Start

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
URLSearchHook: [S-1-5-21-1894722739-3979997351-3746568665-1000] ATTENTION => Default URLSearchHook is missing

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION
R3 ruxaeh; system32\drivers\xadhkn.sys [X]
S1 svhgbu; \??\C:\Users\User\AppData\Local\Temp\wmkopsgu.sys [X] <==== ATTENTION
S4 zpxlteou; System32\drivers\dtbagxiu.sys [X]

Unlock: HKLM\SYSTEM\ControlSet001\Services\sdzvlh
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\sdzvlh

2019-02-10 19:25 - 2019-02-10 19:25 - 000148816 ____N C:\Windows\system32\Drivers\cwdbehlo.sys
2019-02-10 07:11 - 2019-02-10 09:07 - 000000000 ____D C:\Users\User\AppData\Local\aucvxph
2019-02-10 06:25 - 2019-02-10 06:25 - 000000001 _____ C:\jl14v5cyhl7j16s
2019-02-10 06:11 - 2019-02-10 09:05 - 000000000 ____D C:\Users\User\AppData\Local\atchlod
2019-02-10 06:11 - 2019-02-10 06:11 - 000000000 ____D C:\Users\User\AppData\Roaming\c
2019-02-10 06:11 - 2019-02-10 06:11 - 000000000 ____D C:\Users\User\AppData\Local\nvhtsum
2019-02-10 06:10 - 2019-02-10 21:04 - 002930176 _____ (TOSHIBA CORPORATION) C:\Windows\system32\tisarmlsvc.exe
2019-02-10 06:10 - 2019-02-10 07:14 - 000000000 ____D C:\Windows\system32\sbdzcpg
2019-02-10 06:10 - 2019-02-10 06:10 - 000000000 ____D C:\Windows\SysWOW64\sbdzcpg
2019-02-10 06:09 - 2019-02-10 09:44 - 000000000 ____D C:\Program Files (x86)\twos
2019-02-10 06:09 - 2019-02-10 09:42 - 000000000 ____D C:\Program Files (x86)\Alarms
2019-02-10 06:09 - 2019-02-10 09:22 - 000000000 ____D C:\Program Files (x86)\Ate
2019-02-10 06:09 - 2019-02-10 07:49 - 000000000 ___HD C:\Program Files (x86)\Datas
2019-02-10 06:09 - 2019-02-10 06:31 - 000000000 ___HD C:\Program Files (x86)\regally
2019-02-10 06:09 - 2019-02-10 06:09 - 000004018 _____ C:\Windows\System32\Tasks\frowns
2019-02-10 06:09 - 2019-02-10 06:09 - 000003850 _____ C:\Windows\System32\Tasks\frownsfrowns
2019-02-10 06:09 - 2019-02-10 06:09 - 000000012 _____ C:\Windows\b16830528
2019-02-10 06:09 - 2019-02-10 06:09 - 000000000 ____D C:\Users\User\AppData\Roaming\et
2019-02-10 06:09 - 2019-02-10 06:09 - 000000000 ____D C:\Program Files (x86)\dispute

FirewallRules: [{8A0C28B5-3C45-4142-8F98-0EBF96AB8B89}] => (Allow) C:\Program Files (x86)\Alarms\Agri.exe No File
FirewallRules: [{3C8396DA-4CAF-4C39-9A0D-906FFA3439D0}] => (Allow) C:\Program Files (x86)\Datas\Agri.exe No File
FirewallRules: [{E7DD1628-5D1B-4FFE-A98A-4C46F0A9D1EC}] => (Allow) C:\Program Files (x86)\twos\Nauseum.exe No File
FirewallRules: [{75639549-03F4-48AD-B4A3-8309F5389A0F}] => (Allow) C:\Program Files (x86)\Datas\Nauseum.exe No File

Folder: C:\Users\User\AppData\Roaming\Tools

Reboot:

End