Skillbrains\Updater eset hlasi problem

[eriduan]

Ahoj
Eset mi furt vyhadzuje nejaky problem v adresari *.Skillbrains\Updater
No nezmaze ho iba da do karanteny.
Chcem sa toho smejda zbavit.
Mozete mi prosim pomoct?
Dakujem


pre istotu pridavam aj rsit ako prilohu tohto vlákna. Text sa sem nezmestil pre príliž veľký počet znakov.

[Rudy]

Zdravím!
Když pak tu karanténu smažete, měl by být pryč. Navíc v karanténě je zcela neškodný. Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

[eriduan]

dobry den
ospravedlnujem sa za dlhu neaktivitu.
mal som toho hodne a zabudol som riesit vlastne pc. ja som ho dlho nezapinal a ked hej tak len na minutu aj to som bezal zas prec z domu. sa hambim. prepacte. a potom mi to vyfucalo z hlavy. nebyt neddavneho incidentu tak si nespomeniem.

ADWcleaner som nakoniec nespustil a uz sa neda pouzit link. Link hlasi "adresa neexistuje"

vcera sa mi naskytol novy incident. ktory pravdepodobne nesuvisi s danym problemom. ale mozno hej. neviem posudit.
na Mobile mi prisla na FB messangeri sprava od kamaratky a v nej obrazok. nedal sa zobrazit ani kliknut nan.
a potom mi kamarati na FB hlasili ze rozposielam nejake podivne subory co nejdu spustit.

subor som nakoniec identifikoval. mal som ho vo svojej DOWNLOADS sekcii.
ten subor sa vola takto:
photo_9091.svg
a ked som ho zavesil na virustotal.com tak tam naslo takuto haved
JS:Trojan.JS.Nemucod.CX
subor som pravym mysitkom presunul do karanteny skrz eset.
netusim co s nim dalej spravit. Pre istotu som ho nemazal keby ste ho chceli na testovanie.
virustotal ho detekoval len nahodou lebo eset ho nevidi ako hrozbu ani ine silnejsie antivirusy to nepovazuju za hrozbu.

Kód: Vybrat vše

prilohu pridavvam copiu toho co virustotal napisal mne, su tu vsetky pozitivne nalezy. viac ich nebolo.
Antivirus 	Result 	Update
ALYac 	JS:Trojan.JS.Nemucod.CX 	20161120
Ad-Aware 	JS:Trojan.JS.Nemucod.CX 	20161120
Arcabit 	JS:Trojan.JS.Nemucod.CX 	20161120
BitDefender 	JS:Trojan.JS.Nemucod.CX 	20161120
Emsisoft 	JS:Trojan.JS.Nemucod.CX (B) 	20161120
F-Secure 	JS:Trojan.JS.Nemucod.CX 	20161120
Fortinet 	JS/Nemucod.DC6!tr 	        20161120
GData 	JS:Trojan.JS.Nemucod.CX 	20161120
Ikarus 	Trojan.JS.Kilim 	                20161120
Kaspersky 	not-a-virus:HEUR:AdWare.Script.Generic 	20161120
eScan 	JS:Trojan.JS.Nemucod.CX 	20161120 

[Rudy]

Spíš by mne zajímal log z ADW.

[eriduan]

Tak mal som strach ked mi napisal 15 hrozieb najdenych.
no volaco to vycistilo

Je pravda ze moj prehliadac sa z casu na cas zasekol a aj pol minuty nic nerobil iba stal ale to som si myslel ze je preto lebo mam asi 200 tabov otvorenych. no nacitanych vzdy len 5-10 a jeden FB medzi nimi.

tu prikladam ten log z ADWCleaneru

# AdwCleaner v6.030 - Log soubor vytvořen 22/11/2016 na 02:05:59
# Aktualizováno dne 19/10/2016 z Malwarebytes
# Databáze : 2016-11-21.2 [Server]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Lenovo - ERIDUAN
# Beží od : C:\Users\Lenovo\Desktop\adwcleaner_6.030.exe
# Mod: Čištění
# Podpora : hxxps://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Adresáře ] *****



***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupce ] *****



***** [ Plánovač úloh ] *****



***** [ Registry ] *****

[-] Klíč smazán:HKU\S-1-5-21-2644494735-1459529413-616944993-1002\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23
[#] Klíč smazán po restartování:HKCU\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23
[#] Klíč smazán po restartování:[x64] HKCU\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cz/wd/1431245/6446/1/95ec286c6b/pronajem-praha-strasnice-praha-10-vinohradska-2-kk
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cz/wd/1465696/6446/1/e721d44c1d/pronajem-praha-strasnice-praha-10-blatovska-2-kk
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cz/wd/1465819/6445/1/85d53f8ccb/pronajem-praha-strasnice-praha-10-detska-garsonka
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cz/wd/1468240/6446/1/df411f9508/pronajem-praha-strasnice-praha-10-kounicka-2-1
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cz/wd/1469352/6446/1/8e2bc8b286/pronajem-praha-strasnice-praha-10-krenicka-1-1
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cz/wd/1470868/6446/1/15d394abc8/pronajem-praha-strasnice-praha-10-u-trati-2-1
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cz/wd/1431245/6446/1/95ec286c6b/pronajem-praha-strasnice-praha-10-vinohradska-2-kk
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cz/wd/1465696/6446/1/e721d44c1d/pronajem-praha-strasnice-praha-10-blatovska-2-kk
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cz/wd/1465819/6445/1/85d53f8ccb/pronajem-praha-strasnice-praha-10-detska-garsonka
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cz/wd/1468240/6446/1/df411f9508/pronajem-praha-strasnice-praha-10-kounicka-2-1
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cz/wd/1469352/6446/1/8e2bc8b286/pronajem-praha-strasnice-praha-10-krenicka-1-1
[#] Klíč smazán po restartování:[x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cz/wd/1470868/6446/1/15d394abc8/pronajem-praha-strasnice-praha-10-u-trati-2-1


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3231 Bajtů] - [22/11/2016 02:05:59]
C:\AdwCleaner\AdwCleaner[S0].txt - [3610 Bajtů] - [22/11/2016 02:05:08]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3379 Bajtů] ##########

[Rudy]

Teď dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

[eriduan]

Dam hned ako pridem domov a AK budem vediet zapnut pc. Pisem z prace.
Lebo kamarati sa snazili rozlustit ten kod co prisiel v tom obrazku
vraj sa jedna o javascript ktory ten tvorca prehnal skrz UglyfyJS alebo nieco podobne, takze sa neda moc lahko citat.
Vraj sa to instaluje skrz Chrome ako plugin. Samotny obrazok redirektne na falosny YT kde video hlasi nejaky chybajuci kodek a ten je samotny worm. ten kodek je plugin a ten sa sam potom rozposle skrz messanger ako obrazok s random menom a svf primonou (tak som nan klikol ja). V nejakom navode som nasiel ze je tu vynimka. Ak clovek otvori obrazok skrz iny prehliadac nez chrome, tak mu to zasifruje disk.
dane informacie tu:
je to polska stranka odporucam prelozit do anglictiny:

https://niebezpiecznik.pl/post/jesli-zn ... o-to-atak/

root cz o tom vydali tiez kratky clanok.

https://www.root.cz/zpravicky/ransomwar ... messenger/

je pravda ze som nikam neklikal, ked mi nezobrazilo obrazok ani v GIMPe tak som to nechal tak. a teda na ziadnu youtube stranku co nema kodeky som sa teda ani nedostal.

[Rudy]

V polštině mi to vůbec nevadí. Ne, že bych uměl perfektně, ale to, co znám, mi snad bude stačit. Co ten log FRST?

[eriduan]

Mno snazuím sa ho uz na treti krat stiahnut a spustit ale mam s tym problemy
Farbar Recovery Scan Tool som schopny ulozit na plochu ale uz spustit ho nedokazem.
on Win10 ho proste osekal ze nechce aby som si ublizil, a ze je to virus takze ho nedovolil spustit.

FRSTLauncher ten sa vobec nechce stiahnut.
najprv mi hlasilo ze stranka je zakazana alebo zavirovana a ked ho stiahnem tak firefox hlasi ze je to malware alebo virus.
tak neviem co je za problem.

predpokladam ze niekde robim chybu.

EDIT

snazil som sa aj vypnut win10 defender aj eset a nic to nepomaha. stale ze nespustim ti to lebo virus

netusim kde robim chybu pri vypinani rezidentneho stitu


EDIT 24.11.2016 - 1925
netusim ako to obist. absolutne nie.
mam to spustit v safemode? ved to tam nemusim najst vsetku haved ked to nepojde normalne v normalnom win mode.

[Rudy]

V desítkách mohu mazat pouze z FRST. RSIT občas při mazání poškodí systém. Rozklikněte ikonu ESET na tray a dejte "Dočasně vypnout rezidentní ochranu". Z menu pak vyberte "Do nejbližšího restartu". Pak by nic nemělo bránit stažení a spuštění FRST.

[eriduan]

to som spravil ale
praveze, doocasne vypnut eset mi nestacilo
potom sa nejak zapne rezidentny stit windowsu

[Rudy]

Když vyberete vypnutí do restartu, zůstane vypnutá, dokud nerestartujete PC.

[eriduan]

vsetko mam vypnute. co sa dalo som vypol do najblizsieho restartovania. a stale mi to vyhadzuje to zelene okno od win defendera ze nespusti mi
"FRSTLauncher.exe" ze to je potencialne nebezpecny system
ale tak som skusil teraz priamo kliknut na FARBAR
"FRST64.exe" a to mi spustilo.

ako je to mozne?

----edit
do prilohy vkladam tie logy co to vyplulo

[Rudy]

Tak možné to je. Jsou věci mezi nebem a zemí...... . Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-2644494735-1459529413-616944993-1002\...\MountPoints2: {6fdcc620-a176-11e6-bf5d-28d2442959aa} - "D:\Lenovo_Suite.exe"
SearchScopes: HKU\S-1-5-21-2644494735-1459529413-616944993-1002 -> DefaultScope {3637FA6A-3C99-405F-A237-33AB32C28781} URL =
SearchScopes: HKU\S-1-5-21-2644494735-1459529413-616944993-1002 -> {3637FA6A-3C99-405F-A237-33AB32C28781} URL =
Toolbar: HKU\S-1-5-21-2644494735-1459529413-616944993-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
C:\WINDOWS\system32\ApnDatabase.xml
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\ProgramData\DP45977C.lfl
Task: {07D28A08-9035-41A5-A768-39D48D6F6339} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {1F677127-BED4-45B0-996B-001620D12BEA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {21BAB42C-776C-4E24-8576-AED13906EDCC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2F801D19-D281-4A3C-85A7-248EC53D9632} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3EB7B7AE-D5BF-4A5D-875B-EDB7A80F5599} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4B7D8498-9BC2-4911-8094-37E589372B29} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {52B141A7-9F39-422A-9D3E-C84E3C7FA082} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {7AABF681-81D7-4871-B3C0-B9C7D1F81A4A} - \GoogleUpdateTaskUserS-1-5-21-2644494735-1459529413-616944993-1002UA -> No File <==== ATTENTION
Task: {7C338EFF-6C73-4A7B-B583-BBF3D28CD572} - \GoogleUpdateTaskUserS-1-5-21-2644494735-1459529413-616944993-1002Core -> No File <==== ATTENTION
Task: {84B0231A-0303-4E8F-A368-D998D0E22CEB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9F90EBCF-2257-4207-AC3D-658A620268CD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {9FBCE60F-52E8-4CB9-BAB4-BF3BDF201223} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C57B767E-C5F0-4F4D-BB4B-C3947EB7AC72} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D0DA6729-641C-493C-8A04-70AF41DEA016} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F25502A1-C647-4BDF-BC9E-22562457838F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2644494735-1459529413-616944993-1002.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[eriduan]

mno ako JAVA developer a android dev by som si mal nechat java updaty aktivne. ale ak to Radite ze mam odstranit tak som tam v tom fixliste ponechal aj
Java Update\jusched.exe

ale co je toto:
GWX
to fakt netusim

log prikladam

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-11-2016
Ran by Lenovo (27-11-2016 02:04:52) Run:1
Running from C:\Users\Lenovo\Desktop
Loaded Profiles: Lenovo (Available Profiles: Lenovo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-2644494735-1459529413-616944993-1002\...\MountPoints2: {6fdcc620-a176-11e6-bf5d-28d2442959aa} - "D:\Lenovo_Suite.exe"
SearchScopes: HKU\S-1-5-21-2644494735-1459529413-616944993-1002 -> DefaultScope {3637FA6A-3C99-405F-A237-33AB32C28781} URL =
SearchScopes: HKU\S-1-5-21-2644494735-1459529413-616944993-1002 -> {3637FA6A-3C99-405F-A237-33AB32C28781} URL =
Toolbar: HKU\S-1-5-21-2644494735-1459529413-616944993-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
C:\WINDOWS\system32\ApnDatabase.xml
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\ProgramData\DP45977C.lfl
Task: {07D28A08-9035-41A5-A768-39D48D6F6339} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {1F677127-BED4-45B0-996B-001620D12BEA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {21BAB42C-776C-4E24-8576-AED13906EDCC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2F801D19-D281-4A3C-85A7-248EC53D9632} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3EB7B7AE-D5BF-4A5D-875B-EDB7A80F5599} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4B7D8498-9BC2-4911-8094-37E589372B29} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {52B141A7-9F39-422A-9D3E-C84E3C7FA082} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {7AABF681-81D7-4871-B3C0-B9C7D1F81A4A} - \GoogleUpdateTaskUserS-1-5-21-2644494735-1459529413-616944993-1002UA -> No File <==== ATTENTION
Task: {7C338EFF-6C73-4A7B-B583-BBF3D28CD572} - \GoogleUpdateTaskUserS-1-5-21-2644494735-1459529413-616944993-1002Core -> No File <==== ATTENTION
Task: {84B0231A-0303-4E8F-A368-D998D0E22CEB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9F90EBCF-2257-4207-AC3D-658A620268CD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {9FBCE60F-52E8-4CB9-BAB4-BF3BDF201223} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C57B767E-C5F0-4F4D-BB4B-C3947EB7AC72} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D0DA6729-641C-493C-8A04-70AF41DEA016} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F25502A1-C647-4BDF-BC9E-22562457838F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2644494735-1459529413-616944993-1002.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
"HKU\S-1-5-21-2644494735-1459529413-616944993-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fdcc620-a176-11e6-bf5d-28d2442959aa}" => key removed successfully
HKCR\CLSID\{6fdcc620-a176-11e6-bf5d-28d2442959aa} => key not found.
HKU\S-1-5-21-2644494735-1459529413-616944993-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2644494735-1459529413-616944993-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3637FA6A-3C99-405F-A237-33AB32C28781}" => key removed successfully
HKCR\CLSID\{3637FA6A-3C99-405F-A237-33AB32C28781} => key not found.
HKU\S-1-5-21-2644494735-1459529413-616944993-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => key removed successfully
C:\WINDOWS\system32\ApnDatabase.xml => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
Could not move "C:\ProgramData\DP45977C.lfl" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07D28A08-9035-41A5-A768-39D48D6F6339}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07D28A08-9035-41A5-A768-39D48D6F6339}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1F677127-BED4-45B0-996B-001620D12BEA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F677127-BED4-45B0-996B-001620D12BEA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{21BAB42C-776C-4E24-8576-AED13906EDCC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21BAB42C-776C-4E24-8576-AED13906EDCC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F801D19-D281-4A3C-85A7-248EC53D9632}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F801D19-D281-4A3C-85A7-248EC53D9632}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EB7B7AE-D5BF-4A5D-875B-EDB7A80F5599}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EB7B7AE-D5BF-4A5D-875B-EDB7A80F5599}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B7D8498-9BC2-4911-8094-37E589372B29}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B7D8498-9BC2-4911-8094-37E589372B29}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52B141A7-9F39-422A-9D3E-C84E3C7FA082}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52B141A7-9F39-422A-9D3E-C84E3C7FA082}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7AABF681-81D7-4871-B3C0-B9C7D1F81A4A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AABF681-81D7-4871-B3C0-B9C7D1F81A4A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-2644494735-1459529413-616944993-1002UA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C338EFF-6C73-4A7B-B583-BBF3D28CD572}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C338EFF-6C73-4A7B-B583-BBF3D28CD572}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-2644494735-1459529413-616944993-1002Core" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84B0231A-0303-4E8F-A368-D998D0E22CEB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84B0231A-0303-4E8F-A368-D998D0E22CEB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F90EBCF-2257-4207-AC3D-658A620268CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F90EBCF-2257-4207-AC3D-658A620268CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FBCE60F-52E8-4CB9-BAB4-BF3BDF201223}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FBCE60F-52E8-4CB9-BAB4-BF3BDF201223}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C57B767E-C5F0-4F4D-BB4B-C3947EB7AC72}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C57B767E-C5F0-4F4D-BB4B-C3947EB7AC72}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0DA6729-641C-493C-8A04-70AF41DEA016}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0DA6729-641C-493C-8A04-70AF41DEA016}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F25502A1-C647-4BDF-BC9E-22562457838F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F25502A1-C647-4BDF-BC9E-22562457838F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\update-S-1-5-21-2644494735-1459529413-616944993-1002.job => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 1657908 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 62746758 B
Java, Flash, Steam htmlcache => 588133448 B
Windows/system/drivers => 55551874 B
Edge => 391387 B
Chrome => 287090247 B
Firefox => 397096598 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Lenovo => 4207684 B

RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 27-11-2016 02:06:34)

"C:\ProgramData\DP45977C.lfl" => Could not move

==== End of Fixlog 02:06:34 ====