Dobrý den,
mám problém s pop up po spuštění notebooku. Včera jsem (ikdyž jsem věděl, že tam bude pravděpodobně vir) spustil .exe soubor, který obsahoval heslo k .rar souboru. ESET zablokoval 4 hrozby, tak jsem si myslel, že vše je OK. Dneska při spuštění PC vyskočila hláška od Windows Script Host, že je chybný soubor que.vbs. Tak jsem najel do C:WINDOWS a que.vbs jsem vymazal. Teď na mě po spuštění vyskočí hláška, že Windows Scrip Host nemůže najít que.vbs. Děkuji za radu, jak se toho zbavit
RSIT log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by ondre_000 at 2018-03-30 11:35:07
Microsoft Windows 10 Home
System drive C: has 13 GB (3%) free of 455 GB
Total RAM: 8075 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:35:12 AM, on 2018-03-30
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.16299.0015)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Users\ondre_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\ondre_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Other\Programy\Winamp\winamp.exe
C:\Program Files\trend micro\ondre_000.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/?pc=ASJB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O4 - HKCU\..\Run: [OneDrive] "C:\Users\ondre_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Spotify Web Helper] C:\Users\ondre_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @oem8.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Unknown owner - C:\WINDOWS\system32\DptfParticipantProcessorService.exe (file missing)
O23 - Service: @oem8.inf,%WIN32_DPTF_POLICY_CONFIGTDP_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application (DptfPolicyConfigTDPService) - Unknown owner - C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe (file missing)
O23 - Service: @oem8.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Low Power Mode Service Application (DptfPolicyLpmService) - Unknown owner - C:\WINDOWS\system32\DptfPolicyLpmService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Other\Programy\ESET\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem12.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
--
End of file - 9230 bytes
======Listing Processes======
C:\WINDOWS\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-edca6ee8-beb9-4bce-89c1-03a1f90db24a -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-738b104a-f18a-43c9-9d41-79059232a6eb -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-dfff2b0b-8bfe-4d5f-992e-892094031540 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-c766533b-a634-4b5c-9f61-255d447639cc -LifetimeId:2cc361a9-d9e3-4f49-8c06-c7a80e36edca -DeviceGroupId:WudfDefaultDevicePool
"fontdrvhost.exe"
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
winlogon.exe
"fontdrvhost.exe"
"dwm.exe"
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k localservice -p -s SEMgrSvc
C:\Other\Programy\ESET\ekrn.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservice -p -s nsi
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SensrSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SensorService
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\system32\AUDIODG.EXE 0x3ec
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
c:\windows\system32\svchost.exe -k netsvcs -s CertPropSvc
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\DptfParticipantProcessorService.exe
C:\WINDOWS\system32\ibtsiva
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
C:\WINDOWS\system32\DptfPolicyLpmService.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts
c:\windows\system32\svchost.exe -k netsvcs -p -s Browser
"C:\Other\Programy\ESET\egui.exe" /hide
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
"C:\Other\Programy\Core Temp\Core Temp.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
"C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
C:\WINDOWS\Explorer.EXE
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
"ctfmon.exe"
/QuitInfo:0000000000000198;0000000000000168;
/loadhooks /Parent:0000000000001c68
igfxEM.exe
igfxHK.exe
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_Manager.exe"
"C:\Users\ondre_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Users\ondre_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe" --autostart
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s WdiSystemHost
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe"
"C:\Other\Programy\Winamp\winamp.exe"
c:\windows\system32\svchost.exe -k unistacksvcgroup
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\ondre_000\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\ondre_000\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\ondre_000\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=65.0.3325.181 --initial-client-data=0x1ec,0x1f0,0x1f4,0x1e8,0x1f8,0x7ff905a9f1e8,0x7ff905a9f1f8,0x7ff905a9f208
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=7384 --on-initialized-event-handle=696 --parent-handle=700 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1504,6588498298531293678,1787017783052514933,131072 --gpu-preferences=KAAAAAAAAAAABwAAAQAAAAAAAAAAAGAAAQAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --gpu-vendor-id=0x8086 --gpu-device-id=0x0a16 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=20.19.15.4549 --gpu-driver-date=11-10-2016 --service-request-channel-token=E7596BC6F0937CBD0E2CE1496E41C967 --mojo-platform-channel-handle=1520 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1504,6588498298531293678,1787017783052514933,131072 --service-pipe-token=15E6EC085DA755117A87D82C4F08D340 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.5 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=15E6EC085DA755117A87D82C4F08D340 --renderer-client-id=3 --mojo-platform-channel-handle=3232 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1504,6588498298531293678,1787017783052514933,131072 --service-pipe-token=EB353C3E373F080680796F2766A44715 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.5 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=EB353C3E373F080680796F2766A44715 --renderer-client-id=4 --mojo-platform-channel-handle=3388 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1504,6588498298531293678,1787017783052514933,131072 --service-pipe-token=62F14B05554B0411098AB8D6A5F869BA --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.5 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=62F14B05554B0411098AB8D6A5F869BA --renderer-client-id=9 --mojo-platform-channel-handle=5680 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1504,6588498298531293678,1787017783052514933,131072 --service-pipe-token=6C0A408FA2851BF9EA5DB40473FEA5FE --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.5 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=6C0A408FA2851BF9EA5DB40473FEA5FE --renderer-client-id=13 --mojo-platform-channel-handle=6324 /prefetch:1
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s gpsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1504,6588498298531293678,1787017783052514933,131072 --service-pipe-token=68A77CF766540845188885784AE95CEC --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.5 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=68A77CF766540845188885784AE95CEC --renderer-client-id=21 --mojo-platform-channel-handle=7960 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1504,6588498298531293678,1787017783052514933,131072 --service-pipe-token=34657515696F8A492B212FF56B8661B3 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.5 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=34657515696F8A492B212FF56B8661B3 --renderer-client-id=23 --mojo-platform-channel-handle=7412 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1504,6588498298531293678,1787017783052514933,131072 --service-pipe-token=DC6E6A7CE59B604F8171DA67352E356D --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.5 --num-raster-threads=2 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=DC6E6A7CE59B604F8171DA67352E356D --renderer-client-id=24 --mojo-platform-channel-handle=8580 /prefetch:1
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 740 744 752 8192 748
C:\Windows\System32\smartscreen.exe -Embedding
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
"C:\Users\ondre_000\Desktop\RSITx64.exe"
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k Camera -s FrameServer
C:\WINDOWS\servicing\TrustedInstaller.exe
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1d090054a2fdb75.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1d0bf5e42fd90c3.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1d0e0f610f88c80.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-03-22 229040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-03-22 2353944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2017-09-29 630168]
"ASUS HDD Protection Tray Application"=C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_Manager.exe [2013-12-04 54272]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-28 558496]
"DptfPolicyLpmServiceHelper"=C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [2013-10-18 114048]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\ondre_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2018-03-09 1559200]
"Spotify Web Helper"=C:\Users\ondre_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017-08-15 1580144]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2018-03-06 17074688]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"ConsentPromptBehaviorAdmin"=0
"PromptOnSecureDesktop"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2018-03-30 11:35:07 ----D---- C:\rsit
2018-03-30 11:35:07 ----D---- C:\Program Files\trend micro
2018-03-30 11:25:12 ----A---- C:\DelFix.txt
2018-03-30 11:21:04 ----HD---- C:\OneDriveTemp
2018-03-30 10:39:00 ----D---- C:\Program Files\CCleaner
2018-03-29 22:17:55 ----A---- C:\WINDOWS\winscrpt.bat
2018-03-17 00:21:43 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2018-03-14 11:15:38 ----A---- C:\WINDOWS\system32\dusmsvc.dll
2018-03-14 11:15:37 ----A---- C:\WINDOWS\system32\HologramCompositor.dll
2018-03-14 11:15:37 ----A---- C:\WINDOWS\system32\diagtrack.dll
2018-03-14 11:15:34 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2018-03-14 11:15:34 ----A---- C:\WINDOWS\SYSWOW64\AcSpecfc.dll
2018-03-14 11:15:34 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-03-14 11:15:34 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-14 11:15:33 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2018-03-14 11:15:33 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2018-03-14 11:15:32 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-14 11:15:32 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2018-03-14 11:15:32 ----A---- C:\WINDOWS\SYSWOW64\ieproxy.dll
2018-03-14 11:15:32 ----A---- C:\WINDOWS\SYSWOW64\actxprxy.dll
2018-03-14 11:15:32 ----A---- C:\WINDOWS\SYSWOW64\AcGenral.dll
2018-03-14 11:15:32 ----A---- C:\WINDOWS\system32\PCShellCommonProxyStub.dll
2018-03-14 11:15:31 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2018-03-14 11:15:30 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2018-03-14 11:15:30 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2018-03-14 11:15:29 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2018-03-14 11:15:29 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2018-03-14 11:15:29 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2018-03-14 11:15:29 ----A---- C:\WINDOWS\system32\drivers\USBXHCI.SYS
2018-03-14 11:15:29 ----A---- C:\WINDOWS\system32\drivers\dumpsd.sys
2018-03-14 11:15:29 ----A---- C:\WINDOWS\system32\actxprxy.dll
2018-03-14 11:15:28 ----A---- C:\WINDOWS\SYSWOW64\winhttp.dll
2018-03-14 11:15:28 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2018-03-14 11:15:28 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2018-03-14 11:15:28 ----A---- C:\WINDOWS\SYSWOW64\evr.dll
2018-03-14 11:15:28 ----A---- C:\WINDOWS\SYSWOW64\dnsapi.dll
2018-03-14 11:15:28 ----A---- C:\WINDOWS\system32\wuuhosdeployment.dll
2018-03-14 11:15:28 ----A---- C:\WINDOWS\system32\ieproxy.dll
2018-03-14 11:15:28 ----A---- C:\WINDOWS\system32\drivers\volmgr.sys
2018-03-14 11:15:28 ----A---- C:\WINDOWS\system32\drivers\storahci.sys
2018-03-14 11:15:28 ----A---- C:\WINDOWS\system32\audiosrv.dll
2018-03-14 11:15:28 ----A---- C:\WINDOWS\system32\AcSpecfc.dll
2018-03-14 11:15:27 ----A---- C:\WINDOWS\system32\ntdll.dll
2018-03-14 11:15:27 ----A---- C:\WINDOWS\system32\hal.dll
2018-03-14 11:15:27 ----A---- C:\WINDOWS\system32\drivers\USBHUB3.SYS
2018-03-14 11:15:27 ----A---- C:\WINDOWS\system32\drivers\sdbus.sys
2018-03-14 11:15:27 ----A---- C:\WINDOWS\system32\drivers\partmgr.sys
2018-03-14 11:15:27 ----A---- C:\WINDOWS\system32\drivers\ks.sys
2018-03-14 11:15:27 ----A---- C:\WINDOWS\system32\drivers\fltMgr.sys
2018-03-14 11:15:27 ----A---- C:\WINDOWS\system32\drivers\clfs.sys
2018-03-14 11:15:27 ----A---- C:\WINDOWS\system32\drivers\BasicRender.sys
2018-03-14 11:15:26 ----A---- C:\WINDOWS\system32\drivers\storufs.sys
2018-03-14 11:15:26 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2018-03-14 11:15:24 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2018-03-14 11:15:24 ----A---- C:\WINDOWS\system32\jscript9.dll
2018-03-14 11:15:24 ----A---- C:\WINDOWS\system32\drivers\wcifs.sys
2018-03-14 11:15:24 ----A---- C:\WINDOWS\system32\drivers\rdbss.sys
2018-03-14 11:15:24 ----A---- C:\WINDOWS\system32\drivers\hvsocket.sys
2018-03-14 11:15:23 ----A---- C:\WINDOWS\SYSWOW64\mfsvr.dll
2018-03-14 11:15:23 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2018-03-14 11:15:23 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2018-03-14 11:15:23 ----A---- C:\WINDOWS\SYSWOW64\AudioEng.dll
2018-03-14 11:15:23 ----A---- C:\WINDOWS\system32\vbscript.dll
2018-03-14 11:15:23 ----A---- C:\WINDOWS\system32\evr.dll
2018-03-14 11:15:22 ----A---- C:\WINDOWS\SYSWOW64\FSClient.dll
2018-03-14 11:15:22 ----A---- C:\WINDOWS\SYSWOW64\d3d10warp.dll
2018-03-14 11:15:22 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2018-03-14 11:15:22 ----A---- C:\WINDOWS\system32\wuuhext.dll
2018-03-14 11:15:22 ----A---- C:\WINDOWS\system32\samsrv.dll
2018-03-14 11:15:22 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-03-14 11:15:22 ----A---- C:\WINDOWS\system32\audiodg.exe
2018-03-14 11:15:21 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2018-03-14 11:15:21 ----A---- C:\WINDOWS\SYSWOW64\FirewallAPI.dll
2018-03-14 11:15:21 ----A---- C:\WINDOWS\SYSWOW64\dwmcore.dll
2018-03-14 11:15:21 ----A---- C:\WINDOWS\system32\edgeIso.dll
2018-03-14 11:15:21 ----A---- C:\WINDOWS\system32\drivers\UcmUcsi.sys
2018-03-14 11:15:21 ----A---- C:\WINDOWS\system32\drivers\mrxsmb.sys
2018-03-14 11:15:21 ----A---- C:\WINDOWS\system32\d3d11.dll
2018-03-14 11:15:20 ----A---- C:\WINDOWS\system32\win32kbase.sys
2018-03-14 11:15:20 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2018-03-14 11:15:20 ----A---- C:\WINDOWS\system32\iertutil.dll
2018-03-14 11:15:20 ----A---- C:\WINDOWS\system32\dnsapi.dll
2018-03-14 11:15:19 ----A---- C:\WINDOWS\system32\win32kfull.sys
2018-03-14 11:15:19 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2018-03-14 11:15:19 ----A---- C:\WINDOWS\system32\AcGenral.dll
2018-03-14 11:15:18 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2018-03-14 11:15:18 ----A---- C:\WINDOWS\system32\jscript.dll
2018-03-14 11:15:18 ----A---- C:\WINDOWS\system32\ieframe.dll
2018-03-14 11:15:18 ----A---- C:\WINDOWS\system32\Chakra.dll
2018-03-14 11:15:17 ----A---- C:\WINDOWS\SYSWOW64\wmp.dll
2018-03-14 11:15:17 ----A---- C:\WINDOWS\SYSWOW64\winmde.dll
2018-03-14 11:15:17 ----A---- C:\WINDOWS\system32\hvax64.exe
2018-03-14 11:15:17 ----A---- C:\WINDOWS\system32\drivers\netvsc.sys
2018-03-14 11:15:17 ----A---- C:\WINDOWS\system32\AudioEng.dll
2018-03-14 11:15:16 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2018-03-14 11:15:16 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2018-03-14 11:15:16 ----A---- C:\WINDOWS\SYSWOW64\mfplat.dll
2018-03-14 11:15:16 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2018-03-14 11:15:16 ----A---- C:\WINDOWS\system32\WpAXHolder.dll
2018-03-14 11:15:16 ----A---- C:\WINDOWS\system32\mfsvr.dll
2018-03-14 11:15:15 ----A---- C:\WINDOWS\system32\drivers\spaceport.sys
2018-03-14 11:15:12 ----A---- C:\WINDOWS\system32\winhttp.dll
2018-03-14 11:15:12 ----A---- C:\WINDOWS\system32\lsasrv.dll
2018-03-14 11:15:11 ----A---- C:\WINDOWS\system32\wuaueng.dll
2018-03-14 11:15:11 ----A---- C:\WINDOWS\system32\drivers\storport.sys
2018-03-14 11:15:10 ----A---- C:\WINDOWS\system32\d3d10warp.dll
2018-03-14 11:15:10 ----A---- C:\WINDOWS\system32\AudioSes.dll
2018-03-14 11:15:09 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2018-03-14 11:15:09 ----A---- C:\WINDOWS\system32\bisrv.dll
2018-03-14 11:15:08 ----A---- C:\WINDOWS\system32\services.exe
2018-03-14 11:15:08 ----A---- C:\WINDOWS\system32\schedsvc.dll
2018-03-14 11:15:08 ----A---- C:\WINDOWS\system32\MPSSVC.dll
2018-03-14 11:15:08 ----A---- C:\WINDOWS\system32\FirewallAPI.dll
2018-03-14 11:15:08 ----A---- C:\WINDOWS\system32\dwmcore.dll
2018-03-14 11:15:08 ----A---- C:\WINDOWS\system32\drivers\ndis.sys
2018-03-14 11:15:08 ----A---- C:\WINDOWS\system32\drivers\bthport.sys
2018-03-14 11:15:08 ----A---- C:\WINDOWS\system32\AppxAllUserStore.dll
2018-03-14 11:15:07 ----A---- C:\WINDOWS\system32\wwansvc.dll
2018-03-14 11:15:07 ----A---- C:\WINDOWS\system32\wlansec.dll
2018-03-14 11:15:07 ----A---- C:\WINDOWS\system32\wininet.dll
2018-03-14 11:15:07 ----A---- C:\WINDOWS\system32\msIso.dll
2018-03-14 11:15:07 ----A---- C:\WINDOWS\system32\drivers\WdiWiFi.sys
2018-03-14 11:15:07 ----A---- C:\WINDOWS\system32\drivers\nwifi.sys
2018-03-14 11:15:07 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2018-03-14 11:15:05 ----A---- C:\WINDOWS\system32\mshtml.dll
2018-03-14 11:15:03 ----A---- C:\WINDOWS\system32\hvix64.exe
2018-03-14 11:15:03 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2018-03-14 11:15:02 ----A---- C:\WINDOWS\system32\wmp.dll
2018-03-14 11:15:02 ----A---- C:\WINDOWS\system32\winmde.dll
2018-03-14 11:15:02 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2018-03-14 11:15:01 ----A---- C:\WINDOWS\system32\msvproc.dll
2018-03-14 11:15:01 ----A---- C:\WINDOWS\system32\mfplat.dll
2018-03-14 11:15:01 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2018-03-14 11:15:01 ----A---- C:\WINDOWS\system32\mfcore.dll
2018-03-14 11:15:01 ----A---- C:\WINDOWS\system32\edgehtml.dll
2018-03-14 11:14:54 ----A---- C:\WINDOWS\system32\updatepolicy.dll
2018-03-14 11:14:54 ----A---- C:\WINDOWS\system32\CloudExperienceHost.dll
2018-03-14 11:14:53 ----A---- C:\WINDOWS\SYSWOW64\LockAppBroker.dll
2018-03-14 11:14:53 ----A---- C:\WINDOWS\SYSWOW64\ExplorerFrame.dll
2018-03-14 11:14:53 ----A---- C:\WINDOWS\SYSWOW64\comdlg32.dll
2018-03-14 11:14:53 ----A---- C:\WINDOWS\system32\twinui.pcshell.dll
2018-03-14 11:14:53 ----A---- C:\WINDOWS\system32\StartTileData.dll
2018-03-14 11:14:53 ----A---- C:\WINDOWS\system32\ISM.dll
2018-03-14 11:14:53 ----A---- C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-14 11:14:52 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Immersive.dll
2018-03-14 11:14:52 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2018-03-14 11:14:52 ----A---- C:\WINDOWS\SYSWOW64\sspicli.dll
2018-03-14 11:14:52 ----A---- C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-14 11:14:52 ----A---- C:\WINDOWS\system32\LockAppBroker.dll
2018-03-14 11:14:51 ----A---- C:\WINDOWS\SYSWOW64\explorer.exe
2018-03-14 11:14:51 ----A---- C:\WINDOWS\system32\windows.storage.dll
2018-03-14 11:14:51 ----A---- C:\WINDOWS\system32\ExplorerFrame.dll
2018-03-14 11:14:51 ----A---- C:\WINDOWS\system32\comdlg32.dll
2018-03-14 11:14:50 ----A---- C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-03-14 11:14:50 ----A---- C:\WINDOWS\system32\twinui.dll
2018-03-14 11:14:50 ----A---- C:\WINDOWS\system32\sspicli.dll
2018-03-14 11:14:50 ----A---- C:\WINDOWS\system32\sppsvc.exe
2018-03-14 11:14:50 ----A---- C:\WINDOWS\system32\LogonController.dll
2018-03-14 11:14:50 ----A---- C:\WINDOWS\explorer.exe
2018-03-14 11:14:49 ----A---- C:\WINDOWS\system32\shell32.dll
2018-03-14 11:14:48 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2018-03-14 11:14:48 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2018-03-14 11:14:33 ----A---- C:\WINDOWS\system32\usocore.dll
2018-03-14 11:14:33 ----A---- C:\WINDOWS\system32\usoapi.dll
2018-03-14 11:14:32 ----A---- C:\WINDOWS\system32\vac.exe
2018-03-14 11:14:13 ----A---- C:\WINDOWS\SYSWOW64\SRH.dll
2018-03-14 11:14:13 ----A---- C:\WINDOWS\system32\TileDataRepository.dll
2018-03-14 11:14:13 ----A---- C:\WINDOWS\system32\SRH.dll
2018-03-14 11:14:13 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-03-14 11:14:13 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-03-14 11:14:13 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-03-14 11:14:11 ----A---- C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-03-14 11:14:10 ----A---- C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-03-14 11:14:05 ----A---- C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-03-14 11:14:01 ----A---- C:\WINDOWS\system32\UpdateAgent.dll
2018-03-14 11:14:00 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2018-03-14 11:14:00 ----A---- C:\WINDOWS\SYSWOW64\d3d11.dll
2018-03-14 11:14:00 ----A---- C:\WINDOWS\system32\urlmon.dll
2018-03-14 11:13:59 ----A---- C:\WINDOWS\system32\wimserv.exe
2018-03-14 11:13:59 ----A---- C:\WINDOWS\system32\wimgapi.dll
2018-03-14 11:13:59 ----A---- C:\WINDOWS\system32\ResetEngine.dll
2018-03-14 11:13:59 ----A---- C:\WINDOWS\system32\reseteng.dll
2018-03-14 11:13:59 ----A---- C:\WINDOWS\system32\RecoveryDrive.exe
2018-03-14 11:13:57 ----A---- C:\WINDOWS\system32\generaltel.dll
2018-03-14 11:13:57 ----A---- C:\WINDOWS\system32\appraiser.dll
2018-03-14 11:13:57 ----A---- C:\WINDOWS\system32\aeinv.dll
2018-03-14 11:13:57 ----A---- C:\WINDOWS\system32\acmigration.dll
2018-03-14 11:13:54 ----A---- C:\WINDOWS\system32\rtmpltfm.dll
2018-03-14 11:13:53 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-14 11:13:53 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-03-14 11:13:52 ----A---- C:\WINDOWS\system32\mssrch.dll
2018-03-14 11:13:51 ----A---- C:\WINDOWS\system32\tquery.dll
2018-03-14 11:13:50 ----A---- C:\WINDOWS\system32\Windows.StateRepository.dll
2018-03-14 11:13:49 ----A---- C:\WINDOWS\SYSWOW64\InstallService.dll
2018-03-14 11:13:49 ----A---- C:\WINDOWS\system32\runexehelper.exe
2018-03-14 11:13:49 ----A---- C:\WINDOWS\system32\InstallService.dll
2018-03-14 11:13:48 ----A---- C:\WINDOWS\system32\xpsrchvw.exe
2018-03-14 11:13:48 ----A---- C:\WINDOWS\system32\sppobjs.dll
2018-03-14 11:13:46 ----A---- C:\WINDOWS\SYSWOW64\ucrtbase.dll
2018-03-14 11:13:44 ----A---- C:\WINDOWS\SYSWOW64\mssrch.dll
2018-03-14 11:13:43 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepository.dll
2018-03-14 11:13:43 ----A---- C:\WINDOWS\SYSWOW64\TileDataRepository.dll
2018-03-14 11:13:42 ----A---- C:\WINDOWS\SYSWOW64\tquery.dll
2018-03-14 11:13:42 ----A---- C:\WINDOWS\system32\mmcndmgr.dll
2018-03-14 11:13:41 ----A---- C:\WINDOWS\system32\fontdrvhost.exe
2018-03-14 11:13:41 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2018-03-14 11:13:40 ----A---- C:\WINDOWS\system32\ci.dll
2018-03-14 11:13:39 ----A---- C:\WINDOWS\SYSWOW64\xpsrchvw.exe
2018-03-14 11:13:39 ----A---- C:\WINDOWS\system32\ucrtbase.dll
2018-03-14 11:13:39 ----A---- C:\WINDOWS\system32\Spectrum.exe
2018-03-14 11:13:38 ----A---- C:\WINDOWS\SYSWOW64\wimgapi.dll
2018-03-14 11:13:38 ----A---- C:\WINDOWS\SYSWOW64\fontdrvhost.exe
2018-03-14 11:13:38 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2018-03-14 11:13:38 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2018-03-14 11:13:38 ----A---- C:\WINDOWS\system32\cdp.dll
2018-03-14 11:13:37 ----A---- C:\WINDOWS\SYSWOW64\usercpl.dll
2018-03-14 11:13:37 ----A---- C:\WINDOWS\SYSWOW64\updatepolicy.dll
2018-03-14 11:13:37 ----A---- C:\WINDOWS\system32\usercpl.dll
2018-03-14 11:13:37 ----A---- C:\WINDOWS\system32\drivers\srv2.sys
2018-03-14 11:13:36 ----A---- C:\WINDOWS\system32\provtool.exe
2018-03-14 11:13:36 ----A---- C:\WINDOWS\system32\provisioningcsp.dll
2018-03-14 11:13:36 ----A---- C:\WINDOWS\system32\provhandlers.dll
2018-03-14 11:13:36 ----A---- C:\WINDOWS\system32\provengine.dll
2018-03-14 11:13:36 ----A---- C:\WINDOWS\system32\InputService.dll
2018-03-14 11:13:35 ----A---- C:\WINDOWS\system32\wpncore.dll
2018-03-14 11:13:34 ----A---- C:\WINDOWS\SYSWOW64\mmcndmgr.dll
2018-03-14 11:13:34 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-03-14 11:13:34 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2018-03-14 11:13:33 ----A---- C:\WINDOWS\system32\Wpc.dll
2018-03-14 11:13:33 ----A---- C:\WINDOWS\system32\winload.exe
2018-03-14 11:13:32 ----A---- C:\WINDOWS\SYSWOW64\CloudExperienceHostCommon.dll
2018-03-14 11:13:32 ----A---- C:\WINDOWS\system32\mmc.exe
2018-03-14 11:13:32 ----A---- C:\WINDOWS\system32\devinv.dll
2018-03-14 11:13:32 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-14 11:13:32 ----A---- C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-03-14 11:13:31 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2018-03-14 11:13:31 ----A---- C:\WINDOWS\system32\TokenBroker.dll
2018-03-14 11:13:30 ----A---- C:\WINDOWS\system32\VSSVC.exe
2018-03-14 11:13:30 ----A---- C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-14 11:13:29 ----A---- C:\WINDOWS\SYSWOW64\Wpc.dll
2018-03-14 11:13:29 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2vdec.dll
2018-03-14 11:13:29 ----A---- C:\WINDOWS\system32\StateRepository.Core.dll
2018-03-14 11:13:29 ----A---- C:\WINDOWS\system32\D3D12.dll
2018-03-14 11:13:28 ----A---- C:\WINDOWS\SYSWOW64\StateRepository.Core.dll
2018-03-14 11:13:28 ----A---- C:\WINDOWS\SYSWOW64\InputService.dll
2018-03-14 11:13:28 ----A---- C:\WINDOWS\system32\modernexecserver.dll
2018-03-14 11:13:28 ----A---- C:\WINDOWS\system32\dbgeng.dll
2018-03-14 11:13:27 ----A---- C:\WINDOWS\SYSWOW64\rtmpltfm.dll
2018-03-14 11:13:27 ----A---- C:\WINDOWS\system32\MSVidCtl.dll
2018-03-14 11:13:26 ----A---- C:\WINDOWS\SYSWOW64\mmc.exe
2018-03-14 11:13:26 ----A---- C:\WINDOWS\system32\wevtsvc.dll
2018-03-14 11:13:25 ----A---- C:\WINDOWS\SYSWOW64\TokenBroker.dll
2018-03-14 11:13:25 ----A---- C:\WINDOWS\system32\wifinetworkmanager.dll
2018-03-14 11:13:25 ----A---- C:\WINDOWS\system32\rasapi32.dll
2018-03-14 11:13:25 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2018-03-14 11:13:24 ----A---- C:\WINDOWS\SYSWOW64\D3D12.dll
2018-03-14 11:13:24 ----A---- C:\WINDOWS\system32\wow64.dll
2018-03-14 11:13:24 ----A---- C:\WINDOWS\system32\UserDataService.dll
2018-03-14 11:13:24 ----A---- C:\WINDOWS\system32\sppwinob.dll
2018-03-14 11:13:23 ----A---- C:\WINDOWS\SYSWOW64\rasapi32.dll
2018-03-14 11:13:22 ----A---- C:\WINDOWS\system32\wlidsvc.dll
2018-03-14 11:13:22 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-03-14 11:13:21 ----A---- C:\WINDOWS\SYSWOW64\MSVP9DEC.dll
2018-03-14 11:13:21 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-03-14 11:13:21 ----A---- C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-03-14 11:13:21 ----A---- C:\WINDOWS\system32\FSClient.dll
2018-03-14 11:13:21 ----A---- C:\WINDOWS\system32\FntCache.dll
2018-03-14 11:13:21 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2018-03-14 11:13:20 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Search.dll
2018-03-14 11:13:20 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.Web.Core.dll
2018-03-14 11:13:20 ----A---- C:\WINDOWS\system32\winlogon.exe
2018-03-14 11:13:20 ----A---- C:\WINDOWS\system32\rtmpal.dll
2018-03-14 11:13:20 ----A---- C:\WINDOWS\system32\MusNotification.exe
2018-03-14 11:13:20 ----A---- C:\WINDOWS\system32\mf.dll
2018-03-14 11:13:20 ----A---- C:\WINDOWS\system32\efscore.dll
2018-03-14 11:13:20 ----A---- C:\WINDOWS\system32\browserbroker.dll
2018-03-14 11:13:19 ----A---- C:\WINDOWS\SYSWOW64\vssapi.dll
2018-03-14 11:13:19 ----A---- C:\WINDOWS\system32\Windows.UI.Search.dll
2018-03-14 11:13:19 ----A---- C:\WINDOWS\system32\MSVP9DEC.dll
2018-03-14 11:13:19 ----A---- C:\WINDOWS\system32\lsm.dll
2018-03-14 11:13:18 ----A---- C:\WINDOWS\SYSWOW64\Taskmgr.exe
2018-03-14 11:13:18 ----A---- C:\WINDOWS\SYSWOW64\StructuredQuery.dll
2018-03-14 11:13:18 ----A---- C:\WINDOWS\SYSWOW64\AppxAllUserStore.dll
2018-03-14 11:13:18 ----A---- C:\WINDOWS\system32\uDWM.dll
2018-03-14 11:13:18 ----A---- C:\WINDOWS\system32\StructuredQuery.dll
2018-03-14 11:13:18 ----A---- C:\WINDOWS\system32\drivers\http.sys
2018-03-14 11:13:16 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2018-03-14 11:13:16 ----A---- C:\WINDOWS\system32\wuauclt.exe
2018-03-14 11:13:16 ----A---- C:\WINDOWS\system32\Taskmgr.exe
2018-03-14 11:13:16 ----A---- C:\WINDOWS\system32\FrameServer.dll
2018-03-14 11:13:16 ----A---- C:\WINDOWS\system32\ClipSVC.dll
2018-03-14 11:13:15 ----A---- C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-14 11:13:15 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2018-03-14 11:13:15 ----A---- C:\WINDOWS\system32\dcntel.dll
2018-03-14 11:13:15 ----A---- C:\WINDOWS\system32\aepic.dll
2018-03-14 11:13:14 ----A---- C:\WINDOWS\system32\SEMgrSvc.dll
2018-03-14 11:13:12 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-03-14 11:13:12 ----A---- C:\WINDOWS\SYSWOW64\rasdlg.dll
2018-03-14 11:13:12 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2018-03-14 11:13:12 ----A---- C:\WINDOWS\system32\rasdlg.dll
2018-03-14 11:13:12 ----A---- C:\WINDOWS\system32\invagent.dll
2018-03-14 11:13:12 ----A---- C:\WINDOWS\system32\drivers\fvevol.sys
2018-03-14 11:13:11 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-03-14 11:13:11 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2018-03-14 11:13:11 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2018-03-14 11:13:11 ----A---- C:\WINDOWS\system32\SearchIndexer.exe
2018-03-14 11:13:11 ----A---- C:\WINDOWS\system32\rtmcodecs.dll
2018-03-14 11:13:11 ----A---- C:\WINDOWS\system32\ole32.dll
2018-03-14 11:13:11 ----A---- C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-03-14 11:13:10 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Core.TextInput.dll
2018-03-14 11:13:10 ----A---- C:\WINDOWS\SYSWOW64\setupapi.dll
2018-03-14 11:13:10 ----A---- C:\WINDOWS\SYSWOW64\aepic.dll
2018-03-14 11:13:10 ----A---- C:\WINDOWS\system32\WpcMon.exe
2018-03-14 11:13:10 ----A---- C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-03-14 11:13:10 ----A---- C:\WINDOWS\system32\wbiosrvc.dll
2018-03-14 11:13:09 ----A---- C:\WINDOWS\system32\usermgr.dll
2018-03-14 11:13:09 ----A---- C:\WINDOWS\system32\ncsi.dll
2018-03-14 11:13:09 ----A---- C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-14 11:13:09 ----A---- C:\WINDOWS\system32\localspl.dll
2018-03-14 11:13:08 ----A---- C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-03-14 11:13:07 ----A---- C:\WINDOWS\SYSWOW64\dbgeng.dll
2018-03-14 11:13:05 ----A---- C:\WINDOWS\system32\rdpserverbase.dll
2018-03-14 11:13:04 ----A---- C:\WINDOWS\SYSWOW64\SearchIndexer.exe
2018-03-14 11:13:04 ----A---- C:\WINDOWS\SYSWOW64\efswrt.dll
2018-03-14 11:13:04 ----A---- C:\WINDOWS\SYSWOW64\AppXDeploymentClient.dll
2018-03-14 11:13:04 ----A---- C:\WINDOWS\system32\webio.dll
2018-03-14 11:13:04 ----A---- C:\WINDOWS\system32\srcore.dll
2018-03-14 11:13:04 ----A---- C:\WINDOWS\system32\mssvp.dll
2018-03-14 11:13:04 ----A---- C:\WINDOWS\system32\KernelBase.dll
2018-03-14 11:13:04 ----A---- C:\WINDOWS\system32\gameux.dll
2018-03-14 11:13:04 ----A---- C:\WINDOWS\system32\authui.dll
2018-03-14 11:13:03 ----A---- C:\WINDOWS\system32\Unistore.dll
2018-03-14 11:13:03 ----A---- C:\WINDOWS\system32\sysmain.dll
2018-03-14 11:13:03 ----A---- C:\WINDOWS\system32\ieui.dll
2018-03-14 11:13:03 ----A---- C:\WINDOWS\system32\drivers\cldflt.sys
2018-03-14 11:13:03 ----A---- C:\WINDOWS\system32\CPFilters.dll
2018-03-14 11:13:03 ----A---- C:\WINDOWS\system32\atmfd.dll
2018-03-14 11:13:02 ----A---- C:\WINDOWS\system32\wlansvc.dll
2018-03-14 11:13:02 ----A---- C:\WINDOWS\system32\rasmans.dll
2018-03-14 11:13:02 ----A---- C:\WINDOWS\system32\inetcomm.dll
2018-03-14 11:13:01 ----A---- C:\WINDOWS\SYSWOW64\webio.dll
2018-03-14 11:13:01 ----A---- C:\WINDOWS\SYSWOW64\gameux.dll
2018-03-14 11:13:01 ----A---- C:\WINDOWS\system32\SettingSync.dll
2018-03-14 11:13:01 ----A---- C:\WINDOWS\system32\pcasvc.dll
2018-03-14 11:13:01 ----A---- C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2018-03-14 11:13:01 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-14 11:13:01 ----A---- C:\WINDOWS\system32\drivers\bam.sys
2018-03-14 11:13:00 ----A---- C:\WINDOWS\SYSWOW64\policymanager.dll
2018-03-14 11:13:00 ----A---- C:\WINDOWS\SYSWOW64\CPFilters.dll
2018-03-14 11:13:00 ----A---- C:\WINDOWS\SYSWOW64\authui.dll
2018-03-14 11:13:00 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-03-14 11:13:00 ----A---- C:\WINDOWS\system32\shutdownux.dll
2018-03-14 11:13:00 ----A---- C:\WINDOWS\system32\nlasvc.dll
2018-03-14 11:13:00 ----A---- C:\WINDOWS\system32\NetSetupSvc.dll
2018-03-14 11:13:00 ----A---- C:\WINDOWS\system32\efswrt.dll
2018-03-14 11:13:00 ----A---- C:\WINDOWS\system32\aitstatic.exe
2018-03-14 11:12:59 ----A---- C:\WINDOWS\SYSWOW64\SyncCenter.dll
2018-03-14 11:12:59 ----A---- C:\WINDOWS\SYSWOW64\atmfd.dll
2018-03-14 11:12:59 ----A---- C:\WINDOWS\system32\wifitask.exe
2018-03-14 11:12:59 ----A---- C:\WINDOWS\system32\drivers\netio.sys
2018-03-14 11:12:58 ----A---- C:\WINDOWS\system32\Magnify.exe
2018-03-14 11:12:57 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryPS.dll
2018-03-14 11:12:57 ----A---- C:\WINDOWS\SYSWOW64\netlogon.dll
2018-03-14 11:12:57 ----A---- C:\WINDOWS\SYSWOW64\EditionUpgradeManagerObj.dll
2018-03-14 11:12:57 ----A---- C:\WINDOWS\system32\StorSvc.dll
2018-03-14 11:12:57 ----A---- C:\WINDOWS\system32\msvcp_win.dll
2018-03-14 11:12:57 ----A---- C:\WINDOWS\system32\msfeeds.dll
2018-03-14 11:12:57 ----A---- C:\WINDOWS\system32\EncDec.dll
2018-03-14 11:12:57 ----A---- C:\WINDOWS\system32\daxexec.dll
2018-03-14 11:12:57 ----A---- C:\WINDOWS\system32\bcastdvr.exe
2018-03-14 11:12:56 ----A---- C:\WINDOWS\SYSWOW64\usoapi.dll
2018-03-14 11:12:56 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2018-03-14 11:12:56 ----A---- C:\WINDOWS\SYSWOW64\AppLockerCSP.dll
2018-03-14 11:12:56 ----A---- C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-03-14 11:12:56 ----A---- C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2018-03-14 11:12:56 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2018-03-14 11:12:56 ----A---- C:\WINDOWS\system32\rasgcw.dll
2018-03-14 11:12:56 ----A---- C:\WINDOWS\system32\AppLockerCSP.dll
2018-03-14 11:12:54 ----A---- C:\WINDOWS\SYSWOW64\WMVXENCD.DLL
2018-03-14 11:12:54 ----A---- C:\WINDOWS\SYSWOW64\twinapi.dll
2018-03-14 11:12:54 ----A---- C:\WINDOWS\SYSWOW64\LicensingWinRT.dll
2018-03-14 11:12:54 ----A---- C:\WINDOWS\system32\netlogon.dll
2018-03-14 11:12:54 ----A---- C:\WINDOWS\system32\mspaint.exe
2018-03-14 11:12:53 ----A---- C:\WINDOWS\SYSWOW64\UserLanguagesCpl.dll
2018-03-14 11:12:53 ----A---- C:\WINDOWS\SYSWOW64\rasgcw.dll
2018-03-14 11:12:53 ----A---- C:\WINDOWS\SYSWOW64\mssvp.dll
2018-03-14 11:12:53 ----A---- C:\WINDOWS\SYSWOW64\mf.dll
2018-03-14 11:12:53 ----A---- C:\WINDOWS\system32\setupapi.dll
2018-03-14 11:12:53 ----A---- C:\WINDOWS\system32\securekernel.exe
2018-03-14 11:12:53 ----A---- C:\WINDOWS\system32\msi.dll
2018-03-14 11:12:53 ----A---- C:\WINDOWS\system32\LicensingWinRT.dll
2018-03-14 11:12:53 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2018-03-14 11:12:53 ----A---- C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-03-14 11:12:53 ----A---- C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-03-14 11:12:53 ----A---- C:\WINDOWS\system32\drivers\afd.sys
2018-03-14 11:12:52 ----A---- C:\WINDOWS\SYSWOW64\WebClnt.dll
2018-03-14 11:12:52 ----A---- C:\WINDOWS\SYSWOW64\SettingSync.dll
2018-03-14 11:12:52 ----A---- C:\WINDOWS\system32\winresume.exe
2018-03-14 11:12:52 ----A---- C:\WINDOWS\system32\vssapi.dll
2018-03-14 11:12:52 ----A---- C:\WINDOWS\system32\systemreset.exe
2018-03-14 11:12:51 ----A---- C:\WINDOWS\SYSWOW64\rtmpal.dll
2018-03-14 11:12:51 ----A---- C:\WINDOWS\SYSWOW64\MSVidCtl.dll
2018-03-14 11:12:51 ----A---- C:\WINDOWS\SYSWOW64\Magnify.exe
2018-03-14 11:12:50 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-03-14 11:12:50 ----A---- C:\WINDOWS\system32\Windows.Payments.dll
2018-03-14 11:12:50 ----A---- C:\WINDOWS\system32\sud.dll
2018-03-14 11:12:50 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2018-03-14 11:12:50 ----A---- C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-03-14 11:12:49 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2018-03-14 11:12:49 ----A---- C:\WINDOWS\system32\WMVXENCD.DLL
2018-03-14 11:12:49 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2018-03-14 11:12:49 ----A---- C:\WINDOWS\system32\hgcpl.dll
2018-03-14 11:12:48 ----A---- C:\WINDOWS\SYSWOW64\mfsensorgroup.dll
2018-03-14 11:12:48 ----A---- C:\WINDOWS\SYSWOW64\AuthFWSnapin.dll
2018-03-14 11:12:48 ----A---- C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-03-14 11:12:48 ----A---- C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-14 11:12:48 ----A---- C:\WINDOWS\system32\APHostService.dll
2018-03-14 11:12:47 ----A---- C:\WINDOWS\SYSWOW64\sud.dll
2018-03-14 11:12:47 ----A---- C:\WINDOWS\system32\WebClnt.dll
2018-03-14 11:12:47 ----A---- C:\WINDOWS\system32\tetheringservice.dll
2018-03-14 11:12:47 ----A---- C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-03-14 11:12:47 ----A---- C:\WINDOWS\system32\policymanager.dll
2018-03-14 11:12:47 ----A---- C:\WINDOWS\system32\dxtrans.dll
2018-03-14 11:12:47 ----A---- C:\WINDOWS\system32\DbgModel.dll
2018-03-14 11:12:47 ----A---- C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-03-14 11:12:46 ----A---- C:\WINDOWS\system32\winbrand.dll
2018-03-14 11:12:45 ----A---- C:\WINDOWS\SYSWOW64\WMVSENCD.DLL
2018-03-14 11:12:45 ----A---- C:\WINDOWS\SYSWOW64\msvcp_win.dll
2018-03-14 11:12:45 ----A---- C:\WINDOWS\SYSWOW64\EncDec.dll
2018-03-14 11:12:45 ----A---- C:\WINDOWS\system32\SyncCenter.dll
2018-03-14 11:12:45 ----A---- C:\WINDOWS\system32\SCardSvr.dll
2018-03-14 11:12:45 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2018-03-14 11:12:45 ----A---- C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-14 11:12:45 ----A---- C:\WINDOWS\system32\cdpusersvc.dll
2018-03-14 11:12:45 ----A---- C:\WINDOWS\system32\advapi32.dll
2018-03-14 11:12:44 ----A---- C:\WINDOWS\SYSWOW64\winbrand.dll
2018-03-14 11:12:44 ----A---- C:\WINDOWS\SYSWOW64\ole32.dll
2018-03-14 11:12:44 ----A---- C:\WINDOWS\system32\rdpbase.dll
2018-03-14 11:12:44 ----A---- C:\WINDOWS\system32\edputil.dll
2018-03-14 11:12:44 ----A---- C:\WINDOWS\system32\aclui.dll
2018-03-14 11:12:43 ----A---- C:\WINDOWS\SYSWOW64\InputSwitch.dll
2018-03-14 11:12:43 ----A---- C:\WINDOWS\SYSWOW64\bcastdvr.exe
2018-03-14 11:12:43 ----A---- C:\WINDOWS\system32\stobject.dll
2018-03-14 11:12:42 ----A---- C:\WINDOWS\SYSWOW64\SearchProtocolHost.exe
2018-03-14 11:12:42 ----A---- C:\WINDOWS\SYSWOW64\ieui.dll
2018-03-14 11:12:42 ----A---- C:\WINDOWS\system32\WMVSENCD.DLL
2018-03-14 11:12:42 ----A---- C:\WINDOWS\system32\TSpkg.dll
2018-03-14 11:12:42 ----A---- C:\WINDOWS\system32\SettingsHandlers_User.dll
2018-03-14 11:12:42 ----A---- C:\WINDOWS\system32\p2psvc.dll
2018-03-14 11:12:42 ----A---- C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-14 11:12:42 ----A---- C:\WINDOWS\system32\drivers\wfplwfs.sys
2018-03-14 11:12:41 ----A---- C:\WINDOWS\SYSWOW64\rtmcodecs.dll
2018-03-14 11:12:41 ----A---- C:\WINDOWS\system32\ListSvc.dll
2018-03-14 11:12:41 ----A---- C:\WINDOWS\system32\drivers\raspptp.sys
2018-03-14 11:12:41 ----A---- C:\WINDOWS\system32\drivers\acpi.sys
2018-03-14 11:12:41 ----A---- C:\WINDOWS\system32\container.dll
2018-03-14 11:12:40 ----A---- C:\WINDOWS\SYSWOW64\TSpkg.dll
2018-03-14 11:12:40 ----A---- C:\WINDOWS\SYSWOW64\rastls.dll
2018-03-14 11:12:40 ----A---- C:\WINDOWS\SYSWOW64\edputil.dll
2018-03-14 11:12:40 ----A---- C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2018-03-14 11:12:40 ----A---- C:\WINDOWS\system32\drivers\winnat.sys
2018-03-14 11:12:39 ----A---- C:\WINDOWS\SYSWOW64\remoteaudioendpoint.dll
2018-03-14 11:12:39 ----A---- C:\WINDOWS\SYSWOW64\daxexec.dll
2018-03-14 11:12:39 ----A---- C:\WINDOWS\system32\NaturalAuth.dll
2018-03-14 11:12:39 ----A---- C:\WINDOWS\system32\mfsensorgroup.dll
2018-03-14 11:12:39 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2018-03-14 11:12:38 ----A---- C:\WINDOWS\SYSWOW64\wintrust.dll
2018-03-14 11:12:38 ----A---- C:\WINDOWS\system32\SyncController.dll
2018-03-14 11:12:38 ----A---- C:\WINDOWS\system32\pnrpsvc.dll
2018-03-14 11:12:35 ----A---- C:\WINDOWS\SYSWOW64\advapi32.dll
2018-03-14 11:12:34 ----A---- C:\WINDOWS\SYSWOW64\sppcomapi.dll
2018-03-14 11:12:34 ----A---- C:\WINDOWS\SYSWOW64\shsetup.dll
2018-03-14 11:12:34 ----A---- C:\WINDOWS\system32\msra.exe
2018-03-14 11:12:34 ----A---- C:\WINDOWS\system32\mfps.dll
2018-03-14 11:12:34 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2018-03-14 11:12:33 ----A---- C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-03-14 11:12:32 ----A---- C:\WINDOWS\system32\skci.dll
2018-03-14 11:12:31 ----A---- C:\WINDOWS\SYSWOW64\mfps.dll
2018-03-14 11:12:31 ----A---- C:\WINDOWS\system32\rascustom.dll
2018-03-14 11:12:31 ----A---- C:\WINDOWS\system32\P2P.dll
2018-03-14 11:12:31 ----A---- C:\WINDOWS\system32\FsIso.exe
2018-03-14 11:12:31 ----A---- C:\WINDOWS\system32\drivers\sdstor.sys
2018-03-14 11:12:30 ----A---- C:\WINDOWS\SYSWOW64\OneCoreCommonProxyStub.dll
2018-03-14 11:12:30 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2018-03-14 11:12:30 ----A---- C:\WINDOWS\SYSWOW64\CoreMessaging.dll
2018-03-14 11:12:30 ----A---- C:\WINDOWS\system32\shsetup.dll
2018-03-14 11:12:29 ----A---- C:\WINDOWS\SYSWOW64\Windows.Payments.dll
2018-03-14 11:12:29 ----A---- C:\WINDOWS\system32\wcncsvc.dll
2018-03-14 11:12:29 ----A---- C:\WINDOWS\system32\twinapi.dll
2018-03-14 11:12:29 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2018-03-14 11:12:28 ----A---- C:\WINDOWS\SYSWOW64\themeui.dll
2018-03-14 11:12:28 ----A---- C:\WINDOWS\SYSWOW64\rdpbase.dll
2018-03-14 11:12:28 ----A---- C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-14 11:12:28 ----A---- C:\WINDOWS\system32\rastls.dll
2018-03-14 11:12:27 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryClient.dll
2018-03-14 11:12:27 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2018-03-14 11:12:27 ----A---- C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-14 11:12:27 ----A---- C:\WINDOWS\system32\SearchProtocolHost.exe
2018-03-14 11:12:27 ----A---- C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-03-14 11:12:27 ----A---- C:\WINDOWS\system32\mmcbase.dll
2018-03-14 11:12:27 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2018-03-14 11:12:27 ----A---- C:\WINDOWS\system32\drivers\hidparse.sys
2018-03-14 11:12:27 ----A---- C:\WINDOWS\system32\drivers\fsdepends.sys
2018-03-14 11:12:27 ----A---- C:\WINDOWS\system32\DeviceReactivation.dll
2018-03-14 11:12:27 ----A---- C:\WINDOWS\system32\DeviceCensus.exe
2018-03-14 11:12:26 ----A---- C:\WINDOWS\system32\nshhttp.dll
2018-03-14 11:12:26 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2018-03-14 11:12:25 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryBroker.dll
2018-03-14 11:12:25 ----A---- C:\WINDOWS\SYSWOW64\rpcrt4.dll
2018-03-14 11:12:25 ----A---- C:\WINDOWS\SYSWOW64\MicrosoftAccountWAMExtension.dll
2018-03-14 11:12:25 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2018-03-14 11:12:25 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-03-14 11:12:25 ----A---- C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2018-03-14 11:12:25 ----A---- C:\WINDOWS\system32\wificonnapi.dll
2018-03-14 11:12:25 ----A---- C:\WINDOWS\system32\drivers\stornvme.sys
2018-03-14 11:12:24 ----A---- C:\WINDOWS\system32\wintrust.dll
2018-03-14 11:12:24 ----A---- C:\WINDOWS\system32\hvloader.dll
2018-03-14 11:12:23 ----A---- C:\WINDOWS\SYSWOW64\wldp.dll
2018-03-14 11:12:23 ----A---- C:\WINDOWS\SYSWOW64\MSVideoDSP.dll
2018-03-14 11:12:23 ----A---- C:\WINDOWS\system32\wldp.dll
2018-03-14 11:12:23 ----A---- C:\WINDOWS\system32\wcimage.dll
2018-03-14 11:12:23 ----A---- C:\WINDOWS\system32\updatecsp.dll
2018-03-14 11:12:23 ----A---- C:\WINDOWS\system32\SensorService.dll
2018-03-14 11:12:23 ----A---- C:\WINDOWS\system32\offlinesam.dll
2018-03-14 11:12:23 ----A---- C:\WINDOWS\system32\offlinelsa.dll
2018-03-14 11:12:23 ----A---- C:\WINDOWS\system32\drivers\msiscsi.sys
2018-03-14 11:12:23 ----A---- C:\WINDOWS\system32\davclnt.dll
2018-03-14 11:12:22 ----A---- C:\WINDOWS\SYSWOW64\Search.ProtocolHandler.MAPI2.dll
2018-03-14 11:12:22 ----A---- C:\WINDOWS\SYSWOW64\offlinesam.dll
2018-03-14 11:12:22 ----A---- C:\WINDOWS\SYSWOW64\DevicePairing.dll
2018-03-14 11:12:22 ----A---- C:\WINDOWS\system32\PhoneService.dll
2018-03-14 11:12:21 ----A---- C:\WINDOWS\SYSWOW64\offlinelsa.dll
2018-03-14 11:12:21 ----A---- C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-03-14 11:12:21 ----A---- C:\WINDOWS\system32\TextInputFramework.dll
2018-03-14 11:12:21 ----A---- C:\WINDOWS\system32\drivers\msrpc.sys
2018-03-14 11:12:20 ----A---- C:\WINDOWS\SYSWOW64\ortcengine.dll
2018-03-14 11:12:20 ----A---- C:\WINDOWS\system32\SharedPCCSP.dll
2018-03-14 11:12:20 ----A---- C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-14 11:12:20 ----A---- C:\WINDOWS\system32\ortcengine.dll
2018-03-14 11:12:19 ----A---- C:\WINDOWS\SYSWOW64\rtmmvrortc.dll
2018-03-14 11:12:19 ----A---- C:\WINDOWS\SYSWOW64\davclnt.dll
2018-03-14 11:12:19 ----A---- C:\WINDOWS\SYSWOW64\CloudNotifications.exe
2018-03-14 11:12:19 ----A---- C:\WINDOWS\SYSWOW64\AUDIOKSE.dll
2018-03-14 11:12:19 ----A---- C:\WINDOWS\system32\wow64cpu.dll
2018-03-14 11:12:19 ----A---- C:\WINDOWS\system32\rtmmvrortc.dll
2018-03-14 11:12:19 ----A---- C:\WINDOWS\system32\IdCtrls.dll
2018-03-14 11:12:19 ----A---- C:\WINDOWS\system32\drivers\tpm.sys
2018-03-14 11:12:18 ----A---- C:\WINDOWS\SYSWOW64\nshhttp.dll
2018-03-14 11:12:18 ----A---- C:\WINDOWS\SYSWOW64\DeviceReactivation.dll
2018-03-14 11:12:18 ----A---- C:\WINDOWS\system32\rdpudd.dll
2018-03-14 11:12:18 ----A---- C:\WINDOWS\system32\netplwiz.dll
2018-03-14 11:12:18 ----A---- C:\WINDOWS\system32\drivers\vmbus.sys
2018-03-14 11:12:18 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2018-03-14 11:12:18 ----A---- C:\WINDOWS\system32\drivers\ataport.sys
2018-03-14 11:12:18 ----A---- C:\WINDOWS\system32\DevicePairing.dll
2018-03-14 11:12:17 ----A---- C:\WINDOWS\SYSWOW64\PCShellCommonProxyStub.dll
2018-03-14 11:12:17 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2018-03-14 11:12:17 ----A---- C:\WINDOWS\SYSWOW64\dxtmsft.dll
2018-03-14 11:12:17 ----A---- C:\WINDOWS\system32\SCardDlg.dll
2018-03-14 11:12:17 ----A---- C:\WINDOWS\system32\drivers\netbt.sys
2018-03-14 11:12:17 ----A---- C:\WINDOWS\system32\drivers\mskssrv.sys
2018-03-14 11:12:16 ----A---- C:\WINDOWS\system32\webcheck.dll
2018-03-14 11:12:16 ----A---- C:\WINDOWS\system32\iumcrypt.dll
2018-03-14 11:12:15 ----A---- C:\WINDOWS\SYSWOW64\Windows.Storage.ApplicationData.dll
2018-03-14 11:12:15 ----A---- C:\WINDOWS\system32\zipfldr.dll
2018-03-14 11:12:15 ----A---- C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-03-14 11:12:15 ----A---- C:\WINDOWS\system32\WcnApi.dll
2018-03-14 11:12:15 ----A---- C:\WINDOWS\system32\ntshrui.dll
2018-03-14 11:12:15 ----A---- C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-14 11:12:15 ----A---- C:\WINDOWS\system32\drivers\ndproxy.sys
2018-03-14 11:12:15 ----A---- C:\WINDOWS\system32\browserexport.exe
2018-03-14 11:12:14 ----A---- C:\WINDOWS\SYSWOW64\WWanAPI.dll
2018-03-14 11:12:14 ----A---- C:\WINDOWS\SYSWOW64\wscapi.dll
2018-03-14 11:12:14 ----A---- C:\WINDOWS\system32\WWanAPI.dll
2018-03-14 11:12:14 ----A---- C:\WINDOWS\system32\wscapi.dll
2018-03-14 11:12:14 ----A---- C:\WINDOWS\system32\FontProvider.dll
2018-03-14 11:12:14 ----A---- C:\WINDOWS\system32\drivers\vmbkmcl.sys
2018-03-14 11:12:14 ----A---- C:\WINDOWS\system32\drivers\netbios.sys
2018-03-14 11:12:14 ----A---- C:\WINDOWS\system32\drivers\Diskdump.sys
2018-03-14 11:12:13 ----A---- C:\WINDOWS\SYSWOW64\zipfldr.dll
2018-03-14 11:12:13 ----A---- C:\WINDOWS\SYSWOW64\Windows.StateRepositoryUpgrade.dll
2018-03-14 11:12:13 ----A---- C:\WINDOWS\SYSWOW64\nlaapi.dll
2018-03-14 11:12:13 ----A---- C:\WINDOWS\system32\UserDeviceRegistration.dll
2018-03-14 11:12:13 ----A---- C:\WINDOWS\system32\icfupgd.dll
2018-03-14 11:12:13 ----A---- C:\WINDOWS\system32\drivers\isapnp.sys
2018-03-14 11:12:12 ----A---- C:\WINDOWS\SYSWOW64\aclui.dll
2018-03-14 11:12:12 ----A---- C:\WINDOWS\system32\themeui.dll
2018-03-14 11:12:12 ----A---- C:\WINDOWS\system32\themecpl.dll
2018-03-14 11:12:12 ----A---- C:\WINDOWS\system32\svf.dll
2018-03-14 11:12:12 ----A---- C:\WINDOWS\system32\nlaapi.dll
2018-03-14 11:12:12 ----A---- C:\WINDOWS\system32\drivers\wanarp.sys
2018-03-14 11:12:12 ----A---- C:\WINDOWS\system32\cldapi.dll
2018-03-14 11:12:12 ----A---- C:\WINDOWS\system32\authz.dll
2018-03-14 11:12:11 ----A---- C:\WINDOWS\SYSWOW64\cldapi.dll
2018-03-14 11:12:11 ----A---- C:\WINDOWS\system32\srchadmin.dll
2018-03-14 11:12:11 ----A---- C:\WINDOWS\system32\mssprxy.dll
2018-03-14 11:12:11 ----A---- C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-14 11:12:10 ----A---- C:\WINDOWS\SYSWOW64\Windows.Networking.Vpn.dll
2018-03-14 11:12:10 ----A---- C:\WINDOWS\SYSWOW64\regsvr32.exe
2018-03-14 11:12:10 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2018-03-14 11:12:10 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2018-03-14 11:12:10 ----A---- C:\WINDOWS\system32\vmrdvcore.dll
2018-03-14 11:12:10 ----A---- C:\WINDOWS\system32\regsvr32.exe
2018-03-14 11:12:10 ----A---- C:\WINDOWS\system32\fontsub.dll
2018-03-14 11:12:10 ----A---- C:\WINDOWS\system32\drivers\wcnfs.sys
2018-03-14 11:12:10 ----A---- C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2018-03-14 11:12:09 ----A---- C:\WINDOWS\system32\PhoneProviders.dll
2018-03-14 11:12:06 ----A---- C:\WINDOWS\system32\bootux.dll
2018-03-14 11:12:03 ----A---- C:\WINDOWS\SYSWOW64\setup16.exe
2018-03-14 11:12:03 ----A---- C:\WINDOWS\system32\provdatastore.dll
2018-03-14 11:12:02 ----A---- C:\WINDOWS\system32\fontext.dll
2018-03-14 11:12:01 ----A---- C:\WINDOWS\SYSWOW64\Windows.Internal.Bluetooth.dll
2018-03-14 11:12:00 ----A---- C:\WINDOWS\SYSWOW64\rdpserverbase.dll
2018-03-14 11:12:00 ----A---- C:\WINDOWS\SYSWOW64\mssprxy.dll
2018-03-14 11:12:00 ----A---- C:\WINDOWS\SYSWOW64\fontext.dll
2018-03-14 11:12:00 ----A---- C:\WINDOWS\SYSWOW64\container.dll
2018-03-14 11:12:00 ----A---- C:\WINDOWS\system32\SearchFilterHost.exe
2018-03-14 11:12:00 ----A---- C:\WINDOWS\system32\drivers\npfs.sys
2018-03-14 11:12:00 ----A---- C:\WINDOWS\system32\dnsrslvr.dll
2018-03-14 11:11:59 ----A---- C:\WINDOWS\SYSWOW64\webcheck.dll
2018-03-14 11:11:59 ----A---- C:\WINDOWS\SYSWOW64\P2P.dll
2018-03-14 11:11:59 ----A---- C:\WINDOWS\SYSWOW64\fwpolicyiomgr.dll
2018-03-14 11:11:59 ----A---- C:\WINDOWS\SYSWOW64\fontsub.dll
2018-03-14 11:11:59 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2018-03-14 11:11:59 ----A---- C:\WINDOWS\system32\spoolsv.exe
2018-03-14 11:11:59 ----A---- C:\WINDOWS\system32\rstrui.exe
2018-03-14 11:11:59 ----A---- C:\WINDOWS\system32\rasauto.dll
2018-03-14 11:11:59 ----A---- C:\WINDOWS\system32\msoert2.dll
2018-03-14 11:11:59 ----A---- C:\WINDOWS\system32\mshtmled.dll
2018-03-14 11:11:59 ----A---- C:\WINDOWS\system32\MshtmlDac.dll
2018-03-14 11:11:59 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2018-03-14 11:11:59 ----A---- C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-03-14 11:11:58 ----A---- C:\WINDOWS\SYSWOW64\WcnApi.dll
2018-03-14 11:11:58 ----A---- C:\WINDOWS\SYSWOW64\twext.dll
2018-03-14 11:11:58 ----A---- C:\WINDOWS\SYSWOW64\IndexedDbLegacy.dll
2018-03-14 11:11:58 ----A---- C:\WINDOWS\system32\NetworkDesktopSettings.dll
2018-03-14 11:11:58 ----A---- C:\WINDOWS\system32\InputSwitch.dll
2018-03-14 11:11:58 ----A---- C:\WINDOWS\system32\EnterpriseAppMgmtClient.dll
2018-03-14 11:11:57 ----A---- C:\WINDOWS\system32\wscproxystub.dll
2018-03-14 11:11:57 ----A---- C:\WINDOWS\system32\LockScreenContent.dll
2018-03-14 11:11:57 ----A---- C:\WINDOWS\system32\drivers\Dumpstorport.sys
2018-03-14 11:11:56 ----A---- C:\WINDOWS\SYSWOW64\winsku.dll
2018-03-14 11:11:56 ----A---- C:\WINDOWS\SYSWOW64\stobject.dll
2018-03-14 11:11:56 ----A---- C:\WINDOWS\system32\rshx32.dll
2018-03-14 11:11:56 ----A---- C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-03-14 11:11:56 ----A---- C:\WINDOWS\system32\drivers\vmbkmclr.sys
2018-03-14 11:11:55 ----A---- C:\WINDOWS\SYSWOW64\SearchFilterHost.exe
2018-03-14 11:11:51 ----A---- C:\WINDOWS\SYSWOW64\sendmail.dll
2018-03-14 11:11:51 ----A---- C:\WINDOWS\SYSWOW64\mshtmled.dll
2018-03-14 11:11:51 ----A---- C:\WINDOWS\SYSWOW64\IdCtrls.dll
2018-03-14 11:11:51 ----A---- C:\WINDOWS\SYSWOW64\HoloShellRuntime.dll
2018-03-14 11:11:51 ----A---- C:\WINDOWS\SYSWOW64\hgcpl.dll
2018-03-14 11:11:51 ----A---- C:\WINDOWS\SYSWOW64\AppCapture.dll
2018-03-14 11:11:51 ----A---- C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-14 11:11:51 ----A---- C:\WINDOWS\system32\pcalua.exe
2018-03-14 11:11:51 ----A---- C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-14 11:11:51 ----A---- C:\WINDOWS\system32\drivers\RfxVmt.sys
2018-03-14 11:11:51 ----A---- C:\WINDOWS\system32\appinfo.dll
2018-03-14 11:11:50 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2018-03-14 11:11:50 ----A---- C:\WINDOWS\SYSWOW64\UserDeviceRegistration.dll
2018-03-14 11:11:50 ----A---- C:\WINDOWS\SYSWOW64\msoert2.dll
2018-03-14 11:11:50 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-14 11:11:50 ----A---- C:\WINDOWS\system32\taskcomp.dll
2018-03-14 11:11:50 ----A---- C:\WINDOWS\system32\convertvhd.exe
2018-03-14 11:11:49 ----A---- C:\WINDOWS\SYSWOW64\wscproxystub.dll
2018-03-14 11:11:49 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Playback.ProxyStub.dll
2018-03-14 11:11:49 ----A---- C:\WINDOWS\SYSWOW64\Unistore.dll
2018-03-14 11:11:49 ----A---- C:\WINDOWS\SYSWOW64\themecpl.dll
2018-03-14 11:11:49 ----A---- C:\WINDOWS\SYSWOW64\netplwiz.dll
2018-03-14 11:11:49 ----A---- C:\WINDOWS\SYSWOW64\mmcbase.dll
2018-03-14 11:11:49 ----A---- C:\WINDOWS\SYSWOW64\EnterpriseAppMgmtClient.dll
2018-03-14 11:11:49 ----A---- C:\WINDOWS\system32\Windows.Media.Playback.ProxyStub.dll
2018-03-14 11:11:49 ----A---- C:\WINDOWS\system32\twext.dll
2018-03-14 11:11:49 ----A---- C:\WINDOWS\system32\racpldlg.dll
2018-03-14 11:11:49 ----A---- C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-14 11:11:49 ----A---- C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-03-14 11:11:48 ----A---- C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-03-14 11:11:48 ----A---- C:\WINDOWS\system32\dsreg.dll
2018-03-14 11:11:47 ----A---- C:\WINDOWS\SYSWOW64\mspaint.exe
2018-03-14 11:11:46 ----A---- C:\WINDOWS\SYSWOW64\ntshrui.dll
2018-03-14 11:11:46 ----A---- C:\WINDOWS\system32\SettingMonitor.dll
2018-03-14 11:11:45 ----A---- C:\WINDOWS\SYSWOW64\srchadmin.dll
2018-03-14 11:11:45 ----A---- C:\WINDOWS\SYSWOW64\iepeers.dll
2018-03-14 11:11:45 ----A---- C:\WINDOWS\system32\UsoClient.exe
2018-03-14 11:11:45 ----A---- C:\WINDOWS\system32\SmsRouterSvc.dll
2018-03-14 11:11:45 ----A---- C:\WINDOWS\system32\iepeers.dll
2018-03-14 11:11:45 ----A---- C:\WINDOWS\system32\AppxSysprep.dll
2018-03-14 11:11:44 ----A---- C:\WINDOWS\SYSWOW64\virtdisk.dll
2018-03-14 11:11:44 ----A---- C:\WINDOWS\SYSWOW64\EditionUpgradeHelper.dll
2018-03-14 11:11:44 ----A---- C:\WINDOWS\SYSWOW64\authz.dll
2018-03-14 11:11:44 ----A---- C:\WINDOWS\system32\wups2.dll
2018-03-14 11:11:44 ----A---- C:\WINDOWS\system32\winsku.dll
2018-03-14 11:11:44 ----A---- C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-03-14 11:11:44 ----A---- C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-03-14 11:11:44 ----A---- C:\WINDOWS\system32\virtdisk.dll
2018-03-14 11:11:43 ----A---- C:\WINDOWS\system32\winsrv.dll
2018-03-14 11:11:35 ----A---- C:\WINDOWS\SYSWOW64\tzres.dll
2018-03-14 11:11:35 ----A---- C:\WINDOWS\system32\tzres.dll
2018-03-14 11:11:31 ----A---- C:\WINDOWS\SYSWOW64\atmlib.dll
2018-03-14 11:11:30 ----A---- C:\WINDOWS\SYSWOW64\credssp.dll
2018-03-14 11:11:30 ----A---- C:\WINDOWS\system32\atmlib.dll
2018-03-14 11:11:29 ----A---- C:\WINDOWS\SYSWOW64\user.exe
2018-03-14 11:11:29 ----A---- C:\WINDOWS\SYSWOW64\msisip.dll
2018-03-14 11:11:29 ----A---- C:\WINDOWS\system32\msisip.dll
2018-03-14 11:11:29 ----A---- C:\WINDOWS\system32\credssp.dll
======List of files/folders modified in the last 1 month======
2018-03-30 11:35:08 ----D---- C:\WINDOWS\Temp
2018-03-30 11:35:07 ----RD---- C:\Program Files
2018-03-30 11:24:38 ----D---- C:\WINDOWS\System32
2018-03-30 11:24:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-30 11:22:30 ----D---- C:\Windows
2018-03-30 11:21:22 ----D---- C:\ProgramData\ASUS Smart Gesture
2018-03-30 11:20:28 ----A---- C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-03-30 11:19:14 ----D---- C:\WINDOWS\system32\sru
2018-03-30 11:13:36 ----D---- C:\WINDOWS\Prefetch
2018-03-30 10:57:09 ----D---- C:\WINDOWS\Logs
2018-03-30 10:43:07 ----D---- C:\Users\ondre_000\AppData\Roaming\BitTorrent
2018-03-30 10:41:37 ----DC---- C:\WINDOWS\Panther
2018-03-30 10:41:37 ----D---- C:\WINDOWS\INF
2018-03-30 10:41:36 ----D---- C:\WINDOWS\LiveKernelReports
2018-03-30 10:41:36 ----D---- C:\WINDOWS\debug
2018-03-30 10:39:05 ----D---- C:\WINDOWS\system32\Tasks
2018-03-30 10:36:40 ----D---- C:\WINDOWS\DeliveryOptimization
2018-03-30 10:35:47 ----HD---- C:\Program Files\WindowsApps
2018-03-30 10:35:47 ----D---- C:\WINDOWS\AppReadiness
2018-03-29 21:56:37 ----D---- C:\WINDOWS\system32\SleepStudy
2018-03-29 18:43:33 ----D---- C:\Users\ondre_000\AppData\Roaming\vlc
2018-03-29 16:05:50 ----RD---- C:\WINDOWS\Microsoft.NET
2018-03-27 21:01:44 ----SHD---- C:\System Volume Information
2018-03-23 21:49:31 ----RD---- C:\WINDOWS\assembly
2018-03-22 10:36:17 ----SHD---- C:\WINDOWS\Installer
2018-03-22 10:36:02 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-03-22 10:35:15 ----AD---- C:\Program Files\Microsoft Office 15
2018-03-21 21:40:12 ----D---- C:\WINDOWS\system32\config
2018-03-21 19:54:07 ----D---- C:\WINDOWS\system32\DriverStore
2018-03-21 19:53:59 ----D---- C:\WINDOWS\WinSxS
2018-03-19 17:57:49 ----D---- C:\WINDOWS\rescache
2018-03-17 21:56:55 ----D---- C:\WINDOWS\system32\LogFiles
2018-03-17 00:21:43 ----D---- C:\WINDOWS\SysWOW64
2018-03-17 00:19:35 ----D---- C:\WINDOWS\system32\drivers
2018-03-17 00:16:05 ----D---- C:\WINDOWS\TextInput
2018-03-17 00:16:05 ----D---- C:\WINDOWS\SYSWOW64\wbem
2018-03-17 00:16:05 ----D---- C:\WINDOWS\SYSWOW64\migration
2018-03-17 00:16:04 ----SD---- C:\WINDOWS\SYSWOW64\F12
2018-03-17 00:16:04 ----D---- C:\WINDOWS\SYSWOW64\en-US
2018-03-17 00:16:04 ----D---- C:\WINDOWS\SYSWOW64\Dism
2018-03-17 00:15:50 ----D---- C:\WINDOWS\system32\wbem
2018-03-17 00:15:49 ----SD---- C:\WINDOWS\system32\F12
2018-03-17 00:15:49 ----D---- C:\WINDOWS\system32\oobe
2018-03-17 00:15:49 ----D---- C:\WINDOWS\system32\migwiz
2018-03-17 00:15:49 ----D---- C:\WINDOWS\system32\migration
2018-03-17 00:15:49 ----D---- C:\WINDOWS\system32\en-US
2018-03-17 00:15:49 ----D---- C:\WINDOWS\system32\Dism
2018-03-17 00:15:49 ----D---- C:\WINDOWS\system32\Boot
2018-03-17 00:15:48 ----D---- C:\WINDOWS\system32\appraiser
2018-03-17 00:15:30 ----D---- C:\WINDOWS\ShellExperiences
2018-03-17 00:15:29 ----D---- C:\WINDOWS\Provisioning
2018-03-17 00:15:20 ----RSD---- C:\WINDOWS\Fonts
2018-03-17 00:15:20 ----D---- C:\WINDOWS\bcastdvr
2018-03-17 00:15:20 ----D---- C:\WINDOWS\apppatch
2018-03-17 00:15:19 ----D---- C:\Program Files\internet explorer
2018-03-17 00:15:19 ----D---- C:\Program Files (x86)\Internet Explorer
2018-03-17 00:15:05 ----D---- C:\WINDOWS\system32\drivers\UMDF
2018-03-16 20:24:58 ----D---- C:\WINDOWS\system32\catroot2
2018-03-14 11:34:52 ----D---- C:\WINDOWS\CbsTemp
2018-03-14 11:33:29 ----D---- C:\WINDOWS\system32\MRT
2018-03-14 11:30:23 ----AC---- C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-14 11:30:11 ----AC---- C:\WINDOWS\system32\MRT.exe
2018-03-14 11:23:14 ----A---- C:\WINDOWS\SYSWOW64\Chakradiag.dll
2018-03-14 11:23:08 ----A---- C:\WINDOWS\system32\Chakradiag.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2013-11-06 631656]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2017-09-29 56728]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer; C:\WINDOWS\system32\DRIVERS\stdcfltn.sys [2012-07-13 22168]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2013-07-03 19768]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-01-01 59800]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2016-05-12 264552]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2016-05-12 186784]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2017-09-29 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-09-29 8192]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2013-10-23 129944]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2018-02-10 385536]
R2 epfwwfpr;epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [2016-05-12 170792]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2017-09-29 43520]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2017-09-29 79872]
R3 acpials;@sensorsalsdriver.inf,%kbfiltr.SvcDesc%;ALS Sensor Filter; C:\WINDOWS\System32\drivers\acpials.sys [2017-09-29 11776]
R3 AiCharger;ASUS Charger Driver; C:\WINDOWS\system32\DRIVERS\AiCharger.sys [2014-03-27 17152]
R3 ALSysIO;ALSysIO; \??\C:\Users\ONDRE_~1\AppData\Local\Temp\ALSysIO64.sys [2018-03-30 46384]
R3 ATP;@oem0.inf,%PS2.DeviceDesc%;ASUS Input Device; C:\WINDOWS\System32\drivers\AsusTP.sys [2015-08-17 97680]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\WINDOWS\System32\drivers\BTHUSB.sys [2017-09-29 85504]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2017-09-29 60312]
R3 DptfDevProc;DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [2013-10-18 289744]
R3 DptfManager;DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [2013-10-18 494296]
R3 HIDSwitch;@oem33.inf,%ASSW.DisplayName%;ASUS Wireless Radio Control; C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [2015-05-13 19976]
R3 ibtusb;@oem12.inf,%ibtusb.SVCDESC_IBT%;Intel(R) Wireless Bluetooth(R); C:\WINDOWS\system32\DRIVERS\ibtusb.sys [2016-11-11 230144]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2016-11-30 7969760]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2014-06-10 3996888]
R3 INVN_MotionApps;@oem9.inf,%INVN_MotionAppsDisplayName%;InvenSense MotionApps Driver; C:\WINDOWS\System32\drivers\WUDFRd.sys [2017-09-29 259584]
R3 kbfiltr;@oem16.inf,%kbfiltr.SvcDesc%;Keyboard Filter; C:\WINDOWS\System32\drivers\kbfiltr.sys [2012-08-06 17280]
R3 MEIx64;@oem38.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [2013-10-23 99288]
R3 NETwNb64;@oem31.inf,%NIC_Service_DispName_WINB_64%;Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [2016-11-09 3525896]
R3 SensorsAlsDriver;@sensorsalsdriver.inf,%WudfSensorsAlsDriverDisplayName%;UMDF Reflector service for SensorsAlsDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [2017-09-29 259584]
R3 ST_Accel;@oem25.inf,%ST_Accel.SVCDESC%;STMicroelectronics Accelerometer Service; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [2013-09-14 83456]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2017-09-29 37784]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-09-29 357272]
S0 eelam;eelam; C:\WINDOWS\system32\DRIVERS\eelam.sys [2016-05-12 14976]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-09-29 123800]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-09-29 103320]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-09-29 63520]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2017-09-29 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2017-09-29 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2017-09-29 39832]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2017-09-29 118168]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2018-02-22 45472]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-09-29 20480]
S3 AmUStor;@oem39.inf,%AmUStor.SvcDesc%;AM USB Stroage Driver; C:\WINDOWS\system32\drivers\AmUStor.SYS [2013-07-05 74240]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2017-09-29 18432]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\System32\drivers\BTHport.sys [2018-02-22 1015296]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-09-29 39424]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2017-09-29 122368]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-09-29 1723288]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-09-29 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-09-29 50584]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2017-09-29 73112]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2017-09-29 27136]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2017-09-29 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2017-09-29 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-09-29 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-09-29 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-09-29 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-09-29 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2017-09-29 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-09-29 39424]
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2014-03-01 38296]
S3 IntcDAud;@oem36.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2016-05-12 481768]
S3 invdimm;@invdimm.inf,%invdimm.SvcDesc%;Microsoft iNVDIMM device driver; C:\WINDOWS\System32\drivers\invdimm.sys [2017-09-29 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2017-09-29 26112]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2017-09-29 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2017-09-29 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2017-09-29 55840]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-09-29 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2017-09-29 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2017-09-29 132608]
S3 nvdimmn;@nvdimmn.inf,%nvdimmn.SvcDesc%;Microsoft NVDIMM-N device driver; C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-09-29 88576]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2017-09-29 100352]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2017-09-29 16896]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2017-09-29 936856]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2017-09-29 103936]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2017-09-29 33176]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-09-29 56216]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-02-09 83984]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 CDPUserSvc_3428e;Connected Devices Platform User Service_3428e; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2017-12-12 3058392]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 DptfParticipantProcessorService;@oem8.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [2013-10-18 117704]
R2 DptfPolicyConfigTDPService;@oem8.inf,%WIN32_DPTF_POLICY_CONFIGTDP_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application; C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe [2013-10-18 116680]
R2 DptfPolicyLpmService;@oem8.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Low Power Mode Service Application; C:\WINDOWS\system32\DptfPolicyLpmService.exe [2013-10-18 126952]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R2 ekrn;ESET Service; C:\Other\Programy\ESET\ekrn.exe [2016-04-13 2519904]
R2 ibtsiva;@oem12.inf,%SERVICE_NAME%;Intel Bluetooth Service; C:\WINDOWS\system32\ibtsiva []
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2016-11-30 373728]
R2 OneSyncSvc_3428e;Sync Host_3428e; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-03-01 519152]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2017-09-29 43648]
R3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R3 PimIndexMaintenanceSvc_3428e;Contact Data_3428e; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27 144200]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-01-03 315488]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2016-11-30 301536]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 DevicesFlowUserSvc_3428e;DevicesFlow_3428e; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-09-29 85504]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27 144200]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 MessagingService_3428e;MessagingService_3428e; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2017-10-03 159960]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PrintWorkflowUserSvc_3428e;PrintWorkflow_3428e; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2017-09-29 1288704]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2018-03-02 956416]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2017-12-15 1644832]
S4 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [2014-03-27 115512]
S4 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2011-11-21 96896]
S4 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S4 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S4 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-09-02 827392]
S4 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-10-23 131544]
S4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-10-23 169432]
S4 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-10-23 390616]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
pop up po spuštění
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118271
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: pop up po spuštění
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: pop up po spuštění
# AdwCleaner 7.0.8.0 - Logfile created on Fri Mar 30 11:05:44 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
Deleted: C:\Users\ondre_000\AppData\Roaming\Systweak
Deleted: C:\Users\ondre_000\AppData\Roaming\0f1l1i1p0h1l1e1e1f
***** [ Files ] *****
No malicious files deleted.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
Deleted: ASP
***** [ Registry ] *****
Deleted: [Key] - HKU\S-1-5-21-750670845-3306051559-3292057739-1001\Software\Softonic
Deleted: [Key] - HKCU\Software\Softonic
Deleted: [Key] - HKLM\SOFTWARE\systweak
Deleted: [Key] - HKU\S-1-5-21-750670845-3306051559-3292057739-1001\Software\systweak
Deleted: [Key] - HKCU\Software\systweak
Deleted: [Key] - HKLM\SOFTWARE\REG\CLEAN\pro
Deleted: [Key] - HKU\S-1-5-21-750670845-3306051559-3292057739-1001\Software\REG\CLEAN\pro
Deleted: [Key] - HKCU\Software\REG\CLEAN\pro
Deleted: [Key] - HKU\S-1-5-21-750670845-3306051559-3292057739-1001\Software\InstallCore
Deleted: [Key] - HKCU\Software\InstallCore
Deleted: [Key] - HKLM\SOFTWARE\Reg\Clean
Deleted: [Key] - HKU\S-1-5-21-750670845-3306051559-3292057739-1001\Software\Reg\Clean
Deleted: [Key] - HKCU\Software\Reg\Clean
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [2026 B] - [2018/3/30 11:4:56]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
Deleted: C:\Users\ondre_000\AppData\Roaming\Systweak
Deleted: C:\Users\ondre_000\AppData\Roaming\0f1l1i1p0h1l1e1e1f
***** [ Files ] *****
No malicious files deleted.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
Deleted: ASP
***** [ Registry ] *****
Deleted: [Key] - HKU\S-1-5-21-750670845-3306051559-3292057739-1001\Software\Softonic
Deleted: [Key] - HKCU\Software\Softonic
Deleted: [Key] - HKLM\SOFTWARE\systweak
Deleted: [Key] - HKU\S-1-5-21-750670845-3306051559-3292057739-1001\Software\systweak
Deleted: [Key] - HKCU\Software\systweak
Deleted: [Key] - HKLM\SOFTWARE\REG\CLEAN\pro
Deleted: [Key] - HKU\S-1-5-21-750670845-3306051559-3292057739-1001\Software\REG\CLEAN\pro
Deleted: [Key] - HKCU\Software\REG\CLEAN\pro
Deleted: [Key] - HKU\S-1-5-21-750670845-3306051559-3292057739-1001\Software\InstallCore
Deleted: [Key] - HKCU\Software\InstallCore
Deleted: [Key] - HKLM\SOFTWARE\Reg\Clean
Deleted: [Key] - HKU\S-1-5-21-750670845-3306051559-3292057739-1001\Software\Reg\Clean
Deleted: [Key] - HKCU\Software\Reg\Clean
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [2026 B] - [2018/3/30 11:4:56]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
-
Rudy
- Site Admin
- Příspěvky: 118271
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: pop up po spuštění
Teď dejte log FRST: https://forum.viry.cz/viewtopic.php?f=13&t=152707 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: pop up po spuštění
Log byl moc dlouhý, tak je v příloze.
- Přílohy
-
- frst addition.rar
- Log obsahoval více, jak 100k znaků, tak jsem to zabalil i s Addition.txt a dal do přílohy
- (25.04 KiB) Staženo 49 x
-
Rudy
- Site Admin
- Příspěvky: 118271
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: pop up po spuštění
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
SearchScopes: HKU\S-1-5-21-750670845-3306051559-3292057739-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-750670845-3306051559-3292057739-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
C:\WINDOWS\winscrpt.bat
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
Task: {0AB3FFE8-423C-43BE-AFEE-D31B0A2E2434} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0AFDCBA6-0EB5-419D-8FFD-4BAF21E69D3A} - System32\Tasks\{49CE7D30-9888-4AA0-A61E-BB9237B3A03A} => C:\Windows\system32\pcalua.exe -a "C:\Other\Games\Anno 1404 Gold Edition\Addon.exe" -d "C:\Other\Games\Anno 1404 Gold Edition"
Task: {14D14883-4D47-4395-A25D-1A0EC8A35412} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {39FDEDA9-506B-424F-91B7-A7710D23A9E8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3B016C4E-D64A-4CA4-A820-385CB32A8B2B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {3B632F5A-F654-47D2-BFD4-8E3C2436AE87} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f0ad616fd89e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {62192DB6-4E5E-45E9-9375-C38D4557DF24} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {673F0A8C-62AA-4D32-958D-7B3C9F0B192A} - System32\Tasks\GoogleUpdateTaskMachineCore1d0427cf6fc3212 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {67C1A5C1-F1B5-4BDD-A8A7-B4DB88586CE8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {795EA907-D06B-47B6-BFCC-6DE37C8F7977} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {7A0D460C-1DE5-4E85-8516-2286853D630D} - System32\Tasks\GoogleUpdateTaskMachineUA1d0bf5e42fd90c3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {7BA2DC4F-B8F4-4700-A1ED-D28AE0BADD2E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {895ADDF4-BDC3-485C-9FCC-EA1D2AEFEDE8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9D04B44A-698C-4122-A8DC-167C598A4F64} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A3AD7993-18AB-4BA3-B8EB-2B3D5D4E6A2D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {AD61558F-0197-4B1D-A94C-AD36CF8F8B80} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {B129EFD7-B27C-4C20-BFF2-12462B715885} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C171D3FB-737D-4309-97AA-2832A2D6B910} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {D145672D-21D3-42B4-AB4B-4A9C3612B219} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D32ADF6A-6A1D-4830-A575-2AACCCC0AB20} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {D5945480-D217-4B61-8960-42DDC89B0BCD} - System32\Tasks\WinMgr => C:\WINDOWS\\que.vbs
Task: {DA4225E1-4783-4875-B52A-FB5B353FA273} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {DFA4ACCD-71BC-4A10-BC14-6E0DA5E029E8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F1B43FE1-5358-40BE-A8CC-4AADBA8D9018} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d090054a2fdb75.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0bf5e42fd90c3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0e0f610f88c80.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: pop up po spuštění
Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by ondre_000 (30-03-2018 19:26:50) Run:1
Running from C:\Users\ondre_000\Desktop
Loaded Profiles: ondre_000 (Available Profiles: ondre_000)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
SearchScopes: HKU\S-1-5-21-750670845-3306051559-3292057739-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-750670845-3306051559-3292057739-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
C:\WINDOWS\winscrpt.bat
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
Task: {0AB3FFE8-423C-43BE-AFEE-D31B0A2E2434} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0AFDCBA6-0EB5-419D-8FFD-4BAF21E69D3A} - System32\Tasks\{49CE7D30-9888-4AA0-A61E-BB9237B3A03A} => C:\Windows\system32\pcalua.exe -a "C:\Other\Games\Anno 1404 Gold Edition\Addon.exe" -d "C:\Other\Games\Anno 1404 Gold Edition"
Task: {14D14883-4D47-4395-A25D-1A0EC8A35412} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {39FDEDA9-506B-424F-91B7-A7710D23A9E8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3B016C4E-D64A-4CA4-A820-385CB32A8B2B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {3B632F5A-F654-47D2-BFD4-8E3C2436AE87} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f0ad616fd89e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {62192DB6-4E5E-45E9-9375-C38D4557DF24} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {673F0A8C-62AA-4D32-958D-7B3C9F0B192A} - System32\Tasks\GoogleUpdateTaskMachineCore1d0427cf6fc3212 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {67C1A5C1-F1B5-4BDD-A8A7-B4DB88586CE8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {795EA907-D06B-47B6-BFCC-6DE37C8F7977} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {7A0D460C-1DE5-4E85-8516-2286853D630D} - System32\Tasks\GoogleUpdateTaskMachineUA1d0bf5e42fd90c3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {7BA2DC4F-B8F4-4700-A1ED-D28AE0BADD2E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {895ADDF4-BDC3-485C-9FCC-EA1D2AEFEDE8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9D04B44A-698C-4122-A8DC-167C598A4F64} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A3AD7993-18AB-4BA3-B8EB-2B3D5D4E6A2D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {AD61558F-0197-4B1D-A94C-AD36CF8F8B80} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {B129EFD7-B27C-4C20-BFF2-12462B715885} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C171D3FB-737D-4309-97AA-2832A2D6B910} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {D145672D-21D3-42B4-AB4B-4A9C3612B219} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D32ADF6A-6A1D-4830-A575-2AACCCC0AB20} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {D5945480-D217-4B61-8960-42DDC89B0BCD} - System32\Tasks\WinMgr => C:\WINDOWS\\que.vbs
Task: {DA4225E1-4783-4875-B52A-FB5B353FA273} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {DFA4ACCD-71BC-4A10-BC14-6E0DA5E029E8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F1B43FE1-5358-40BE-A8CC-4AADBA8D9018} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d090054a2fdb75.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0bf5e42fd90c3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0e0f610f88c80.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
EmptyTemp:
End
*****************
Processes closed successfully.
"HKU\S-1-5-21-750670845-3306051559-3292057739-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-750670845-3306051559-3292057739-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com" => removed successfully
C:\WINDOWS\winscrpt.bat => moved successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UAContextMenu" => removed successfully
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\UAContextMenu" => removed successfully
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UAContextMenu" => removed successfully
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AB3FFE8-423C-43BE-AFEE-D31B0A2E2434}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AB3FFE8-423C-43BE-AFEE-D31B0A2E2434}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AFDCBA6-0EB5-419D-8FFD-4BAF21E69D3A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AFDCBA6-0EB5-419D-8FFD-4BAF21E69D3A}" => removed successfully
C:\WINDOWS\System32\Tasks\{49CE7D30-9888-4AA0-A61E-BB9237B3A03A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{49CE7D30-9888-4AA0-A61E-BB9237B3A03A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14D14883-4D47-4395-A25D-1A0EC8A35412}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14D14883-4D47-4395-A25D-1A0EC8A35412}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39FDEDA9-506B-424F-91B7-A7710D23A9E8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39FDEDA9-506B-424F-91B7-A7710D23A9E8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B016C4E-D64A-4CA4-A820-385CB32A8B2B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B016C4E-D64A-4CA4-A820-385CB32A8B2B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B632F5A-F654-47D2-BFD4-8E3C2436AE87}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B632F5A-F654-47D2-BFD4-8E3C2436AE87}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d0f0ad616fd89e => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d0f0ad616fd89e" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62192DB6-4E5E-45E9-9375-C38D4557DF24}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62192DB6-4E5E-45E9-9375-C38D4557DF24}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{673F0A8C-62AA-4D32-958D-7B3C9F0B192A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{673F0A8C-62AA-4D32-958D-7B3C9F0B192A}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d0427cf6fc3212 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore1d0427cf6fc3212" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67C1A5C1-F1B5-4BDD-A8A7-B4DB88586CE8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67C1A5C1-F1B5-4BDD-A8A7-B4DB88586CE8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{795EA907-D06B-47B6-BFCC-6DE37C8F7977}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{795EA907-D06B-47B6-BFCC-6DE37C8F7977}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A0D460C-1DE5-4E85-8516-2286853D630D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A0D460C-1DE5-4E85-8516-2286853D630D}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d0bf5e42fd90c3 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d0bf5e42fd90c3" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BA2DC4F-B8F4-4700-A1ED-D28AE0BADD2E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BA2DC4F-B8F4-4700-A1ED-D28AE0BADD2E}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{895ADDF4-BDC3-485C-9FCC-EA1D2AEFEDE8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{895ADDF4-BDC3-485C-9FCC-EA1D2AEFEDE8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D04B44A-698C-4122-A8DC-167C598A4F64}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D04B44A-698C-4122-A8DC-167C598A4F64}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A3AD7993-18AB-4BA3-B8EB-2B3D5D4E6A2D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3AD7993-18AB-4BA3-B8EB-2B3D5D4E6A2D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AD61558F-0197-4B1D-A94C-AD36CF8F8B80}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD61558F-0197-4B1D-A94C-AD36CF8F8B80}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOONotify" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B129EFD7-B27C-4C20-BFF2-12462B715885}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B129EFD7-B27C-4C20-BFF2-12462B715885}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C171D3FB-737D-4309-97AA-2832A2D6B910}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C171D3FB-737D-4309-97AA-2832A2D6B910}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D145672D-21D3-42B4-AB4B-4A9C3612B219}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D145672D-21D3-42B4-AB4B-4A9C3612B219}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D32ADF6A-6A1D-4830-A575-2AACCCC0AB20}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D32ADF6A-6A1D-4830-A575-2AACCCC0AB20}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D5945480-D217-4B61-8960-42DDC89B0BCD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5945480-D217-4B61-8960-42DDC89B0BCD}" => removed successfully
C:\WINDOWS\System32\Tasks\WinMgr => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinMgr" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA4225E1-4783-4875-B52A-FB5B353FA273}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA4225E1-4783-4875-B52A-FB5B353FA273}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFA4ACCD-71BC-4A10-BC14-6E0DA5E029E8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFA4ACCD-71BC-4A10-BC14-6E0DA5E029E8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1B43FE1-5358-40BE-A8CC-4AADBA8D9018}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1B43FE1-5358-40BE-A8CC-4AADBA8D9018}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d090054a2fdb75.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0bf5e42fd90c3.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0e0f610f88c80.job => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 9986048 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15309950 B
Java, Flash, Steam htmlcache => 224630323 B
Windows/system/drivers => 362592 B
Edge => 14130 B
Chrome => 350099432 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3282 B
NetworkService => 0 B
ondre_000 => 7738630 B
RecycleBin => 0 B
EmptyTemp: => 580 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 30-03-2018 19:28:28)
Result of scheduled keys to remove after reboot:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
==== End of Fixlog 19:28:29 ====
Ran by ondre_000 (30-03-2018 19:26:50) Run:1
Running from C:\Users\ondre_000\Desktop
Loaded Profiles: ondre_000 (Available Profiles: ondre_000)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
SearchScopes: HKU\S-1-5-21-750670845-3306051559-3292057739-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-750670845-3306051559-3292057739-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
C:\WINDOWS\winscrpt.bat
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File
Task: {0AB3FFE8-423C-43BE-AFEE-D31B0A2E2434} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0AFDCBA6-0EB5-419D-8FFD-4BAF21E69D3A} - System32\Tasks\{49CE7D30-9888-4AA0-A61E-BB9237B3A03A} => C:\Windows\system32\pcalua.exe -a "C:\Other\Games\Anno 1404 Gold Edition\Addon.exe" -d "C:\Other\Games\Anno 1404 Gold Edition"
Task: {14D14883-4D47-4395-A25D-1A0EC8A35412} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {39FDEDA9-506B-424F-91B7-A7710D23A9E8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3B016C4E-D64A-4CA4-A820-385CB32A8B2B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {3B632F5A-F654-47D2-BFD4-8E3C2436AE87} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f0ad616fd89e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {62192DB6-4E5E-45E9-9375-C38D4557DF24} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {673F0A8C-62AA-4D32-958D-7B3C9F0B192A} - System32\Tasks\GoogleUpdateTaskMachineCore1d0427cf6fc3212 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {67C1A5C1-F1B5-4BDD-A8A7-B4DB88586CE8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {795EA907-D06B-47B6-BFCC-6DE37C8F7977} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {7A0D460C-1DE5-4E85-8516-2286853D630D} - System32\Tasks\GoogleUpdateTaskMachineUA1d0bf5e42fd90c3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {7BA2DC4F-B8F4-4700-A1ED-D28AE0BADD2E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {895ADDF4-BDC3-485C-9FCC-EA1D2AEFEDE8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9D04B44A-698C-4122-A8DC-167C598A4F64} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A3AD7993-18AB-4BA3-B8EB-2B3D5D4E6A2D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {AD61558F-0197-4B1D-A94C-AD36CF8F8B80} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {B129EFD7-B27C-4C20-BFF2-12462B715885} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C171D3FB-737D-4309-97AA-2832A2D6B910} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {D145672D-21D3-42B4-AB4B-4A9C3612B219} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D32ADF6A-6A1D-4830-A575-2AACCCC0AB20} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {D5945480-D217-4B61-8960-42DDC89B0BCD} - System32\Tasks\WinMgr => C:\WINDOWS\\que.vbs
Task: {DA4225E1-4783-4875-B52A-FB5B353FA273} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {DFA4ACCD-71BC-4A10-BC14-6E0DA5E029E8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F1B43FE1-5358-40BE-A8CC-4AADBA8D9018} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d090054a2fdb75.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0bf5e42fd90c3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0e0f610f88c80.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
EmptyTemp:
End
*****************
Processes closed successfully.
"HKU\S-1-5-21-750670845-3306051559-3292057739-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-750670845-3306051559-3292057739-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com" => removed successfully
C:\WINDOWS\winscrpt.bat => moved successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UAContextMenu" => removed successfully
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\UAContextMenu" => removed successfully
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UAContextMenu" => removed successfully
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AB3FFE8-423C-43BE-AFEE-D31B0A2E2434}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AB3FFE8-423C-43BE-AFEE-D31B0A2E2434}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AFDCBA6-0EB5-419D-8FFD-4BAF21E69D3A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AFDCBA6-0EB5-419D-8FFD-4BAF21E69D3A}" => removed successfully
C:\WINDOWS\System32\Tasks\{49CE7D30-9888-4AA0-A61E-BB9237B3A03A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{49CE7D30-9888-4AA0-A61E-BB9237B3A03A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14D14883-4D47-4395-A25D-1A0EC8A35412}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14D14883-4D47-4395-A25D-1A0EC8A35412}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39FDEDA9-506B-424F-91B7-A7710D23A9E8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39FDEDA9-506B-424F-91B7-A7710D23A9E8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B016C4E-D64A-4CA4-A820-385CB32A8B2B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B016C4E-D64A-4CA4-A820-385CB32A8B2B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B632F5A-F654-47D2-BFD4-8E3C2436AE87}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B632F5A-F654-47D2-BFD4-8E3C2436AE87}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d0f0ad616fd89e => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d0f0ad616fd89e" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62192DB6-4E5E-45E9-9375-C38D4557DF24}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62192DB6-4E5E-45E9-9375-C38D4557DF24}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{673F0A8C-62AA-4D32-958D-7B3C9F0B192A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{673F0A8C-62AA-4D32-958D-7B3C9F0B192A}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d0427cf6fc3212 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore1d0427cf6fc3212" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67C1A5C1-F1B5-4BDD-A8A7-B4DB88586CE8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67C1A5C1-F1B5-4BDD-A8A7-B4DB88586CE8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{795EA907-D06B-47B6-BFCC-6DE37C8F7977}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{795EA907-D06B-47B6-BFCC-6DE37C8F7977}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A0D460C-1DE5-4E85-8516-2286853D630D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A0D460C-1DE5-4E85-8516-2286853D630D}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d0bf5e42fd90c3 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d0bf5e42fd90c3" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BA2DC4F-B8F4-4700-A1ED-D28AE0BADD2E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BA2DC4F-B8F4-4700-A1ED-D28AE0BADD2E}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{895ADDF4-BDC3-485C-9FCC-EA1D2AEFEDE8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{895ADDF4-BDC3-485C-9FCC-EA1D2AEFEDE8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D04B44A-698C-4122-A8DC-167C598A4F64}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D04B44A-698C-4122-A8DC-167C598A4F64}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A3AD7993-18AB-4BA3-B8EB-2B3D5D4E6A2D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3AD7993-18AB-4BA3-B8EB-2B3D5D4E6A2D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AD61558F-0197-4B1D-A94C-AD36CF8F8B80}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD61558F-0197-4B1D-A94C-AD36CF8F8B80}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOONotify" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B129EFD7-B27C-4C20-BFF2-12462B715885}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B129EFD7-B27C-4C20-BFF2-12462B715885}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C171D3FB-737D-4309-97AA-2832A2D6B910}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C171D3FB-737D-4309-97AA-2832A2D6B910}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D145672D-21D3-42B4-AB4B-4A9C3612B219}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D145672D-21D3-42B4-AB4B-4A9C3612B219}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D32ADF6A-6A1D-4830-A575-2AACCCC0AB20}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D32ADF6A-6A1D-4830-A575-2AACCCC0AB20}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D5945480-D217-4B61-8960-42DDC89B0BCD}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5945480-D217-4B61-8960-42DDC89B0BCD}" => removed successfully
C:\WINDOWS\System32\Tasks\WinMgr => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinMgr" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA4225E1-4783-4875-B52A-FB5B353FA273}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA4225E1-4783-4875-B52A-FB5B353FA273}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFA4ACCD-71BC-4A10-BC14-6E0DA5E029E8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFA4ACCD-71BC-4A10-BC14-6E0DA5E029E8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1B43FE1-5358-40BE-A8CC-4AADBA8D9018}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1B43FE1-5358-40BE-A8CC-4AADBA8D9018}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d090054a2fdb75.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0bf5e42fd90c3.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0e0f610f88c80.job => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 9986048 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15309950 B
Java, Flash, Steam htmlcache => 224630323 B
Windows/system/drivers => 362592 B
Edge => 14130 B
Chrome => 350099432 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3282 B
NetworkService => 0 B
ondre_000 => 7738630 B
RecycleBin => 0 B
EmptyTemp: => 580 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 30-03-2018 19:28:28)
Result of scheduled keys to remove after reboot:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
==== End of Fixlog 19:28:29 ====
-
Rudy
- Site Admin
- Příspěvky: 118271
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: pop up po spuštění
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: pop up po spuštění
Ano, po startu systému se zpráva už neobjevuje. Děkuji moc za Vaše rady a čas. Přeji příjemný večer.
-
Rudy
- Site Admin
- Příspěvky: 118271
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: pop up po spuštění
Nemáte zač a hezké svátky! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?