temp\windows\winsys.exe [-] -> KILLED [TermProc]
[HIDDEN] winsys.exe—C:\Users\TOBIAS~1\AppData\Local\Temp\windows\winsys.exe [-] -> KILLED [TermProc]
[ZeroAccess][SERVICE] ???etadpug—“C:\Program Files (x86)\Google\Desktop\Install\{5855b7b8-1bc1-c404-1767-734aba14a7e3}\  \...\???ﯹ๛\{5855b7b8-1bc1-c404-1767-734aba14a7e3}\GoogleUpdate.exe” < [x] -> STOPPED

¤¤¤ Registry Entries : 157 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : ActiveUpdate (“C:\ProgramData\ActiveU0\rpeulaaql .exe” [-]) -> FOUND
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update (“C:\Users\Tobias Jakobsen\AppData\Local\Google\Desktop\Install\{5855b7b8-1bc1-c404-1767-734aba14a7e3}\?��?��?��\?��?��?��\???ﯹ๛\{5855b7b8-1bc1-c404-1767-734aba14a7e3}\GoogleUpdate.exe” >) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Screen Saver Pro 3.1 (C:\Users\Tobias Jakobsen\AppData\Roaming\ScreenSaverPro.scr [x][x]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Tgckcd (C:\Users\Tobias Jakobsen\AppData\Roaming\Microsoft\Tgckcd.exe [x][x]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : nass0123 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8325143\nass0123.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : nass0124 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345143\nass0124.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : sjdbpro1 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12986119\sjdbpro61.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : nass0125 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345543\nass0125.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : nass0126 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345546\nass0126.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : nass0127 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345547\nass017.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : 12h330 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-120221\12133d.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : d3d30 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-121151\12d3d.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : n31335121 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3313547\n1a334121.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : na0ss0121 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-825347\na0ss0121.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : nafejh1 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-98614471\nafejh1.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : nafejh (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9861447\nafejh.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Adobe System Incorporated (C:\Users\TOBIAS~1\AppData\Local\Temp\Adobe\Reader_sl.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Qgckca (C:\Users\Tobias Jakobsen\AppData\Roaming\Identities\Qgckca.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : t0r1allsvu (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-14196119\t0r1allsvu.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : breninfo (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897169\breninfo.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : andmeow (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8971975\andmew.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Windows Update Service (C:\Users\TOBIAS~1\AppData\Local\Temp\windows\winsys.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Egckco (C:\Users\Tobias Jakobsen\AppData\Roaming\Identities\Egckco.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : andm3eow2 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-83971975\and3mew2.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : andmeow2 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-82971975\andmew2.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Service (C:\Users\Tobias Jakobsen\AppData\Roaming\ieTnd\ltc.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Windows Firewall Management (C:\RECYCLER\barcode.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Windows Mode Recovery (C:\RECYCLER\winmode.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Windows Security (C:\Users\Tobias Jakobsen\AppData\Roaming\WinSecure32.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : asaba3tsh (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : asaba3tsh1 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-19714475\asaba3tsh1.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : ababbdq (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-19449463\ababbdq.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Window Remote Managements (C:\RECYCLER\wpnedit.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Windows Services Management (C:\RECYCLER\swcode.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Windows Remote Management (C:\RECYCLER\proedit.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : 1ne331 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10967196\1ne331.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : xetcwow (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897fewj\xetcwow.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : Adobe System Incorporated (C:\windows\TEMP\Adobe\Reader_sl.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : Egckco (C:\windows\system32\config\systemprofile\AppData\Roaming\Identities\Egckco.exe [x]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : andmeow2 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-82971975\andmew2.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : antaw4r19 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681\atnxwa1.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : antaw4r2 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56812\atnxwa2.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : antaw4r3 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56813\atnxwa3.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : antaw4r4 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56814\atnxwa4.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : antaw4r6 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-568146\atnxwa6.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : antaw4r7 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681477\atnxwa7.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : antaw4r8 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681478\atnxwa8.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : antaw4r9 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56814789\atnxwa9.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : antaw411r9 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5618147819\atnxw11a9.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : ab3331 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13339463\a33bab61.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : antaw4r5 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-568145\atnxwa5.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : asaba3tsh (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : ab355331 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-155463\a33b55ab61.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : s2361a121 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455986\s2361a1.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : sd1wg11 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1815486\sd1wg11.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : sdfewg11 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1875486\sdfewg11.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : Windows Firewall Management (C:\RECYCLER\barcode.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : moyeujdhasjkklsshah (C:\windows\system32\config\systemprofile\AppData\Roaming\MSOCache\mfssys.exe [x]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : fuksinwfpppp (C:\windows\system32\config\systemprofile\AppData\Roaming\MSOCache\wfpsys.exe [x]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : Windows Update Service (C:\windows\TEMP\windows\winsys.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : xetcwow (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897fewj\xetcwow.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : bja90 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1189897646\bja90.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : brenwg11 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-18154846\brenwg11.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : bjwepr00 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1810046\bjwepr00.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : bja1190 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1189896\bj1a190.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : b1e1pr00 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : b1e11pr00 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-118210146\b121pr100.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : b88901 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-118099896\b88901.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : ActiveUpdate (“C:\ProgramData\ActiveU0\rpeulaaql .exe” [-]) -> FOUND
[RUN][ZeroAccess] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : Google Update (“C:\Users\Tobias Jakobsen\AppData\Local\Google\Desktop\Install\{5855b7b8-1bc1-c404-1767-734aba14a7e3}\?��?��?��\?��?��?��\???ﯹ๛\{5855b7b8-1bc1-c404-1767-734aba14a7e3}\GoogleUpdate.exe” >) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : Screen Saver Pro 3.1 (C:\Users\Tobias Jakobsen\AppData\Roaming\ScreenSaverPro.scr [x][x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : Tgckcd (C:\Users\Tobias Jakobsen\AppData\Roaming\Microsoft\Tgckcd.exe [x][x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : nass0123 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8325143\nass0123.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : nass0124 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345143\nass0124.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : sjdbpro1 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12986119\sjdbpro61.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : nass0125 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345543\nass0125.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : nass0126 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345546\nass0126.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : nass0127 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345547\nass017.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : 12h330 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-120221\12133d.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : d3d30 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-121151\12d3d.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : n31335121 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3313547\n1a334121.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : na0ss0121 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-825347\na0ss0121.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : nafejh1 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-98614471\nafejh1.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : nafejh (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9861447\nafejh.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : Adobe System Incorporated (C:\Users\TOBIAS~1\AppData\Local\Temp\Adobe\Reader_sl.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : Qgckca (C:\Users\Tobias Jakobsen\AppData\Roaming\Identities\Qgckca.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : t0r1allsvu (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-14196119\t0r1allsvu.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : breninfo (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897169\breninfo.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : andmeow (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8971975\andmew.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : Windows Update Service (C:\Users\TOBIAS~1\AppData\Local\Temp\windows\winsys.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : Egckco (C:\Users\Tobias Jakobsen\AppData\Roaming\Identities\Egckco.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : andm3eow2 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-83971975\and3mew2.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : andmeow2 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-82971975\andmew2.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : Service (C:\Users\Tobias Jakobsen\AppData\Roaming\ieTnd\ltc.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : Windows Firewall Management (C:\RECYCLER\barcode.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : Windows Mode Recovery (C:\RECYCLER\winmode.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : Windows Security (C:\Users\Tobias Jakobsen\AppData\Roaming\WinSecure32.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : asaba3tsh (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : asaba3tsh1 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-19714475\asaba3tsh1.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : ababbdq (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-19449463\ababbdq.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : Window Remote Managements (C:\RECYCLER\wpnedit.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : Windows Services Management (C:\RECYCLER\swcode.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : Windows Remote Management (C:\RECYCLER\proedit.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : 1ne331 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10967196\1ne331.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : xetcwow (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897fewj\xetcwow.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : Adobe System Incorporated (C:\windows\TEMP\Adobe\Reader_sl.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : Egckco (C:\windows\system32\config\systemprofile\AppData\Roaming\Identities\Egckco.exe [x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : andmeow2 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-82971975\andmew2.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : antaw4r19 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681\atnxwa1.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : antaw4r2 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56812\atnxwa2.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : antaw4r3 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56813\atnxwa3.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : antaw4r4 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56814\atnxwa4.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : antaw4r6 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-568146\atnxwa6.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : antaw4r7 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681477\atnxwa7.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : antaw4r8 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681478\atnxwa8.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : antaw4r9 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56814789\atnxwa9.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : antaw411r9 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5618147819\atnxw11a9.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : ab3331 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13339463\a33bab61.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : antaw4r5 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-568145\atnxwa5.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : asaba3tsh (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : ab355331 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-155463\a33b55ab61.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : s2361a121 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455986\s2361a1.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : sd1wg11 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1815486\sd1wg11.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : sdfewg11 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1875486\sdfewg11.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : Windows Firewall Management (C:\RECYCLER\barcode.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : moyeujdhasjkklsshah (C:\windows\system32\config\systemprofile\AppData\Roaming\MSOCache\mfssys.exe [x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : fuksinwfpppp (C:\windows\system32\config\systemprofile\AppData\Roaming\MSOCache\wfpsys.exe [x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : Windows Update Service (C:\windows\TEMP\windows\winsys.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : xetcwow (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897fewj\xetcwow.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : bja90 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1189897646\bja90.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : brenwg11 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-18154846\brenwg11.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : bjwepr00 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1810046\bjwepr00.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : bja1190 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1189896\bj1a190.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : b1e1pr00 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : b1e11pr00 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-118210146\b121pr100.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : b88901 (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-118099896\b88901.exe [-]) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : Windows Security (C:\Users\Tobias Jakobsen\AppData\Roaming\WinSecure32.exe [-]) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Windows Update (“C:\Users\Tobias Jakobsen\AppData\Roaming\Identities\cjtss\cjtss.exe” -shell [x]) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : 7701 (c:\progra~3\mssjtun.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-763667786-2952377562-1241169178-1000\[...]\Run : Windows Update (“C:\Users\Tobias Jakobsen\AppData\Roaming\Identities\cjtss\cjtss.exe” -shell [x]) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : 7701 (c:\progra~3\mssjtun.exe [-]) -> FOUND
[SHELL][SUSP PATH] HKCU\[...]\Winlogon : shell (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897fewj\xetcwow.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10967196\1ne331.exe,C:\RECYCLER\proedit.exe,C:\RECYCLER\swcode.exe,C:\RECYCLER\wpnedit.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-19449463\ababbdq.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-19714475\asaba3tsh1.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe,C:\RECYCLER\winmode.exe,C:\RECYCLER\barcode.exe,C:\RECYCLER\wivsys.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-82971975\andmew2.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-83971975\and3mew2.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8971975\andmew.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897169\breninfo.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-14196119\t0r1allsvu.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9861447\nafejh.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-98614471\nafejh1.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-825347\na0ss0121.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3313547\n1a334121.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-121151\12d3d.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-120221\12133d.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345547\nass017.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345546\nass0126.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345543\nass0125.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12986119\sjdbpro61.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345143\nass0124.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8325143\nass0123.exe [-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][x][-]) -> FOUND
[SHELL][SUSP PATH] HKCU\[...]\Windows : load (c:\users\tobias~1\dxitmvin.exe [x]) -> FOUND
[SHELL][SUSP PATH] HKUS\[...]\Winlogon : shell (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-118099896\b88901.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-118210146\b121pr100.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1189896\bj1a190.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1810046\bjwepr00.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-18154846\brenwg11.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1189897646\bja90.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897fewj\xetcwow.exe,C:\RECYCLER\barcode.exe,C:\RECYCLER\wivsys.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1875486\sdfewg11.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1815486\sd1wg11.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455986\s2361a1.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-155463\a33b55ab61.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-568145\atnxwa5.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13339463\a33bab61.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5618147819\atnxw11a9.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56814789\atnxwa9.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681478\atnxwa8.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681477\atnxwa7.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-568146\atnxwa6.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56814\atnxwa4.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56813\atnxwa3.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56812\atnxwa2.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681\atnxwa1.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-82971975\andmew2.exe [-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][x][-]) -> FOUND
[SHELL][SUSP PATH] HKUS\[...]\Winlogon : shell (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897fewj\xetcwow.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10967196\1ne331.exe,C:\RECYCLER\proedit.exe,C:\RECYCLER\swcode.exe,C:\RECYCLER\wpnedit.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-19449463\ababbdq.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-19714475\asaba3tsh1.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe,C:\RECYCLER\winmode.exe,C:\RECYCLER\barcode.exe,C:\RECYCLER\wivsys.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-82971975\andmew2.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-83971975\and3mew2.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8971975\andmew.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897169\breninfo.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-14196119\t0r1allsvu.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9861447\nafejh.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-98614471\nafejh1.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-825347\na0ss0121.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3313547\n1a334121.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-121151\12d3d.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-120221\12133d.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345547\nass017.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345546\nass0126.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345543\nass0125.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12986119\sjdbpro61.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345143\nass0124.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8325143\nass0123.exe [-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][x][-]) -> FOUND
[SHELL][SUSP PATH] HKUS\[...]\Windows : load (c:\users\tobias~1\dxitmvin.exe [x]) -> FOUND
[SHELL][SUSP PATH] HKUS\[...]\Winlogon : shell (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-118099896\b88901.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-118210146\b121pr100.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1189896\bj1a190.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1810046\bjwepr00.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-18154846\brenwg11.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1189897646\bja90.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897fewj\xetcwow.exe,C:\RECYCLER\barcode.exe,C:\RECYCLER\wivsys.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1875486\sdfewg11.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1815486\sd1wg11.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455986\s2361a1.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-155463\a33b55ab61.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-568145\atnxwa5.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13339463\a33bab61.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5618147819\atnxw11a9.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56814789\atnxwa9.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681478\atnxwa8.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681477\atnxwa7.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-568146\atnxwa6.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56814\atnxwa4.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56813\atnxwa3.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-56812\atnxwa2.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681\atnxwa1.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-82971975\andmew2.exe [-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][-][x][-]) -> FOUND
[HJ TASKMAN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Winlogon : TaskMan (C:\RECYCLER\proedit.exe [-]) -> FOUND
[SERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug (“C:\Program Files (x86)\Google\Desktop\Install\{5855b7b8-1bc1-c404-1767-734aba14a7e3}\  \...\???ﯹ๛\{5855b7b8-1bc1-c404-1767-734aba14a7e3}\GoogleUpdate.exe” < [x]) -> FOUND
[SERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug (“C:\Program Files (x86)\Google\Desktop\Install\{5855b7b8-1bc1-c404-1767-734aba14a7e3}\  \...\???ﯹ๛\{5855b7b8-1bc1-c404-1767-734aba14a7e3}\GoogleUpdate.exe” < [x]) -> FOUND
[SERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug (“C:\Program Files (x86)\Google\Desktop\Install\{5855b7b8-1bc1-c404-1767-734aba14a7e3}\  \...\???ﯹ๛\{5855b7b8-1bc1-c404-1767-734aba14a7e3}\GoogleUpdate.exe” < [x]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 8 ¤¤¤
[V2][SUSP PATH] enxvnvenkm : C:\ProgramData\aHk127AM.exe [x] -> FOUND
[V2][SUSP PATH] EPUpdater : C:\Users\TOBIAS~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [-] -> FOUND
[V2][SUSP PATH] Hoolapp For Android : C:\Users\TOBIAS~1\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
[V2][SUSP PATH] Hoolapp Init : C:\Users\TOBIAS~1\AppData\Roaming\HOOLAP~1\Hoolapp.exe - /Minimized [x] -> FOUND
[V2][SUSP PATH] nsasiplpjl : C:\Users\Tobias - Jakobsen\AppData\Local\aHk127AM.exe [x][x] -> FOUND
[V2][SUSP PATH] Searchya : C:\Users\TOBIAS~1\AppData\Roaming\Searchya\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
[V2][SUSP PATH] Windows Update Check - 0x11D4037D : C:\PROGRA~3\ActiveU0\RPEULA~1.EXE [-] -> FOUND
[V2][SUSP PATH] xkfymnimql : C:\ProgramData\aHk127AM.exe [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_32\Desktop.ini [-]—> FOUND
[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_64\Desktop.ini [-]—> FOUND
[ZeroAccess][Junction] da-DK : C:\Program Files\Windows Defender\da-DK >> \systemroot\system32\config [-]—> FOUND
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-]—> FOUND
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-]—> FOUND
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-]—> FOUND
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-]—> FOUND
[ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-]—> FOUND
[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-]—> FOUND
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-]—> FOUND
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-]—> FOUND
[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-]—> FOUND
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-]—> FOUND
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-]—> FOUND
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-]—> FOUND
[ZeroAccess][Folder] Install : C:\Users\Tobias Jakobsen\AppData\Local\Google\Desktop\Install [-]—> FOUND
[ZeroAccess][Folder] Install : C:\Program Files (x86)\Google\Desktop\Install [-]—> FOUND

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
—> %SystemRoot%\System32\drivers\etc\hosts


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD7500BPVT-24HXZT3 +++++
—- User—-
[MBR] ef575b02b03c7325b38ae14f1b780c3b
[BSP] c527ae123722b8f97ee19e2d0a7d9b69 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 670402 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1373394944 | Size: 29693 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1434206208 | Size: 15108 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic Flash Disk USB Device +++++
—- User—-
[MBR] 04003a10d0be03347973d4f3107e2358
[BSP] 6ed1eb52cb035598d44a1339274f93e4 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 704 | Size: 8019 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Anmodningen understøttes ikke. )

Finished : << RKreport[0]_S_01272014_122028.txt >>

Administrator
Antal indlæg: 8333

Deaktiver dine Sikkerheds programmer, mens “Fixet” kører.

Jeg vedhæfter Fixlist.txt. Gem den på Skrivebordet ved siden af Farbar Recovery Scan Tool.

Dette Fix blev skrevet specielt til denne bruger og til brug på denne PC.
Køres dette på en anden PC, kan det forårsage skade, og i værste fald vil PCen ikke starte
.

Start FRST (Farbar Recovery Scan Tool) og klik på FIX (og vent til den er færdig)

Den laver Fixlog.txt, som du skal kopiere herind i dit næste indlæg.

Luk Farbar Recovery Scan Tool, og genstart PCen.

Vedhæftede filer
Fixlist.txt  (Filstørrelse: 15 - Downloads: 61)
Signatur

Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !

Antal indlæg: 40

Så er den kørt igennem. loggen er her:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-01-2014
Ran by Tobias Jakobsen at 2014-01-28 11:26:48 Run:1
Running from C:\Users\Tobias Jakobsen\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM-x32\...\Run: [Windows Security] - C:\Users\Tobias Jakobsen\AppData\Roaming\WinSecure32.exe [139264 2013-12-07] ()
HKLM\...\RunOnce: [*Restore] - C:\windows\System32\rstrui.exe /runonce [296960 2010-11-21] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [7701] - C:\ProgramData\mssjtun.exe [144384 2010-11-21] ( (Nero StartSmart Essentials))
HKCU\...\Run: [iLivid] - -autorun
HKCU\...\Run: [{5888000E-0A4D-0A8E-DCDA-350A1F564B38}] - [x]
HKCU\...\Run: [{5888000E-0A4D-0A8E-DCDA-350A1F564B38}] - [x]
HKCU\...\Run: [ActiveUpdate] - C:\ProgramData\ActiveU0\rpeulaaql .exe [0 ] ()
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [Screen Saver Pro 3.1] - C:\Users\Tobias Jakobsen\AppData\Roaming\ScreenSaverPro.scr
HKCU\...\Run: [Tgckcd] - C:\Users\Tobias Jakobsen\AppData\Roaming\Microsoft\Tgckcd.exe
HKCU\...\Run: [nass0123] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8325143\nass0123.exe [42845 2013-11-24] ()
HKCU\...\Run: [nass0124] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345143\nass0124.exe [43155 2013-11-24] ()
HKCU\...\Run: [sjdbpro1] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12986119\sjdbpro61.exe [147456 2013-11-24] (NAT Software, Germany.)
HKCU\...\Run: [nass0125] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345543\nass0125.exe [43465 2013-11-24] ()
HKCU\...\Run: [nass0126] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345546\nass0126.exe [43780 2013-11-24] ()
HKCU\...\Run: [nass0127] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345547\nass017.exe [44090 2013-11-24] ()
HKCU\...\Run: [12h330] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-120221\12133d.exe [41075 2013-11-24] ()
HKCU\...\Run: [d3d30] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-121151\12d3d.exe [41465 2013-11-24] ()
HKCU\...\Run: [n31335121] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3313547\n1a334121.exe [41730 2013-11-24] ()
HKCU\...\Run: [na0ss0121] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-825347\na0ss0121.exe [41930 2013-11-24] ()
HKCU\...\Run: [nafejh1] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-98614471\nafejh1.exe [41785 2013-11-24] ()
HKCU\...\Run: [nafejh] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9861447\nafejh.exe [41475 2013-11-24] ()
HKCU\...\Run: [Adobe System Incorporated] - C:\Users\Tobias Jakobsen\AppData\Local\Temp\Adobe\Reader_sl.exe [207161 2014-01-26] () <===== ATTENTION
HKCU\...\Run: [Qgckca] - C:\Users\Tobias Jakobsen\AppData\Roaming\Identities\Qgckca.exe [98816 2013-11-25] (BolderVerter Corp ©)
HKCU\...\Run: [t0r1allsvu] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-14196119\t0r1allsvu.exe [119296 2013-11-28] (BlueStack Systems, Inc.)
HKCU\...\Run: [breninfo] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897169\breninfo.exe [123392 2013-11-29] (BlueStack Systems, Inc.)
HKCU\...\Run: [andmeow] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8971975\andmew.exe [127488 2013-11-29] (BlueStack Systems, Inc.)
HKCU\...\Run: [Windows Update Service] - C:\Users\Tobias Jakobsen\AppData\Local\Temp\windows\winsys.exe [548902 2013-12-03] (Flash ) <===== ATTENTION
HKCU\...\Run: [Egckco] - C:\Users\Tobias Jakobsen\AppData\Roaming\Identities\Egckco.exe [101376 2014-01-26] (Jemfeque Corp ©)
HKCU\...\Run: [andm3eow2] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-83971975\and3mew2.exe [126464 2013-12-12] (BlueStack Systems, Inc.)
HKCU\...\Run: [andmeow2] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-82971975\andmew2.exe [128000 2013-12-25] (BlueStack Systems, Inc.)
HKCU\...\Run: [Service] - C:\Users\Tobias Jakobsen\AppData\Roaming\ieTnd\ltc.exe [8704 2013-12-05] ()
HKCU\...\Run: [Windows Firewall Management] - C:\RECYCLER\barcode.exe [87040 2014-01-26] (mIRC Co. Ltd.)
HKCU\...\Run: [Windows Mode Recovery] - C:\RECYCLER\winmode.exe [94208 2013-12-12] (flash )
HKCU\...\Run: [Windows Security] - C:\Users\Tobias Jakobsen\AppData\Roaming\WinSecure32.exe [139264 2013-12-07] ()
HKCU\...\Run: [asaba3tsh] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe [41005 2013-12-28] ()
HKCU\...\Run: [asaba3tsh1] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-19714475\asaba3tsh1.exe [42730 2013-12-11] ()
HKCU\...\Run: [ababbdq] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-19449463\ababbdq.exe [91136 2013-12-11] (PortableApps.com)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-06-08] (Google Inc.)
HKCU\...\Run: [Window Remote Managements] - C:\RECYCLER\wpnedit.exe [96768 2014-01-26] (Nero StartSmart Essentials)
HKCU\...\Run: [Windows Services Management] - C:\RECYCLER\swcode.exe [82944 2014-01-26] (AntiVir Avast)
HKCU\...\Run: [Windows Remote Management] - C:\RECYCLER\proedit.exe [79360 2014-01-26] (Nero StartSmart Essentials)
HKCU\...\Run: [1ne331] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10967196\1ne331.exe [84480 2014-01-26] (Skype)
HKCU\...\Run: [xetcwow] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897fewj\xetcwow.exe [122368 2014-01-26] (BlueStack Systems, Inc.)
HKCU\...\Winlogon: [Shell] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897fewj\xetcwow.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10967196\1ne331.exe,C:\RECYCLER\proedit.exe,C:\RECYCLER\swcode.exe,C:\RECYCLER\wpnedit.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-19449463\ababbdq.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-19714475\asaba3tsh1.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe,C:\RECYCLER\winmode.exe,C:\RECYCLER\barcode.exe,C:\RECYCLER\wivsys.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-82971975\andmew2.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-83971975\and3mew2.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8971975\andmew.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897169\breninfo.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-14196119\t0r1allsvu.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9861447\nafejh.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-98614471\nafejh1.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-825347\na0ss0121.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3313547\n1a334121.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-121151\12d3d.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-120221\12133d.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345547\nass017.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345546\nass0126.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345543\nass0125.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12986119\sjdbpro61.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345143\nass0124.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8325143\nass0123.exe [42845 2013-11-24] () <==== ATTENTION
HKCU\...\Policies\Explorer\Run: [Windows Update] - “C:\Users\Tobias Jakobsen\AppData\Roaming\Identities\cjtss\cjtss.exe” -shell No File
HKCU\...\CurrentVersion\Windows: [Load] c:\users\tobias~1\dxitmvin.exe <===== ATTENTION
AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll => File Not Found
U2 *etadpug; “C:\Program Files (x86)\Google\Desktop\Install\{5855b7b8-1bc1-c404-1767-734aba14a7e3}\  \...\???\{5855b7b8-1bc1-c404-1767-734aba14a7e3}\GoogleUpdate.exe” < <==== ATTENTION (ZeroAccess)
C:\Users\Tobias Jakobsen\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\Tobias Jakobsen\AppData\Local\Temp\Adobe\Reader_sl.exe
C:\Users\Tobias Jakobsen\AppData\Local\Temp\windows\winsys.exe
C:\windows\TEMP\windows\winsys.exe
C:\ProgramData\mscmyqjnl.exe
C:\ProgramData\msctymo.exe
C:\ProgramData\msgmcgu.exe
C:\ProgramData\msgnam.exe
C:\ProgramData\mshkfu.exe
C:\ProgramData\mslvthra.exe
C:\ProgramData\msovaya.exe
C:\ProgramData\mssjtun.exe
C:\ProgramData\Y8RTEpy7N.dat
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
C:\Users\Tobias Jakobsen\AppData\Local\Temp\051A0C98.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\0A6E484F.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\18858674.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\1AC513EF.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\1DAB0B69.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\1DEB7E79.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\27E9611F.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\2D327A32.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\2D51DA08.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\2EA64425.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\3248754E.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\324A334E.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\36C39A76.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\36C4FBAC.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\38AFB2BC.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\38B29E42.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\38B3C4C8.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\412EE0B3.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\4388AF11.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\46E6CB22.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\476FA3EC.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\50DD3074.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\529F41A5.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\532C8A21.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\55B81057.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\55C8220B.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\55E38151.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\55E80481.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\5BC04A17.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\5C794312.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\65F57F35.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\67F59A9E.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\6jmcl.exe
C:\Users\Tobias Jakobsen\AppData\Local\Temp\75320AFB.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\892223A6.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\8D5F847A.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\8D676BB3.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\8u0ml.exe
C:\Users\Tobias Jakobsen\AppData\Local\Temp\93D1D291.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\A32B8BD4.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\B2B19C6C.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\BF46BD2A.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\bifpo.exe
C:\Users\Tobias Jakobsen\AppData\Local\Temp\CB0773C0.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\CC0C4716.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\CCFBD27F.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\D2A5ACC7.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\D5A9CB5A.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\D5ABE75B.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\D8D3D20D.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\D9987BB2.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\DFEBF6E9.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\DFF2FCC9.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\dilwv.exe
C:\Users\Tobias Jakobsen\AppData\Local\Temp\E471FC1F.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\E999C3F7.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\EEC0CBC6.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\egjvq.exe
C:\Users\Tobias Jakobsen\AppData\Local\Temp\f3bn4.exe
C:\Users\Tobias Jakobsen\AppData\Local\Temp\F3CC9014.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\FA24964C.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\FA537902.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\FD222AEE.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\ji0jp.exe
C:\Users\Tobias Jakobsen\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Tobias Jakobsen\AppData\Local\Temp\qc88j.exe
C:\Users\Tobias Jakobsen\AppData\Local\Temp\tw1vf.exe
C:\Users\Tobias Jakobsen\AppData\Local\Temp\unyug.exe
C:\Users\Tobias Jakobsen\AppData\Roaming\WinSecure32.exe
C:\ProgramData\mssjtun.exe
C:\ProgramData\ActiveU0\rpeulaaql .exe
C:\Users\Tobias Jakobsen\AppData\Roaming\ScreenSaverPro.scr
C:\Users\Tobias Jakobsen\AppData\Roaming\Microsoft\Tgckcd.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8325143\nass0123.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345143\nass0124.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12986119\sjdbpro61.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345543\nass0125.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345546\nass0126.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345547\nass017.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-120221\12133d.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-121151\12d3d.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3313547\n1a334121.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-825347\na0ss0121.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-98614471\nafejh1.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9861447\nafejh.exe
C:\Users\Tobias Jakobsen\AppData\Roaming\Identities\Qgckca.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-14196119\t0r1allsvu.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897169\breninfo.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8971975\andmew.exe
C:\Users\Tobias Jakobsen\AppData\Roaming\Identities\Egckco.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-83971975\and3mew2.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-82971975\andmew2.exe
C:\Users\Tobias Jakobsen\AppData\Roaming\ieTnd\ltc.exe
C:\RECYCLER\barcode.exe
C:\RECYCLER\winmode.exe
C:\Users\Tobias Jakobsen\AppData\Roaming\WinSecure32.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-19714475\asaba3tsh1.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-19449463\ababbdq.exe
C:\RECYCLER\winmode.exe
C:\RECYCLER\swcode.exe
C:\RECYCLER\proedit.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10967196\1ne331.exe
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897fewj\xetcwow.exe
c:\users\tobias~1\dxitmvin.exe
C:\ProgramData\aHk127AM.exe
C:\Users\Tobias - Jakobsen\AppData\Local\aHk127AM.exe
C:\Users\Tobias Jakobsen\AppData\Roaming\DCA.exe
C:\Users\Tobias Jakobsen\AppData\Roaming\39C.exe
2C:\Users\Tobias Jakobsen\AppData\Roaming\c731200
C:\Users\Tobias Jakobsen\AppData\Roaming\FBAF.exe
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be “%SystemRoot%\system32\NLAapi.dll”
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be “%SystemRoot%\System32\mswsock.dll”
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be “%SystemRoot%\system32\NLAapi.dll”
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be “%SystemRoot%\System32\mswsock.dll”
cmd: netsh winsock reset
cmd: Dir /a:l “C:\Program Files” /s
end
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Windows Security => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\7701 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\iLivid => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\{5888000E-0A4D-0A8E-DCDA-350A1F564B38} => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\{5888000E-0A4D-0A8E-DCDA-350A1F564B38} => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ActiveUpdate => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Screen Saver Pro 3.1 => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Tgckcd => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\nass0123 => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\nass0124 => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\sjdbpro1 => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\nass0125 => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\nass0126 => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\nass0127 => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\12h330 => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\d3d30 => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\n31335121 => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\na0ss0121 => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\nafejh1 => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\nafejh => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe System Incorporated => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Qgckca => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\t0r1allsvu => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\breninfo => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\andmeow => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Update Service => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Egckco => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\andm3eow2 => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\andmeow2 => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Service => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Firewall Management => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Mode Recovery => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Security => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\asaba3tsh => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\asaba3tsh1 => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ababbdq => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\swg => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Window Remote Managements => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Services Management => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Remote Management => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\1ne331 => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\xetcwow => Value not found.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Windows Update => Value deleted successfully.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
“c:\\progra~3\\browse~1\\261519~1.190\\{c16c1~1\\browse~1.dll” => Value Data removed successfully.
*etadpug => Service deleted successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Google\Desktop\Install => Moved successfully.

“C:\Program Files (x86)\Google\Desktop\Install” directory move:

Could not move “C:\Program Files (x86)\Google\Desktop\Install” directory. => Scheduled to move on reboot.

C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.
Could not move “C:\Windows\assembly\GAC_64\Desktop.ini” => Scheduled to move on reboot.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\Adobe\Reader_sl.exe => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\windows\winsys.exe => Moved successfully.
C:\windows\TEMP\windows\winsys.exe => Moved successfully.
C:\ProgramData\mscmyqjnl.exe => Moved successfully.
C:\ProgramData\msctymo.exe => Moved successfully.
C:\ProgramData\msgmcgu.exe => Moved successfully.
C:\ProgramData\msgnam.exe => Moved successfully.
C:\ProgramData\mshkfu.exe => Moved successfully.
C:\ProgramData\mslvthra.exe => Moved successfully.
C:\ProgramData\msovaya.exe => Moved successfully.
C:\ProgramData\mssjtun.exe => Moved successfully.
C:\ProgramData\Y8RTEpy7N.dat => Moved successfully.
“C:\Program Files\Windows Defender” => Deleting reparse point and unlocking started.
“C:\Program Files\Windows Defender\da-DK” => Deleting reparse point and unlocking done.
“C:\Program Files\Windows Defender\MpAsDesc.dll” => Deleting reparse point and unlocking done.
“C:\Program Files\Windows Defender\MpClient.dll” => Deleting reparse point and unlocking done.
“C:\Program Files\Windows Defender\MpCmdRun.exe” => Deleting reparse point and unlocking done.
“C:\Program Files\Windows Defender\MpCommu.dll” => Deleting reparse point and unlocking done.
“C:\Program Files\Windows Defender\MpEvMsg.dll” => Deleting reparse point and unlocking done.
“C:\Program Files\Windows Defender\MpOAV.dll” => Deleting reparse point and unlocking done.
“C:\Program Files\Windows Defender\MpRTP.dll” => Deleting reparse point and unlocking done.
“C:\Program Files\Windows Defender\MpSvc.dll” => Deleting reparse point and unlocking done.
“C:\Program Files\Windows Defender\MSASCui.exe” => Deleting reparse point and unlocking done.
“C:\Program Files\Windows Defender\MsMpCom.dll” => Deleting reparse point and unlocking done.
“C:\Program Files\Windows Defender\MsMpLics.dll” => Deleting reparse point and unlocking done.
“C:\Program Files\Windows Defender\MsMpRes.dll” => Deleting reparse point and unlocking done.
“C:\Program Files\Windows Defender” => Deleting reparse point and unlocking completed.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\051A0C98.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\0A6E484F.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\18858674.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\1AC513EF.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\1DAB0B69.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\1DEB7E79.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\27E9611F.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\2D327A32.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\2D51DA08.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\2EA64425.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\3248754E.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\324A334E.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\36C39A76.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\36C4FBAC.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\38AFB2BC.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\38B29E42.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\38B3C4C8.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\412EE0B3.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\4388AF11.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\46E6CB22.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\476FA3EC.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\50DD3074.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\529F41A5.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\532C8A21.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\55B81057.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\55C8220B.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\55E38151.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\55E80481.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\5BC04A17.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\5C794312.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\65F57F35.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\67F59A9E.dll => Moved successfully.
“C:\Users\Tobias Jakobsen\AppData\Local\Temp\6jmcl.exe” => File/Directory not found.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\75320AFB.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\892223A6.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\8D5F847A.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\8D676BB3.dll => Moved successfully.
“C:\Users\Tobias Jakobsen\AppData\Local\Temp\8u0ml.exe” => File/Directory not found.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\93D1D291.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\A32B8BD4.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\B2B19C6C.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\BF46BD2A.dll => Moved successfully.
“C:\Users\Tobias Jakobsen\AppData\Local\Temp\bifpo.exe” => File/Directory not found.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\CB0773C0.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\CC0C4716.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\CCFBD27F.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\D2A5ACC7.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\D5A9CB5A.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\D5ABE75B.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\D8D3D20D.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\D9987BB2.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\DFEBF6E9.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\DFF2FCC9.dll => Moved successfully.
“C:\Users\Tobias Jakobsen\AppData\Local\Temp\dilwv.exe” => File/Directory not found.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\E471FC1F.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\E999C3F7.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\EEC0CBC6.dll => Moved successfully.
“C:\Users\Tobias Jakobsen\AppData\Local\Temp\egjvq.exe” => File/Directory not found.
“C:\Users\Tobias Jakobsen\AppData\Local\Temp\f3bn4.exe” => File/Directory not found.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\F3CC9014.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\FA24964C.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\FA537902.dll => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\FD222AEE.dll => Moved successfully.
“C:\Users\Tobias Jakobsen\AppData\Local\Temp\ji0jp.exe” => File/Directory not found.
C:\Users\Tobias Jakobsen\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
“C:\Users\Tobias Jakobsen\AppData\Local\Temp\qc88j.exe” => File/Directory not found.
“C:\Users\Tobias Jakobsen\AppData\Local\Temp\tw1vf.exe” => File/Directory not found.
“C:\Users\Tobias Jakobsen\AppData\Local\Temp\unyug.exe” => File/Directory not found.
C:\Users\Tobias Jakobsen\AppData\Roaming\WinSecure32.exe => Moved successfully.
“C:\ProgramData\mssjtun.exe” => File/Directory not found.
C:\ProgramData\ActiveU0\rpeulaaql .exe => Moved successfully.
“C:\Users\Tobias Jakobsen\AppData\Roaming\ScreenSaverPro.scr” => File/Directory not found.
“C:\Users\Tobias Jakobsen\AppData\Roaming\Microsoft\Tgckcd.exe” => File/Directory not found.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8325143\nass0123.exe => Moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345143\nass0124.exe => Moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12986119\sjdbpro61.exe => Moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345543\nass0125.exe => Moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345546\nass0126.exe => Moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8345547\nass017.exe => Moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-120221\12133d.exe => Moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-121151\12d3d.exe => Moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3313547\n1a334121.exe => Moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-825347\na0ss0121.exe => Moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-98614471\nafejh1.exe => Moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9861447\nafejh.exe => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Roaming\Identities\Qgckca.exe => Moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-14196119\t0r1allsvu.exe => Moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897169\breninfo.exe => Moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8971975\andmew.exe => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Roaming\Identities\Egckco.exe => Moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-83971975\and3mew2.exe => Moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-82971975\andmew2.exe => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Roaming\ieTnd\ltc.exe => Moved successfully.
C:\RECYCLER\barcode.exe => Moved successfully.
C:\RECYCLER\winmode.exe => Moved successfully.
“C:\Users\Tobias Jakobsen\AppData\Roaming\WinSecure32.exe” => File/Directory not found.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-839714475\asaba3tsh.exe => Moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-19714475\asaba3tsh1.exe => Moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-19449463\ababbdq.exe => Moved successfully.
“C:\RECYCLER\winmode.exe” => File/Directory not found.
C:\RECYCLER\swcode.exe => Moved successfully.
C:\RECYCLER\proedit.exe => Moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10967196\1ne331.exe => Moved successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-897fewj\xetcwow.exe => Moved successfully.
“c:\users\tobias~1\dxitmvin.exe” => File/Directory not found.
“C:\ProgramData\aHk127AM.exe” => File/Directory not found.
“C:\Users\Tobias - Jakobsen\AppData\Local\aHk127AM.exe” => File/Directory not found.
C:\Users\Tobias Jakobsen\AppData\Roaming\DCA.exe => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Roaming\39C.exe => Moved successfully.
C:\Users\Tobias Jakobsen\AppData\Roaming\FBAF.exe => Moved successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll

=========  netsh winsock reset =========

F�lgende Hj�lp-DLL kan ikke indl�ses: WSHELPER.DLL.
Den f�lgende kommando blev ikke fundet: winsock reset.

========= End of CMD: =========


=========  Dir /a:l “C:\Program Files” /s =========

Disken i drev C har ikke noget navn.
Diskens serienummer er A650-1E15
Filen blev ikke fundet.

========= End of CMD: =========

Administrator
Antal indlæg: 8333

Hent og gem ComboFix på dit skrivebord. <- Vigtigt

Kør så ComboFix og følg anvisningerne.

Da ComboFix kan konflikte med dine sikkerhedsprogrammer, er det vigtigt at du deaktiverer dem. <- Vigtigt

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når ComboFix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: ComboFix.txt
Indholdet af denne fil må du gerne lægge herind.

Den kan findes her: C:\ComboFix.txt

Får du noget der ligner denne fejl.

Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning

Så genstart, en gang mere, det burde løse det.

Hvordan kører PCen question

Signatur

Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !

Antal indlæg: 40

Nu kører den grin
Mange tak for hjælpen

Alle de ting der ligger på skrivebordet. kan jeg slette dem? eller skal der gøres mere?

Log:

ComboFix 14-01-27.02 - Tobias Jakobsen 28-01-2014 14:02:28.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.45.1030.18.8136.6614 [GMT 1:00]
Kører fra: c:\users\Tobias Jakobsen\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Dannede nyt systemgendannelsespunkt
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BrowserCompanion
c:\program files (x86)\BrowserCompanion\BCHelper.exe
c:\program files (x86)\BrowserCompanion\blabbers-ch.crx
c:\program files (x86)\BrowserCompanion\logo.ico
c:\program files (x86)\BrowserCompanion\sqlite3.dll
c:\program files (x86)\LyricsPal
c:\program files (x86)\LyricsPal\124.xpi
c:\programdata\BrowserDefender
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll.old
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll.old1
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll.old10
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll.old11
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll.old12
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll.old13
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll.old14
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll.old2
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll.old3
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll.old4
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll.old5
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll.old6
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll.old7
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll.old8
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll.old9
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23
c:\programdata\msauudmwd.exe
c:\users\Tobias Jakobsen\aHk127AM.com
c:\users\Tobias Jakobsen\AppData\Local\aHk127AM.exe
c:\users\Tobias Jakobsen\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
c:\users\Tobias Jakobsen\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences
c:\users\Tobias Jakobsen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\users\Tobias Jakobsen\AppData\Roaming\1300.exe
c:\users\Tobias Jakobsen\AppData\Roaming\14AC.exe
c:\users\Tobias Jakobsen\AppData\Roaming\1EC3.exe
c:\users\Tobias Jakobsen\AppData\Roaming\28CA.exe
c:\users\Tobias Jakobsen\AppData\Roaming\3133.tmp
c:\users\Tobias Jakobsen\AppData\Roaming\389B.exe
c:\users\Tobias Jakobsen\AppData\Roaming\4083.exe
c:\users\Tobias Jakobsen\AppData\Roaming\52D1.exe
c:\users\Tobias Jakobsen\AppData\Roaming\57B6.exe
c:\users\Tobias Jakobsen\AppData\Roaming\5BE.exe
c:\users\Tobias Jakobsen\AppData\Roaming\5D61.exe
c:\users\Tobias Jakobsen\AppData\Roaming\5FFC.exe
c:\users\Tobias Jakobsen\AppData\Roaming\6196.exe
c:\users\Tobias Jakobsen\AppData\Roaming\6703.exe
c:\users\Tobias Jakobsen\AppData\Roaming\6802.exe
c:\users\Tobias Jakobsen\AppData\Roaming\6BEF.exe
c:\users\Tobias Jakobsen\AppData\Roaming\702D.exe
c:\users\Tobias Jakobsen\AppData\Roaming\79BF.exe
c:\users\Tobias Jakobsen\AppData\Roaming\7CB6.exe
c:\users\Tobias Jakobsen\AppData\Roaming\7FA3.exe
c:\users\Tobias Jakobsen\AppData\Roaming\7FC2.exe
c:\users\Tobias Jakobsen\AppData\Roaming\837A.exe
c:\users\Tobias Jakobsen\AppData\Roaming\85EB.exe
c:\users\Tobias Jakobsen\AppData\Roaming\8C49.exe
c:\users\Tobias Jakobsen\AppData\Roaming\92FD.exe
c:\users\Tobias Jakobsen\AppData\Roaming\991F.exe
c:\users\Tobias Jakobsen\AppData\Roaming\9A93.exe
c:\users\Tobias Jakobsen\AppData\Roaming\9B86.exe
c:\users\Tobias Jakobsen\AppData\Roaming\9D5A.exe
c:\users\Tobias Jakobsen\AppData\Roaming\9ED3.exe
c:\users\Tobias Jakobsen\AppData\Roaming\A660.exe
c:\users\Tobias Jakobsen\AppData\Roaming\A84A.exe
c:\users\Tobias Jakobsen\AppData\Roaming\A8F2.exe
c:\users\Tobias Jakobsen\AppData\Roaming\B071.exe
c:\users\Tobias Jakobsen\AppData\Roaming\B31A.exe
c:\users\Tobias Jakobsen\AppData\Roaming\BE41.exe
c:\users\Tobias Jakobsen\AppData\Roaming\c731200
c:\users\Tobias Jakobsen\AppData\Roaming\F063.exe
c:\users\Tobias Jakobsen\AppData\Roaming\F3B2.exe
c:\users\Tobias Jakobsen\AppData\Roaming\F5B7.exe
c:\users\Tobias Jakobsen\AppData\Roaming\F7E7.exe
c:\users\Tobias Jakobsen\AppData\Roaming\FA05.exe
c:\users\Tobias Jakobsen\AppData\Roaming\FB32.exe
c:\users\Tobias Jakobsen\AppData\Roaming\miner.exe
c:\users\Tobias Jakobsen\AppData\Roaming\SearchProtect
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\s.bat
c:\windows\SysWow64\REN2BC4.tmp
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2013-12-28 til 2014-01-28 )))))))))))))))))))))))))))))))))))
.
.
2014-01-27 12:47 . 2014-01-27 20:25   ————  d——-w-  c:\users\Tobias Jakobsen\AppData\Local\CrashDumps
2014-01-27 11:24 . 2014-01-28 10:31   ————  d——-w-  C:\FRST
2014-01-26 20:34 . 2014-01-26 20:34   ————  d——-w-  c:\program files (x86)\GUM398.tmp
2014-01-26 19:32 . 2014-01-26 19:32   ————  d——-w-  c:\programdata\Oracle
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-28 13:09 . 2013-11-19 18:19   75888   ——a-w-  c:\programdata\Microsoft\Windows Defender\Definition Updates\{23541B2E-B6AD-48B9-88B8-CA7B456CED60}\offreg.dll
2013-12-11 21:19 . 2013-12-11 21:19   147968   ——a-w-  c:\users\Tobias Jakobsen\AppData\Roaming\E524.exe
2013-12-11 17:37 . 2013-12-11 17:37   147968   ——a-w-  c:\users\Tobias Jakobsen\AppData\Roaming\FD1F.exe
2013-12-11 17:37 . 2013-12-11 17:37   0   ——a-w-  c:\users\Tobias Jakobsen\AppData\Roaming\E51C.exe
2013-12-11 17:10 . 2012-04-11 17:10   692616   ——a-w-  c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 17:10 . 2011-11-10 01:50   71048   ——a-w-  c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 16:23 . 2013-12-11 16:23   137728   ——a-w-  c:\users\Tobias Jakobsen\AppData\Roaming\A11.exe
2013-12-10 23:01 . 2013-12-10 23:01   113664   ——a-w-  c:\users\Tobias Jakobsen\AppData\Roaming\FEA4.exe
2013-12-03 17:30 . 2013-12-03 17:30   102912   ——a-w-  c:\users\Tobias Jakobsen\AppData\Roaming\A4B7.exe
2013-11-14 15:58 . 2011-11-15 13:40   82896128   ——a-w-  c:\windows\system32\MRT.exe
2013-11-08 03:12 . 2013-11-19 16:27   10285968   ——a-w-  c:\programdata\Microsoft\Windows Defender\Definition Updates\{23541B2E-B6AD-48B9-88B8-CA7B456CED60}\mpengine.dll
2013-08-17 17:12 . 2013-08-17 17:12   51992   ——a-w-  c:\program files (x86)\WBDesktop.Updater.1.0.0.16.exe
2013-08-15 19:46 . 2013-08-15 19:46   51992   ——a-w-  c:\program files (x86)\WBDesktop.Updater.exe
2013-07-27 14:02 . 2013-07-27 14:02   50968   ——a-w-  c:\program files (x86)\WCDesktop.Updater.exe
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}]
2013-10-04 15:13   202008   ——a-w-  c:\program files (x86)\Betcat\WebCakeIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-05-20 10:02   295832   ——a-w-  c:\program files (x86)\Delta\delta\1.8.21.5\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
“{82E1477C-B154-48D3-9891-33D83C26BCD3}”= “c:\program files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll” [2013-05-20 284056]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Remote Control Server”=“c:\program files (x86)\Remote Control Server\Remote Control Server.exe” [2013-06-18 2222080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
“IAStorIcon”=“c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe” [2011-02-18 283160]
“BCSSync”=“c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe” [2010-03-13 91520]
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2013-11-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“moyeujdhasjkklsshah”=“c:\windows\system32\config\systemprofile\AppData\Roaming\MSOCache\mfssys.exe” [2013-12-28 225280]
“fuksinwfpppp”=“c:\windows\system32\config\systemprofile\AppData\Roaming\MSOCache\wfpsys.exe” [2013-12-28 225280]
.
c:\users\Tobias Jakobsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Skærmklipper og startprogram til OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“ConsentPromptBehaviorAdmin”= 0 (0x0)
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“TaskbarNoNotification”= 1 (0x1)
“HideSCAHealth”= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“TaskbarNoNotification”= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
“TaskbarNoNotification”= 1 (0x1)
“HideSCAHealth”= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
“LoadAppInit_DLLs”=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
“aux”=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=”“
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files (x86)\WBDesktop.Updater.1.0.0.16.exe;c:\program files (x86)\WBDesktop.Updater.1.0.0.16.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys;c:\windows\SYSNATIVE\Drivers\usbvideo.sys [x]
.
.
—- Andre Services/Drivers i Hukommelsen—-
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-27 12:53   1211672   ——a-w-  c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Indhold af mappen ‘Planlagte Opgaver’
.
2014-01-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 17:10]
.
2014-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-27 14:50]
.
2014-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-27 14:50]
.
.
————- X64 Entries—————-
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@=”{771C7324-DA80-49D3-8017-753B0AF60951}”
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-09-27 14:56   1508192   ——a-w-  c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2011-03-25 167960]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2011-03-25 391704]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2011-03-25 418840]
“EnergyUtility”=“c:\program files (x86)\Lenovo\Energy Management\Utility.exe” [2011-09-27 5908928]
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{2F187793-30C7-4CAD-8316-5B3E1A71A83D}: NameServer = 80.251.201.177 80.251.201.178
.
- - - - TOMME GENVEJE FJERNET - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-Egckco - c:\windows\system32\config\systemprofile\AppData\Roaming\Identities\Egckco.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Heimdal.lnk - c:\program files (x86)\Heimdal\Client\HeimdalAgent.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{62D40876-DF18-411F-9D34-A9DD7A197BC5} - (no file)
WebBrowser-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe
.
.
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
“{82E1477C-B154-48D3-9891-33D83C26BCD3}”=hex:51,66,7a,6c,4c,1d,38,12,12,44,f2,
  86,66,ff,bd,0d,e7,87,70,98,39,78,f8,c7
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
  27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
“{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}”=hex:51,66,7a,6c,4c,1d,38,12,fe,29,49,
  2e,02,75,00,0b,d6,43,6c,63,29,30,b1,03
“{72853161-30C5-4D22-B7F9-0BBC1D38A37E}”=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
  76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
“{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}”=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
  72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
“{9030D464-4C02-4ABF-8ECC-5164760863C6}”=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
  94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
“{AA58ED58-01DD-4D91-8333-CF10577473F7}”=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
  ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
“{B4F3A835-0E21-4959-BA22-42B3008E02FF}”=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
  b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
“{C1AF5FA5-852C-4C90-812E-A7F75E011D87}”=hex:51,66,7a,6c,4c,1d,38,12,cb,5c,bc,
  c5,1e,cb,fe,09,fe,38,e4,b7,5b,5f,59,93
“{DBC80044-A445-435B-BC74-9C25C1C588A9}”=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
  df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
“{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}”=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
  2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
“Timestamp”=hex:e4,58,86,98,bf,03,cf,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
————————————Andre kørende processer————————————
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\programdata\Mobile Partner\OnlineUpdate\ouc.exe
c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Gennemført tid: 2014-01-28 14:12:56 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2014-01-28 13:12
.
Pre-Kørsel: 624.737.218.560 byte ledig
Post-Kørsel: 625.058.488.320 byte ledig
.
- - End Of File - - 49512F5CC2BB6B730B598C71E68A97B4

Administrator
Antal indlæg: 8333

Vi er bestemt ikke færdige. for det var nogle meget grimme infektioner du havde.

Du skal nok få en oprydnings vejledning når vi er færdige smile

———

Jeg vedhæfter CFScript.

Dette Fix blev skrevet specielt til denne bruger og til brug på denne PC.
Køres dette på en anden PC, kan det forårsage skade, og i værste fald vil PCen ikke starte
.

Gem det på Skrivebordet ved siden af ComboFix og brug det.

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem. <- Vigtigt

Tag så fat i den nye fil med musen, og før den hen over ComboFix-filen, hvorefter du “giver slip” med musen.

Så skulle ComboFix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Får du noget der ligner denne fejl.

Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning

Så genstart, en gang mere, det burde løse det.

Indholdet af denne fil må du gerne lægge herind.

Vedhæftede billeder
swfcombo.gif
Klik miniature for at se billede i fuld størrelse
Vedhæftede filer
CFScript.txt  (Filstørrelse: 1 - Downloads: 27)
Signatur

Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !

Antal indlæg: 40

Jeg synes også det virkede lidt for nemt

næste log:

ComboFix 14-01-27.02 - Tobias Jakobsen 28-01-2014 15:55:11.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.45.1030.18.8136.6209 [GMT 1:00]
Kører fra: c:\users\Tobias Jakobsen\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Tobias Jakobsen\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
“c:\users\Tobias Jakobsen\AppData\Roaming\A11.exe”
“c:\users\Tobias Jakobsen\AppData\Roaming\A4B7.exe”
“c:\users\Tobias Jakobsen\AppData\Roaming\E51C.exe”
“c:\users\Tobias Jakobsen\AppData\Roaming\E524.exe”
“c:\users\Tobias Jakobsen\AppData\Roaming\FD1F.exe”
“c:\users\Tobias Jakobsen\AppData\Roaming\FEA4.exe”
“c:\windows\system32\config\systemprofile\AppData\Roaming\MSOCache\mfssys.exe”
“c:\windows\system32\config\systemprofile\AppData\Roaming\MSOCache\wfpsys.exe”
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tobias Jakobsen\AppData\Roaming\A11.exe
c:\users\Tobias Jakobsen\AppData\Roaming\A4B7.exe
c:\users\Tobias Jakobsen\AppData\Roaming\E51C.exe
c:\users\Tobias Jakobsen\AppData\Roaming\E524.exe
c:\users\Tobias Jakobsen\AppData\Roaming\FD1F.exe
c:\users\Tobias Jakobsen\AppData\Roaming\FEA4.exe
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2013-12-28 til 2014-01-28 )))))))))))))))))))))))))))))))))))
.
.
2014-01-28 15:01 . 2014-01-28 15:01   75888   ——a-w-  c:\programdata\Microsoft\Windows Defender\Definition Updates\{404E85BC-4C2C-4564-AC4B-0BB93C96C9DA}\offreg.dll
2014-01-28 14:58 . 2014-01-28 14:58   ————  d——-w-  c:\users\Default\AppData\Local\temp
2014-01-28 13:26 . 2013-12-04 03:28   10315576   ——a-w-  c:\programdata\Microsoft\Windows Defender\Definition Updates\{404E85BC-4C2C-4564-AC4B-0BB93C96C9DA}\mpengine.dll
2014-01-28 13:21 . 2014-01-28 13:21   312744   ——a-w-  c:\windows\system32\javaws.exe
2014-01-28 13:21 . 2014-01-28 13:21   189352   ——a-w-  c:\windows\system32\javaw.exe
2014-01-28 13:21 . 2014-01-28 13:21   189352   ——a-w-  c:\windows\system32\java.exe
2014-01-28 13:21 . 2014-01-28 13:21   108968   ——a-w-  c:\windows\system32\WindowsAccessBridge-64.dll
2014-01-28 13:21 . 2014-01-28 13:21   ————  d——-w-  c:\program files\Java
2014-01-27 12:47 . 2014-01-28 13:20   ————  d——-w-  c:\users\Tobias Jakobsen\AppData\Local\CrashDumps
2014-01-27 11:24 . 2014-01-28 10:31   ————  d——-w-  C:\FRST
2014-01-26 20:34 . 2014-01-26 20:34   ————  d——-w-  c:\program files (x86)\GUM398.tmp
2014-01-26 19:32 . 2014-01-26 19:32   ————  d——-w-  c:\programdata\Oracle
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-16 08:59 . 2010-11-21 03:27   270496   ———w-  c:\windows\system32\MpSigStub.exe
2013-12-11 17:10 . 2012-04-11 17:10   692616   ——a-w-  c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 17:10 . 2011-11-10 01:50   71048   ——a-w-  c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-14 15:58 . 2011-11-15 13:40   82896128   ——a-w-  c:\windows\system32\MRT.exe
2013-08-17 17:12 . 2013-08-17 17:12   51992   ——a-w-  c:\program files (x86)\WBDesktop.Updater.1.0.0.16.exe
2013-08-15 19:46 . 2013-08-15 19:46   51992   ——a-w-  c:\program files (x86)\WBDesktop.Updater.exe
2013-07-27 14:02 . 2013-07-27 14:02   50968   ——a-w-  c:\program files (x86)\WCDesktop.Updater.exe
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}]
2013-10-04 15:13   202008   ——a-w-  c:\program files (x86)\Betcat\WebCakeIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-05-20 10:02   295832   ——a-w-  c:\program files (x86)\Delta\delta\1.8.21.5\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
“{82E1477C-B154-48D3-9891-33D83C26BCD3}”= “c:\program files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll” [2013-05-20 284056]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Remote Control Server”=“c:\program files (x86)\Remote Control Server\Remote Control Server.exe” [2013-06-18 2222080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
“IAStorIcon”=“c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe” [2011-02-18 283160]
“BCSSync”=“c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe” [2010-03-13 91520]
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2013-11-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“moyeujdhasjkklsshah”=“c:\windows\system32\config\systemprofile\AppData\Roaming\MSOCache\mfssys.exe” [2013-12-28 225280]
“fuksinwfpppp”=“c:\windows\system32\config\systemprofile\AppData\Roaming\MSOCache\wfpsys.exe” [2013-12-28 225280]
.
c:\users\Tobias Jakobsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Skærmklipper og startprogram til OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“ConsentPromptBehaviorAdmin”= 0 (0x0)
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“TaskbarNoNotification”= 1 (0x1)
“HideSCAHealth”= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“TaskbarNoNotification”= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
“TaskbarNoNotification”= 1 (0x1)
“HideSCAHealth”= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
“LoadAppInit_DLLs”=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
“aux”=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=”“
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
.
2;2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files (x86)\WBDesktop.Updater.1.0.0.16.exe;c:\program files (x86)\WBDesktop.Updater.1.0.0.16.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys;c:\windows\SYSNATIVE\Drivers\usbvideo.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-27 12:53   1211672   ——a-w-  c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Indhold af mappen ‘Planlagte Opgaver’
.
2014-01-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 17:10]
.
2014-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-27 14:50]
.
2014-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-27 14:50]
.
.
————- X64 Entries—————-
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@=”{771C7324-DA80-49D3-8017-753B0AF60951}”
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-09-27 14:56   1508192   ——a-w-  c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2011-03-25 167960]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2011-03-25 391704]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2011-03-25 418840]
“SynTPEnh”=“c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe” [BU]
“EnergyUtility”=“c:\program files (x86)\Lenovo\Energy Management\Utility.exe” [2011-09-27 5908928]
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 89.150.129.22 89.150.129.10
TCP: Interfaces\{2F187793-30C7-4CAD-8316-5B3E1A71A83D}: NameServer = 80.251.201.177 80.251.201.178
.
- - - - TOMME GENVEJE FJERNET - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{62D40876-DF18-411F-9D34-A9DD7A197BC5} - (no file)
WebBrowser-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe
.
.
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
“{82E1477C-B154-48D3-9891-33D83C26BCD3}”=hex:51,66,7a,6c,4c,1d,38,12,12,44,f2,
  86,66,ff,bd,0d,e7,87,70,98,39,78,f8,c7
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
  27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
“{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}”=hex:51,66,7a,6c,4c,1d,38,12,fe,29,49,
  2e,02,75,00,0b,d6,43,6c,63,29,30,b1,03
“{72853161-30C5-4D22-B7F9-0BBC1D38A37E}”=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
  76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
“{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}”=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
  72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
“{9030D464-4C02-4ABF-8ECC-5164760863C6}”=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
  94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
“{AA58ED58-01DD-4D91-8333-CF10577473F7}”=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
  ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
“{B4F3A835-0E21-4959-BA22-42B3008E02FF}”=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
  b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
“{C1AF5FA5-852C-4C90-812E-A7F75E011D87}”=hex:51,66,7a,6c,4c,1d,38,12,cb,5c,bc,
  c5,1e,cb,fe,09,fe,38,e4,b7,5b,5f,59,93
“{DBC80044-A445-435B-BC74-9C25C1C588A9}”=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
  df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
“{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}”=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
  2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
“Timestamp”=hex:e4,58,86,98,bf,03,cf,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
————————————Andre kørende processer————————————
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\programdata\Mobile Partner\OnlineUpdate\ouc.exe
c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Gennemført tid: 2014-01-28 16:05:02 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2014-01-28 15:05
ComboFix2.txt 2014-01-28 13:12
.
Pre-Kørsel: 623.854.899.200 byte ledig
Post-Kørsel: 623.888.990.208 byte ledig
.
- - End Of File - - 52C610A00C80C1C81067F52150EB8512

Administrator
Antal indlæg: 8333

Jeg kom desværre til at lave en slåfejl, så den gjorde ikke som jeg ville.

———

Jeg vedhæfter CFScript.

Dette Fix blev skrevet specielt til denne bruger og til brug på denne PC.
Køres dette på en anden PC, kan det forårsage skade, og i værste fald vil PCen ikke starte
.

Gem det på Skrivebordet ved siden af ComboFix og brug det.

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem. <- Vigtigt

Tag så fat i den nye fil med musen, og før den hen over ComboFix-filen, hvorefter du “giver slip” med musen.

Så skulle ComboFix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Får du noget der ligner denne fejl.

Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning

Så genstart, en gang mere, det burde løse det.

Indholdet af denne fil må du gerne lægge herind.

Vedhæftede billeder
swfcombo.gif
Klik miniature for at se billede i fuld størrelse
Vedhæftede filer
CFScript.txt  (Filstørrelse: 1 - Downloads: 25)
Signatur

Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !

Antal indlæg: 40

ComboFix 14-01-27.02 - Tobias Jakobsen 28-01-2014 16:45:59.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.45.1030.18.8136.6443 [GMT 1:00]
Kører fra: c:\users\Tobias Jakobsen\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Tobias Jakobsen\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
“c:\windows\system32\config\systemprofile\AppData\Roaming\MSOCache\mfssys.exe”
“c:\windows\system32\config\systemprofile\AppData\Roaming\MSOCache\wfpsys.exe”
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2013-12-28 til 2014-01-28 )))))))))))))))))))))))))))))))))))
.
.
2014-01-28 15:50 . 2014-01-28 15:50   ————  d——-w-  c:\users\Default\AppData\Local\temp
2014-01-28 13:26 . 2013-12-04 03:28   10315576   ——a-w-  c:\programdata\Microsoft\Windows Defender\Definition Updates\{404E85BC-4C2C-4564-AC4B-0BB93C96C9DA}\mpengine.dll
2014-01-28 13:21 . 2014-01-28 13:21   312744   ——a-w-  c:\windows\system32\javaws.exe
2014-01-28 13:21 . 2014-01-28 13:21   189352   ——a-w-  c:\windows\system32\javaw.exe
2014-01-28 13:21 . 2014-01-28 13:21   189352   ——a-w-  c:\windows\system32\java.exe
2014-01-28 13:21 . 2014-01-28 13:21   108968   ——a-w-  c:\windows\system32\WindowsAccessBridge-64.dll
2014-01-28 13:21 . 2014-01-28 13:21   ————  d——-w-  c:\program files\Java
2014-01-27 12:47 . 2014-01-28 13:20   ————  d——-w-  c:\users\Tobias Jakobsen\AppData\Local\CrashDumps
2014-01-27 11:24 . 2014-01-28 10:31   ————  d——-w-  C:\FRST
2014-01-26 20:34 . 2014-01-26 20:34   ————  d——-w-  c:\program files (x86)\GUM398.tmp
2014-01-26 19:32 . 2014-01-26 19:32   ————  d——-w-  c:\programdata\Oracle
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-16 08:59 . 2010-11-21 03:27   270496   ———w-  c:\windows\system32\MpSigStub.exe
2013-12-11 17:10 . 2012-04-11 17:10   692616   ——a-w-  c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 17:10 . 2011-11-10 01:50   71048   ——a-w-  c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-14 15:58 . 2011-11-15 13:40   82896128   ——a-w-  c:\windows\system32\MRT.exe
2013-08-17 17:12 . 2013-08-17 17:12   51992   ——a-w-  c:\program files (x86)\WBDesktop.Updater.1.0.0.16.exe
2013-08-15 19:46 . 2013-08-15 19:46   51992   ——a-w-  c:\program files (x86)\WBDesktop.Updater.exe
2013-07-27 14:02 . 2013-07-27 14:02   50968   ——a-w-  c:\program files (x86)\WCDesktop.Updater.exe
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}]
2013-10-04 15:13   202008   ——a-w-  c:\program files (x86)\Betcat\WebCakeIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-05-20 10:02   295832   ——a-w-  c:\program files (x86)\Delta\delta\1.8.21.5\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
“{82E1477C-B154-48D3-9891-33D83C26BCD3}”= “c:\program files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll” [2013-05-20 284056]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Remote Control Server”=“c:\program files (x86)\Remote Control Server\Remote Control Server.exe” [2013-06-18 2222080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
“IAStorIcon”=“c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe” [2011-02-18 283160]
“BCSSync”=“c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe” [2010-03-13 91520]
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2013-11-21 959904]
.
c:\users\Tobias Jakobsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Skærmklipper og startprogram til OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“ConsentPromptBehaviorAdmin”= 0 (0x0)
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“TaskbarNoNotification”= 1 (0x1)
“HideSCAHealth”= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“TaskbarNoNotification”= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
“TaskbarNoNotification”= 1 (0x1)
“HideSCAHealth”= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
“LoadAppInit_DLLs”=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
“aux”=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=”“
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files (x86)\WBDesktop.Updater.1.0.0.16.exe;c:\program files (x86)\WBDesktop.Updater.1.0.0.16.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys;c:\windows\SYSNATIVE\Drivers\usbvideo.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-27 12:53   1211672   ——a-w-  c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Indhold af mappen ‘Planlagte Opgaver’
.
2014-01-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 17:10]
.
2014-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-27 14:50]
.
2014-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-27 14:50]
.
.
————- X64 Entries—————-
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@=”{771C7324-DA80-49D3-8017-753B0AF60951}”
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-09-27 14:56   1508192   ——a-w-  c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2011-03-25 167960]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2011-03-25 391704]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2011-03-25 418840]
“SynTPEnh”=“c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe” [BU]
“EnergyUtility”=“c:\program files (x86)\Lenovo\Energy Management\Utility.exe” [2011-09-27 5908928]
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 89.150.129.22 89.150.129.10
TCP: Interfaces\{2F187793-30C7-4CAD-8316-5B3E1A71A83D}: NameServer = 80.251.201.177 80.251.201.178
.
- - - - TOMME GENVEJE FJERNET - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{62D40876-DF18-411F-9D34-A9DD7A197BC5} - (no file)
WebBrowser-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe
.
.
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
“{82E1477C-B154-48D3-9891-33D83C26BCD3}”=hex:51,66,7a,6c,4c,1d,38,12,12,44,f2,
  86,66,ff,bd,0d,e7,87,70,98,39,78,f8,c7
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
  27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
“{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}”=hex:51,66,7a,6c,4c,1d,38,12,fe,29,49,
  2e,02,75,00,0b,d6,43,6c,63,29,30,b1,03
“{72853161-30C5-4D22-B7F9-0BBC1D38A37E}”=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
  76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
“{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}”=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
  72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
“{9030D464-4C02-4ABF-8ECC-5164760863C6}”=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
  94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
“{AA58ED58-01DD-4D91-8333-CF10577473F7}”=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
  ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
“{B4F3A835-0E21-4959-BA22-42B3008E02FF}”=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
  b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
“{C1AF5FA5-852C-4C90-812E-A7F75E011D87}”=hex:51,66,7a,6c,4c,1d,38,12,cb,5c,bc,
  c5,1e,cb,fe,09,fe,38,e4,b7,5b,5f,59,93
“{DBC80044-A445-435B-BC74-9C25C1C588A9}”=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
  df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
“{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}”=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
  2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
“Timestamp”=hex:e4,58,86,98,bf,03,cf,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
————————————Andre kørende processer————————————
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\programdata\Mobile Partner\OnlineUpdate\ouc.exe
c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Gennemført tid: 2014-01-28 16:55:52 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2014-01-28 15:55
ComboFix2.txt 2014-01-28 15:05
ComboFix3.txt 2014-01-28 13:12
.
Pre-Kørsel: 623.951.937.536 byte ledig
Post-Kørsel: 623.865.495.552 byte ledig
.
- - End Of File - - D97618AB98C70C7C7043507A4BAF9DC9

Administrator
Antal indlæg: 8333

Deaktiver dit sikkerhedprogram, mens du kører dette ->

Download Tdsskiller.zip på dit skrivebord og pak den ud i en mappe.

Start TDSSKiller.exe.

Mht.: Vista og Windows 7/8 - Højreklik på filen - Kør som Administrator.

Under “Change parameters” sætter du flueben ved “Detect TDLFS file system”

Klik på “Start Scan”

Hvis en inficeret fil bliver fundet, vil ”Default action” være Cure, klik på Continue
Hvis den finder TDLFS file system, klikker du på Skip.
Hvis en mistænkelig fil opdages, vil ”Default action” være Skip, klik på Continue
Hvis den ikke spørger om ”Reboot” (genstart) så klik på ”Report”, kopier den tekst herind i tråden.

Genstart hvis den kræver det.

Hvis den genstarter kan du finde logfilen her :
C:\TDSSKiller.[Version]_[Dato]_[Tidspunkt]_log.txt.

Kopier den tekst herind i denne tråd. (Den skal nok deles i to excaim )

Signatur

Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !

Antal indlæg: 40

Kan det passe at det kun tager et halvt minut?

her er log:

17:34:44.0183 0x0ea4 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
17:34:45.0977 0x0ea4 ============================================================
17:34:45.0977 0x0ea4 Current date / time: 2014/01/28 17:34:45.0977
17:34:45.0977 0x0ea4 SystemInfo:
17:34:45.0977 0x0ea4
17:34:45.0977 0x0ea4 OS Version: 6.1.7601 ServicePack: 1.0
17:34:45.0977 0x0ea4 Product type: Workstation
17:34:45.0977 0x0ea4 ComputerName: TOBIASJAKOBSEN
17:34:45.0977 0x0ea4 UserName: Tobias Jakobsen
17:34:45.0977 0x0ea4 Windows directory: C:\windows
17:34:45.0977 0x0ea4 System windows directory: C:\windows
17:34:45.0977 0x0ea4 Running under WOW64
17:34:45.0977 0x0ea4 Processor architecture: Intel x64
17:34:45.0977 0x0ea4 Number of processors: 4
17:34:45.0977 0x0ea4 Page size: 0x1000
17:34:45.0977 0x0ea4 Boot type: Normal boot
17:34:45.0977 0x0ea4 ============================================================
17:34:46.0117 0x0ea4 KLMD registered as C:\windows\system32\drivers\30627825.sys
17:34:46.0258 0x0ea4 System UUID: {625A6BE3-E4FB-4ED4-FF3B-E2E408F35563}
17:34:46.0523 0x0ea4 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000040
17:34:46.0523 0x0ea4 ============================================================
17:34:46.0523 0x0ea4 \Device\Harddisk0\DR0:
17:34:46.0523 0x0ea4 MBR partitions:
17:34:46.0523 0x0ea4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
17:34:46.0523 0x0ea4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x51D61000
17:34:46.0554 0x0ea4 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x51DC6000, BlocksNum 0x39FE000
17:34:46.0554 0x0ea4 ============================================================
17:34:46.0601 0x0ea4 C: <-> \Device\Harddisk0\DR0\Partition2
17:34:46.0648 0x0ea4 D: <-> \Device\Harddisk0\DR0\Partition3
17:34:46.0648 0x0ea4 ============================================================
17:34:46.0648 0x0ea4 Initialize success
17:34:46.0648 0x0ea4 ============================================================
17:35:17.0161 0x0f5c ============================================================
17:35:17.0161 0x0f5c Scan started
17:35:17.0161 0x0f5c Mode: Manual; TDLFS;
17:35:17.0161 0x0f5c ============================================================
17:35:17.0161 0x0f5c KSN ping started
17:35:19.0938 0x0f5c KSN ping finished: true
17:35:20.0141 0x0f5c ================ Scan system memory ========================
17:35:20.0141 0x0f5c System memory - ok
17:35:20.0141 0x0f5c ================ Scan services =============================
17:35:20.0391 0x0f5c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci     C:\windows\system32\drivers\1394ohci.sys
17:35:20.0406 0x0f5c 1394ohci - ok
17:35:20.0437 0x0f5c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI         C:\windows\system32\drivers\ACPI.sys
17:35:20.0453 0x0f5c ACPI - ok
17:35:20.0469 0x0f5c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi       C:\windows\system32\drivers\acpipmi.sys
17:35:20.0469 0x0f5c AcpiPmi - ok
17:35:20.0500 0x0f5c [ 5BBFF8B826EC38D32C26334E079C7EFC, 673D46409F0225A804B55FFB77E82AF34F8C7A93BEEF92DC3DFAC7EFCC5F09B6 ] ACPIVPC       C:\windows\system32\DRIVERS\AcpiVpc.sys
17:35:20.0500 0x0f5c ACPIVPC - ok
17:35:20.0640 0x0f5c [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:35:20.0640 0x0f5c AdobeARMservice - ok
17:35:20.0843 0x0f5c [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:35:20.0843 0x0f5c AdobeFlashPlayerUpdateSvc - ok
17:35:20.0905 0x0f5c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx       C:\windows\system32\drivers\adp94xx.sys
17:35:20.0905 0x0f5c adp94xx - ok
17:35:20.0952 0x0f5c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci       C:\windows\system32\drivers\adpahci.sys
17:35:20.0952 0x0f5c adpahci - ok
17:35:20.0983 0x0f5c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320       C:\windows\system32\drivers\adpu320.sys
17:35:20.0983 0x0f5c adpu320 - ok
17:35:21.0015 0x0f5c [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc   C:\windows\System32\aelupsvc.dll
17:35:21.0015 0x0f5c AeLookupSvc - ok
17:35:21.0077 0x0f5c [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD         C:\windows\system32\drivers\afd.sys
17:35:21.0093 0x0f5c AFD - ok
17:35:21.0124 0x0f5c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440       C:\windows\system32\drivers\agp440.sys
17:35:21.0124 0x0f5c agp440 - ok
17:35:21.0139 0x0f5c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG         C:\windows\System32\alg.exe
17:35:21.0139 0x0f5c ALG - ok
17:35:21.0155 0x0f5c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide       C:\windows\system32\drivers\aliide.sys
17:35:21.0155 0x0f5c aliide - ok
17:35:21.0186 0x0f5c [ A9141F9FE92E67A92B3948635E96CF77, 1479E88C499BB146EA0F8F9C55866A331B7D845A254ECDEC0F928CB4AE3DDEA6 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
17:35:21.0186 0x0f5c AMD External Events Utility - ok
17:35:21.0217 0x0f5c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide       C:\windows\system32\drivers\amdide.sys
17:35:21.0217 0x0f5c amdide - ok
17:35:21.0233 0x0f5c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8       C:\windows\system32\drivers\amdk8.sys
17:35:21.0233 0x0f5c AmdK8 - ok
17:35:21.0483 0x0f5c [ 99A33223B2D67A5A8839E373490F8EBC, 23BDC36858A507DFEA400D010267C59B9AD7D72B45D94D34DE6D2C452F3380C3 ] amdkmdag     C:\windows\system32\DRIVERS\atikmdag.sys
17:35:21.0701 0x0f5c amdkmdag - ok
17:35:21.0763 0x0f5c [ 73A3D07343773A4F0881A458D485BE11, A8239F90AA870B271752CCD3ACE53A2992929F8294E0485F5615FCC310188133 ] amdkmdap     C:\windows\system32\DRIVERS\atikmpag.sys
17:35:21.0763 0x0f5c amdkmdap - ok
17:35:21.0779 0x0f5c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM       C:\windows\system32\drivers\amdppm.sys
17:35:21.0795 0x0f5c AmdPPM - ok
17:35:21.0841 0x0f5c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata       C:\windows\system32\drivers\amdsata.sys
17:35:21.0841 0x0f5c amdsata - ok
17:35:21.0857 0x0f5c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs       C:\windows\system32\drivers\amdsbs.sys
17:35:21.0857 0x0f5c amdsbs - ok
17:35:21.0873 0x0f5c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata       C:\windows\system32\drivers\amdxata.sys
17:35:21.0873 0x0f5c amdxata - ok
17:35:21.0904 0x0f5c [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID       C:\windows\system32\drivers\appid.sys
17:35:21.0904 0x0f5c AppID - ok
17:35:21.0935 0x0f5c [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc     C:\windows\System32\appidsvc.dll
17:35:21.0935 0x0f5c AppIDSvc - ok
17:35:21.0966 0x0f5c [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo       C:\windows\System32\appinfo.dll
17:35:21.0982 0x0f5c Appinfo - ok
17:35:21.0997 0x0f5c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc         C:\windows\system32\drivers\arc.sys
17:35:21.0997 0x0f5c arc - ok
17:35:22.0013 0x0f5c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas       C:\windows\system32\drivers\arcsas.sys
17:35:22.0013 0x0f5c arcsas - ok
17:35:22.0044 0x0f5c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac     C:\windows\system32\DRIVERS\asyncmac.sys
17:35:22.0044 0x0f5c AsyncMac - ok
17:35:22.0075 0x0f5c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi       C:\windows\system32\drivers\atapi.sys
17:35:22.0075 0x0f5c atapi - ok
17:35:22.0200 0x0f5c [ 782D36BAD8DDBF008D02E055DBE70F82, AFB7A4B52C86A9CA48ED46A2CE5415119F1C75912A0E233EF1CAE120DA534CAE ] athr         C:\windows\system32\DRIVERS\athrx.sys
17:35:22.0278 0x0f5c athr - ok
17:35:22.0341 0x0f5c [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
17:35:22.0372 0x0f5c AudioEndpointBuilder - ok
17:35:22.0387 0x0f5c [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv     C:\windows\System32\Audiosrv.dll
17:35:22.0387 0x0f5c AudioSrv - ok
17:35:22.0434 0x0f5c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV     C:\windows\System32\AxInstSV.dll
17:35:22.0434 0x0f5c AxInstSV - ok
17:35:22.0481 0x0f5c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv       C:\windows\system32\drivers\bxvbda.sys
17:35:22.0497 0x0f5c b06bdrv - ok
17:35:22.0543 0x0f5c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a     C:\windows\system32\DRIVERS\b57nd60a.sys
17:35:22.0543 0x0f5c b57nd60a - ok
17:35:22.0559 0x0f5c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC       C:\windows\System32\bdesvc.dll
17:35:22.0559 0x0f5c BDESVC - ok
17:35:22.0575 0x0f5c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep         C:\windows\system32\drivers\Beep.sys
17:35:22.0575 0x0f5c Beep - ok
17:35:22.0621 0x0f5c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE         C:\windows\System32\bfe.dll
17:35:22.0653 0x0f5c BFE - ok
17:35:22.0731 0x0f5c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS         C:\windows\system32\qmgr.dll
17:35:22.0746 0x0f5c BITS - ok
17:35:22.0777 0x0f5c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive     C:\windows\system32\DRIVERS\blbdrive.sys
17:35:22.0777 0x0f5c blbdrive - ok
17:35:22.0840 0x0f5c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser       C:\windows\system32\DRIVERS\bowser.sys
17:35:22.0840 0x0f5c bowser - ok
17:35:22.0871 0x0f5c [ AAA4F992F879977A000FE8B8C730CD2C, A109D3F7CA9D49B98FDA5CA34C60055690F72400CCC96D48076FA86086E4C74D ] BPntDrv       C:\windows\system32\drivers\BPntDrv.sys
17:35:22.0871 0x0f5c BPntDrv - ok
17:35:22.0902 0x0f5c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo     C:\windows\system32\drivers\BrFiltLo.sys
17:35:22.0902 0x0f5c BrFiltLo - ok
17:35:22.0918 0x0f5c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp     C:\windows\system32\drivers\BrFiltUp.sys
17:35:22.0918 0x0f5c BrFiltUp - ok
17:35:22.0965 0x0f5c [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP     C:\windows\system32\DRIVERS\bridge.sys
17:35:22.0965 0x0f5c BridgeMP - ok
17:35:22.0996 0x0f5c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser       C:\windows\System32\browser.dll
17:35:22.0996 0x0f5c Browser - ok
17:35:23.0011 0x0f5c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid       C:\windows\System32\Drivers\Brserid.sys
17:35:23.0027 0x0f5c Brserid - ok
17:35:23.0043 0x0f5c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm     C:\windows\System32\Drivers\BrSerWdm.sys
17:35:23.0043 0x0f5c BrSerWdm - ok
17:35:23.0058 0x0f5c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm     C:\windows\System32\Drivers\BrUsbMdm.sys
17:35:23.0058 0x0f5c BrUsbMdm - ok
17:35:23.0074 0x0f5c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer     C:\windows\System32\Drivers\BrUsbSer.sys
17:35:23.0074 0x0f5c BrUsbSer - ok
17:35:23.0105 0x0f5c [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum       C:\windows\system32\drivers\BthEnum.sys
17:35:23.0105 0x0f5c BthEnum - ok
17:35:23.0105 0x0f5c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM     C:\windows\system32\drivers\bthmodem.sys
17:35:23.0105 0x0f5c BTHMODEM - ok
17:35:23.0136 0x0f5c [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan       C:\windows\system32\DRIVERS\bthpan.sys
17:35:23.0136 0x0f5c BthPan - ok
17:35:23.0183 0x0f5c [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT       C:\windows\System32\Drivers\BTHport.sys
17:35:23.0199 0x0f5c BTHPORT - ok
17:35:23.0245 0x0f5c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv       C:\windows\system32\bthserv.dll
17:35:23.0245 0x0f5c bthserv - ok
17:35:23.0292 0x0f5c [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB       C:\windows\System32\Drivers\BTHUSB.sys
17:35:23.0292 0x0f5c BTHUSB - ok
17:35:23.0370 0x0f5c catchme - ok
17:35:23.0386 0x0f5c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs         C:\windows\system32\DRIVERS\cdfs.sys
17:35:23.0386 0x0f5c cdfs - ok
17:35:23.0433 0x0f5c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom       C:\windows\system32\DRIVERS\cdrom.sys
17:35:23.0433 0x0f5c cdrom - ok
17:35:23.0448 0x0f5c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc   C:\windows\System32\certprop.dll
17:35:23.0448 0x0f5c CertPropSvc - ok
17:35:23.0495 0x0f5c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass     C:\windows\system32\drivers\circlass.sys
17:35:23.0495 0x0f5c circlass - ok
17:35:23.0526 0x0f5c [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS         C:\windows\system32\CLFS.sys
17:35:23.0542 0x0f5c CLFS - ok
17:35:23.0635 0x0f5c [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:35:23.0651 0x0f5c clr_optimization_v2.0.50727_32 - ok
17:35:23.0682 0x0f5c [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:35:23.0682 0x0f5c clr_optimization_v2.0.50727_64 - ok
17:35:23.0776 0x0f5c [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:35:23.0776 0x0f5c clr_optimization_v4.0.30319_32 - ok
17:35:23.0807 0x0f5c [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:35:23.0807 0x0f5c clr_optimization_v4.0.30319_64 - ok
17:35:23.0838 0x0f5c [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd       C:\windows\system32\DRIVERS\clwvd.sys
17:35:23.0854 0x0f5c clwvd - ok
17:35:23.0901 0x0f5c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt       C:\windows\system32\DRIVERS\CmBatt.sys
17:35:23.0901 0x0f5c CmBatt - ok
17:35:23.0932 0x0f5c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide       C:\windows\system32\drivers\cmdide.sys
17:35:23.0932 0x0f5c cmdide - ok
17:35:23.0979 0x0f5c [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG         C:\windows\system32\Drivers\cng.sys
17:35:23.0994 0x0f5c CNG - ok
17:35:24.0072 0x0f5c [ 99B1B888B793DE320C5479B3C953781F, 6A499F916132998FBDFA587823A11C2ED1D27DED10374F6A41BA5861A2FF969E ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
17:35:24.0088 0x0f5c CnxtHdAudService - ok
17:35:24.0103 0x0f5c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt     C:\windows\system32\drivers\compbatt.sys
17:35:24.0103 0x0f5c Compbatt - ok
17:35:24.0119 0x0f5c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus   C:\windows\system32\DRIVERS\CompositeBus.sys
17:35:24.0119 0x0f5c CompositeBus - ok
17:35:24.0135 0x0f5c COMSysApp - ok
17:35:24.0166 0x0f5c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk       C:\windows\system32\drivers\crcdisk.sys
17:35:24.0166 0x0f5c crcdisk - ok
17:35:24.0213 0x0f5c [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc     C:\windows\system32\cryptsvc.dll
17:35:24.0213 0x0f5c CryptSvc - ok
17:35:24.0259 0x0f5c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch     C:\windows\system32\rpcss.dll
17:35:24.0275 0x0f5c DcomLaunch - ok
17:35:24.0306 0x0f5c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc     C:\windows\System32\defragsvc.dll
17:35:24.0306 0x0f5c defragsvc - ok
17:35:24.0322 0x0f5c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC         C:\windows\system32\Drivers\dfsc.sys
17:35:24.0337 0x0f5c DfsC - ok
17:35:24.0353 0x0f5c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp         C:\windows\system32\dhcpcore.dll
17:35:24.0369 0x0f5c Dhcp - ok
17:35:24.0400 0x0f5c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache     C:\windows\system32\drivers\discache.sys
17:35:24.0400 0x0f5c discache - ok
17:35:24.0431 0x0f5c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk         C:\windows\system32\drivers\disk.sys
17:35:24.0431 0x0f5c Disk - ok
17:35:24.0462 0x0f5c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache     C:\windows\System32\dnsrslvr.dll
17:35:24.0462 0x0f5c Dnscache - ok
17:35:24.0493 0x0f5c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc       C:\windows\System32\dot3svc.dll
17:35:24.0493 0x0f5c dot3svc - ok
17:35:24.0509 0x0f5c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS         C:\windows\system32\dps.dll
17:35:24.0509 0x0f5c DPS - ok
17:35:24.0540 0x0f5c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud       C:\windows\system32\drivers\drmkaud.sys
17:35:24.0540 0x0f5c drmkaud - ok
17:35:24.0603 0x0f5c [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl       C:\windows\System32\drivers\dxgkrnl.sys
17:35:24.0618 0x0f5c DXGKrnl - ok
17:35:24.0634 0x0f5c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost       C:\windows\System32\eapsvc.dll
17:35:24.0634 0x0f5c EapHost - ok
17:35:24.0743 0x0f5c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv       C:\windows\system32\drivers\evbda.sys
17:35:24.0837 0x0f5c ebdrv - ok
17:35:24.0868 0x0f5c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS         C:\windows\System32\lsass.exe
17:35:24.0868 0x0f5c EFS - ok
17:35:24.0930 0x0f5c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr       C:\windows\ehome\ehRecvr.exe
17:35:24.0961 0x0f5c ehRecvr - ok
17:35:24.0977 0x0f5c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched       C:\windows\ehome\ehsched.exe
17:35:24.0977 0x0f5c ehSched - ok
17:35:25.0024 0x0f5c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor       C:\windows\system32\drivers\elxstor.sys
17:35:25.0039 0x0f5c elxstor - ok
17:35:25.0055 0x0f5c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev       C:\windows\system32\drivers\errdev.sys
17:35:25.0055 0x0f5c ErrDev - ok
17:35:25.0102 0x0f5c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem   C:\windows\system32\es.dll
17:35:25.0102 0x0f5c EventSystem - ok
17:35:25.0149 0x0f5c [ 86F7951BBCEE4A86E79A97306BD14318, 84B52A0392DA53ED71A2C4D483DD93DDF552BF8AC764C7BD47BE0EB58C7C8219 ] ew_hwusbdev   C:\windows\system32\DRIVERS\ew_hwusbdev.sys
17:35:25.0164 0x0f5c ew_hwusbdev - ok
17:35:25.0195 0x0f5c [ 55E0EDA185869F7EA67EA97FD0655B39, D4A51E383102AA48F022EFCA08FAC389336A22C1DF60E17815117EFA60716964 ] ew_usbenumfilter C:\windows\system32\DRIVERS\ew_usbenumfilter.sys
17:35:25.0195 0x0f5c ew_usbenumfilter - ok
17:35:25.0227 0x0f5c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat       C:\windows\system32\drivers\exfat.sys
17:35:25.0227 0x0f5c exfat - ok
17:35:25.0273 0x0f5c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat       C:\windows\system32\drivers\fastfat.sys
17:35:25.0273 0x0f5c fastfat - ok
17:35:25.0320 0x0f5c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax         C:\windows\system32\fxssvc.exe
17:35:25.0351 0x0f5c Fax - ok
17:35:25.0367 0x0f5c [ 3191ACA33088EE2481044FC0DB736442, 9311069BCA14FB7D5FDFFDB29566D045AB55A8657574C8BD864F8ED9527DEAF5 ] fbfmon       C:\windows\system32\drivers\fbfmon.sys
17:35:25.0367 0x0f5c fbfmon - ok
17:35:25.0398 0x0f5c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc         C:\windows\system32\drivers\fdc.sys
17:35:25.0398 0x0f5c fdc - ok
17:35:25.0429 0x0f5c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost       C:\windows\system32\fdPHost.dll
17:35:25.0429 0x0f5c fdPHost - ok
17:35:25.0445 0x0f5c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub     C:\windows\system32\fdrespub.dll
17:35:25.0445 0x0f5c FDResPub - ok
17:35:25.0445 0x0f5c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo     C:\windows\system32\drivers\fileinfo.sys
17:35:25.0445 0x0f5c FileInfo - ok
17:35:25.0461 0x0f5c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace     C:\windows\system32\drivers\filetrace.sys
17:35:25.0461 0x0f5c Filetrace - ok
17:35:25.0492 0x0f5c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk     C:\windows\system32\drivers\flpydisk.sys
17:35:25.0492 0x0f5c flpydisk - ok
17:35:25.0507 0x0f5c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr       C:\windows\system32\drivers\fltmgr.sys
17:35:25.0507 0x0f5c FltMgr - ok
17:35:25.0585 0x0f5c [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache     C:\windows\system32\FntCache.dll
17:35:25.0632 0x0f5c FontCache - ok
17:35:25.0679 0x0f5c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:35:25.0695 0x0f5c FontCache3.0.0.0 - ok
17:35:25.0710 0x0f5c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends     C:\windows\system32\drivers\FsDepends.sys
17:35:25.0710 0x0f5c FsDepends - ok
17:35:25.0757 0x0f5c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec       C:\windows\system32\drivers\Fs_Rec.sys
17:35:25.0757 0x0f5c Fs_Rec - ok
17:35:25.0804 0x0f5c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol       C:\windows\system32\DRIVERS\fvevol.sys
17:35:25.0804 0x0f5c fvevol - ok
17:35:25.0835 0x0f5c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx     C:\windows\system32\drivers\gagp30kx.sys
17:35:25.0835 0x0f5c gagp30kx - ok
17:35:25.0882 0x0f5c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc       C:\windows\System32\gpsvc.dll
17:35:25.0913 0x0f5c gpsvc - ok
17:35:26.0007 0x0f5c [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate       C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:35:26.0007 0x0f5c gupdate - ok
17:35:26.0022 0x0f5c [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem     C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:35:26.0022 0x0f5c gupdatem - ok
17:35:26.0053 0x0f5c [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc       C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:35:26.0069 0x0f5c gusvc - ok
17:35:26.0085 0x0f5c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir     C:\windows\system32\drivers\hcw85cir.sys
17:35:26.0085 0x0f5c hcw85cir - ok
17:35:26.0100 0x0f5c [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:35:26.0116 0x0f5c HdAudAddService - ok
17:35:26.0131 0x0f5c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus     C:\windows\system32\DRIVERS\HDAudBus.sys
17:35:26.0131 0x0f5c HDAudBus - ok
17:35:26.0147 0x0f5c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt       C:\windows\system32\drivers\HidBatt.sys
17:35:26.0163 0x0f5c HidBatt - ok
17:35:26.0163 0x0f5c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth       C:\windows\system32\drivers\hidbth.sys
17:35:26.0178 0x0f5c HidBth - ok
17:35:26.0178 0x0f5c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr       C:\windows\system32\drivers\hidir.sys
17:35:26.0178 0x0f5c HidIr - ok
17:35:26.0225 0x0f5c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv       C:\windows\System32\hidserv.dll
17:35:26.0225 0x0f5c hidserv - ok
17:35:26.0272 0x0f5c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb       C:\windows\system32\drivers\hidusb.sys
17:35:26.0272 0x0f5c HidUsb - ok
17:35:26.0303 0x0f5c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc       C:\windows\system32\kmsvc.dll
17:35:26.0303 0x0f5c hkmsvc - ok
17:35:26.0319 0x0f5c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
17:35:26.0334 0x0f5c HomeGroupListener - ok
17:35:26.0350 0x0f5c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
17:35:26.0365 0x0f5c HomeGroupProvider - ok
17:35:26.0381 0x0f5c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD       C:\windows\system32\drivers\HpSAMD.sys
17:35:26.0381 0x0f5c HpSAMD - ok
17:35:26.0428 0x0f5c [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP         C:\windows\system32\drivers\HTTP.sys
17:35:26.0459 0x0f5c HTTP - ok
17:35:26.0521 0x0f5c [ 586320614992C7270314683BD1E93810, FA3EBC545D22BAD0EBD43143A0EE66A1F0F9C217F74376EC57E2C1D21F96E3A1 ] huawei_cdcacm   C:\windows\system32\DRIVERS\ew_jucdcacm.sys
17:35:26.0521 0x0f5c huawei_cdcacm - ok
17:35:26.0537 0x0f5c [ B3E4D51259889C22924191BC945AE10A, 2E0E00AB4FC6D82C597D496B7B6C2A2296A76675074302E4E5D87B77B1E52557 ] huawei_enumerator C:\windows\system32\DRIVERS\ew_jubusenum.sys
17:35:26.0553 0x0f5c huawei_enumerator - ok
17:35:26.0568 0x0f5c [ 3103E4D61643B407CBCF685735FB21BB, CDD11165CB92B6576FE58EC4A401E81A495F0088DA3825FAC054D7228B95D9FA ] huawei_ext_ctrl C:\windows\system32\DRIVERS\ew_juextctrl.sys
17:35:26.0568 0x0f5c huawei_ext_ctrl - ok
17:35:26.0599 0x0f5c [ 2C5150FA3F3150B5AEC62677D4700115, 71F83B32BBD1A6D871DCA196A48F8C6D5E6ADFC2694CF9E54FE70F7FBC9BB9FF ] huawei_wwanecm C:\windows\system32\DRIVERS\ew_juwwanecm.sys
17:35:26.0599 0x0f5c huawei_wwanecm - ok
17:35:26.0693 0x0f5c [ E90DA42B87D684DEBFB73B38A718A006, BB18C63C1982F5CB99C9B65D2B801E8C1909AD7CD0171326DC0015D6B781B451 ] HWDeviceService64.exe C:\ProgramData\DatacardService\HWDeviceService64.exe
17:35:26.0709 0x0f5c HWDeviceService64.exe - ok
17:35:26.0709 0x0f5c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy     C:\windows\system32\drivers\hwpolicy.sys
17:35:26.0709 0x0f5c hwpolicy - ok
17:35:26.0755 0x0f5c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt     C:\windows\system32\DRIVERS\i8042prt.sys
17:35:26.0755 0x0f5c i8042prt - ok
17:35:26.0802 0x0f5c [ 53CC5BF8B5A219119953C7ABB19A7705, F342A9732978D893729EA2591CB72E5F5BD1B3E6C9E4DBFFE54EC866E534A8C0 ] iaStor       C:\windows\system32\DRIVERS\iaStor.sys
17:35:26.0818 0x0f5c iaStor - ok
17:35:26.0880 0x0f5c [ F5C0317AF600F8C0D7E4202EB04232B1, D83824ED829E3C4BCA6DB17A5DEF1450856ABE17B27AE6B791E40B8C3F2CCB44 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:35:26.0880 0x0f5c IAStorDataMgrSvc - ok
17:35:26.0911 0x0f5c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV       C:\windows\system32\drivers\iaStorV.sys
17:35:26.0927 0x0f5c iaStorV - ok
17:35:26.0989 0x0f5c [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc       C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:35:27.0036 0x0f5c idsvc - ok
17:35:27.0364 0x0f5c [ 795C99DC4F574C97C03D0BB39CF099EE, 67310B52F7A1B83A66872B961F347B1BD104C8A83A01F60507705B2ACEA76B71 ] igfx         C:\windows\system32\DRIVERS\igdkmd64.sys
17:35:27.0723 0x0f5c igfx - ok
17:35:27.0769 0x0f5c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp       C:\windows\system32\drivers\iirsp.sys
17:35:27.0769 0x0f5c iirsp - ok
17:35:27.0832 0x0f5c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT       C:\windows\System32\ikeext.dll
17:35:27.0863 0x0f5c IKEEXT - ok
17:35:27.0910 0x0f5c [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud     C:\windows\system32\DRIVERS\IntcDAud.sys
17:35:27.0925 0x0f5c IntcDAud - ok
17:35:27.0941 0x0f5c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide     C:\windows\system32\drivers\intelide.sys
17:35:27.0941 0x0f5c intelide - ok
17:35:28.0269 0x0f5c [ 795C99DC4F574C97C03D0BB39CF099EE, 67310B52F7A1B83A66872B961F347B1BD104C8A83A01F60507705B2ACEA76B71 ] intelkmd     C:\windows\system32\DRIVERS\igdpmd64.sys
17:35:28.0596 0x0f5c intelkmd - ok
17:35:28.0643 0x0f5c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm     C:\windows\system32\DRIVERS\intelppm.sys
17:35:28.0643 0x0f5c intelppm - ok
17:35:28.0674 0x0f5c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum     C:\windows\system32\ipbusenum.dll
17:35:28.0674 0x0f5c IPBusEnum - ok
17:35:28.0690 0x0f5c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
17:35:28.0690 0x0f5c IpFilterDriver - ok
17:35:28.0768 0x0f5c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc     C:\windows\System32\iphlpsvc.dll
17:35:28.0783 0x0f5c iphlpsvc - ok
17:35:28.0815 0x0f5c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV       C:\windows\system32\drivers\IPMIDrv.sys
17:35:28.0815 0x0f5c IPMIDRV - ok
17:35:28.0830 0x0f5c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT       C:\windows\system32\drivers\ipnat.sys
17:35:28.0830 0x0f5c IPNAT - ok
17:35:28.0861 0x0f5c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM       C:\windows\system32\drivers\irenum.sys
17:35:28.0861 0x0f5c IRENUM - ok
17:35:28.0877 0x0f5c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp       C:\windows\system32\drivers\isapnp.sys
17:35:28.0877 0x0f5c isapnp - ok
17:35:28.0893 0x0f5c [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt     C:\windows\system32\drivers\msiscsi.sys
17:35:28.0908 0x0f5c iScsiPrt - ok
17:35:28.0924 0x0f5c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass     C:\windows\system32\DRIVERS\kbdclass.sys
17:35:28.0924 0x0f5c kbdclass - ok
17:35:28.0939 0x0f5c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid       C:\windows\system32\drivers\kbdhid.sys
17:35:28.0939 0x0f5c kbdhid - ok
17:35:28.0971 0x0f5c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso       C:\windows\system32\lsass.exe
17:35:28.0971 0x0f5c KeyIso - ok
17:35:29.0002 0x0f5c [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD       C:\windows\system32\Drivers\ksecdd.sys
17:35:29.0002 0x0f5c KSecDD - ok
17:35:29.0017 0x0f5c [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg       C:\windows\system32\Drivers\ksecpkg.sys
17:35:29.0017 0x0f5c KSecPkg - ok
17:35:29.0033 0x0f5c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk       C:\windows\system32\drivers\ksthunk.sys
17:35:29.0033 0x0f5c ksthunk - ok
17:35:29.0080 0x0f5c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm       C:\windows\system32\msdtckrm.dll
17:35:29.0095 0x0f5c KtmRm - ok
17:35:29.0127 0x0f5c [ 95CA93FC12BE372BB952669F37FFF9C5, 5B4EE910E676ABD0E12B6AD72DBB564DBEB05D63C43AFFC24CE155D0DF8A3820 ] L1C         C:\windows\system32\DRIVERS\L1C62x64.sys
17:35:29.0127 0x0f5c L1C - ok
17:35:29.0189 0x0f5c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer   C:\windows\System32\srvsvc.dll
17:35:29.0189 0x0f5c LanmanServer - ok
17:35:29.0220 0x0f5c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
17:35:29.0220 0x0f5c LanmanWorkstation - ok
17:35:29.0267 0x0f5c [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr       C:\windows\system32\DRIVERS\LhdX64.sys
17:35:29.0267 0x0f5c LHDmgr - ok
17:35:29.0283 0x0f5c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio       C:\windows\system32\DRIVERS\lltdio.sys
17:35:29.0283 0x0f5c lltdio - ok
17:35:29.0329 0x0f5c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc       C:\windows\System32\lltdsvc.dll
17:35:29.0329 0x0f5c lltdsvc - ok
17:35:29.0361 0x0f5c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts       C:\windows\System32\lmhsvc.dll
17:35:29.0361 0x0f5c lmhosts - ok
17:35:29.0407 0x0f5c [ 2ED1786B7542CDA261029F6B526EDF44, C6131B65B045EF5B4F62CF6CF089DF0921BA6A8EFC83BCBA45D5DDE78E9D78E2 ] LMS         C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:35:29.0407 0x0f5c LMS - ok
17:35:29.0439 0x0f5c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC       C:\windows\system32\drivers\lsi_fc.sys
17:35:29.0439 0x0f5c LSI_FC - ok
17:35:29.0470 0x0f5c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS       C:\windows\system32\drivers\lsi_sas.sys
17:35:29.0470 0x0f5c LSI_SAS - ok
17:35:29.0485 0x0f5c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2     C:\windows\system32\drivers\lsi_sas2.sys
17:35:29.0485 0x0f5c LSI_SAS2 - ok
17:35:29.0501 0x0f5c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI     C:\windows\system32\drivers\lsi_scsi.sys
17:35:29.0501 0x0f5c LSI_SCSI - ok
17:35:29.0532 0x0f5c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv       C:\windows\system32\drivers\luafv.sys
17:35:29.0532 0x0f5c luafv - ok
17:35:29.0563 0x0f5c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc       C:\windows\system32\Mcx2Svc.dll
17:35:29.0563 0x0f5c Mcx2Svc - ok
17:35:29.0579 0x0f5c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas       C:\windows\system32\drivers\megasas.sys
17:35:29.0579 0x0f5c megasas - ok
17:35:29.0626 0x0f5c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR       C:\windows\system32\drivers\MegaSR.sys
17:35:29.0626 0x0f5c MegaSR - ok
17:35:29.0673 0x0f5c [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64       C:\windows\system32\DRIVERS\HECIx64.sys
17:35:29.0673 0x0f5c MEIx64 - ok
17:35:29.0751 0x0f5c Microsoft SharePoint Workspace Audit Service - ok
17:35:29.0782 0x0f5c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS       C:\windows\system32\mmcss.dll
17:35:29.0782 0x0f5c MMCSS - ok
17:35:29.0860 0x0f5c [ 9EA47AA97D15BCC50A0F0B78CBD8E768, 872665D17B41A5B5758790341B78DCE014C06900E42EB38A3C5A07C10D1A4809 ] Mobile Partner. RunOuc C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe
17:35:29.0875 0x0f5c Mobile Partner. RunOuc - ok
17:35:29.0891 0x0f5c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem       C:\windows\system32\drivers\modem.sys
17:35:29.0891 0x0f5c Modem - ok
17:35:29.0922 0x0f5c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor       C:\windows\system32\DRIVERS\monitor.sys
17:35:29.0922 0x0f5c monitor - ok
17:35:29.0953 0x0f5c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass     C:\windows\system32\DRIVERS\mouclass.sys
17:35:29.0953 0x0f5c mouclass - ok
17:35:29.0985 0x0f5c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid       C:\windows\system32\DRIVERS\mouhid.sys
17:35:29.0985 0x0f5c mouhid - ok
17:35:30.0000 0x0f5c [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr     C:\windows\system32\drivers\mountmgr.sys
17:35:30.0000 0x0f5c mountmgr - ok
17:35:30.0031 0x0f5c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio         C:\windows\system32\drivers\mpio.sys
17:35:30.0031 0x0f5c mpio - ok
17:35:30.0078 0x0f5c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv       C:\windows\system32\drivers\mpsdrv.sys
17:35:30.0078 0x0f5c mpsdrv - ok
17:35:30.0141 0x0f5c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc       C:\windows\system32\mpssvc.dll
17:35:30.0172 0x0f5c MpsSvc - ok
17:35:30.0203 0x0f5c [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV       C:\windows\system32\drivers\mrxdav.sys
17:35:30.0203 0x0f5c MRxDAV - ok
17:35:30.0234 0x0f5c [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb       C:\windows\system32\DRIVERS\mrxsmb.sys
17:35:30.0250 0x0f5c mrxsmb - ok
17:35:30.0281 0x0f5c [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10     C:\windows\system32\DRIVERS\mrxsmb10.sys
17:35:30.0281 0x0f5c mrxsmb10 - ok
17:35:30.0297 0x0f5c [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20     C:\windows\system32\DRIVERS\mrxsmb20.sys
17:35:30.0297 0x0f5c mrxsmb20 - ok
17:35:30.0328 0x0f5c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci       C:\windows\system32\drivers\msahci.sys
17:35:30.0328 0x0f5c msahci - ok
17:35:30.0359 0x0f5c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm       C:\windows\system32\drivers\msdsm.sys
17:35:30.0359 0x0f5c msdsm - ok
17:35:30.0375 0x0f5c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC       C:\windows\System32\msdtc.exe
17:35:30.0390 0x0f5c MSDTC - ok
17:35:30.0406 0x0f5c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs         C:\windows\system32\drivers\Msfs.sys
17:35:30.0406 0x0f5c Msfs - ok
17:35:30.0437 0x0f5c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf     C:\windows\System32\drivers\mshidkmdf.sys
17:35:30.0437 0x0f5c mshidkmdf - ok
17:35:30.0453 0x0f5c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv     C:\windows\system32\drivers\msisadrv.sys
17:35:30.0453 0x0f5c msisadrv - ok
17:35:30.0484 0x0f5c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI       C:\windows\system32\iscsiexe.dll
17:35:30.0484 0x0f5c MSiSCSI - ok
17:35:30.0484 0x0f5c msiserver - ok
17:35:30.0499 0x0f5c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV       C:\windows\system32\drivers\MSKSSRV.sys
17:35:30.0499 0x0f5c MSKSSRV - ok
17:35:30.0515 0x0f5c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK     C:\windows\system32\drivers\MSPCLOCK.sys
17:35:30.0531 0x0f5c MSPCLOCK - ok
17:35:30.0546 0x0f5c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM       C:\windows\system32\drivers\MSPQM.sys
17:35:30.0546 0x0f5c MSPQM - ok
17:35:30.0593 0x0f5c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC       C:\windows\system32\drivers\MsRPC.sys
17:35:30.0609 0x0f5c MsRPC - ok
17:35:30.0624 0x0f5c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios     C:\windows\system32\DRIVERS\mssmbios.sys
17:35:30.0624 0x0f5c mssmbios - ok
17:35:30.0624 0x0f5c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE       C:\windows\system32\drivers\MSTEE.sys
17:35:30.0624 0x0f5c MSTEE - ok
17:35:30.0640 0x0f5c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig     C:\windows\system32\drivers\MTConfig.sys
17:35:30.0640 0x0f5c MTConfig - ok
17:35:30.0655 0x0f5c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup         C:\windows\system32\Drivers\mup.sys
17:35:30.0655 0x0f5c Mup - ok
17:35:30.0702 0x0f5c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent     C:\windows\system32\qagentRT.dll
17:35:30.0702 0x0f5c napagent - ok
17:35:30.0749 0x0f5c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP   C:\windows\system32\DRIVERS\nwifi.sys
17:35:30.0749 0x0f5c NativeWifiP - ok
17:35:30.0827 0x0f5c [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS         C:\windows\system32\drivers\ndis.sys
17:35:30.0843 0x0f5c NDIS - ok
17:35:30.0905 0x0f5c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap       C:\windows\system32\DRIVERS\ndiscap.sys
17:35:30.0905 0x0f5c NdisCap - ok
17:35:30.0921 0x0f5c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi     C:\windows\system32\DRIVERS\ndistapi.sys
17:35:30.0921 0x0f5c NdisTapi - ok
17:35:30.0936 0x0f5c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio       C:\windows\system32\DRIVERS\ndisuio.sys
17:35:30.0936 0x0f5c Ndisuio - ok
17:35:30.0952 0x0f5c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan       C:\windows\system32\DRIVERS\ndiswan.sys
17:35:30.0967 0x0f5c NdisWan - ok
17:35:30.0983 0x0f5c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy       C:\windows\system32\drivers\NDProxy.sys
17:35:30.0983 0x0f5c NDProxy - ok
17:35:30.0983 0x0f5c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS       C:\windows\system32\DRIVERS\netbios.sys
17:35:30.0983 0x0f5c NetBIOS - ok
17:35:30.0999 0x0f5c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT       C:\windows\system32\DRIVERS\netbt.sys
17:35:31.0014 0x0f5c NetBT - ok
17:35:31.0014 0x0f5c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon     C:\windows\system32\lsass.exe
17:35:31.0014 0x0f5c Netlogon - ok
17:35:31.0061 0x0f5c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman       C:\windows\System32\netman.dll
17:35:31.0077 0x0f5c Netman - ok
17:35:31.0077 0x0f5c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm     C:\windows\System32\netprofm.dll
17:35:31.0092 0x0f5c netprofm - ok
17:35:31.0108 0x0f5c [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:35:31.0123 0x0f5c NetTcpPortSharing - ok
17:35:31.0155 0x0f5c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960       C:\windows\system32\drivers\nfrd960.sys
17:35:31.0155 0x0f5c nfrd960 - ok
17:35:31.0186 0x0f5c [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc       C:\windows\System32\nlasvc.dll
17:35:31.0186 0x0f5c NlaSvc - ok
17:35:31.0201 0x0f5c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs         C:\windows\system32\drivers\Npfs.sys
17:35:31.0201 0x0f5c Npfs - ok
17:35:31.0217 0x0f5c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi         C:\windows\system32\nsisvc.dll
17:35:31.0217 0x0f5c nsi - ok
17:35:31.0233 0x0f5c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy     C:\windows\system32\drivers\nsiproxy.sys
17:35:31.0233 0x0f5c nsiproxy - ok
17:35:31.0311 0x0f5c [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs         C:\windows\system32\drivers\Ntfs.sys
17:35:31.0326 0x0f5c Ntfs - ok
17:35:31.0342 0x0f5c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null         C:\windows\system32\drivers\Null.sys
17:35:31.0342 0x0f5c Null - ok
17:35:31.0389 0x0f5c [ 158AD24745BD85BA9BE3C51C38F48C32, B053A3B5A5CAE2CBC47E2C19E636AD70F376334EFFBB391A76562E67CBF3AC86 ] nusb3hub     C:\windows\system32\DRIVERS\nusb3hub.sys
17:35:31.0389 0x0f5c nusb3hub - ok
17:35:31.0404 0x0f5c [ D40A13B2C0891E218F9523B376955DB6, 9A2AAAF960868B860A65579EAD507B35C64CFD6C3581F8D731ADF975F778D10E ] nusb3xhc     C:\windows\system32\DRIVERS\nusb3xhc.sys
17:35:31.0420 0x0f5c nusb3xhc - ok
17:35:31.0435 0x0f5c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid       C:\windows\system32\drivers\nvraid.sys
17:35:31.0451 0x0f5c nvraid - ok
17:35:31.0482 0x0f5c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor       C:\windows\system32\drivers\nvstor.sys
17:35:31.0482 0x0f5c nvstor - ok
17:35:31.0513 0x0f5c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp       C:\windows\system32\drivers\nv_agp.sys
17:35:31.0529 0x0f5c nv_agp - ok
17:35:31.0545 0x0f5c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394     C:\windows\system32\drivers\ohci1394.sys
17:35:31.0545 0x0f5c ohci1394 - ok
17:35:31.0591 0x0f5c [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose         C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:35:31.0591 0x0f5c ose - ok
17:35:31.0794 0x0f5c [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc       C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:35:31.0935 0x0f5c osppsvc - ok
17:35:31.0981 0x0f5c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc     C:\windows\system32\pnrpsvc.dll
17:35:31.0997 0x0f5c p2pimsvc - ok
17:35:32.0013 0x0f5c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc       C:\windows\system32\p2psvc.dll
17:35:32.0028 0x0f5c p2psvc - ok
17:35:32.0075 0x0f5c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport       C:\windows\system32\drivers\parport.sys
17:35:32.0075 0x0f5c Parport - ok
17:35:32.0106 0x0f5c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr       C:\windows\system32\drivers\partmgr.sys
17:35:32.0106 0x0f5c partmgr - ok
17:35:32.0153 0x0f5c [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc       C:\windows\System32\pcasvc.dll
17:35:32.0153 0x0f5c PcaSvc - ok
17:35:32.0184 0x0f5c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci         C:\windows\system32\drivers\pci.sys
17:35:32.0184 0x0f5c pci - ok
17:35:32.0215 0x0f5c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide       C:\windows\system32\drivers\pciide.sys
17:35:32.0215 0x0f5c pciide - ok
17:35:32.0231 0x0f5c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia       C:\windows\system32\drivers\pcmcia.sys
17:35:32.0247 0x0f5c pcmcia - ok
17:35:32.0247 0x0f5c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw         C:\windows\system32\drivers\pcw.sys
17:35:32.0247 0x0f5c pcw - ok
17:35:32.0278 0x0f5c [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH       C:\windows\system32\drivers\peauth.sys
17:35:32.0293 0x0f5c PEAUTH - ok
17:35:32.0403 0x0f5c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost     C:\windows\SysWow64\perfhost.exe
17:35:32.0403 0x0f5c PerfHost - ok
17:35:32.0465 0x0f5c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla         C:\windows\system32\pla.dll
17:35:32.0512 0x0f5c pla - ok
17:35:32.0574 0x0f5c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay     C:\windows\system32\umpnpmgr.dll
17:35:32.0590 0x0f5c PlugPlay - ok
17:35:32.0605 0x0f5c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg   C:\windows\system32\pnrpauto.dll
17:35:32.0605 0x0f5c PNRPAutoReg - ok
17:35:32.0621 0x0f5c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc       C:\windows\system32\pnrpsvc.dll
17:35:32.0621 0x0f5c PNRPsvc - ok
17:35:32.0668 0x0f5c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent   C:\windows\System32\ipsecsvc.dll
17:35:32.0683 0x0f5c PolicyAgent - ok
17:35:32.0715 0x0f5c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power       C:\windows\system32\umpo.dll
17:35:32.0730 0x0f5c Power - ok
17:35:32.0761 0x0f5c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport   C:\windows\system32\DRIVERS\raspptp.sys
17:35:32.0761 0x0f5c PptpMiniport - ok
17:35:32.0793 0x0f5c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor     C:\windows\system32\drivers\processr.sys
17:35:32.0793 0x0f5c Processor - ok
17:35:32.0808 0x0f5c [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc       C:\windows\system32\profsvc.dll
17:35:32.0824 0x0f5c ProfSvc - ok
17:35:32.0824 0x0f5c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\windows\system32\lsass.exe
17:35:32.0839 0x0f5c ProtectedStorage - ok
17:35:32.0855 0x0f5c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched       C:\windows\system32\DRIVERS\pacer.sys
17:35:32.0855 0x0f5c Psched - ok
17:35:32.0933 0x0f5c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300       C:\windows\system32\drivers\ql2300.sys
17:35:32.0980 0x0f5c ql2300 - ok
17:35:33.0011 0x0f5c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx       C:\windows\system32\drivers\ql40xx.sys
17:35:33.0011 0x0f5c ql40xx - ok
17:35:33.0027 0x0f5c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE       C:\windows\system32\qwave.dll
17:35:33.0042 0x0f5c QWAVE - ok
17:35:33.0058 0x0f5c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv     C:\windows\system32\drivers\qwavedrv.sys
17:35:33.0058 0x0f5c QWAVEdrv - ok
17:35:33.0058 0x0f5c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd       C:\windows\system32\DRIVERS\rasacd.sys
17:35:33.0073 0x0f5c RasAcd - ok
17:35:33.0105 0x0f5c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn   C:\windows\system32\DRIVERS\AgileVpn.sys
17:35:33.0120 0x0f5c RasAgileVpn - ok
17:35:33.0136 0x0f5c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto       C:\windows\System32\rasauto.dll
17:35:33.0136 0x0f5c RasAuto - ok
17:35:33.0136 0x0f5c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp       C:\windows\system32\DRIVERS\rasl2tp.sys
17:35:33.0151 0x0f5c Rasl2tp - ok
17:35:33.0167 0x0f5c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan       C:\windows\System32\rasmans.dll
17:35:33.0183 0x0f5c RasMan - ok
17:35:33.0198 0x0f5c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe     C:\windows\system32\DRIVERS\raspppoe.sys
17:35:33.0198 0x0f5c RasPppoe - ok
17:35:33.0214 0x0f5c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp       C:\windows\system32\DRIVERS\rassstp.sys
17:35:33.0214 0x0f5c RasSstp - ok
17:35:33.0229 0x0f5c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss       C:\windows\system32\DRIVERS\rdbss.sys
17:35:33.0245 0x0f5c rdbss - ok
17:35:33.0261 0x0f5c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus       C:\windows\system32\drivers\rdpbus.sys
17:35:33.0261 0x0f5c rdpbus - ok
17:35:33.0276 0x0f5c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD       C:\windows\system32\DRIVERS\RDPCDD.sys
17:35:33.0276 0x0f5c RDPCDD - ok
17:35:33.0307 0x0f5c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD     C:\windows\system32\drivers\rdpencdd.sys
17:35:33.0307 0x0f5c RDPENCDD - ok
17:35:33.0307 0x0f5c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP     C:\windows\system32\drivers\rdprefmp.sys
17:35:33.0323 0x0f5c RDPREFMP - ok
17:35:33.0354 0x0f5c [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD       C:\windows\system32\drivers\RDPWD.sys
17:35:33.0354 0x0f5c RDPWD - ok
17:35:33.0385 0x0f5c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost     C:\windows\system32\drivers\rdyboost.sys
17:35:33.0385 0x0f5c rdyboost - ok
17:35:33.0448 0x0f5c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\windows\system32\regsvc.dll
17:35:33.0448 0x0f5c RemoteRegistry - ok
17:35:33.0479 0x0f5c [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM       C:\windows\system32\DRIVERS\rfcomm.sys
17:35:33.0479 0x0f5c RFCOMM - ok
17:35:33.0495 0x0f5c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper   C:\windows\System32\RpcEpMap.dll
17:35:33.0495 0x0f5c RpcEptMapper - ok
17:35:33.0526 0x0f5c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator     C:\windows\system32\locator.exe
17:35:33.0526 0x0f5c RpcLocator - ok
17:35:33.0541 0x0f5c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs       C:\windows\system32\rpcss.dll
17:35:33.0557 0x0f5c RpcSs - ok
17:35:33.0573 0x0f5c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr       C:\windows\system32\DRIVERS\rspndr.sys
17:35:33.0588 0x0f5c rspndr - ok
17:35:33.0619 0x0f5c [ 89DFB71B370D82DFE75183F677043CEE, 448798010AB86040D7A4A8956D7139951A9BD3517942DE2C4B82041B0408D78A ] RSUSBVSTOR     C:\windows\system32\Drivers\RtsUVStor.sys
17:35:33.0619 0x0f5c RSUSBVSTOR - ok
17:35:33.0635 0x0f5c [ BAEFEE35D27A5440D35092CE10267BEC, FB550D38C01E07B1170C52C1441874B56DD3BECB10CBE8E132EE3276A05C796E ] RTL8167       C:\windows\system32\DRIVERS\Rt64win7.sys
17:35:33.0651 0x0f5c RTL8167 - ok
17:35:33.0651 0x0f5c [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs       C:\windows\system32\lsass.exe
17:35:33.0651 0x0f5c SamSs - ok
17:35:33.0666 0x0f5c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port     C:\windows\system32\drivers\sbp2port.sys
17:35:33.0666 0x0f5c sbp2port - ok
17:35:33.0697 0x0f5c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr     C:\windows\System32\SCardSvr.dll
17:35:33.0697 0x0f5c SCardSvr - ok
17:35:33.0713 0x0

Antal indlæg: 40

17:35:38.0502 0x0f5c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl       C:\windows\system32\drivers\ws2ifsl.sys
17:35:38.0502 0x0f5c ws2ifsl - ok
17:35:38.0533 0x0f5c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc       C:\windows\system32\wscsvc.dll
17:35:38.0533 0x0f5c wscsvc - ok
17:35:38.0533 0x0f5c WSearch - ok
17:35:38.0580 0x0f5c [ 83575C43B2BFE9AB0661A7F957E843C0, 6FCE62721902A4F35F1A4CED8AF60A0346CFAB657ED92DE4CEFF19BDB830D32D ] wsvd         C:\windows\system32\DRIVERS\wsvd.sys
17:35:38.0580 0x0f5c wsvd - ok
17:35:38.0705 0x0f5c [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv     C:\windows\system32\wuaueng.dll
17:35:38.0783 0x0f5c wuauserv - ok
17:35:38.0799 0x0f5c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf       C:\windows\system32\drivers\WudfPf.sys
17:35:38.0814 0x0f5c WudfPf - ok
17:35:38.0814 0x0f5c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd       C:\windows\system32\DRIVERS\WUDFRd.sys
17:35:38.0830 0x0f5c WUDFRd - ok
17:35:38.0861 0x0f5c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc       C:\windows\System32\WUDFSvc.dll
17:35:38.0861 0x0f5c wudfsvc - ok
17:35:38.0892 0x0f5c [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc       C:\windows\System32\wwansvc.dll
17:35:38.0908 0x0f5c WwanSvc - ok
17:35:38.0939 0x0f5c ================ Scan global ===============================
17:35:38.0955 0x0f5c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
17:35:38.0986 0x0f5c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
17:35:39.0001 0x0f5c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
17:35:39.0033 0x0f5c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
17:35:39.0079 0x0f5c [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
17:35:39.0079 0x0f5c [ Global ] - ok
17:35:39.0079 0x0f5c ================ Scan MBR ==================================
17:35:39.0095 0x0f5c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:35:39.0563 0x0f5c \Device\Harddisk0\DR0 - ok
17:35:39.0563 0x0f5c ================ Scan VBR ==================================
17:35:39.0563 0x0f5c [ 31BFA7F429ACC03B10F1A0AA7251F997 ] \Device\Harddisk0\DR0\Partition1
17:35:39.0579 0x0f5c \Device\Harddisk0\DR0\Partition1 - ok
17:35:39.0594 0x0f5c [ 0729466B4B9782C3D9EB2F1BFF9097D3 ] \Device\Harddisk0\DR0\Partition2
17:35:39.0594 0x0f5c \Device\Harddisk0\DR0\Partition2 - ok
17:35:39.0641 0x0f5c [ EC5FFA21FDCEE290AFEBA7DC2598B1B4 ] \Device\Harddisk0\DR0\Partition3
17:35:39.0641 0x0f5c \Device\Harddisk0\DR0\Partition3 - ok
17:35:39.0641 0x0f5c Waiting for KSN requests completion. In queue: 335
17:35:40.0655 0x0f5c Waiting for KSN requests completion. In queue: 335
17:35:41.0669 0x0f5c Waiting for KSN requests completion. In queue: 24
17:35:42.0745 0x0f5c Win FW state via NFP2: enabled
17:35:45.0163 0x0f5c ============================================================
17:35:45.0163 0x0f5c Scan finished
17:35:45.0163 0x0f5c ============================================================
17:35:45.0163 0x0b9c Detected object count: 0
17:35:45.0163 0x0b9c Actual detected object count: 0
17:36:15.0771 0x0cf0 ============================================================
17:36:15.0771 0x0cf0 Scan started
17:36:15.0771 0x0cf0 Mode: Manual; TDLFS;
17:36:15.0771 0x0cf0 ============================================================
17:36:15.0771 0x0cf0 KSN ping started
17:36:18.0204 0x0cf0 KSN ping finished: true
17:36:18.0360 0x0cf0 ================ Scan system memory ========================
17:36:18.0360 0x0cf0 System memory - ok
17:36:18.0360 0x0cf0 ================ Scan services =============================
17:36:18.0548 0x0cf0 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci     C:\windows\system32\drivers\1394ohci.sys
17:36:18.0548 0x0cf0 1394ohci - ok
17:36:18.0579 0x0cf0 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI         C:\windows\system32\drivers\ACPI.sys
17:36:18.0579 0x0cf0 ACPI - ok
17:36:18.0594 0x0cf0 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi       C:\windows\system32\drivers\acpipmi.sys
17:36:18.0594 0x0cf0 AcpiPmi - ok
17:36:18.0626 0x0cf0 [ 5BBFF8B826EC38D32C26334E079C7EFC, 673D46409F0225A804B55FFB77E82AF34F8C7A93BEEF92DC3DFAC7EFCC5F09B6 ] ACPIVPC       C:\windows\system32\DRIVERS\AcpiVpc.sys
17:36:18.0626 0x0cf0 ACPIVPC - ok
17:36:18.0735 0x0cf0 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:36:18.0735 0x0cf0 AdobeARMservice - ok
17:36:18.0875 0x0cf0 [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:36:18.0875 0x0cf0 AdobeFlashPlayerUpdateSvc - ok
17:36:18.0906 0x0cf0 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx       C:\windows\system32\drivers\adp94xx.sys
17:36:18.0906 0x0cf0 adp94xx - ok
17:36:18.0953 0x0cf0 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci       C:\windows\system32\drivers\adpahci.sys
17:36:18.0953 0x0cf0 adpahci - ok
17:36:18.0969 0x0cf0 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320       C:\windows\system32\drivers\adpu320.sys
17:36:18.0984 0x0cf0 adpu320 - ok
17:36:19.0016 0x0cf0 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc   C:\windows\System32\aelupsvc.dll
17:36:19.0016 0x0cf0 AeLookupSvc - ok
17:36:19.0062 0x0cf0 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD         C:\windows\system32\drivers\afd.sys
17:36:19.0062 0x0cf0 AFD - ok
17:36:19.0078 0x0cf0 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440       C:\windows\system32\drivers\agp440.sys
17:36:19.0078 0x0cf0 agp440 - ok
17:36:19.0094 0x0cf0 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG         C:\windows\System32\alg.exe
17:36:19.0094 0x0cf0 ALG - ok
17:36:19.0109 0x0cf0 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide       C:\windows\system32\drivers\aliide.sys
17:36:19.0109 0x0cf0 aliide - ok
17:36:19.0140 0x0cf0 [ A9141F9FE92E67A92B3948635E96CF77, 1479E88C499BB146EA0F8F9C55866A331B7D845A254ECDEC0F928CB4AE3DDEA6 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
17:36:19.0140 0x0cf0 AMD External Events Utility - ok
17:36:19.0172 0x0cf0 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide       C:\windows\system32\drivers\amdide.sys
17:36:19.0172 0x0cf0 amdide - ok
17:36:19.0187 0x0cf0 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8       C:\windows\system32\drivers\amdk8.sys
17:36:19.0187 0x0cf0 AmdK8 - ok
17:36:19.0437 0x0cf0 [ 99A33223B2D67A5A8839E373490F8EBC, 23BDC36858A507DFEA400D010267C59B9AD7D72B45D94D34DE6D2C452F3380C3 ] amdkmdag     C:\windows\system32\DRIVERS\atikmdag.sys
17:36:19.0562 0x0cf0 amdkmdag - ok
17:36:19.0608 0x0cf0 [ 73A3D07343773A4F0881A458D485BE11, A8239F90AA870B271752CCD3ACE53A2992929F8294E0485F5615FCC310188133 ] amdkmdap     C:\windows\system32\DRIVERS\atikmpag.sys
17:36:19.0608 0x0cf0 amdkmdap - ok
17:36:19.0624 0x0cf0 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM       C:\windows\system32\drivers\amdppm.sys
17:36:19.0624 0x0cf0 AmdPPM - ok
17:36:19.0655 0x0cf0 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata       C:\windows\system32\drivers\amdsata.sys
17:36:19.0655 0x0cf0 amdsata - ok
17:36:19.0671 0x0cf0 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs       C:\windows\system32\drivers\amdsbs.sys
17:36:19.0686 0x0cf0 amdsbs - ok
17:36:19.0686 0x0cf0 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata       C:\windows\system32\drivers\amdxata.sys
17:36:19.0702 0x0cf0 amdxata - ok
17:36:19.0718 0x0cf0 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID       C:\windows\system32\drivers\appid.sys
17:36:19.0718 0x0cf0 AppID - ok
17:36:19.0749 0x0cf0 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc     C:\windows\System32\appidsvc.dll
17:36:19.0749 0x0cf0 AppIDSvc - ok
17:36:19.0764 0x0cf0 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo       C:\windows\System32\appinfo.dll
17:36:19.0764 0x0cf0 Appinfo - ok
17:36:19.0780 0x0cf0 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc         C:\windows\system32\drivers\arc.sys
17:36:19.0796 0x0cf0 arc - ok
17:36:19.0796 0x0cf0 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas       C:\windows\system32\drivers\arcsas.sys
17:36:19.0796 0x0cf0 arcsas - ok
17:36:19.0811 0x0cf0 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac     C:\windows\system32\DRIVERS\asyncmac.sys
17:36:19.0811 0x0cf0 AsyncMac - ok
17:36:19.0842 0x0cf0 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi       C:\windows\system32\drivers\atapi.sys
17:36:19.0842 0x0cf0 atapi - ok
17:36:19.0936 0x0cf0 [ 782D36BAD8DDBF008D02E055DBE70F82, AFB7A4B52C86A9CA48ED46A2CE5415119F1C75912A0E233EF1CAE120DA534CAE ] athr         C:\windows\system32\DRIVERS\athrx.sys
17:36:19.0983 0x0cf0 athr - ok
17:36:20.0014 0x0cf0 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
17:36:20.0014 0x0cf0 AudioEndpointBuilder - ok
17:36:20.0061 0x0cf0 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv     C:\windows\System32\Audiosrv.dll
17:36:20.0061 0x0cf0 AudioSrv - ok
17:36:20.0076 0x0cf0 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV     C:\windows\System32\AxInstSV.dll
17:36:20.0076 0x0cf0 AxInstSV - ok
17:36:20.0108 0x0cf0 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv       C:\windows\system32\drivers\bxvbda.sys
17:36:20.0123 0x0cf0 b06bdrv - ok
17:36:20.0139 0x0cf0 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a     C:\windows\system32\DRIVERS\b57nd60a.sys
17:36:20.0154 0x0cf0 b57nd60a - ok
17:36:20.0154 0x0cf0 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC       C:\windows\System32\bdesvc.dll
17:36:20.0154 0x0cf0 BDESVC - ok
17:36:20.0170 0x0cf0 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep         C:\windows\system32\drivers\Beep.sys
17:36:20.0170 0x0cf0 Beep - ok
17:36:20.0201 0x0cf0 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE         C:\windows\System32\bfe.dll
17:36:20.0217 0x0cf0 BFE - ok
17:36:20.0264 0x0cf0 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS         C:\windows\system32\qmgr.dll
17:36:20.0279 0x0cf0 BITS - ok
17:36:20.0295 0x0cf0 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive     C:\windows\system32\DRIVERS\blbdrive.sys
17:36:20.0295 0x0cf0 blbdrive - ok
17:36:20.0326 0x0cf0 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser       C:\windows\system32\DRIVERS\bowser.sys
17:36:20.0326 0x0cf0 bowser - ok
17:36:20.0342 0x0cf0 [ AAA4F992F879977A000FE8B8C730CD2C, A109D3F7CA9D49B98FDA5CA34C60055690F72400CCC96D48076FA86086E4C74D ] BPntDrv       C:\windows\system32\drivers\BPntDrv.sys
17:36:20.0342 0x0cf0 BPntDrv - ok
17:36:20.0357 0x0cf0 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo     C:\windows\system32\drivers\BrFiltLo.sys
17:36:20.0357 0x0cf0 BrFiltLo - ok
17:36:20.0373 0x0cf0 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp     C:\windows\system32\drivers\BrFiltUp.sys
17:36:20.0373 0x0cf0 BrFiltUp - ok
17:36:20.0388 0x0cf0 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP     C:\windows\system32\DRIVERS\bridge.sys
17:36:20.0388 0x0cf0 BridgeMP - ok
17:36:20.0404 0x0cf0 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser       C:\windows\System32\browser.dll
17:36:20.0420 0x0cf0 Browser - ok
17:36:20.0435 0x0cf0 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid       C:\windows\System32\Drivers\Brserid.sys
17:36:20.0435 0x0cf0 Brserid - ok
17:36:20.0451 0x0cf0 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm     C:\windows\System32\Drivers\BrSerWdm.sys
17:36:20.0451 0x0cf0 BrSerWdm - ok
17:36:20.0466 0x0cf0 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm     C:\windows\System32\Drivers\BrUsbMdm.sys
17:36:20.0466 0x0cf0 BrUsbMdm - ok
17:36:20.0482 0x0cf0 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer     C:\windows\System32\Drivers\BrUsbSer.sys
17:36:20.0482 0x0cf0 BrUsbSer - ok
17:36:20.0513 0x0cf0 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum       C:\windows\system32\drivers\BthEnum.sys
17:36:20.0513 0x0cf0 BthEnum - ok
17:36:20.0529 0x0cf0 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM     C:\windows\system32\drivers\bthmodem.sys
17:36:20.0529 0x0cf0 BTHMODEM - ok
17:36:20.0544 0x0cf0 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan       C:\windows\system32\DRIVERS\bthpan.sys
17:36:20.0544 0x0cf0 BthPan - ok
17:36:20.0591 0x0cf0 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT       C:\windows\System32\Drivers\BTHport.sys
17:36:20.0591 0x0cf0 BTHPORT - ok
17:36:20.0622 0x0cf0 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv       C:\windows\system32\bthserv.dll
17:36:20.0622 0x0cf0 bthserv - ok
17:36:20.0638 0x0cf0 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB       C:\windows\System32\Drivers\BTHUSB.sys
17:36:20.0638 0x0cf0 BTHUSB - ok
17:36:20.0638 0x0cf0 catchme - ok
17:36:20.0654 0x0cf0 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs         C:\windows\system32\DRIVERS\cdfs.sys
17:36:20.0669 0x0cf0 cdfs - ok
17:36:20.0669 0x0cf0 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom       C:\windows\system32\DRIVERS\cdrom.sys
17:36:20.0685 0x0cf0 cdrom - ok
17:36:20.0685 0x0cf0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc   C:\windows\System32\certprop.dll
17:36:20.0685 0x0cf0 CertPropSvc - ok
17:36:20.0716 0x0cf0 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass     C:\windows\system32\drivers\circlass.sys
17:36:20.0716 0x0cf0 circlass - ok
17:36:20.0732 0x0cf0 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS         C:\windows\system32\CLFS.sys
17:36:20.0732 0x0cf0 CLFS - ok
17:36:20.0825 0x0cf0 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:36:20.0825 0x0cf0 clr_optimization_v2.0.50727_32 - ok
17:36:20.0872 0x0cf0 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:36:20.0872 0x0cf0 clr_optimization_v2.0.50727_64 - ok
17:36:20.0934 0x0cf0 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:36:20.0934 0x0cf0 clr_optimization_v4.0.30319_32 - ok
17:36:20.0966 0x0cf0 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:36:20.0966 0x0cf0 clr_optimization_v4.0.30319_64 - ok
17:36:20.0997 0x0cf0 [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd       C:\windows\system32\DRIVERS\clwvd.sys
17:36:20.0997 0x0cf0 clwvd - ok
17:36:21.0044 0x0cf0 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt       C:\windows\system32\DRIVERS\CmBatt.sys
17:36:21.0044 0x0cf0 CmBatt - ok
17:36:21.0059 0x0cf0 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide       C:\windows\system32\drivers\cmdide.sys
17:36:21.0059 0x0cf0 cmdide - ok
17:36:21.0106 0x0cf0 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG         C:\windows\system32\Drivers\cng.sys
17:36:21.0122 0x0cf0 CNG - ok
17:36:21.0184 0x0cf0 [ 99B1B888B793DE320C5479B3C953781F, 6A499F916132998FBDFA587823A11C2ED1D27DED10374F6A41BA5861A2FF969E ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
17:36:21.0215 0x0cf0 CnxtHdAudService - ok
17:36:21.0278 0x0cf0 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt     C:\windows\system32\drivers\compbatt.sys
17:36:21.0278 0x0cf0 Compbatt - ok
17:36:21.0293 0x0cf0 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus   C:\windows\system32\DRIVERS\CompositeBus.sys
17:36:21.0293 0x0cf0 CompositeBus - ok
17:36:21.0293 0x0cf0 COMSysApp - ok
17:36:21.0309 0x0cf0 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk       C:\windows\system32\drivers\crcdisk.sys
17:36:21.0309 0x0cf0 crcdisk - ok
17:36:21.0340 0x0cf0 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc     C:\windows\system32\cryptsvc.dll
17:36:21.0340 0x0cf0 CryptSvc - ok
17:36:21.0387 0x0cf0 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch     C:\windows\system32\rpcss.dll
17:36:21.0387 0x0cf0 DcomLaunch - ok
17:36:21.0418 0x0cf0 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc     C:\windows\System32\defragsvc.dll
17:36:21.0434 0x0cf0 defragsvc - ok
17:36:21.0434 0x0cf0 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC         C:\windows\system32\Drivers\dfsc.sys
17:36:21.0434 0x0cf0 DfsC - ok
17:36:21.0449 0x0cf0 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp         C:\windows\system32\dhcpcore.dll
17:36:21.0465 0x0cf0 Dhcp - ok
17:36:21.0480 0x0cf0 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache     C:\windows\system32\drivers\discache.sys
17:36:21.0480 0x0cf0 discache - ok
17:36:21.0496 0x0cf0 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk         C:\windows\system32\drivers\disk.sys
17:36:21.0496 0x0cf0 Disk - ok
17:36:21.0527 0x0cf0 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache     C:\windows\System32\dnsrslvr.dll
17:36:21.0527 0x0cf0 Dnscache - ok
17:36:21.0543 0x0cf0 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc       C:\windows\System32\dot3svc.dll
17:36:21.0543 0x0cf0 dot3svc - ok
17:36:21.0558 0x0cf0 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS         C:\windows\system32\dps.dll
17:36:21.0558 0x0cf0 DPS - ok
17:36:21.0574 0x0cf0 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud       C:\windows\system32\drivers\drmkaud.sys
17:36:21.0574 0x0cf0 drmkaud - ok
17:36:21.0636 0x0cf0 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl       C:\windows\System32\drivers\dxgkrnl.sys
17:36:21.0652 0x0cf0 DXGKrnl - ok
17:36:21.0652 0x0cf0 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost       C:\windows\System32\eapsvc.dll
17:36:21.0652 0x0cf0 EapHost - ok
17:36:21.0761 0x0cf0 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv       C:\windows\system32\drivers\evbda.sys
17:36:21.0808 0x0cf0 ebdrv - ok
17:36:21.0839 0x0cf0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS         C:\windows\System32\lsass.exe
17:36:21.0839 0x0cf0 EFS - ok
17:36:21.0902 0x0cf0 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr       C:\windows\ehome\ehRecvr.exe
17:36:21.0917 0x0cf0 ehRecvr - ok
17:36:21.0933 0x0cf0 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched       C:\windows\ehome\ehsched.exe
17:36:21.0933 0x0cf0 ehSched - ok
17:36:21.0964 0x0cf0 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor       C:\windows\system32\drivers\elxstor.sys
17:36:21.0964 0x0cf0 elxstor - ok
17:36:21.0980 0x0cf0 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev       C:\windows\system32\drivers\errdev.sys
17:36:21.0980 0x0cf0 ErrDev - ok
17:36:22.0026 0x0cf0 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem   C:\windows\system32\es.dll
17:36:22.0042 0x0cf0 EventSystem - ok
17:36:22.0058 0x0cf0 [ 86F7951BBCEE4A86E79A97306BD14318, 84B52A0392DA53ED71A2C4D483DD93DDF552BF8AC764C7BD47BE0EB58C7C8219 ] ew_hwusbdev   C:\windows\system32\DRIVERS\ew_hwusbdev.sys
17:36:22.0073 0x0cf0 ew_hwusbdev - ok
17:36:22.0089 0x0cf0 [ 55E0EDA185869F7EA67EA97FD0655B39, D4A51E383102AA48F022EFCA08FAC389336A22C1DF60E17815117EFA60716964 ] ew_usbenumfilter C:\windows\system32\DRIVERS\ew_usbenumfilter.sys
17:36:22.0089 0x0cf0 ew_usbenumfilter - ok
17:36:22.0120 0x0cf0 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat       C:\windows\system32\drivers\exfat.sys
17:36:22.0120 0x0cf0 exfat - ok
17:36:22.0136 0x0cf0 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat       C:\windows\system32\drivers\fastfat.sys
17:36:22.0136 0x0cf0 fastfat - ok
17:36:22.0182 0x0cf0 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax         C:\windows\system32\fxssvc.exe
17:36:22.0198 0x0cf0 Fax - ok
17:36:22.0198 0x0cf0 [ 3191ACA33088EE2481044FC0DB736442, 9311069BCA14FB7D5FDFFDB29566D045AB55A8657574C8BD864F8ED9527DEAF5 ] fbfmon       C:\windows\system32\drivers\fbfmon.sys
17:36:22.0198 0x0cf0 fbfmon - ok
17:36:22.0214 0x0cf0 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc         C:\windows\system32\drivers\fdc.sys
17:36:22.0214 0x0cf0 fdc - ok
17:36:22.0229 0x0cf0 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost       C:\windows\system32\fdPHost.dll
17:36:22.0229 0x0cf0 fdPHost - ok
17:36:22.0245 0x0cf0 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub     C:\windows\system32\fdrespub.dll
17:36:22.0245 0x0cf0 FDResPub - ok
17:36:22.0260 0x0cf0 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo     C:\windows\system32\drivers\fileinfo.sys
17:36:22.0260 0x0cf0 FileInfo - ok
17:36:22.0276 0x0cf0 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace     C:\windows\system32\drivers\filetrace.sys
17:36:22.0276 0x0cf0 Filetrace - ok
17:36:22.0276 0x0cf0 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk     C:\windows\system32\drivers\flpydisk.sys
17:36:22.0276 0x0cf0 flpydisk - ok
17:36:22.0307 0x0cf0 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr       C:\windows\system32\drivers\fltmgr.sys
17:36:22.0307 0x0cf0 FltMgr - ok
17:36:22.0370 0x0cf0 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache     C:\windows\system32\FntCache.dll
17:36:22.0385 0x0cf0 FontCache - ok
17:36:22.0432 0x0cf0 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:36:22.0432 0x0cf0 FontCache3.0.0.0 - ok
17:36:22.0448 0x0cf0 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends     C:\windows\system32\drivers\FsDepends.sys
17:36:22.0448 0x0cf0 FsDepends - ok
17:36:22.0479 0x0cf0 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec       C:\windows\system32\drivers\Fs_Rec.sys
17:36:22.0479 0x0cf0 Fs_Rec - ok
17:36:22.0510 0x0cf0 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol       C:\windows\system32\DRIVERS\fvevol.sys
17:36:22.0510 0x0cf0 fvevol - ok
17:36:22.0526 0x0cf0 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx     C:\windows\system32\drivers\gagp30kx.sys
17:36:22.0526 0x0cf0 gagp30kx - ok
17:36:22.0572 0x0cf0 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc       C:\windows\System32\gpsvc.dll
17:36:22.0572 0x0cf0 gpsvc - ok
17:36:22.0635 0x0cf0 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate       C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:36:22.0650 0x0cf0 gupdate - ok
17:36:22.0650 0x0cf0 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem     C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:36:22.0650 0x0cf0 gupdatem - ok
17:36:22.0682 0x0cf0 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc       C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:36:22.0682 0x0cf0 gusvc - ok
17:36:22.0697 0x0cf0 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir     C:\windows\system32\drivers\hcw85cir.sys
17:36:22.0697 0x0cf0 hcw85cir - ok
17:36:22.0713 0x0cf0 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:36:22.0728 0x0cf0 HdAudAddService - ok
17:36:22.0744 0x0cf0 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus     C:\windows\system32\DRIVERS\HDAudBus.sys
17:36:22.0744 0x0cf0 HDAudBus - ok
17:36:22.0760 0x0cf0 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt       C:\windows\system32\drivers\HidBatt.sys
17:36:22.0760 0x0cf0 HidBatt - ok
17:36:22.0775 0x0cf0 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth       C:\windows\system32\drivers\hidbth.sys
17:36:22.0775 0x0cf0 HidBth - ok
17:36:22.0791 0x0cf0 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr       C:\windows\system32\drivers\hidir.sys
17:36:22.0791 0x0cf0 HidIr - ok
17:36:22.0822 0x0cf0 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv       C:\windows\System32\hidserv.dll
17:36:22.0822 0x0cf0 hidserv - ok
17:36:22.0838 0x0cf0 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb       C:\windows\system32\drivers\hidusb.sys
17:36:22.0838 0x0cf0 HidUsb - ok
17:36:22.0853 0x0cf0 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc       C:\windows\system32\kmsvc.dll
17:36:22.0853 0x0cf0 hkmsvc - ok
17:36:22.0884 0x0cf0 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
17:36:22.0884 0x0cf0 HomeGroupListener - ok
17:36:22.0900 0x0cf0 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
17:36:22.0916 0x0cf0 HomeGroupProvider - ok
17:36:22.0931 0x0cf0 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD       C:\windows\system32\drivers\HpSAMD.sys
17:36:22.0931 0x0cf0 HpSAMD - ok
17:36:22.0962 0x0cf0 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP         C:\windows\system32\drivers\HTTP.sys
17:36:22.0978 0x0cf0 HTTP - ok
17:36:23.0025 0x0cf0 [ 586320614992C7270314683BD1E93810, FA3EBC545D22BAD0EBD43143A0EE66A1F0F9C217F74376EC57E2C1D21F96E3A1 ] huawei_cdcacm   C:\windows\system32\DRIVERS\ew_jucdcacm.sys
17:36:23.0025 0x0cf0 huawei_cdcacm - ok
17:36:23.0025 0x0cf0 [ B3E4D51259889C22924191BC945AE10A, 2E0E00AB4FC6D82C597D496B7B6C2A2296A76675074302E4E5D87B77B1E52557 ] huawei_enumerator C:\windows\system32\DRIVERS\ew_jubusenum.sys
17:36:23.0025 0x0cf0 huawei_enumerator - ok
17:36:23.0040 0x0cf0 [ 3103E4D61643B407CBCF685735FB21BB, CDD11165CB92B6576FE58EC4A401E81A495F0088DA3825FAC054D7228B95D9FA ] huawei_ext_ctrl C:\windows\system32\DRIVERS\ew_juextctrl.sys
17:36:23.0040 0x0cf0 huawei_ext_ctrl - ok
17:36:23.0056 0x0cf0 [ 2C5150FA3F3150B5AEC62677D4700115, 71F83B32BBD1A6D871DCA196A48F8C6D5E6ADFC2694CF9E54FE70F7FBC9BB9FF ] huawei_wwanecm C:\windows\system32\DRIVERS\ew_juwwanecm.sys
17:36:23.0056 0x0cf0 huawei_wwanecm - ok
17:36:23.0118 0x0cf0 [ E90DA42B87D684DEBFB73B38A718A006, BB18C63C1982F5CB99C9B65D2B801E8C1909AD7CD0171326DC0015D6B781B451 ] HWDeviceService64.exe C:\ProgramData\DatacardService\HWDeviceService64.exe
17:36:23.0134 0x0cf0 HWDeviceService64.exe - ok
17:36:23.0150 0x0cf0 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy     C:\windows\system32\drivers\hwpolicy.sys
17:36:23.0150 0x0cf0 hwpolicy - ok
17:36:23.0165 0x0cf0 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt     C:\windows\system32\DRIVERS\i8042prt.sys
17:36:23.0165 0x0cf0 i8042prt - ok
17:36:23.0196 0x0cf0 [ 53CC5BF8B5A219119953C7ABB19A7705, F342A9732978D893729EA2591CB72E5F5BD1B3E6C9E4DBFFE54EC866E534A8C0 ] iaStor       C:\windows\system32\DRIVERS\iaStor.sys
17:36:23.0212 0x0cf0 iaStor - ok
17:36:23.0243 0x0cf0 [ F5C0317AF600F8C0D7E4202EB04232B1, D83824ED829E3C4BCA6DB17A5DEF1450856ABE17B27AE6B791E40B8C3F2CCB44 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:36:23.0243 0x0cf0 IAStorDataMgrSvc - ok
17:36:23.0274 0x0cf0 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV       C:\windows\system32\drivers\iaStorV.sys
17:36:23.0290 0x0cf0 iaStorV - ok
17:36:23.0352 0x0cf0 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc       C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:36:23.0368 0x0cf0 idsvc - ok
17:36:23.0696 0x0cf0 [ 795C99DC4F574C97C03D0BB39CF099EE, 67310B52F7A1B83A66872B961F347B1BD104C8A83A01F60507705B2ACEA76B71 ] igfx         C:\windows\system32\DRIVERS\igdkmd64.sys
17:36:23.0898 0x0cf0 igfx - ok
17:36:23.0945 0x0cf0 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp       C:\windows\system32\drivers\iirsp.sys
17:36:23.0945 0x0cf0 iirsp - ok
17:36:23.0992 0x0cf0 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT       C:\windows\System32\ikeext.dll
17:36:24.0008 0x0cf0 IKEEXT - ok
17:36:24.0039 0x0cf0 [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud     C:\windows\system32\DRIVERS\IntcDAud.sys
17:36:24.0054 0x0cf0 IntcDAud - ok
17:36:24.0070 0x0cf0 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide     C:\windows\system32\drivers\intelide.sys
17:36:24.0070 0x0cf0 intelide - ok
17:36:24.0398 0x0cf0 [ 795C99DC4F574C97C03D0BB39CF099EE, 67310B52F7A1B83A66872B961F347B1BD104C8A83A01F60507705B2ACEA76B71 ] intelkmd     C:\windows\system32\DRIVERS\igdpmd64.sys
17:36:24.0600 0x0cf0 intelkmd - ok
17:36:24.0647 0x0cf0 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm     C:\windows\system32\DRIVERS\intelppm.sys
17:36:24.0647 0x0cf0 intelppm - ok
17:36:24.0678 0x0cf0 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum     C:\windows\system32\ipbusenum.dll
17:36:24.0678 0x0cf0 IPBusEnum - ok
17:36:24.0694 0x0cf0 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
17:36:24.0694 0x0cf0 IpFilterDriver - ok
17:36:24.0741 0x0cf0 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc     C:\windows\System32\iphlpsvc.dll
17:36:24.0756 0x0cf0 iphlpsvc - ok
17:36:24.0756 0x0cf0 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV       C:\windows\system32\drivers\IPMIDrv.sys
17:36:24.0772 0x0cf0 IPMIDRV - ok
17:36:24.0788 0x0cf0 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT       C:\windows\system32\drivers\ipnat.sys
17:36:24.0788 0x0cf0 IPNAT - ok
17:36:24.0803 0x0cf0 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM       C:\windows\system32\drivers\irenum.sys
17:36:24.0803 0x0cf0 IRENUM - ok
17:36:24.0819 0x0cf0 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp       C:\windows\system32\drivers\isapnp.sys
17:36:24.0819 0x0cf0 isapnp - ok
17:36:24.0834 0x0cf0 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt     C:\windows\system32\drivers\msiscsi.sys
17:36:24.0834 0x0cf0 iScsiPrt - ok
17:36:24.0850 0x0cf0 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass     C:\windows\system32\DRIVERS\kbdclass.sys
17:36:24.0850 0x0cf0 kbdclass - ok
17:36:24.0866 0x0cf0 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid       C:\windows\system32\drivers\kbdhid.sys
17:36:24.0866 0x0cf0 kbdhid - ok
17:36:24.0881 0x0cf0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso       C:\windows\system32\lsass.exe
17:36:24.0881 0x0cf0 KeyIso - ok
17:36:24.0928 0x0cf0 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD       C:\windows\system32\Drivers\ksecdd.sys
17:36:24.0928 0x0cf0 KSecDD - ok
17:36:24.0944 0x0cf0 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg       C:\windows\system32\Drivers\ksecpkg.sys
17:36:24.0944 0x0cf0 KSecPkg - ok
17:36:24.0959 0x0cf0 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk       C:\windows\system32\drivers\ksthunk.sys
17:36:24.0959 0x0cf0 ksthunk - ok
17:36:24.0990 0x0cf0 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm       C:\windows\system32\msdtckrm.dll
17:36:25.0006 0x0cf0 KtmRm - ok
17:36:25.0022 0x0cf0 [ 95CA93FC12BE372BB952669F37FFF9C5, 5B4EE910E676ABD0E12B6AD72DBB564DBEB05D63C43AFFC24CE155D0DF8A3820 ] L1C         C:\windows\system32\DRIVERS\L1C62x64.sys
17:36:25.0022 0x0cf0 L1C - ok
17:36:25.0068 0x0cf0 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer   C:\windows\System32\srvsvc.dll
17:36:25.0068 0x0cf0 LanmanServer - ok
17:36:25.0100 0x0cf0 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
17:36:25.0100 0x0cf0 LanmanWorkstation - ok
17:36:25.0131 0x0cf0 [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr       C:\windows\system32\DRIVERS\LhdX64.sys
17:36:25.0131 0x0cf0 LHDmgr - ok
17:36:25.0131 0x0cf0 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio       C:\windows\system32\DRIVERS\lltdio.sys
17:36:25.0146 0x0cf0 lltdio - ok
17:36:25.0178 0x0cf0 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc       C:\windows\System32\lltdsvc.dll
17:36:25.0178 0x0cf0 lltdsvc - ok
17:36:25.0193 0x0cf0 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts       C:\windows\System32\lmhsvc.dll
17:36:25.0193 0x0cf0 lmhosts - ok
17:36:25.0224 0x0cf0 [ 2ED1786B7542CDA261029F6B526EDF44, C6131B65B045EF5B4F62CF6CF089DF0921BA6A8EFC83BCBA45D5DDE78E9D78E2 ] LMS         C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:36:25.0224 0x0cf0 LMS - ok
17:36:25.0240 0x0cf0 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC       C:\windows\system32\drivers\lsi_fc.sys
17:36:25.0256 0x0cf0 LSI_FC - ok
17:36:25.0271 0x0cf0 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS       C:\windows\system32\drivers\lsi_sas.sys
17:36:25.0271 0x0cf0 LSI_SAS - ok
17:36:25.0287 0x0cf0 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2     C:\windows\system32\drivers\lsi_sas2.sys
17:36:25.0302 0x0cf0 LSI_SAS2 - ok
17:36:25.0318 0x0cf0 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI     C:\windows\system32\drivers\lsi_scsi.sys
17:36:25.0318 0x0cf0 LSI_SCSI - ok
17:36:25.0334 0x0cf0 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv       C:\windows\system32\drivers\luafv.sys
17:36:25.0334 0x0cf0 luafv - ok
17:36:25.0365 0x0cf0 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc       C:\windows\system32\Mcx2Svc.dll
17:36:25.0365 0x0cf0 Mcx2Svc - ok
17:36:25.0380 0x0cf0 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas       C:\windows\system32\drivers\megasas.sys
17:36:25.0380 0x0cf0 megasas - ok
17:36:25.0396 0x0cf0 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR       C:\windows\system32\drivers\MegaSR.sys
17:36:25.0412 0x0cf0 MegaSR - ok
17:36:25.0443 0x0cf0 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64       C:\windows\system32\DRIVERS\HECIx64.sys
17:36:25.0443 0x0cf0 MEIx64 - ok
17:36:25.0521 0x0cf0 Microsoft SharePoint Workspace Audit Service - ok
17:36:25.0536 0x0cf0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS       C:\windows\system32\mmcss.dll
17:36:25.0552 0x0cf0 MMCSS - ok
17:36:25.0599 0x0cf0 [ 9EA47AA97D15BCC50A0F0B78CBD8E768, 872665D17B41A5B5758790341B78DCE014C06900E42EB38A3C5A07C10D1A4809 ] Mobile Partner. RunOuc C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe
17:36:25.0614 0x0cf0 Mobile Partner. RunOuc - ok
17:36:25.0646 0x0cf0 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem       C:\windows\system32\drivers\modem.sys
17:36:25.0646 0x0cf0 Modem - ok
17:36:25.0677 0x0cf0 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor       C:\windows\system32\DRIVERS\monitor.sys
17:36:25.0677 0x0cf0 monitor - ok
17:36:25.0708 0x0cf0 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass     C:\windows\system32\DRIVERS\mouclass.sys
17:36:25.0708 0x0cf0 mouclass - ok
17:36:25.0724 0x0cf0 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid       C:\windows\system32\DRIVERS\mouhid.sys
17:36:25.0724 0x0cf0 mouhid - ok
17:36:25.0739 0x0cf0 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr     C:\windows\system32\drivers\mountmgr.sys
17:36:25.0739 0x0cf0 mountmgr - ok
17:36:25.0755 0x0cf0 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio         C:\windows\system32\drivers\mpio.sys
17:36:25.0755 0x0cf0 mpio - ok
17:36:25.0786 0x0cf0 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv       C:\windows\system32\drivers\mpsdrv.sys
17:36:25.0786 0x0cf0 mpsdrv - ok
17:36:25.0833 0x0cf0 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc       C:\windows\system32\mpssvc.dll
17:36:25.0848 0x0cf0 MpsSvc - ok
17:36:25.0911 0x0cf0 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV       C:\windows\system32\drivers\mrxdav.sys
17:36:25.0911 0x0cf0 MRxDAV - ok
17:36:25.0942 0x0cf0 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb       C:\windows\system32\DRIVERS\mrxsmb.sys
17:36:25.0958 0x0cf0 mrxsmb - ok
17:36:25.0989 0x0cf0 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10     C:\windows\system32\DRIVERS\mrxsmb10.sys
17:36:25.0989 0x0cf0 mrxsmb10 - ok
17:36:26.0004 0x0cf0 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20     C:\windows\system32\DRIVERS\mrxsmb20.sys
17:36:26.0004 0x0cf0 mrxsmb20 - ok
17:36:26.0036 0x0cf0 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci       C:\windows\system32\drivers\msahci.sys
17:36:26.0036 0x0cf0 msahci - ok
17:36:26.0067 0x0cf0 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm       C:\windows\system32\drivers\msdsm.sys
17:36:26.0067 0x0cf0 msdsm - ok
17:36:26.0082 0x0cf0 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC       C:\windows\System32\msdtc.exe
17:36:26.0098 0x0cf0 MSDTC - ok
17:36:26.0098 0x0cf0 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs         C:\windows\system32\drivers\Msfs.sys
17:36:26.0098 0x0cf0 Msfs - ok
17:36:26.0114 0x0cf0 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf     C:\windows\System32\drivers\mshidkmdf.sys
17:36:26.0114 0x0cf0 mshidkmdf - ok
17:36:26.0129 0x0cf0 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv     C:\windows\system32\drivers\msisadrv.sys
17:36:26.0129 0x0cf0 msisadrv - ok
17:36:26.0145 0x0cf0 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI       C:\windows\system32\iscsiexe.dll
17:36:26.0160 0x0cf0 MSiSCSI - ok
17:36:26.0160 0x0cf0 msiserver - ok
17:36:26.0160 0x0cf0 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV       C:\windows\system32\drivers\MSKSSRV.sys
17:36:26.0160 0x0cf0 MSKSSRV - ok
17:36:26.0176 0x0cf0 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK     C:\windows\system32\drivers\MSPCLOCK.sys
17:36:26.0176 0x0cf0 MSPCLOCK - ok
17:36:26.0176 0x0cf0 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM       C:\windows\system32\drivers\MSPQM.sys
17:36:26.0176 0x0cf0 MSPQM - ok
17:36:26.0192 0x0cf0 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC       C:\windows\system32\drivers\MsRPC.sys
17:36:26.0207 0x0cf0 MsRPC - ok
17:36:26.0223 0x0cf0 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios     C:\windows\system32\DRIVERS\mssmbios.sys
17:36:26.0223 0x0cf0 mssmbios - ok
17:36:26.0223 0x0cf0 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE       C:\windows\system32\drivers\MSTEE.sys
17:36:26.0223 0x0cf0 MSTEE - ok
17:36:26.0238 0x0cf0 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig     C:\windows\system32\drivers\MTConfig.sys
17:36:26.0238 0x0cf0 MTConfig - ok
17:36:26.0254 0x0cf0 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup         C:\windows\system32\Drivers\mup.sys
17:36:26.0254 0x0cf0 Mup - ok
17:36:26.0285 0x0cf0 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent     C:\windows\system32\qagentRT.dll
17:36:26.0301 0x0cf0 napagent - ok
17:36:26.0316 0x0cf0 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP   C:\windows\system32\DRIVERS\nwifi.sys
17:36:26.0332 0x0cf0 NativeWifiP - ok
17:36:26.0379 0x0cf0 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS         C:\windows\system32\drivers\ndis.sys
17:36:26.0394 0x0cf0 NDIS - ok
17:36:26.0410 0x0cf0 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap       C:\windows\system32\DRIVERS\ndiscap.sys
17:36:26.0410 0x0cf0 NdisCap - ok
17:36:26.0410 0x0cf0 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi     C:\windows\system32\DRIVERS\ndistapi.sys
17:36:26.0426 0x0cf0 NdisTapi - ok
17:36:26.0426 0x0cf0 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio       C:\windows\system32\DRIVERS\ndisuio.sys
17:36:26.0426 0x0cf0 Ndisuio - ok
17:36:26.0441 0x0cf0 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan       C:\windows\system32\DRIVERS\ndiswan.sys
17:36:26.0441 0x0cf0 NdisWan - ok
17:36:26.0457 0x0cf0 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy       C:\windows\system32\drivers\NDProxy.sys
17:36:26.0457 0x0cf0 NDProxy - ok
17:36:26.0472 0x0cf0 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS       C:\windows\system32\DRIVERS\netbios.sys
17:36:26.0472 0x0cf0 NetBIOS - ok
17:36:26.0488 0x0cf0 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT       C:\windows\system32\DRIVERS\netbt.sys
17:36:26.0488 0x0cf0 NetBT - ok
17:36:26.0504 0x0cf0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon     C:\windows\system32\lsass.exe
17:36:26.0504 0x0cf0 Netlogon - ok
17:36:26.0535 0x0cf0 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman       C:\windows\System32\netman.dll
17:36:26.0550 0x0cf0 Netman - ok
17:36:26.0566 0x0cf0 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm     C:\windows\System32\netprofm.dll
17:36:26.0566 0x0cf0 netprofm - ok
17:36:26.0597 0x0cf0 [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:36:26.0597 0x0cf0 NetTcpPortSharing - ok
17:36:26.0613 0x0cf0 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960       C:\windows\system32\drivers\nfrd960.sys
17:36:26.0613 0x0cf0 nfrd960 - ok
17:36:26.0628 0x0cf0 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc       C:\windows\System32\nlasvc.dll
17:36:26.0628 0x0cf0 NlaSvc - ok
17:36:26.0644 0x0cf0 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs         C:\windows\system32\drivers\Npfs.sys
17:36:26.0644 0x0cf0 Npfs - ok
17:36:26.0644 0x0cf0 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi         C:\windows\system32\nsisvc.dll
17:36:26.0644 0x0cf0 nsi - ok
17:36:26.0660 0x0cf0 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy     C:\windows\system32\drivers\nsiproxy.sys
17:36:26.0660 0x0cf0 nsiproxy - ok
17:36:26.0738 0x0cf0 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs         C:\windows\system32\drivers\Ntfs.sys
17:36:26.0753 0x0cf0 Ntfs - ok
17:36:26.0769 0x0cf0 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null         C:\windows\system32\drivers\Null.sys
17:36:26.0769 0x0cf0 Null - ok
17:36:26.0800 0x0cf0 [ 158AD24745BD85BA9BE3C51C38F48C32, B053A3B5A5CAE2CBC47E2C19E636AD70F376334EFFBB391A76562E67CBF3AC86 ] nusb3hub     C:\windows\system32\DRIVERS\nusb3hub.sys
17:36:26.0800 0x0cf0 nusb3hub - ok
17:36:26.0816 0x0cf0 [ D40A13B2C0891E218F9523B376955DB6, 9A2AAAF960868B860A65579EAD507B35C64CFD6C3581F8D731ADF975F778D10E ] nusb3xhc     C:\windows\system32\DRIVERS\nusb3xhc.sys
17:36:26.0816 0x0cf0 nusb3xhc - ok
17:36:26.0831 0x0cf0 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid       C:\windows\system32\drivers\nvraid.sys
17:36:26.0847 0x0cf0 nvraid - ok
17:36:26.0862 0x0cf0 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor       C:\windows\system32\drivers\nvstor.sys
17:36:26.0878 0x0cf0 nvstor - ok
17:36:26.0894 0x0cf0 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp       C:\windows\system32\drivers\nv_agp.sys
17:36:26.0894 0x0cf0 nv_agp - ok
17:36:26.0925 0x0cf0 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394     C:\windows\system32\drivers\ohci1394.sys
17:36:26.0925 0x0cf0 ohci1394 - ok
17:36:26.0956 0x0cf0 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose         C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:36:26.0956 0x0cf0 ose - ok
17:36:27.0159 0x0cf0 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc       C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:36:27.0237 0x0cf0 osppsvc - ok
17:36:27.0284 0x0cf0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc     C:\windows\system32\pnrpsvc.dll
17:36:27.0284 0x0cf0 p2pimsvc - ok
17:36:27.0330 0x0cf0 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc       C:\windows\system32\p2psvc.dll
17:36:27.0330 0x0cf0 p2psvc - ok
17:36:27.0362 0x0cf0 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport       C:\windows\system32\drivers\parport.sys
17:36:27.0362 0x0cf0 Parport - ok
17:36:27.0393 0x0cf0 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr       C:\windows\system32\drivers\partmgr.sys
17:36:27.0393 0x0cf0 partmgr - ok
17:36:27.0408 0x0cf0 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc       C:\windows\System32\pcasvc.dll
17:36:27.0408 0x0cf0 PcaSvc - ok
17:36:27.0424 0x0cf0 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci         C:\windows\system32\drivers\pci.sys
17:36:27.0424 0x0cf0 pci - ok
17:36:27.0440 0x0cf0 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide       C:\windows\system32\drivers\pciide.sys
17:36:27.0455 0x0cf0 pciide - ok
17:36:27.0471 0x0cf0 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia       C:\windows\system32\drivers\pcmcia.sys
17:36:27.0471 0x0cf0 pcmcia - ok
17:36:27.0486 0x0cf0 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw         C:\windows\system32\drivers\pcw.sys
17:36:27.0486 0x0cf0 pcw - ok
17:36:27.0518 0x0cf0 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH       C:\windows\system32\drivers\peauth.sys
17:36:27.0518 0x0cf0 PEAUTH - ok
17:36:27.0627 0x0cf0 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost     C:\windows\SysWow64\perfhost.exe
17:36:27.0627 0x0cf0 PerfHost - ok
17:36:27.0674 0x0cf0 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla         C:\windows\system32\pla.dll
17:36:27.0705 0x0cf0 pla - ok
17:36:27.0736 0x0cf0 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay     C:\windows\system32\umpnpmgr.dll
17:36:27.0736 0x0cf0 PlugPlay - ok
17:36:27.0752 0x0cf0 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg   C:\windows\system32\pnrpauto.dll
17:36:27.0752 0x0cf0 PNRPAutoReg - ok
17:36:27.0767 0x0cf0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc       C:\windows\system32\pnrpsvc.dll
17:36:27.0783 0x0cf0 PNRPsvc - ok
17:36:27.0830 0x0cf0 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent   C:\windows\System32\ipsecsvc.dll
17:36:27.0830 0x0cf0 PolicyAgent - ok
17:36:27.0876 0x0cf0 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power       C:\windows\system32\umpo.dll
17:36:27.0892 0x0cf0 Power - ok
17:36:27.0939 0x0cf0 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport   C:\windows\system32\DRIVERS\raspptp.sys
17:36:27.0939 0x0cf0 PptpMiniport - ok
17:36:27.0954 0x0cf0 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor     C:\windows\system32\drivers\processr.sys
17:36:27.0954 0x0cf0 Processor - ok
17:36:27.0986 0x0cf0 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc       C:\windows\system32\profsvc.dll
17:36:27.0986 0x0cf0 ProfSvc - ok
17:36:28.0001 0x0cf0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\windows\system32\lsass.exe
17:36:28.0001 0x0cf0 ProtectedStorage - ok
17:36:28.0001 0x0cf0 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched       C:\windows\system32\DRIVERS\pacer.sys
17:36:28.0017 0x0cf0 Psched - ok
17:36:28.0064 0x0cf0 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300       C:\windows\system32\drivers\ql2300.sys
17:36:28.0079 0x0cf0 ql2300 - ok
17:36:28.0095 0x0cf0 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx       C:\windows\system32\drivers\ql40xx.sys
17:36:28.0095 0x0cf0 ql40xx - ok
17:36:28.0126 0x0cf0 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE       C:\windows\system32\qwave.dll
17:36:28.0142 0x0cf0 QWAVE - ok
17:36:28.0157 0x0cf0 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv     C:\windows\system32\drivers\qwavedrv.sys
17:36:28.0157 0x0cf0 QWAVEdrv - ok
17:36:28.0157 0x0cf0 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd       C:\windows\system32\DRIVERS\rasacd.sys
17:36:28.0157 0x0cf0 RasAcd - ok
17:36:28.0204 0x0cf0 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn   C:\windows\system32\DRIVERS\AgileVpn.sys
17:36:28.0204 0x0cf0 RasAgileVpn - ok
17:36:28.0220 0x0cf0 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto       C:\windows\System32\rasauto.dll
17:36:28.0220 0x0cf0 RasAuto - ok
17:36:28.0220 0x0cf0 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp       C:\windows\system32\DRIVERS\rasl2tp.sys
17:36:28.0235 0x0cf0 Rasl2tp - ok
17:36:28.0251 0x0cf0 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan       C:\windows\System32\rasmans.dll
17:36:28.0266 0x0cf0 RasMan - ok
17:36:28.0282 0x0cf0 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe     C:\windows\system32\DRIVERS\raspppoe.sys
17:36:28.0282 0x0cf0 RasPppoe - ok
17:36:28.0298 0x0cf0 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp       C:\windows\system32\DRIVERS\rassstp.sys
17:36:28.0298 0x0cf0 RasSstp - ok
17:36:28.0313 0x0cf0 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss       C:\windows\system32\DRIVERS\rdbss.sys
17:36:28.0329 0x0cf0 rdbss - ok
17:36:28.0329 0x0cf0 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus       C:\windows\system32\drivers\rdpbus.sys
17:36:28.0329 0x0cf0 rdpbus - ok
17:36:28.0344 0x0cf0 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD       C:\windows\system32\DRIVERS\RDPCDD.sys
17:36:28.0344 0x0cf0 RDPCDD - ok
17:36:28.0360 0x0cf0 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD     C:\windows\system32\drivers\rdpencdd.sys
17:36:28.0360 0x0cf0 RDPENCDD - ok
17:36:28.0376 0x0cf0 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP     C:\windows\system32\drivers\rdprefmp.sys
17:36:28.0376 0x0cf0 RDPREFMP - ok
17:36:28.0407 0x0cf0 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD       C:\windows\system32\drivers\RDPWD.sys
17:36:28.0407 0x0cf0 RDPWD - ok
17:36:28.0422 0x0cf0 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost     C:\windows\system32\drivers\rdyboost.sys
17:36:28.0438 0x0cf0 rdyboost - ok
17:36:28.0469 0x0cf0 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\windows\system32\regsvc.dll
17:36:28.0469 0x0cf0 RemoteRegistry - ok
17:36:28.0485 0x0cf0 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM       C:\windows\system32\DRIVERS\rfcomm.sys
17:36:28.0485 0x0cf0 RFCOMM - ok
17:36:28.0500 0x0cf0 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper   C:\windows\System32\RpcEpMap.dll
17:36:28.0500 0x0cf0 RpcEptMapper - ok
17:36:

Antal indlæg: 40

17:36:28.0532 0x0cf0 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator     C:\windows\system32\locator.exe
17:36:28.0532 0x0cf0 RpcLocator - ok
17:36:28.0563 0x0cf0 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs       C:\windows\system32\rpcss.dll
17:36:28.0563 0x0cf0 RpcSs - ok
17:36:28.0578 0x0cf0 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr       C:\windows\system32\DRIVERS\rspndr.sys
17:36:28.0578 0x0cf0 rspndr - ok
17:36:28.0610 0x0cf0 [ 89DFB71B370D82DFE75183F677043CEE, 448798010AB86040D7A4A8956D7139951A9BD3517942DE2C4B82041B0408D78A ] RSUSBVSTOR     C:\windows\system32\Drivers\RtsUVStor.sys
17:36:28.0625 0x0cf0 RSUSBVSTOR - ok
17:36:28.0625 0x0cf0 [ BAEFEE35D27A5440D35092CE10267BEC, FB550D38C01E07B1170C52C1441874B56DD3BECB10CBE8E132EE3276A05C796E ] RTL8167       C:\windows\system32\DRIVERS\Rt64win7.sys
17:36:28.0625 0x0cf0 RTL8167 - ok
17:36:28.0641 0x0cf0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs       C:\windows\system32\lsass.exe
17:36:28.0641 0x0cf0 SamSs - ok
17:36:28.0641 0x0cf0 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port     C:\windows\system32\drivers\sbp2port.sys
17:36:28.0641 0x0cf0 sbp2port - ok
17:36:28.0672 0x0cf0 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr     C:\windows\System32\SCardSvr.dll
17:36:28.0672 0x0cf0 SCardSvr - ok
17:36:28.0688 0x0cf0 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter     C:\windows\system32\DRIVERS\scfilter.sys
17:36:28.0688 0x0cf0 scfilter - ok
17:36:28.0719 0x0cf0 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule     C:\windows\system32\schedsvc.dll
17:36:28.0734 0x0cf0 Schedule - ok
17:36:28.0766 0x0cf0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc   C:\windows\System32\certprop.dll
17:36:28.0766 0x0cf0 SCPolicySvc - ok
17:36:28.0781 0x0cf0 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC       C:\windows\System32\SDRSVC.dll
17:36:28.0781 0x0cf0 SDRSVC - ok
17:36:28.0797 0x0cf0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv       C:\windows\system32\drivers\secdrv.sys
17:36:28.0797 0x0cf0 secdrv - ok
17:36:28.0812 0x0cf0 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon     C:\windows\system32\seclogon.dll
17:36:28.0828 0x0cf0 seclogon - ok
17:36:28.0844 0x0cf0 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS         C:\windows\system32\sens.dll
17:36:28.0844 0x0cf0 SENS - ok
17:36:28.0844 0x0cf0 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc     C:\windows\system32\sensrsvc.dll
17:36:28.0844 0x0cf0 SensrSvc - ok
17:36:28.0859 0x0cf0 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum       C:\windows\system32\drivers\serenum.sys
17:36:28.0859 0x0cf0 Serenum - ok
17:36:28.0859 0x0cf0 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial       C:\windows\system32\drivers\serial.sys
17:36:28.0859 0x0cf0 Serial - ok
17:36:28.0859 0x0cf0 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse     C:\windows\system32\drivers\sermouse.sys
17:36:28.0859 0x0cf0 sermouse - ok
17:36:28.0890 0x0cf0 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv     C:\windows\system32\sessenv.dll
17:36:28.0890 0x0cf0 SessionEnv - ok
17:36:28.0890 0x0cf0 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk       C:\windows\system32\drivers\sffdisk.sys
17:36:28.0890 0x0cf0 sffdisk - ok
17:36:28.0890 0x0cf0 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc     C:\windows\system32\drivers\sffp_mmc.sys
17:36:28.0890 0x0cf0 sffp_mmc - ok
17:36:28.0906 0x0cf0 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd       C:\windows\system32\drivers\sffp_sd.sys
17:36:28.0906 0x0cf0 sffp_sd - ok
17:36:28.0937 0x0cf0 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy       C:\windows\system32\drivers\sfloppy.sys
17:36:28.0937 0x0cf0 sfloppy - ok
17:36:28.0968 0x0cf0 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess   C:\windows\System32\ipnathlp.dll
17:36:28.0984 0x0cf0 SharedAccess - ok
17:36:29.0015 0x0cf0 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
17:36:29.0015 0x0cf0 ShellHWDetection - ok
17:36:29.0031 0x0cf0 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2     C:\windows\system32\drivers\SiSRaid2.sys
17:36:29.0031 0x0cf0 SiSRaid2 - ok
17:36:29.0046 0x0cf0 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4     C:\windows\system32\drivers\sisraid4.sys
17:36:29.0062 0x0cf0 SiSRaid4 - ok
17:36:29.0062 0x0cf0 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb         C:\windows\system32\DRIVERS\smb.sys
17:36:29.0062 0x0cf0 Smb - ok
17:36:29.0093 0x0cf0 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP     C:\windows\System32\snmptrap.exe
17:36:29.0093 0x0cf0 SNMPTRAP - ok
17:36:29.0093 0x0cf0 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr       C:\windows\system32\drivers\spldr.sys
17:36:29.0093 0x0cf0 spldr - ok
17:36:29.0140 0x0cf0 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler       C:\windows\System32\spoolsv.exe
17:36:29.0156 0x0cf0 Spooler - ok
17:36:29.0249 0x0cf0 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc       C:\windows\system32\sppsvc.exe
17:36:29.0296 0x0cf0 sppsvc - ok
17:36:29.0312 0x0cf0 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify   C:\windows\system32\sppuinotify.dll
17:36:29.0312 0x0cf0 sppuinotify - ok
17:36:29.0343 0x0cf0 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] SPUVCbv       C:\windows\system32\Drivers\usbvideo.sys
17:36:29.0343 0x0cf0 SPUVCbv - ok
17:36:29.0390 0x0cf0 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv         C:\windows\system32\DRIVERS\srv.sys
17:36:29.0390 0x0cf0 srv - ok
17:36:29.0421 0x0cf0 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2         C:\windows\system32\DRIVERS\srv2.sys
17:36:29.0421 0x0cf0 srv2 - ok
17:36:29.0436 0x0cf0 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet       C:\windows\system32\DRIVERS\srvnet.sys
17:36:29.0436 0x0cf0 srvnet - ok
17:36:29.0468 0x0cf0 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV       C:\windows\System32\ssdpsrv.dll
17:36:29.0468 0x0cf0 SSDPSRV - ok
17:36:29.0483 0x0cf0 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc       C:\windows\system32\sstpsvc.dll
17:36:29.0483 0x0cf0 SstpSvc - ok
17:36:29.0530 0x0cf0 [ DB0768632C680B7C0D3AA92D80416893, BEC3CF4F1CB150AC7C4647DD7C0D5D62B10824308E44467CD77CA3427A46FB20 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
17:36:29.0530 0x0cf0 Steam Client Service - ok
17:36:29.0561 0x0cf0 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor     C:\windows\system32\drivers\stexstor.sys
17:36:29.0561 0x0cf0 stexstor - ok
17:36:29.0592 0x0cf0 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc       C:\windows\System32\wiaservc.dll
17:36:29.0608 0x0cf0 stisvc - ok
17:36:29.0608 0x0cf0 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum       C:\windows\system32\DRIVERS\swenum.sys
17:36:29.0608 0x0cf0 swenum - ok
17:36:29.0639 0x0cf0 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv       C:\windows\System32\swprv.dll
17:36:29.0655 0x0cf0 swprv - ok
17:36:29.0702 0x0cf0 [ 9643991B5CFD7A9BA68626B7A005F7E6, C256A7AC1B2FD98F85D3BB920374C70F65D4A6E3EE420F5AD8E114001BD10822 ] SynTP       C:\windows\system32\DRIVERS\SynTP.sys
17:36:29.0733 0x0cf0 SynTP - ok
17:36:29.0795 0x0cf0 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain       C:\windows\system32\sysmain.dll
17:36:29.0811 0x0cf0 SysMain - ok
17:36:29.0826 0x0cf0 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
17:36:29.0826 0x0cf0 TabletInputService - ok
17:36:29.0858 0x0cf0 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv       C:\windows\System32\tapisrv.dll
17:36:29.0858 0x0cf0 TapiSrv - ok
17:36:29.0904 0x0cf0 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS         C:\windows\System32\tbssvc.dll
17:36:29.0904 0x0cf0 TBS - ok
17:36:29.0967 0x0cf0 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip       C:\windows\system32\drivers\tcpip.sys
17:36:29.0998 0x0cf0 Tcpip - ok
17:36:30.0060 0x0cf0 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6       C:\windows\system32\DRIVERS\tcpip.sys
17:36:30.0092 0x0cf0 TCPIP6 - ok
17:36:30.0123 0x0cf0 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg     C:\windows\system32\drivers\tcpipreg.sys
17:36:30.0123 0x0cf0 tcpipreg - ok
17:36:30.0170 0x0cf0 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE       C:\windows\system32\drivers\tdpipe.sys
17:36:30.0170 0x0cf0 TDPIPE - ok
17:36:30.0185 0x0cf0 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP       C:\windows\system32\drivers\tdtcp.sys
17:36:30.0185 0x0cf0 TDTCP - ok
17:36:30.0201 0x0cf0 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx         C:\windows\system32\DRIVERS\tdx.sys
17:36:30.0201 0x0cf0 tdx - ok
17:36:30.0216 0x0cf0 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD       C:\windows\system32\DRIVERS\termdd.sys
17:36:30.0216 0x0cf0 TermDD - ok
17:36:30.0263 0x0cf0 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService   C:\windows\System32\termsrv.dll
17:36:30.0279 0x0cf0 TermService - ok
17:36:30.0279 0x0cf0 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes       C:\windows\system32\themeservice.dll
17:36:30.0279 0x0cf0 Themes - ok
17:36:30.0294 0x0cf0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER   C:\windows\system32\mmcss.dll
17:36:30.0294 0x0cf0 THREADORDER - ok
17:36:30.0310 0x0cf0 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks       C:\windows\System32\trkwks.dll
17:36:30.0326 0x0cf0 TrkWks - ok
17:36:30.0372 0x0cf0 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
17:36:30.0372 0x0cf0 TrustedInstaller - ok
17:36:30.0404 0x0cf0 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv     C:\windows\system32\DRIVERS\tssecsrv.sys
17:36:30.0404 0x0cf0 tssecsrv - ok
17:36:30.0419 0x0cf0 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt     C:\windows\system32\drivers\tsusbflt.sys
17:36:30.0419 0x0cf0 TsUsbFlt - ok
17:36:30.0435 0x0cf0 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD       C:\windows\system32\drivers\TsUsbGD.sys
17:36:30.0435 0x0cf0 TsUsbGD - ok
17:36:30.0450 0x0cf0 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel       C:\windows\system32\DRIVERS\tunnel.sys
17:36:30.0450 0x0cf0 tunnel - ok
17:36:30.0466 0x0cf0 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35       C:\windows\system32\drivers\uagp35.sys
17:36:30.0466 0x0cf0 uagp35 - ok
17:36:30.0482 0x0cf0 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs         C:\windows\system32\DRIVERS\udfs.sys
17:36:30.0482 0x0cf0 udfs - ok
17:36:30.0513 0x0cf0 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect     C:\windows\system32\UI0Detect.exe
17:36:30.0513 0x0cf0 UI0Detect - ok
17:36:30.0513 0x0cf0 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx     C:\windows\system32\drivers\uliagpkx.sys
17:36:30.0528 0x0cf0 uliagpkx - ok
17:36:30.0528 0x0cf0 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus       C:\windows\system32\DRIVERS\umbus.sys
17:36:30.0528 0x0cf0 umbus - ok
17:36:30.0560 0x0cf0 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass       C:\windows\system32\drivers\umpass.sys
17:36:30.0560 0x0cf0 UmPass - ok
17:36:30.0684 0x0cf0 [ 7E5E1603D0FF2D240AE70295C5C3FEFC, 1E5F8E415ACE3C6DFBE636473DBE051329174F2A085516B6FC1515A54014D02B ] UNS         C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:36:30.0716 0x0cf0 UNS - ok
17:36:30.0731 0x0cf0 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost     C:\windows\System32\upnphost.dll
17:36:30.0747 0x0cf0 upnphost - ok
17:36:30.0778 0x0cf0 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64     C:\windows\system32\Drivers\usbaapl64.sys
17:36:30.0778 0x0cf0 USBAAPL64 - ok
17:36:30.0794 0x0cf0 [ ACCEA6BC68D0C9A78EB97EE159028B4E, 132F7A543C1DA9456FBABA50552B37E3162ACA612A8567BB3FF0F7DA84231419 ] usbccgp       C:\windows\system32\DRIVERS\usbccgp.sys
17:36:30.0794 0x0cf0 usbccgp - ok
17:36:30.0825 0x0cf0 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir       C:\windows\system32\drivers\usbcir.sys
17:36:30.0825 0x0cf0 usbcir - ok
17:36:30.0840 0x0cf0 [ 311C1DD1088E55BEAE15954D17F50646, A663344ABD1414D570617F59CC00020640F31DB34265142EFCA8817328DB842A ] usbehci       C:\windows\system32\drivers\usbehci.sys
17:36:30.0840 0x0cf0 usbehci - ok
17:36:30.0872 0x0cf0 [ 280E90CBF4B2DDD169F0728CB44D726F, 2B39666C022A4F7338BDDB4CB0D7B4D0CC6B398298D29E38826F27FADF4C29DD ] usbhub       C:\windows\system32\DRIVERS\usbhub.sys
17:36:30.0872 0x0cf0 usbhub - ok
17:36:30.0887 0x0cf0 [ 9406D801042FAF859CF81B2C886413DC, D16536EC05260D7A2902314E1AA5E5F73533483B9967739C381FD41B6192B92F ] usbohci       C:\windows\system32\drivers\usbohci.sys
17:36:30.0887 0x0cf0 usbohci - ok
17:36:30.0903 0x0cf0 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint     C:\windows\system32\drivers\usbprint.sys
17:36:30.0903 0x0cf0 usbprint - ok
17:36:30.0918 0x0cf0 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR       C:\windows\system32\DRIVERS\USBSTOR.SYS
17:36:30.0934 0x0cf0 USBSTOR - ok
17:36:30.0934 0x0cf0 [ A83D0EC9AE4C31704442099D40BA2471, A29D714FCDF10DF7A2A17D54B131AEFDA61AED988CF8B99C7B30728C50130DCE ] usbuhci       C:\windows\system32\drivers\usbuhci.sys
17:36:30.0934 0x0cf0 usbuhci - ok
17:36:30.0965 0x0cf0 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo     C:\windows\System32\Drivers\usbvideo.sys
17:36:30.0965 0x0cf0 usbvideo - ok
17:36:30.0996 0x0cf0 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms       C:\windows\System32\uxsms.dll
17:36:30.0996 0x0cf0 UxSms - ok
17:36:31.0012 0x0cf0 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc     C:\windows\system32\lsass.exe
17:36:31.0012 0x0cf0 VaultSvc - ok
17:36:31.0028 0x0cf0 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot     C:\windows\system32\drivers\vdrvroot.sys
17:36:31.0028 0x0cf0 vdrvroot - ok
17:36:31.0043 0x0cf0 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds         C:\windows\System32\vds.exe
17:36:31.0059 0x0cf0 vds - ok
17:36:31.0090 0x0cf0 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga         C:\windows\system32\DRIVERS\vgapnp.sys
17:36:31.0090 0x0cf0 vga - ok
17:36:31.0106 0x0cf0 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave       C:\windows\System32\drivers\vga.sys
17:36:31.0106 0x0cf0 VgaSave - ok
17:36:31.0121 0x0cf0 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp       C:\windows\system32\drivers\vhdmp.sys
17:36:31.0137 0x0cf0 vhdmp - ok
17:36:31.0152 0x0cf0 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide       C:\windows\system32\drivers\viaide.sys
17:36:31.0152 0x0cf0 viaide - ok
17:36:31.0184 0x0cf0 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr       C:\windows\system32\drivers\volmgr.sys
17:36:31.0184 0x0cf0 volmgr - ok
17:36:31.0199 0x0cf0 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx       C:\windows\system32\drivers\volmgrx.sys
17:36:31.0215 0x0cf0 volmgrx - ok
17:36:31.0230 0x0cf0 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap       C:\windows\system32\drivers\volsnap.sys
17:36:31.0230 0x0cf0 volsnap - ok
17:36:31.0246 0x0cf0 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid       C:\windows\system32\drivers\vsmraid.sys
17:36:31.0246 0x0cf0 vsmraid - ok
17:36:31.0324 0x0cf0 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS         C:\windows\system32\vssvc.exe
17:36:31.0355 0x0cf0 VSS - ok
17:36:31.0371 0x0cf0 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus     C:\windows\system32\DRIVERS\vwifibus.sys
17:36:31.0371 0x0cf0 vwifibus - ok
17:36:31.0386 0x0cf0 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt     C:\windows\system32\DRIVERS\vwififlt.sys
17:36:31.0386 0x0cf0 vwififlt - ok
17:36:31.0386 0x0cf0 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp       C:\windows\system32\DRIVERS\vwifimp.sys
17:36:31.0386 0x0cf0 vwifimp - ok
17:36:31.0418 0x0cf0 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time       C:\windows\system32\w32time.dll
17:36:31.0418 0x0cf0 W32Time - ok
17:36:31.0433 0x0cf0 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen     C:\windows\system32\drivers\wacompen.sys
17:36:31.0433 0x0cf0 WacomPen - ok
17:36:31.0449 0x0cf0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP       C:\windows\system32\DRIVERS\wanarp.sys
17:36:31.0449 0x0cf0 WANARP - ok
17:36:31.0449 0x0cf0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6     C:\windows\system32\DRIVERS\wanarp.sys
17:36:31.0464 0x0cf0 Wanarpv6 - ok
17:36:31.0542 0x0cf0 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc   C:\windows\system32\Wat\WatAdminSvc.exe
17:36:31.0558 0x0cf0 WatAdminSvc - ok
17:36:31.0605 0x0cf0 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine     C:\windows\system32\wbengine.exe
17:36:31.0636 0x0cf0 wbengine - ok
17:36:31.0652 0x0cf0 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc     C:\windows\System32\wbiosrvc.dll
17:36:31.0652 0x0cf0 WbioSrvc - ok
17:36:31.0683 0x0cf0 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc       C:\windows\System32\wcncsvc.dll
17:36:31.0683 0x0cf0 wcncsvc - ok
17:36:31.0698 0x0cf0 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
17:36:31.0698 0x0cf0 WcsPlugInService - ok
17:36:31.0714 0x0cf0 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd         C:\windows\system32\drivers\wd.sys
17:36:31.0714 0x0cf0 Wd - ok
17:36:31.0761 0x0cf0 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000     C:\windows\system32\drivers\Wdf01000.sys
17:36:31.0776 0x0cf0 Wdf01000 - ok
17:36:31.0792 0x0cf0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\windows\system32\wdi.dll
17:36:31.0792 0x0cf0 WdiServiceHost - ok
17:36:31.0792 0x0cf0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
17:36:31.0792 0x0cf0 WdiSystemHost - ok
17:36:31.0808 0x0cf0 [ 719AD5D66260CBB4A014719C20868B16, 43EFBD73CBFCAEBDC6E9613F63C1E04FD662B83405847DF7C37DB4279D4C6567 ] WebCake Desktop Updater C:\Program Files (x86)\WBDesktop.Updater.1.0.0.16.exe
17:36:31.0808 0x0cf0 WebCake Desktop Updater - ok
17:36:31.0839 0x0cf0 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient     C:\windows\System32\webclnt.dll
17:36:31.0839 0x0cf0 WebClient - ok
17:36:31.0870 0x0cf0 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc       C:\windows\system32\wecsvc.dll
17:36:31.0870 0x0cf0 Wecsvc - ok
17:36:31.0886 0x0cf0 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
17:36:31.0886 0x0cf0 wercplsupport - ok
17:36:31.0901 0x0cf0 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc       C:\windows\System32\WerSvc.dll
17:36:31.0901 0x0cf0 WerSvc - ok
17:36:31.0917 0x0cf0 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf       C:\windows\system32\DRIVERS\wfplwf.sys
17:36:31.0917 0x0cf0 WfpLwf - ok
17:36:31.0932 0x0cf0 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount     C:\windows\system32\drivers\wimmount.sys
17:36:31.0932 0x0cf0 WIMMount - ok
17:36:31.0964 0x0cf0 WinDefend - ok
17:36:31.0964 0x0cf0 WinHttpAutoProxySvc - ok
17:36:32.0026 0x0cf0 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt       C:\windows\system32\wbem\WMIsvc.dll
17:36:32.0026 0x0cf0 Winmgmt - ok
17:36:32.0104 0x0cf0 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM       C:\windows\system32\WsmSvc.dll
17:36:32.0135 0x0cf0 WinRM - ok
17:36:32.0151 0x0cf0 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb       C:\windows\system32\DRIVERS\WinUsb.sys
17:36:32.0151 0x0cf0 WinUsb - ok
17:36:32.0182 0x0cf0 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc       C:\windows\System32\wlansvc.dll
17:36:32.0198 0x0cf0 Wlansvc - ok
17:36:32.0260 0x0cf0 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc     C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:36:32.0276 0x0cf0 wlcrasvc - ok
17:36:32.0354 0x0cf0 [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc       C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:36:32.0385 0x0cf0 wlidsvc - ok
17:36:32.0400 0x0cf0 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi       C:\windows\system32\drivers\wmiacpi.sys
17:36:32.0400 0x0cf0 WmiAcpi - ok
17:36:32.0432 0x0cf0 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv     C:\windows\system32\wbem\WmiApSrv.exe
17:36:32.0432 0x0cf0 wmiApSrv - ok
17:36:32.0447 0x0cf0 WMPNetworkSvc - ok
17:36:32.0478 0x0cf0 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc       C:\windows\System32\wpcsvc.dll
17:36:32.0478 0x0cf0 WPCSvc - ok
17:36:32.0494 0x0cf0 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum     C:\windows\system32\wpdbusenum.dll
17:36:32.0494 0x0cf0 WPDBusEnum - ok
17:36:32.0525 0x0cf0 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl       C:\windows\system32\drivers\ws2ifsl.sys
17:36:32.0525 0x0cf0 ws2ifsl - ok
17:36:32.0541 0x0cf0 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc       C:\windows\system32\wscsvc.dll
17:36:32.0541 0x0cf0 wscsvc - ok
17:36:32.0556 0x0cf0 WSearch - ok
17:36:32.0588 0x0cf0 [ 83575C43B2BFE9AB0661A7F957E843C0, 6FCE62721902A4F35F1A4CED8AF60A0346CFAB657ED92DE4CEFF19BDB830D32D ] wsvd         C:\windows\system32\DRIVERS\wsvd.sys
17:36:32.0588 0x0cf0 wsvd - ok
17:36:32.0681 0x0cf0 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv     C:\windows\system32\wuaueng.dll
17:36:32.0728 0x0cf0 wuauserv - ok
17:36:32.0759 0x0cf0 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf       C:\windows\system32\drivers\WudfPf.sys
17:36:32.0759 0x0cf0 WudfPf - ok
17:36:32.0775 0x0cf0 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd       C:\windows\system32\DRIVERS\WUDFRd.sys
17:36:32.0775 0x0cf0 WUDFRd - ok
17:36:32.0822 0x0cf0 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc       C:\windows\System32\WUDFSvc.dll
17:36:32.0822 0x0cf0 wudfsvc - ok
17:36:32.0853 0x0cf0 [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc       C:\windows\System32\wwansvc.dll
17:36:32.0853 0x0cf0 WwanSvc - ok
17:36:32.0868 0x0cf0 ================ Scan global ===============================
17:36:32.0884 0x0cf0 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
17:36:32.0915 0x0cf0 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
17:36:32.0931 0x0cf0 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
17:36:32.0962 0x0cf0 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
17:36:33.0024 0x0cf0 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
17:36:33.0024 0x0cf0 [ Global ] - ok
17:36:33.0024 0x0cf0 ================ Scan MBR ==================================
17:36:33.0040 0x0cf0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:36:33.0508 0x0cf0 \Device\Harddisk0\DR0 - ok
17:36:33.0508 0x0cf0 ================ Scan VBR ==================================
17:36:33.0508 0x0cf0 [ 31BFA7F429ACC03B10F1A0AA7251F997 ] \Device\Harddisk0\DR0\Partition1
17:36:33.0508 0x0cf0 \Device\Harddisk0\DR0\Partition1 - ok
17:36:33.0539 0x0cf0 [ 0729466B4B9782C3D9EB2F1BFF9097D3 ] \Device\Harddisk0\DR0\Partition2
17:36:33.0539 0x0cf0 \Device\Harddisk0\DR0\Partition2 - ok
17:36:33.0570 0x0cf0 [ EC5FFA21FDCEE290AFEBA7DC2598B1B4 ] \Device\Harddisk0\DR0\Partition3
17:36:33.0570 0x0cf0 \Device\Harddisk0\DR0\Partition3 - ok
17:36:33.0586 0x0cf0 Win FW state via NFP2: enabled
17:36:36.0035 0x0cf0 ============================================================
17:36:36.0035 0x0cf0 Scan finished
17:36:36.0035 0x0cf0 ============================================================
17:36:36.0035 0x09c8 Detected object count: 0
17:36:36.0035 0x09c8 Actual detected object count: 0
17:36:59.0045 0x0c9c Deinitialize success