Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

hacked email

Patříte mezi Vzorné návštěvníky? Pak je tato sekce pro vás.

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Zamčeno
Zpráva
Autor
korkis
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 157
Registrován: 16 zář 2007 14:37
Kontaktovat uživatele:

hacked email

#1 Příspěvek od korkis »

Zdravicko, svagrovi se nekdo snazil hacknout google email, takze by me zajimalo jestli tady nema nejakou havet. predem diky.
log here

Logfile of random's system information tool 1.10 (written by random/random)
Run by at 2019-06-10 18:34:41
Microsoft Windows 10 Home
System drive C: has 1706 GB (89%) free of 1907 GB
Total RAM: 12122 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:34:48, on 10/06/2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Users\Veronika and Michael\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe
C:\Program Files\AVAST Software\SecureLine\SecureLine.exe
C:\Program Files\trend micro\Veronika and Michael.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus15.msn.com/?pc=ASTE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\ASUSWSLoader.exe
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKCU\..\Run: [BlueStacksFriends] C:\Users\Veronika and Michael\AppData\Local\Programs\BlueStacksFriends\BlueStacksFriends.exe --hidden
O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIKE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-302 303 305 306 Series"
O4 - HKCU\..\Run: [VideoGuardMonitor] "C:\Users\Veronika and Michael\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIM2E.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2750 Series"
O4 - HKCU\..\Run: [AvastBrowserAutoLaunch_31FB6EA7B7AC9C0CAF4EF71615E443DB] "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --check-run=src=logon --auto-launch-at-startup --profile-directory="Default" --restore-last-session
O4 - HKCU\..\RunOnce: [Application Restart #1] C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe --no-displaying-insecure-content --disable-devtools --disable-raf-throttling --user-data-dir="C:\Users\Veronika and Michael\AppData\Local\ASUS GIFTBOX\User Data" --no-sandbox --flag-switches-begin --flag-switches-end --nwapp="C:\Program Files (x86)\ASUS\Giftbox" --restore-last-session
O4 - HKCU\..\RunOnce: [Delete Cached Update Binary] C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Veronika and Michael\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
O4 - HKCU\..\RunOnce: [Delete Cached Standalone Update Binary] C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Veronika and Michael\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
O4 - HKCU\..\RunOnce: [Uninstall 19.070.0410.0005\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Veronika and Michael\AppData\Local\Microsoft\OneDrive\19.070.0410.0005\amd64"
O4 - HKCU\..\RunOnce: [Uninstall 19.070.0410.0005] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Veronika and Michael\AppData\Local\Microsoft\OneDrive\19.070.0410.0005"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O4 - Global Startup: avast! SecureLine.lnk = C:\Program Files\AVAST Software\SecureLine\SecureLine.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Intel® SGX AESM (AESMService) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: AtherosSvc - Unknown owner - C:\WINDOWS\system32\AdminService.exe (file missing)
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: %1!s! Update Service (avast) (avast) - Unknown owner - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: %1!s! Update Service (avastm) (avastm) - Unknown owner - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Secure Browser Elevation Service (AvastSecureBrowserElevationService) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Application\74.0.1376.132\elevation_service.exe
O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\WINDOWS\system32\EscSvc64.exe (file missing)
O23 - Service: @oem16.inf,%ServiceDisplayName%;ESIF Upper Framework Service (esifsvc) - Intel Corporation - C:\WINDOWS\SysWOW64\esif_uf.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\elevation_service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.523\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Avast SecureLine (SecureLine) - Unknown owner - C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 15713 bytes

======Listing Processes======








winlogon.exe


c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
"fontdrvhost.exe"
"fontdrvhost.exe"
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-065f9019-3fca-4ef6-8fce-709c1c1a0700 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-53e69e8a-7b7d-47e9-8f52-782b3fa74ceb -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-9f65bd45-406e-4ce1-a8b1-869929396bb9 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-deab93ef-ecb6-445a-abb3-e7794a85d0e9 -LifetimeId:426c92d1-2623-40c2-8b77-cebab2ef6184 -DeviceGroupId:
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
"dwm.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k appmodel -p -s camsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem

c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"

C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
"c:\program files\avast software\avast\afwserv.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\WINDOWS\system32\AdminService.exe
c:\windows\system32\svchost.exe -k netsvcs -s CertPropSvc
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
"C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe"
C:\WINDOWS\system32\EscSvc64.exe
C:\WINDOWS\SysWOW64\esif_uf.exe
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
"C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks

C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k networkservice -p -s TapiSrv
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
dashost.exe {d5c251f8-a529-4041-a3d580a0af120c3b}
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s upnphost
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

c:\windows\system32\svchost.exe -k netsvcs -p
C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
"C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
"ctfmon.exe"
C:\WINDOWS\Explorer.EXE
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
"C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\CastSrv.exe CCastServerControlInteractiveUser -Embedding
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
"C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe"
"C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe"
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe" -ServerName:SkypeBackgroundHost
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
"C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe" /c
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k unistacksvcgroup
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Users\Veronika and Michael\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe"
AvastUI.exe /nogui
"C:\Program Files\AVAST Software\SecureLine\SecureLine.exe" /nogui
C:\WINDOWS\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe"
"C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
"C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe"
"C:\Program Files\rempl\sedsvc.exe"

C:\WINDOWS\system32\svchost.exe -k LocalService -p
/S
c:\windows\system32\svchost.exe -k printworkflow -s PrintWorkflowUserSvc
"C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe"
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
"C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe" -ServerName:WindowsDefaultLockScreen.AppX7y4nbzq37zn4ks9k7amqjywdat7d3j2z.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DsSvc
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe" -ServerName:App.AppXffn3yxqvgawq9fpmnhy90fr3y01d1t5b.mca
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\WINDOWS\system32\browser_broker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
"C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe" -ServerName:App.AppXagta193n5rpf7mheremt3yyfa1g555vc.mca
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe"
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe"
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 724 728 736 8192 732
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe28_ Global\UsGthrCtrlFltPipeMssGthrPipe28 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Veronika and Michael\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Veronika and Michael\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Veronika and Michael\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=74.0.3729.169 --initial-client-data=0x1f0,0x1f4,0x1f8,0x1ec,0x1fc,0x7ffd78038b80,0x7ffd78038b90,0x7ffd78038ba0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=9068 --on-initialized-event-handle=740 --parent-handle=752 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1728,3734987351943736909,14656435166601593205,131072 --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --service-request-channel-token=12698016334648296257 --mojo-platform-channel-handle=1708 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1728,3734987351943736909,14656435166601593205,131072 --lang=en-GB --service-sandbox-type=network --service-request-channel-token=8862301597045796962 --mojo-platform-channel-handle=1984 /prefetch:8
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\WmiApSrv.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,3734987351943736909,14656435166601593205,131072 --disable-gpu-compositing --lang=en-GB --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=18433339999022578869 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,3734987351943736909,14656435166601593205,131072 --disable-gpu-compositing --lang=en-GB --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8507925646169149602 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,3734987351943736909,14656435166601593205,131072 --disable-gpu-compositing --lang=en-GB --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16486139551223796841 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,3734987351943736909,14656435166601593205,131072 --disable-gpu-compositing --lang=en-GB --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=512738148717602465 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,3734987351943736909,14656435166601593205,131072 --disable-gpu-compositing --lang=en-GB --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11969229370204733288 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1728,3734987351943736909,14656435166601593205,131072 --disable-gpu-compositing --lang=en-GB --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3430832594613456358 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe -Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\AUDIODG.EXE 0x508
"C:\Users\Veronika and Michael\Downloads\RSITx64.exe"
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost

======Scheduled tasks folder======

C:\WINDOWS\tasks\Bing Search Engine teref.job - C:\Windows\system32\wscript.exe "C:\ProgramData\{401F857C-CA5D-0FBA-4C9B-91F8D6D91A36}\fefo.txt" "687474703a2f2f77617662736c792e636f6d" "433a5c50726f6772616d446174615c7b34303146383537432d434135442d304642412d344339422d3931463844364439314133367d5c73616c657465" "433a5c50726f6772616d446174615c7b34303146383537432d434135442d304642412d344339422d3931463844364439314133367d5c736f736f6e6164" "//B" "//E:jscript" "--IsErIk"
C:\WINDOWS\tasks\DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
C:\WINDOWS\tasks\DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\G2MUpdateTask-S-1-5-21-994686600-563732649-2125636377-1001.job - C:\Users\Veronika and Michael\AppData\Local\GoToMeeting\13190\g2mupdate.exe
C:\WINDOWS\tasks\G2MUploadTask-S-1-5-21-994686600-563732649-2125636377-1001.job - C:\Users\Veronika and Michael\AppData\Local\GoToMeeting\13190\g2mupload.exe
C:\WINDOWS\tasks\Yahoo! Powered teref.job - C:\Windows\system32\wscript.exe "C:\ProgramData\{A7B762D4-2DF5-E812-AB33-76503171FD9E}\fefo.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b41374237363244342d324446352d453831322d414233332d3736353033313731464439457d5c73616c657465" "433a5c50726f6772616d446174615c7b41374237363244342d324446352d453831322d414233332d3736353033313731464439457d5c736f736f6e6164" "//B" "//E:jscript" "--IsErIk"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-06 166360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2018-04-12 638872]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2019-05-27 262024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BlueStacksFriends"=C:\Users\Veronika and Michael\AppData\Local\Programs\BlueStacksFriends\BlueStacksFriends.exe [2017-08-11 57079872]
"EPLTarget\P0000000000000001"=C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIKE.EXE [2014-12-16 283232]
"VideoGuardMonitor"=C:\Users\Veronika and Michael\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [2018-04-17 2345736]
"EPLTarget\P0000000000000000"=C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIM2E.EXE [2013-12-16 298560]
"AvastBrowserAutoLaunch_31FB6EA7B7AC9C0CAF4EF71615E443DB"=C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2019-05-14 1951280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #1"=C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [2017-09-18 1049600]
"Delete Cached Update Binary"=C:\WINDOWS\system32\cmd.exe [2018-04-12 273920]
"Delete Cached Standalone Update Binary"=C:\WINDOWS\system32\cmd.exe [2018-04-12 273920]
"Uninstall 19.070.0410.0005\amd64"=C:\WINDOWS\system32\cmd.exe [2018-04-12 273920]
"Uninstall 19.070.0410.0005"=C:\WINDOWS\system32\cmd.exe [2018-04-12 273920]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"WebStorage"=C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\ASUSWSLoader.exe [2015-12-24 63272]
"FUFAXRCV"=C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [2017-07-20 653352]
"FUFAXSTM"=C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [2017-07-20 862248]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
avast! SecureLine.lnk - C:\Program Files\AVAST Software\SecureLine\SecureLine.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2019-06-10 18:34:41 ----D---- C:\rsit
2019-06-10 18:34:41 ----D---- C:\Program Files\trend micro
2019-05-27 21:26:16 ----A---- C:\WINDOWS\system32\aswBoot.exe
2019-05-21 05:24:23 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-21 05:24:22 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-21 05:24:20 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2019-05-21 05:24:20 ----A---- C:\WINDOWS\system32\wininet.dll
2019-05-21 05:24:19 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2019-05-21 05:24:17 ----A---- C:\WINDOWS\system32\StartTileData.dll
2019-05-21 05:24:15 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-21 05:24:14 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2019-05-21 05:24:14 ----A---- C:\WINDOWS\system32\Windows.CloudStore.dll
2019-05-21 05:24:14 ----A---- C:\WINDOWS\system32\iertutil.dll
2019-05-21 05:24:14 ----A---- C:\WINDOWS\system32\hvix64.exe
2019-05-21 05:24:14 ----A---- C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-21 05:24:13 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2019-05-21 05:24:13 ----A---- C:\WINDOWS\system32\hvax64.exe
2019-05-21 05:24:12 ----A---- C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-21 05:24:12 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-21 05:24:12 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-21 05:24:11 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2019-05-21 05:24:11 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2019-05-21 05:24:11 ----A---- C:\WINDOWS\system32\winresume.exe
2019-05-21 05:24:11 ----A---- C:\WINDOWS\system32\winload.exe
2019-05-21 05:24:11 ----A---- C:\WINDOWS\system32\tcblaunch.exe
2019-05-21 05:24:11 ----A---- C:\WINDOWS\system32\msvproc.dll
2019-05-21 05:24:11 ----A---- C:\WINDOWS\system32\edgeIso.dll
2019-05-21 05:24:10 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2019-05-21 05:24:09 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2019-05-21 05:24:09 ----A---- C:\WINDOWS\system32\hvloader.dll
2019-05-21 05:24:09 ----A---- C:\WINDOWS\system32\drivers\hvservice.sys
2019-05-21 05:24:08 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.MixedRealityCapture.dll
2019-05-21 05:24:08 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2019-05-21 05:24:08 ----A---- C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-05-21 05:24:08 ----A---- C:\WINDOWS\system32\MSPhotography.dll
2019-05-21 05:24:07 ----A---- C:\WINDOWS\SYSWOW64\MSPhotography.dll
2019-05-21 05:24:07 ----A---- C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-05-17 22:10:37 ----A---- C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-05-15 13:40:41 ----A---- C:\WINDOWS\system32\edgehtml.dll
2019-05-15 13:40:39 ----A---- C:\WINDOWS\system32\mshtml.dll
2019-05-15 13:40:36 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2019-05-15 13:40:34 ----A---- C:\WINDOWS\system32\windows.storage.dll
2019-05-15 13:40:33 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2019-05-15 13:40:32 ----A---- C:\WINDOWS\system32\Chakra.dll
2019-05-15 13:40:31 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-15 13:40:30 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2019-05-15 13:40:30 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2019-05-15 13:40:30 ----A---- C:\WINDOWS\system32\ieframe.dll
2019-05-15 13:40:29 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2019-05-15 13:40:29 ----A---- C:\WINDOWS\system32\win32kfull.sys
2019-05-15 13:40:28 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2019-05-15 13:40:28 ----A---- C:\WINDOWS\system32\jscript9.dll
2019-05-15 13:40:28 ----A---- C:\WINDOWS\system32\EdgeContent.dll
2019-05-15 13:40:28 ----A---- C:\WINDOWS\system32\diagtrack.dll
2019-05-15 13:40:27 ----A---- C:\WINDOWS\system32\SettingSyncCore.dll
2019-05-15 13:40:26 ----A---- C:\WINDOWS\system32\WebRuntimeManager.dll
2019-05-15 13:40:26 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2019-05-15 13:40:26 ----A---- C:\WINDOWS\system32\dosvc.dll
2019-05-15 13:40:25 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2019-05-15 13:40:25 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2019-05-15 13:40:24 ----A---- C:\WINDOWS\system32\wuaueng.dll
2019-05-15 13:40:24 ----A---- C:\WINDOWS\system32\win32kbase.sys
2019-05-15 13:40:24 ----A---- C:\WINDOWS\system32\urlmon.dll
2019-05-15 13:40:24 ----A---- C:\WINDOWS\system32\rpcss.dll
2019-05-15 13:40:24 ----A---- C:\WINDOWS\system32\KernelBase.dll
2019-05-15 13:40:23 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2019-05-15 13:40:23 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2019-05-15 13:40:23 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2019-05-15 13:40:23 ----A---- C:\WINDOWS\system32\drivers\bthport.sys
2019-05-15 13:40:22 ----A---- C:\WINDOWS\system32\NetSetupEngine.dll
2019-05-15 13:40:21 ----A---- C:\WINDOWS\SYSWOW64\msrd3x40.dll
2019-05-15 13:40:21 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2019-05-15 13:40:21 ----A---- C:\WINDOWS\SYSWOW64\GdiPlus.dll
2019-05-15 13:40:21 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2019-05-15 13:40:21 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-15 13:40:21 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2019-05-15 13:40:21 ----A---- C:\WINDOWS\system32\StorSvc.dll
2019-05-15 13:40:21 ----A---- C:\WINDOWS\system32\ole32.dll
2019-05-15 13:40:21 ----A---- C:\WINDOWS\system32\lsasrv.dll
2019-05-15 13:40:21 ----A---- C:\WINDOWS\system32\kernel32.dll
2019-05-15 13:40:21 ----A---- C:\WINDOWS\system32\fcon.dll
2019-05-15 13:40:20 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2019-05-15 13:40:20 ----A---- C:\WINDOWS\SYSWOW64\ole32.dll
2019-05-15 13:40:20 ----A---- C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-15 13:40:20 ----A---- C:\WINDOWS\system32\SettingSyncHost.exe
2019-05-15 13:40:20 ----A---- C:\WINDOWS\system32\ngcsvc.dll
2019-05-15 13:40:20 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2019-05-15 13:40:20 ----A---- C:\WINDOWS\system32\gdi32full.dll
2019-05-15 13:40:20 ----A---- C:\WINDOWS\system32\daxexec.dll
2019-05-15 13:40:19 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2019-05-15 13:40:19 ----A---- C:\WINDOWS\system32\rasmans.dll
2019-05-15 13:40:19 ----A---- C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-15 13:40:18 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncCore.dll
2019-05-15 13:40:18 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2019-05-15 13:40:18 ----A---- C:\WINDOWS\system32\msi.dll
2019-05-15 13:40:17 ----RSH---- C:\WINDOWS\fonts\StaticCache.dat
2019-05-15 13:40:17 ----A---- C:\WINDOWS\SYSWOW64\NetSetupEngine.dll
2019-05-15 13:40:17 ----A---- C:\WINDOWS\system32\werconcpl.dll
2019-05-15 13:40:17 ----A---- C:\WINDOWS\system32\wer.dll
2019-05-15 13:40:17 ----A---- C:\WINDOWS\system32\jscript.dll
2019-05-15 13:40:17 ----A---- C:\WINDOWS\system32\hal.dll
2019-05-15 13:40:17 ----A---- C:\WINDOWS\system32\drivers\intelppm.sys
2019-05-15 13:40:17 ----A---- C:\WINDOWS\system32\browserbroker.dll
2019-05-15 13:40:17 ----A---- C:\WINDOWS\system32\AcGenral.dll
2019-05-15 13:40:16 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncHost.exe
2019-05-15 13:40:16 ----A---- C:\WINDOWS\system32\vbscript.dll
2019-05-15 13:40:16 ----A---- C:\WINDOWS\system32\MPSSVC.dll
2019-05-15 13:40:15 ----A---- C:\WINDOWS\SYSWOW64\AcGenral.dll
2019-05-15 13:40:15 ----A---- C:\WINDOWS\system32\ieproxy.dll
2019-05-15 13:40:15 ----A---- C:\WINDOWS\system32\fontdrvhost.exe
2019-05-15 13:40:14 ----A---- C:\WINDOWS\SYSWOW64\Windows.Internal.Management.dll
2019-05-15 13:40:14 ----A---- C:\WINDOWS\SYSWOW64\wer.dll
2019-05-15 13:40:14 ----A---- C:\WINDOWS\SYSWOW64\kernel32.dll
2019-05-15 13:40:14 ----A---- C:\WINDOWS\SYSWOW64\daxexec.dll
2019-05-15 13:40:14 ----A---- C:\WINDOWS\system32\drivers\processr.sys
2019-05-15 13:40:14 ----A---- C:\WINDOWS\system32\drivers\amdppm.sys
2019-05-15 13:40:14 ----A---- C:\WINDOWS\system32\drivers\amdk8.sys
2019-05-15 13:40:13 ----A---- C:\WINDOWS\SYSWOW64\msv1_0.dll
2019-05-15 13:40:13 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2019-05-15 13:40:13 ----A---- C:\WINDOWS\SYSWOW64\fontdrvhost.exe
2019-05-15 13:40:13 ----A---- C:\WINDOWS\system32\WerFault.exe
2019-05-15 13:40:13 ----A---- C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2019-05-15 13:40:13 ----A---- C:\WINDOWS\system32\msv1_0.dll
2019-05-15 13:40:13 ----A---- C:\WINDOWS\system32\kerberos.dll
2019-05-15 13:40:13 ----A---- C:\WINDOWS\system32\fveapi.dll
2019-05-15 13:40:13 ----A---- C:\WINDOWS\system32\FirewallAPI.dll
2019-05-15 13:40:13 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2019-05-15 13:40:13 ----A---- C:\WINDOWS\system32\domgmt.dll
2019-05-15 13:40:13 ----A---- C:\WINDOWS\system32\dmenrollengine.dll
2019-05-15 13:40:13 ----A---- C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-15 13:40:12 ----A---- C:\WINDOWS\SYSWOW64\MSVideoDSP.dll
2019-05-15 13:40:12 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2019-05-15 13:40:12 ----A---- C:\WINDOWS\SYSWOW64\FirewallAPI.dll
2019-05-15 13:40:12 ----A---- C:\WINDOWS\system32\werui.dll
2019-05-15 13:40:12 ----A---- C:\WINDOWS\system32\profsvc.dll
2019-05-15 13:40:12 ----A---- C:\WINDOWS\system32\Faultrep.dll
2019-05-15 13:40:12 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2019-05-15 13:40:11 ----A---- C:\WINDOWS\SYSWOW64\fveapi.dll
2019-05-15 13:40:11 ----A---- C:\WINDOWS\SYSWOW64\Faultrep.dll
2019-05-15 13:40:11 ----A---- C:\WINDOWS\SYSWOW64\AzureSettingSyncProvider.dll
2019-05-15 13:40:11 ----A---- C:\WINDOWS\system32\nltest.exe
2019-05-15 13:40:11 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2019-05-15 13:40:10 ----A---- C:\WINDOWS\SYSWOW64\wermgr.exe
2019-05-15 13:40:10 ----A---- C:\WINDOWS\SYSWOW64\WerFault.exe
2019-05-15 13:40:10 ----A---- C:\WINDOWS\SYSWOW64\dmenrollengine.dll
2019-05-15 13:40:10 ----A---- C:\WINDOWS\SYSWOW64\cryptdll.dll
2019-05-15 13:40:10 ----A---- C:\WINDOWS\system32\wermgr.exe
2019-05-15 13:40:10 ----A---- C:\WINDOWS\system32\SDDS.dll
2019-05-15 13:40:10 ----A---- C:\WINDOWS\system32\drivers\wfplwfs.sys
2019-05-15 13:40:10 ----A---- C:\WINDOWS\system32\cryptdll.dll
2019-05-15 13:40:10 ----A---- C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2019-05-15 13:40:09 ----A---- C:\WINDOWS\SYSWOW64\werui.dll
2019-05-15 13:40:09 ----A---- C:\WINDOWS\SYSWOW64\WerFaultSecure.exe
2019-05-15 13:40:09 ----A---- C:\WINDOWS\SYSWOW64\OneDriveSettingSyncProvider.dll
2019-05-15 13:40:09 ----A---- C:\WINDOWS\SYSWOW64\msexcl40.dll
2019-05-15 13:40:09 ----A---- C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-15 13:40:09 ----A---- C:\WINDOWS\system32\updatepolicy.dll
2019-05-15 13:40:09 ----A---- C:\WINDOWS\system32\MSVideoDSP.dll
2019-05-15 13:40:09 ----A---- C:\WINDOWS\system32\mdmregistration.dll
2019-05-15 13:40:09 ----A---- C:\WINDOWS\system32\kdnet.dll
2019-05-15 13:40:09 ----A---- C:\WINDOWS\system32\drivers\intelpep.sys
2019-05-15 13:40:09 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2019-05-15 13:40:09 ----A---- C:\WINDOWS\system32\bcdedit.exe
2019-05-15 13:40:09 ----A---- C:\WINDOWS\system32\atmfd.dll
2019-05-15 13:40:08 ----A---- C:\WINDOWS\SYSWOW64\netlogon.dll
2019-05-15 13:40:08 ----A---- C:\WINDOWS\SYSWOW64\msjet40.dll
2019-05-15 13:40:08 ----A---- C:\WINDOWS\SYSWOW64\mdmregistration.dll
2019-05-15 13:40:08 ----A---- C:\WINDOWS\SYSWOW64\ieproxy.dll
2019-05-15 13:40:08 ----A---- C:\WINDOWS\system32\wercplsupport.dll
2019-05-15 13:40:08 ----A---- C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-15 13:40:08 ----A---- C:\WINDOWS\system32\EduPrintProv.exe
2019-05-15 13:40:08 ----A---- C:\WINDOWS\system32\BingASDS.dll
2019-05-15 13:40:07 ----A---- C:\WINDOWS\SYSWOW64\updatepolicy.dll
2019-05-15 13:40:07 ----A---- C:\WINDOWS\SYSWOW64\t2embed.dll
2019-05-15 13:40:07 ----A---- C:\WINDOWS\SYSWOW64\perfproc.dll
2019-05-15 13:40:07 ----A---- C:\WINDOWS\SYSWOW64\mspbde40.dll
2019-05-15 13:40:07 ----A---- C:\WINDOWS\SYSWOW64\msltus40.dll
2019-05-15 13:40:07 ----A---- C:\WINDOWS\SYSWOW64\fontsub.dll
2019-05-15 13:40:07 ----A---- C:\WINDOWS\system32\wersvc.dll
2019-05-15 13:40:07 ----A---- C:\WINDOWS\system32\t2embed.dll
2019-05-15 13:40:07 ----A---- C:\WINDOWS\system32\RDSPnf.exe
2019-05-15 13:40:07 ----A---- C:\WINDOWS\system32\perfproc.dll
2019-05-15 13:40:07 ----A---- C:\WINDOWS\system32\netlogon.dll
2019-05-15 13:40:07 ----A---- C:\WINDOWS\system32\fontsub.dll
2019-05-15 13:40:07 ----A---- C:\WINDOWS\system32\FilterDS.dll
2019-05-15 13:40:07 ----A---- C:\WINDOWS\system32\browserexport.exe
2019-05-15 13:40:07 ----A---- C:\WINDOWS\system32\BFE.DLL
2019-05-15 13:40:06 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2019-05-15 13:40:06 ----A---- C:\WINDOWS\SYSWOW64\olepro32.dll
2019-05-15 13:40:06 ----A---- C:\WINDOWS\SYSWOW64\NetDriverInstall.dll
2019-05-15 13:40:06 ----A---- C:\WINDOWS\SYSWOW64\fveapibase.dll
2019-05-15 13:40:06 ----A---- C:\WINDOWS\SYSWOW64\enrollmentapi.dll
2019-05-15 13:40:06 ----A---- C:\WINDOWS\SYSWOW64\DWWIN.EXE
2019-05-15 13:40:06 ----A---- C:\WINDOWS\SYSWOW64\dtdump.exe
2019-05-15 13:40:06 ----A---- C:\WINDOWS\system32\utcutil.dll
2019-05-15 13:40:06 ----A---- C:\WINDOWS\system32\mdmmigrator.dll
2019-05-15 13:40:06 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2019-05-15 13:40:06 ----A---- C:\WINDOWS\system32\iemigplugin.dll
2019-05-15 13:40:06 ----A---- C:\WINDOWS\system32\fveapibase.dll
2019-05-15 13:40:06 ----A---- C:\WINDOWS\system32\enrollmentapi.dll
2019-05-15 13:40:06 ----A---- C:\WINDOWS\system32\DWWIN.EXE
2019-05-15 13:40:06 ----A---- C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-15 13:40:06 ----A---- C:\WINDOWS\system32\Chakradiag.dll

======List of files/folders modified in the last 1 month======

2019-06-10 18:34:48 ----D---- C:\WINDOWS\system32\drivers\etc
2019-06-10 18:34:41 ----RD---- C:\Program Files
2019-06-10 18:32:07 ----D---- C:\Program Files (x86)\Steam
2019-06-10 18:27:57 ----D---- C:\WINDOWS\Temp
2019-06-10 18:04:30 ----D---- C:\WINDOWS\system32\sru
2019-06-10 16:37:55 ----D---- C:\WINDOWS\system32\SleepStudy
2019-06-10 15:26:44 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2019-06-10 15:18:22 ----D---- C:\WINDOWS\Prefetch
2019-06-10 00:00:01 ----D---- C:\WINDOWS\system32\LogFiles
2019-06-09 18:02:24 ----RD---- C:\WINDOWS\Microsoft.NET
2019-06-09 12:14:12 ----SHDC---- C:\WINDOWS\Installer
2019-06-09 12:14:12 ----SHD---- C:\Config.Msi
2019-06-09 12:11:34 ----AD---- C:\Program Files\Microsoft Office
2019-06-08 00:27:25 ----HD---- C:\Program Files\WindowsApps
2019-06-08 00:27:25 ----D---- C:\WINDOWS\AppReadiness
2019-06-06 14:46:11 ----D---- C:\WINDOWS\Tasks
2019-06-06 13:26:59 ----D---- C:\WINDOWS\system32\drivers
2019-06-05 22:11:22 ----D---- C:\WINDOWS\system32\Tasks
2019-06-03 15:19:24 ----SHD---- C:\System Volume Information
2019-06-03 15:03:10 ----D---- C:\WINDOWS\Logs
2019-06-02 22:10:26 ----D---- C:\Program Files\Common Files\microsoft shared
2019-05-31 11:29:17 ----D---- C:\WINDOWS\system32\catroot2
2019-05-28 05:42:22 ----D---- C:\WINDOWS\system32\config
2019-05-27 21:26:16 ----HD---- C:\WINDOWS\ELAMBKUP
2019-05-27 21:26:16 ----D---- C:\WINDOWS\System32
2019-05-27 16:40:12 ----D---- C:\WINDOWS\WinSxS
2019-05-21 06:11:09 ----D---- C:\WINDOWS\TextInput
2019-05-21 06:11:09 ----D---- C:\WINDOWS\SYSWOW64\zu-ZA
2019-05-21 06:11:09 ----D---- C:\WINDOWS\SYSWOW64\yo-NG
2019-05-21 06:11:09 ----D---- C:\WINDOWS\SYSWOW64\xh-ZA
2019-05-21 06:11:09 ----D---- C:\WINDOWS\SYSWOW64\wo-SN
2019-05-21 06:11:09 ----D---- C:\WINDOWS\SYSWOW64\uz-Latn-UZ
2019-05-21 06:11:09 ----D---- C:\WINDOWS\SYSWOW64\tn-ZA
2019-05-21 06:11:09 ----D---- C:\WINDOWS\SYSWOW64\ti-ET
2019-05-21 06:11:09 ----D---- C:\WINDOWS\SYSWOW64\tg-Cyrl-TJ
2019-05-21 06:11:09 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-RS
2019-05-21 06:11:09 ----D---- C:\WINDOWS\SYSWOW64\sr-Cyrl-BA
2019-05-21 06:11:09 ----D---- C:\WINDOWS\SYSWOW64\sd-Arab-PK
2019-05-21 06:11:09 ----D---- C:\WINDOWS\SYSWOW64\rw-RW
2019-05-21 06:11:09 ----D---- C:\WINDOWS\SYSWOW64\quc-Latn-GT
2019-05-21 06:11:09 ----D---- C:\WINDOWS\SYSWOW64\pa-Arab-PK
2019-05-21 06:11:09 ----D---- C:\WINDOWS\SYSWOW64\nso-ZA
2019-05-21 06:11:09 ----D---- C:\WINDOWS\SYSWOW64\ku-Arab-IQ
2019-05-21 06:11:09 ----D---- C:\WINDOWS\SYSWOW64\ig-NG
2019-05-21 06:11:09 ----D---- C:\WINDOWS\SYSWOW64\ha-Latn-NG
2019-05-21 06:11:09 ----D---- C:\WINDOWS\SYSWOW64\chr-CHER-US
2019-05-21 06:11:09 ----D---- C:\WINDOWS\SYSWOW64\ca-ES-valencia
2019-05-21 06:11:09 ----D---- C:\WINDOWS\SYSWOW64\bs-Latn-BA
2019-05-21 06:11:09 ----D---- C:\WINDOWS\SYSWOW64\az-Latn-AZ
2019-05-21 06:11:09 ----D---- C:\WINDOWS\SysWOW64
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\zu-ZA
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\yo-NG
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\xh-ZA
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\wo-SN
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\uz-Latn-UZ
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\tn-ZA
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\ti-ET
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\tg-Cyrl-TJ
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\sr-Cyrl-RS
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\sr-Cyrl-BA
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\sd-Arab-PK
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\rw-RW
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\quc-Latn-GT
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\pa-Arab-PK
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\nso-ZA
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\migration
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\ku-Arab-IQ
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\ig-NG
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\ha-Latn-NG
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\chr-CHER-US
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\ca-ES-valencia
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\bs-Latn-BA
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\Boot
2019-05-21 06:11:09 ----D---- C:\WINDOWS\system32\az-Latn-AZ
2019-05-21 06:11:09 ----D---- C:\WINDOWS\bcastdvr
2019-05-21 06:11:08 ----D---- C:\WINDOWS\system32\DriverStore
2019-05-21 05:30:26 ----D---- C:\WINDOWS\CbsTemp
2019-05-19 19:02:47 ----D---- C:\WINDOWS\LiveKernelReports
2019-05-17 05:38:02 ----D---- C:\Program Files\rempl
2019-05-15 18:04:47 ----RSD---- C:\WINDOWS\assembly
2019-05-15 17:53:40 ----D---- C:\WINDOWS\INF
2019-05-15 17:53:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-15 17:43:44 ----SD---- C:\WINDOWS\system32\DiagSvcs
2019-05-15 17:43:44 ----D---- C:\WINDOWS\system32\en-US
2019-05-15 17:43:43 ----RSD---- C:\WINDOWS\Fonts
2019-05-15 17:43:43 ----D---- C:\WINDOWS\ShellExperiences
2019-05-15 17:43:43 ----D---- C:\WINDOWS\apppatch
2019-05-15 13:39:44 ----D---- C:\WINDOWS\system32\MRT
2019-05-15 13:35:52 ----AC---- C:\WINDOWS\system32\MRT.exe
2019-05-15 13:24:17 ----RD---- C:\Program Files (x86)

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\WINDOWS\system32\drivers\aswbidsh.sys [2019-05-27 205848]
R0 aswbuniv;aswbuniv; C:\WINDOWS\system32\drivers\aswbuniv.sys [2019-05-27 61472]
R0 aswElam;aswElam; C:\WINDOWS\system32\drivers\aswElam.sys [2019-01-07 15488]
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2019-05-27 87944]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2019-05-30 385880]
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2015-12-02 1468416]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2018-12-08 58168]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\WINDOWS\system32\drivers\SgrmAgent.sys [2018-04-12 63896]
R1 afunix;afunix; C:\WINDOWS\system32\drivers\afunix.sys [2018-04-12 39424]
R1 aswArPot;aswArPot; C:\WINDOWS\system32\drivers\aswArPot.sys [2019-05-27 207448]
R1 aswbidsdriver;aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdriver.sys [2019-05-27 262496]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2019-05-27 42288]
R1 aswNetSec;aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [2019-05-27 549200]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2019-05-27 112312]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2019-05-27 1030784]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2019-05-27 477584]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2015-05-08 20096]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-04-12 60320]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2018-04-12 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2018-04-12 8192]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2015-05-08 18048]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2019-06-06 167872]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2019-06-03 225608]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2019-03-14 414720]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2018-12-08 43008]
R3 AiCharger;ASUS Charger Driver; C:\WINDOWS\system32\DRIVERS\AiCharger.sys [2015-05-25 21816]
R3 AsusSGDrv;@oem5.inf,%AsusSGDrv.SvcDesc%;ASUS Touch Service; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [2015-12-18 140280]
R3 BtFilter;BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [2017-03-27 605616]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\WINDOWS\System32\drivers\BTHUSB.sys [2018-04-12 85504]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2018-04-12 60320]
R3 dptf_acpi;dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [2015-11-09 55784]
R3 dptf_cpu;dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [2015-11-09 52200]
R3 esif_lf;esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [2015-11-09 260072]
R3 HIDSwitch;@oem13.inf,%ASSW.DisplayName%;ASUS Wireless Radio Control; C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [2015-08-19 27872]
R3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2018-04-12 171520]
R3 igfx;igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igdkmd64.sys [2016-11-30 11039712]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2015-11-30 4686592]
R3 IntcDAud;@oem4.inf,%IntcAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2016-10-07 822248]
R3 MEIx64;@oem15.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [2015-10-08 185600]
R3 Qcamain10x64;@oem25.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN 11AC device driver; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2017-04-15 2412976]
R3 rt640x64;@oem26.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-07-15 887552]
R3 RTSUER;@oem28.inf,%RtsUER%;Realtek USB Card Reader - UER; C:\WINDOWS\system32\Drivers\RtsUer.sys [2015-09-10 407768]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2018-04-12 38304]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2018-04-12 321432]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\WINDOWS\System32\drivers\iaStorAVC.sys [2018-04-12 885144]
S0 ItSas35i;ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [2018-04-12 145816]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2018-04-12 124312]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2018-04-12 128408]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2018-04-12 75160]
S0 megasas35i;megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [2018-04-12 82328]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2018-04-12 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2018-04-12 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2018-04-12 39840]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2018-08-03 128920]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2018-04-12 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2018-04-12 18432]
S3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\WINDOWS\system32\drivers\bindflt.sys [2019-01-09 92704]
S3 BstkDrv;BlueStacks Plus Hypervisor; \??\C:\Program Files (x86)\BlueStacks\BstkDrv.sys [2017-11-16 270904]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\System32\drivers\BTHport.sys [2019-05-03 1097728]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2018-04-12 39936]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2018-04-12 123392]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2018-04-12 1836952]
S3 dg_ssudbus;@oem3.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2016-09-05 131712]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2018-04-12 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2018-04-12 50592]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2019-05-17 76088]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2018-04-12 27136]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2018-04-12 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2018-04-12 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2018-04-12 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2018-04-12 88576]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2018-04-12 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2018-04-12 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2018-04-12 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2018-04-12 32256]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2018-04-12 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2018-04-12 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2018-04-12 56736]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2018-04-12 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2018-04-12 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2018-04-12 175104]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\WINDOWS\System32\drivers\nvdimm.sys [2018-04-12 104448]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2018-04-12 105984]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2018-04-12 16896]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2019-03-06 945464]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2018-04-12 104448]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2018-04-12 33176]
S4 hvcrash;hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [2018-04-12 33184]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-12-16 83984]
R2 AESMService;Intel® SGX AESM; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe [2018-11-28 3367272]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [2015-07-22 123704]
R2 Asus WebStorage Windows Service;Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe [2015-12-24 75264]
R2 AtherosSvc;AtherosSvc; C:\WINDOWS\system32\AdminService.exe [2017-03-27 347056]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2015-04-01 107320]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2019-05-27 409224]
R2 avast! Firewall;Avast Firewall Service; C:\Program Files\AVAST Software\Avast\afwServ.exe [2019-05-27 416512]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 CDPUserSvc_93667;Connected Devices Platform User Service_93667; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2019-05-29 11145800]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R2 EpsonScanSvc;Epson Scanner Service; C:\WINDOWS\system32\EscSvc64.exe [2012-05-17 144560]
R2 esifsvc;@oem16.inf,%ServiceDisplayName%;ESIF Upper Framework Service; C:\WINDOWS\SysWOW64\esif_uf.exe [2015-11-09 1392792]
R2 GamesAppIntegrationService;GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2015-12-22 349728]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe [2016-11-30 341984]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-10-16 207648]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2015-10-16 415520]
R2 OneSyncSvc_93667;Sync Host_93667; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R2 SecureLine;Avast SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [2016-12-24 592392]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-07-14 760888]
R2 sedsvc;Windows Remediation Service; C:\Program Files\rempl\sedsvc.exe [2019-05-11 362296]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\WINDOWS\system32\SgrmBroker.exe [2018-04-12 163336]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2019-05-28 6844776]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2018-06-08 43648]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-05-22 881152]
R3 Intel(R) Security Assist;Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-05-19 335872]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
R3 PimIndexMaintenanceSvc_93667;Contact Data_93667; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 PrintWorkflowUserSvc_93667;PrintWorkflow_93667; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S2 avast;%1!s! Update Service (avast); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-09-13 164984]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S2 dbupdate;Dropbox Update Service (dbupdate); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-24 143144]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-06 153752]
S2 isaHelperSvc;Intel(R) Security Assist Helper; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-05-19 7680]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 avastm;%1!s! Update Service (avastm); C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-09-13 164984]
S3 AvastSecureBrowserElevationService;Avast Secure Browser Elevation Service; C:\Program Files (x86)\AVAST Software\Browser\Application\74.0.1376.132\elevation_service.exe [2019-05-14 1079424]
S3 AvastWscReporter;AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [2019-05-27 57504]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BcastDVRUserService_93667;GameDVR and Broadcast User Service_93667; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BluetoothUserService_93667;Bluetooth User Support Service_93667; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe [2016-11-30 301536]
S3 cplspcon;Intel(R) Content Protection HDCP Service; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe [2016-11-30 480224]
S3 dbupdatem;Dropbox Update Service (dbupdatem); C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-24 143144]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicePickerUserSvc_93667;DevicePicker_93667; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevicesFlowUserSvc_93667;DevicesFlow_93667; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2019-05-03 90112]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2015-12-22 209952]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\elevation_service.exe [2019-05-21 1267696]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-06 153752]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.11.523\McCHSvc.exe [2017-03-20 404376]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 MessagingService_93667;MessagingService_93667; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2019-05-22 266752]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2018-04-12 1273344]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2019-01-09 85472]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2019-01-09 85472]

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118197
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: hacked email

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

korkis
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 157
Registrován: 16 zář 2007 14:37
Kontaktovat uživatele:

Re: hacked email

#3 Příspěvek od korkis »

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-05-27.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-10-2019
# Duration: 00:00:04
# OS: Windows 10 Home
# Cleaned: 13
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\ICSW1.23
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bytefence.com
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\en.bytefence.com
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKCU\Software\ProductSetup\Uninstall\0B2U2Z1P0F1P1G1R1P1V0A1Q1Q0O1G
Deleted HKCU\Software\ProductSetup\Uninstall\0S1P1T1C1R1MtT0P1C1F2X1L1Q1P1QtT1S2UtT0Y1T1M1F1F
Deleted HKCU\Software\csastats
Deleted HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{26080cad-4adc-49ac-8c63-eda16e595cbd}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\SearchScopes\{26080cad-4adc-49ac-8c63-eda16e595cbd}

***** [ Chromium (and derivatives) ] *****

Deleted EasyPDFCombine for Chrome

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2428 octets] - [10/06/2019 19:04:56]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118197
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: hacked email

#4 Příspěvek od Rudy »

OK. Teď dejte logy FRST+Addition: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

korkis
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 157
Registrován: 16 zář 2007 14:37
Kontaktovat uživatele:

Re: hacked email

#5 Příspěvek od korkis »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-06-2019 01
Ran by Veronika and Michael (administrator) on DESKTOP-DT4GONI (ASUSTeK COMPUTER INC. X556UAM) (10-06-2019 20:12:47)
Running from C:\Users\Veronika and Michael\Desktop
Loaded Profiles: Veronika and Michael (Available Profiles: Veronika and Michael)
Platform: Windows 10 Home Version 1803 17134.766 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ASUS Cloud Corporation -> ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSPanel.exe
(ASUS Cloud Corporation) [File not signed] C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AVAST Software a.s. -> ) C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
(AVAST Software a.s. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Cisco Video Technologies Israel Ltd. -> Cisco) C:\Users\Veronika and Michael\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe
(Intel® Trusted Connect Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [262024 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\ASUSWSLoader.exe [63272 2015-12-24] (ASUS Cloud Corporation -> )
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653352 2017-07-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862248 2017-07-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-994686600-563732649-2125636377-1001\...\Run: [BlueStacksFriends] => C:\Users\Veronika and Michael\AppData\Local\Programs\BlueStacksFriends\BlueStacksFriends.exe [57079872 2017-08-11] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
HKU\S-1-5-21-994686600-563732649-2125636377-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIKE.EXE [283232 2014-12-16] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-994686600-563732649-2125636377-1001\...\Run: [VideoGuardMonitor] => C:\Users\Veronika and Michael\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [2345736 2018-04-17] (Cisco Video Technologies Israel Ltd. -> Cisco)
HKU\S-1-5-21-994686600-563732649-2125636377-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIM2E.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-994686600-563732649-2125636377-1001\...\Run: [AvastBrowserAutoLaunch_31FB6EA7B7AC9C0CAF4EF71615E443DB] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1951280 2019-05-14] (AVAST Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-994686600-563732649-2125636377-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [1049600 2017-09-18] (ASUSTek Computer Inc. -> ASUSTek Computer Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-21] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\74.0.1376.132\Installer\chrmstp.exe [2019-05-29] (AVAST Software s.r.o. -> AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avast! SecureLine.lnk [2016-10-04]
ShortcutTarget: avast! SecureLine.lnk -> C:\Program Files\AVAST Software\SecureLine\SecureLine.exe (AVAST Software a.s. -> AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-04-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe (McAfee, Inc. -> McAfee, Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03038740-C410-4D4C-889E-D2071E470F73} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18416 2015-12-18] (ASUSTeK Computer Inc. -> AsusTek)
Task: {030A2CE9-7865-49FC-93EB-C8D2ECE92ED6} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19782224 2015-05-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {04A68CB7-C957-4028-A3C1-18054186E25C} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {0641587A-48BC-4FE3-A390-7C069A9804F7} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [17920 2016-08-01] () [File not signed]
Task: {0736E707-0002-4C6B-88CE-CD5CB349C48A} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1951280 2019-05-14] (AVAST Software s.r.o. -> AVAST Software)
Task: {276C04D4-8AC3-4570-904D-956A6108C820} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {29D4CA37-181D-499C-A670-1C67C8AACFEE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26165840 2019-05-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {2E66D6EE-F0AB-4E8A-84E4-D4706D5A184C} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [54784 2015-12-02] (ASUS) [File not signed]
Task: {39CD21EB-35CB-4512-AA79-269F27FC6E2F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-24] (Dropbox, Inc -> Dropbox, Inc.)
Task: {40C16C89-5B22-4B8C-9C81-473B802B8152} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-24] (Dropbox, Inc -> Dropbox, Inc.)
Task: {40C6CF48-B916-4DD3-ACC2-78DD1FB6BFC8} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-13] (AVAST Software s.r.o. -> AVAST Software)
Task: {43F52783-EE87-4A54-A8D5-8413C530DD05} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-11-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {4ACCBB73-D045-49FA-963A-E4CAC65D6665} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2015-11-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {5365D1B5-E050-4D5E-B386-8A29115A0649} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdate.exe
Task: {5E62E7A2-3178-44EE-AA1E-8F2381E6A196} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {6430CC72-EBF8-4F8C-AF87-2CCE1878ED23} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1616160 2016-01-19] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {6735D83C-E4C5-434A-B5D9-81E47890C569} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [17920 2016-08-01] () [File not signed]
Task: {7B17F983-8F24-4060-9FB1-65821D298F24} - System32\Tasks\G2MUploadTask-S-1-5-21-994686600-563732649-2125636377-1001 => C:\Users\Veronika and Michael\AppData\Local\GoToMeeting\13190\g2mupload.exe [32256 2019-06-06] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {82CCF898-A6A6-4147-B268-D5203DA2A45E} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [17920 2016-08-01] () [File not signed]
Task: {8CE18837-F090-4D26-931D-1560EB24E9B9} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [585000 2016-09-21] (Dropbox, Inc -> )
Task: {93210028-4A2A-47C4-8AC3-CCCAF95E8D51} - System32\Tasks\Yahoo! Powered teref => C:\Windows\system32\wscript.exe "C:\ProgramData\{A7B762D4-2DF5-E812-AB33-76503171FD9E}\fefo.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b41374237363244342d324446352d453831322d414233332d3736353033313731464439457d5c73616c657465" "433a5c50726f6772616d446174615c7b41374237363244342d324446352d453831322d414233 (the data entry has 78 more characters). <==== ATTENTION
Task: {99F7EF03-0704-44CC-A387-CAC43F2DA49E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-01-06] (Google Inc -> Google Inc.)
Task: {A2AB61D5-D872-47C1-967A-EAD1E3C91A7B} - System32\Tasks\ASUS\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe [1049600 2017-09-18] (ASUSTek Computer Inc. -> ASUSTek Computer Inc)
Task: {A55314AB-46B7-4D82-8764-5A718C568BEB} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [863040 2016-12-24] (AVAST Software a.s. -> AVAST Software)
Task: {AE2503A3-3B9A-4AF8-A25A-BA3ADA17B6EB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {B96094E4-AA90-4EC9-8269-D54E3D33046D} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1951280 2019-05-14] (AVAST Software s.r.o. -> AVAST Software)
Task: {BB83ED93-C5E2-406D-986E-F81B934BCC03} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26165840 2019-05-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {BEACC45C-CD3C-4709-BA50-6EEA5BDD86F7} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149528 2019-06-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {C0B35434-A300-4E92-B7B1-DDBA5A8BA9C4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {C5BCB34C-C38E-4037-AAC2-8893F3262D62} - System32\Tasks\G2MUpdateTask-S-1-5-21-994686600-563732649-2125636377-1001 => C:\Users\Veronika and Michael\AppData\Local\GoToMeeting\13190\g2mupdate.exe [32256 2019-06-06] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {D0AB359C-1696-460D-8431-29B48FE2C92C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2281944 2019-06-05] (AVAST Software s.r.o. -> AVAST Software)
Task: {E406A1CF-40CE-46EB-8AF5-AB9EE973C9BB} - System32\Tasks\Bing Search Engine teref => C:\Windows\system32\wscript.exe "C:\ProgramData\{401F857C-CA5D-0FBA-4C9B-91F8D6D91A36}\fefo.txt" "687474703a2f2f77617662736c792e636f6d" "433a5c50726f6772616d446174615c7b34303146383537432d434135442d304642412d344339422d3931463844364439314133367d5c73616c657465" "433a5c50726f6772616d446174615c7b34303146383537432d434135442d304642412d34 (the data entry has 82 more characters). <==== ATTENTION
Task: {E618634F-A409-4BDF-A584-5BB88779D913} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2934152 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
Task: {E8E94B1E-656F-415D-9716-C7A24EACB862} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149528 2019-06-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {EC3E3464-37F5-4785-AE11-114E15184F69} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2208888 2019-06-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {F3C22AEB-897E-4179-88FE-34D68F1F4045} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2208888 2019-06-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {F6A62F11-2BE5-4E60-BDF3-01D882499CF3} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-13] (AVAST Software s.r.o. -> AVAST Software)
Task: {F9A9B86B-B1F3-48D7-B381-D04ADCF34C78} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-01-06] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Bing Search Engine teref.job => Wscript.exe C:\ProgramData\{401F857C-CA5D-0FBA-4C9B-91F8D6D91A36}\fefo.txt <==== ATTENTION
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-994686600-563732649-2125636377-1001.job => C:\Users\Veronika and Michael\AppData\Local\GoToMeeting\13190\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-994686600-563732649-2125636377-1001.job => C:\Users\Veronika and Michael\AppData\Local\GoToMeeting\13190\g2mupload.exe
Task: C:\WINDOWS\Tasks\Yahoo! Powered teref.job => Wscript.exe C:\ProgramData\{A7B762D4-2DF5-E812-AB33-76503171FD9E}\fefo.txt <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1d07795a-b4db-4657-845d-523d9075be46}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{52a43fc3-30fb-49b0-9e93-825828c48a5d}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{6e3f8e59-6b3f-4f92-aaca-e86f7bf59bcb}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e7e923cd-7e07-4de3-92e7-91ce266ac48c}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{f9e38274-1f3c-494b-bb83-cf2e161e35a6}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sgnsft_16_51_ssg01&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtBtDtAzz0CtDzz0BtAtCzyzytDyD0FtN0D0Tzu0StCzztCzytN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDtB0AzzzztByD0CtGyB0E0CzytG0CyDtA0FtGtDtAyE0BtGtDyDtAtCyByE0BtDzy0F0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyCtAyB0EyDyCyBtGyEtD0DtDtGyE0DyB0AtGzz0E0E0CtGzyyBzz0F0F0DtB0A0D0C0C0F2QtN0A0LzuyE%26cr%3D1902922560%26a%3Dwbf_sgnsft_16_51_ssg01%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-994686600-563732649-2125636377-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-994686600-563732649-2125636377-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05 ... earchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05 ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05 ... earchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05 ... earchTerms}
SearchScopes: HKU\S-1-5-21-994686600-563732649-2125636377-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-994686600-563732649-2125636377-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-09] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-06-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @samsungsmartcam.com/npwViewer -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib.dll [2016-08-22] (Hanwha Techwin Co., Ltd. -> Samsung Techwin) [File not signed]
FF Plugin-x32: @samsungsmartcam.com/npwViewer_turn -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib_turn.dll [2016-08-22] (Hanwha Techwin Co., Ltd. -> Samsung Techwin) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-22] (WildTangent Inc -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: samsungtechwin.com/SmartCamFinder -> C:\Program Files (x86)\Samsung\SmartCam\npSmartCamFinder.dll [2016-08-22] (Hanwha Techwin Co., Ltd. -> Samsung Techwin) [File not signed]
FF Plugin HKU\S-1-5-21-994686600-563732649-2125636377-1001: @samsungsmartcam.com/npwViewer -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib.dll [2016-08-22] (Hanwha Techwin Co., Ltd. -> Samsung Techwin) [File not signed]
FF Plugin HKU\S-1-5-21-994686600-563732649-2125636377-1001: @samsungsmartcam.com/npwViewer_turn -> C:\Program Files (x86)\Samsung\SmartCam\npwViewer_lib_turn.dll [2016-08-22] (Hanwha Techwin Co., Ltd. -> Samsung Techwin) [File not signed]
FF Plugin HKU\S-1-5-21-994686600-563732649-2125636377-1001: samsungtechwin.com/SmartCamFinder -> C:\Program Files (x86)\Samsung\SmartCam\npSmartCamFinder.dll [2016-08-22] (Hanwha Techwin Co., Ltd. -> Samsung Techwin) [File not signed]

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR Profile: C:\Users\Veronika and Michael\AppData\Local\Google\Chrome\User Data\Default [2019-06-10]
CHR Extension: (Slides) - C:\Users\Veronika and Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Veronika and Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Veronika and Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-06]
CHR Extension: (YouTube) - C:\Users\Veronika and Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-06]
CHR Extension: (Adobe Acrobat) - C:\Users\Veronika and Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-10]
CHR Extension: (Sheets) - C:\Users\Veronika and Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Veronika and Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Veronika and Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Veronika and Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\Veronika and Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-25]
CHR Profile: C:\Users\Veronika and Michael\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-05-28]
CHR Profile: C:\Users\Veronika and Michael\AppData\Local\Google\Chrome\User Data\System Profile [2019-05-28]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESMService; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe [3367272 2018-11-28] (Intel(R) Software Development Products -> Intel Corporation)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe [75264 2015-12-24] (ASUS Cloud Corporation) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6844776 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-13] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [409224 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [416512 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-09-13] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\74.0.1376.132\elevation_service.exe [1079424 2019-05-14] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11145800 2019-05-29] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-24] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-24] (Dropbox, Inc -> Dropbox, Inc.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-11-09] (Intel(R) Software -> Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-22] (WildTangent Inc -> WildTangent)
R3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.523\McCHSvc.exe [404376 2017-03-20] (McAfee, Inc. -> McAfee, Inc.)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-12-24] (AVAST Software a.s. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-06-07] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-06-07] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [18048 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [140280 2015-12-18] (ASUSTeK Computer Inc. -> ASUS Corporation)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [207448 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [262496 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [205848 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61472 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-07] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [167872 2019-06-06] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [549200 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112312 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87944 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030784 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [477584 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [225608 2019-06-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [385880 2019-05-30] (AVAST Software s.r.o. -> AVAST Software)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-11-16] (Bluestack Systems, Inc. -> Bluestack System Inc. )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2015-11-09] (Intel(R) Software -> Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-11-09] (Intel(R) Software -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-11-09] (Intel(R) Software -> Intel Corporation)
R3 Qcamain10x64; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2412976 2017-04-15] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek Semiconductor Corp -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [407768 2015-09-10] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-06-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [313384 2018-06-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-06-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-10 20:12 - 2019-06-10 20:13 - 000039409 _____ C:\Users\Veronika and Michael\Desktop\FRST.txt
2019-06-10 20:12 - 2019-06-10 20:12 - 000000000 ____D C:\FRST
2019-06-10 20:10 - 2019-06-10 20:10 - 002418688 _____ (Farbar) C:\Users\Veronika and Michael\Desktop\FRST64.exe
2019-06-10 19:04 - 2019-06-10 19:05 - 000000000 ____D C:\AdwCleaner
2019-06-10 19:02 - 2019-06-10 19:03 - 007025360 _____ (Malwarebytes) C:\Users\Veronika and Michael\Desktop\adwcleaner_7.3.exe
2019-06-10 18:34 - 2019-06-10 18:34 - 000000000 ____D C:\rsit
2019-06-10 18:34 - 2019-06-10 18:34 - 000000000 ____D C:\Program Files\trend micro
2019-06-10 18:33 - 2019-06-10 18:33 - 001222144 _____ C:\Users\Veronika and Michael\Desktop\RSITx64.exe
2019-06-09 14:18 - 2019-06-10 18:32 - 000000000 ____D C:\Users\Veronika and Michael\Documents\carehomes
2019-06-07 11:00 - 2019-06-07 11:00 - 000139976 _____ C:\Users\Veronika and Michael\Desktop\Statement (1).pdf
2019-05-27 21:26 - 2019-05-27 21:25 - 000363400 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-05-27 13:14 - 2019-05-27 13:15 - 000000000 ____D C:\Users\Veronika and Michael\Documents\somerset house
2019-05-21 05:24 - 2019-05-17 13:10 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-05-21 05:24 - 2019-05-17 10:16 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-05-21 05:24 - 2019-05-17 09:12 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-05-21 05:24 - 2019-05-17 07:49 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-05-21 05:24 - 2019-05-17 07:43 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-05-21 05:24 - 2019-05-17 07:42 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-05-21 05:24 - 2019-05-17 07:42 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-05-21 05:24 - 2019-05-17 07:41 - 001220112 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-05-21 05:24 - 2019-05-17 07:41 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-05-21 05:24 - 2019-05-17 07:41 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-05-21 05:24 - 2019-05-17 07:39 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-05-21 05:24 - 2019-05-17 07:39 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-05-21 05:24 - 2019-05-17 07:39 - 002768952 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-05-21 05:24 - 2019-05-17 07:39 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-05-21 05:24 - 2019-05-17 07:39 - 001260272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-05-21 05:24 - 2019-05-17 07:39 - 001140992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-05-21 05:24 - 2019-05-17 07:39 - 001098064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-05-21 05:24 - 2019-05-17 07:39 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-05-21 05:24 - 2019-05-17 07:22 - 006568016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-21 05:24 - 2019-05-17 07:22 - 002256560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-05-21 05:24 - 2019-05-17 07:21 - 001130784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-05-21 05:24 - 2019-05-17 07:07 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-05-21 05:24 - 2019-05-17 07:06 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-05-21 05:24 - 2019-05-17 07:06 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-05-21 05:24 - 2019-05-17 07:04 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-05-21 05:24 - 2019-05-17 07:04 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-05-21 05:24 - 2019-05-17 07:04 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-05-21 05:24 - 2019-05-17 07:03 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-05-21 05:24 - 2019-05-17 07:03 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-05-21 05:24 - 2019-05-17 07:03 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-05-21 05:24 - 2019-05-17 07:03 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-05-21 05:24 - 2019-05-17 07:01 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-05-21 05:24 - 2019-05-17 07:00 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-05-21 05:24 - 2019-05-17 07:00 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-05-21 05:24 - 2019-05-17 06:59 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-05-21 05:24 - 2019-05-17 06:57 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-05-21 05:24 - 2019-05-17 05:44 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-05-20 22:47 - 2019-05-20 22:47 - 000000000 _____ C:\WINDOWS\system32\last.dump
2019-05-20 15:02 - 2019-06-07 23:44 - 000000000 ____D C:\Users\Veronika and Michael\Documents\st philipsplan
2019-05-17 22:10 - 2019-02-13 06:47 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-05-15 13:40 - 2019-05-03 13:14 - 000790208 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-05-15 13:40 - 2019-05-03 13:13 - 001376472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-05-15 13:40 - 2019-05-03 13:13 - 000396088 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2019-05-15 13:40 - 2019-05-03 12:55 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-05-15 13:40 - 2019-05-03 12:54 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-05-15 13:40 - 2019-05-03 12:52 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-05-15 13:40 - 2019-05-03 12:51 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-05-15 13:40 - 2019-05-03 12:50 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-05-15 13:40 - 2019-05-03 12:50 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-05-15 13:40 - 2019-05-03 12:49 - 001288704 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-05-15 13:40 - 2019-05-03 12:49 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-05-15 13:40 - 2019-05-03 12:49 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-05-15 13:40 - 2019-05-03 12:43 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-05-15 13:40 - 2019-05-03 12:43 - 000662328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-05-15 13:40 - 2019-05-03 12:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-05-15 13:40 - 2019-05-03 12:30 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-05-15 13:40 - 2019-05-03 12:28 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-05-15 13:40 - 2019-05-03 12:28 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-05-15 13:40 - 2019-05-03 12:27 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-05-15 13:40 - 2019-05-03 12:26 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-05-15 13:40 - 2019-05-03 12:25 - 004055040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-05-15 13:40 - 2019-05-03 12:25 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-05-15 13:40 - 2019-05-03 07:43 - 000177128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2019-05-15 13:40 - 2019-05-03 07:34 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-05-15 13:40 - 2019-05-03 07:33 - 000709720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-05-15 13:40 - 2019-05-03 07:33 - 000063072 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdll.dll
2019-05-15 13:40 - 2019-05-03 07:32 - 000793640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-05-15 13:40 - 2019-05-03 07:32 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-05-15 13:40 - 2019-05-03 07:32 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-05-15 13:40 - 2019-05-03 07:32 - 000438984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-05-15 13:40 - 2019-05-03 07:32 - 000209208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-05-15 13:40 - 2019-05-03 07:32 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-05-15 13:40 - 2019-05-03 07:32 - 000164664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-05-15 13:40 - 2019-05-03 07:31 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-05-15 13:40 - 2019-05-03 07:31 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-05-15 13:40 - 2019-05-03 07:31 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-05-15 13:40 - 2019-05-03 07:31 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-05-15 13:40 - 2019-05-03 07:31 - 000115728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-05-15 13:40 - 2019-05-03 07:20 - 000434704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-05-15 13:40 - 2019-05-03 07:20 - 000384976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-05-15 13:40 - 2019-05-03 07:20 - 000192016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-05-15 13:40 - 2019-05-03 07:20 - 000146920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-05-15 13:40 - 2019-05-03 07:19 - 006043712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-05-15 13:40 - 2019-05-03 07:19 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-05-15 13:40 - 2019-05-03 07:19 - 000056288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdll.dll
2019-05-15 13:40 - 2019-05-03 07:12 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-05-15 13:40 - 2019-05-03 07:10 - 022017024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-05-15 13:40 - 2019-05-03 07:05 - 022716416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-05-15 13:40 - 2019-05-03 07:02 - 019401216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-05-15 13:40 - 2019-05-03 07:02 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-05-15 13:40 - 2019-05-03 07:01 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-05-15 13:40 - 2019-05-03 07:00 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-05-15 13:40 - 2019-05-03 07:00 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-15 13:40 - 2019-05-03 07:00 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2019-05-15 13:40 - 2019-05-03 06:59 - 007593472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-05-15 13:40 - 2019-05-03 06:59 - 005788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-05-15 13:40 - 2019-05-03 06:59 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-05-15 13:40 - 2019-05-03 06:59 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-05-15 13:40 - 2019-05-03 06:59 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-05-15 13:40 - 2019-05-03 06:59 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-05-15 13:40 - 2019-05-03 06:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-05-15 13:40 - 2019-05-03 06:58 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-05-15 13:40 - 2019-05-03 06:58 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-05-15 13:40 - 2019-05-03 06:58 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-05-15 13:40 - 2019-05-03 06:57 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-05-15 13:40 - 2019-05-03 06:57 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-05-15 13:40 - 2019-05-03 06:57 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-05-15 13:40 - 2019-05-03 06:57 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-05-15 13:40 - 2019-05-03 06:56 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-05-15 13:40 - 2019-05-03 06:56 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2019-05-15 13:40 - 2019-05-03 06:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-05-15 13:40 - 2019-05-03 06:55 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-05-15 13:40 - 2019-05-03 06:55 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-05-15 13:40 - 2019-05-03 06:55 - 000659968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2019-05-15 13:40 - 2019-05-03 06:54 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-05-15 13:40 - 2019-05-03 06:54 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-05-15 13:40 - 2019-05-03 06:54 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-05-15 13:40 - 2019-05-03 06:54 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-05-15 13:40 - 2019-05-03 06:54 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-05-15 13:40 - 2019-05-03 06:54 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-05-15 13:40 - 2019-05-03 06:54 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-05-15 13:40 - 2019-05-03 06:54 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-05-15 13:40 - 2019-05-03 06:54 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-05-15 13:40 - 2019-05-03 06:54 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-05-15 13:40 - 2019-05-03 06:53 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2019-05-15 13:40 - 2019-05-03 06:53 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2019-05-15 13:40 - 2019-05-03 06:53 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2019-05-15 13:40 - 2019-05-03 06:53 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2019-05-15 13:40 - 2019-04-19 11:55 - 001634920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-05-15 13:40 - 2019-04-19 11:54 - 000720200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-05-15 13:40 - 2019-04-19 11:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-05-15 13:40 - 2019-04-19 11:39 - 012754944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-05-15 13:40 - 2019-04-19 11:38 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDSPnf.exe
2019-05-15 13:40 - 2019-04-19 11:38 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll
2019-05-15 13:40 - 2019-04-19 11:36 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-05-15 13:40 - 2019-04-19 11:34 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-05-15 13:40 - 2019-04-19 10:44 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-05-15 13:40 - 2019-04-19 10:37 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-05-15 13:40 - 2019-04-19 10:30 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll
2019-05-15 13:40 - 2019-04-19 10:28 - 011940864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-05-15 13:40 - 2019-04-19 10:26 - 002405888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-05-15 13:40 - 2019-04-19 10:25 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-05-15 13:40 - 2019-04-19 06:07 - 000985400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-05-15 13:40 - 2019-04-19 06:06 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-05-15 13:40 - 2019-04-19 06:06 - 000798520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-05-15 13:40 - 2019-04-19 06:06 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-05-15 13:40 - 2019-04-19 06:06 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-05-15 13:40 - 2019-04-19 06:06 - 000274232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-05-15 13:40 - 2019-04-19 06:02 - 000831800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-05-15 13:40 - 2019-04-19 06:01 - 001982008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-05-15 13:40 - 2019-04-19 06:01 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-05-15 13:40 - 2019-04-19 06:01 - 000576016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-05-15 13:40 - 2019-04-19 06:01 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-05-15 13:40 - 2019-04-19 05:43 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-05-15 13:40 - 2019-04-19 05:42 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-05-15 13:40 - 2019-04-19 05:41 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-05-15 13:40 - 2019-04-19 05:41 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\EduPrintProv.exe
2019-05-15 13:40 - 2019-04-19 05:40 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-05-15 13:40 - 2019-04-19 05:40 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-05-15 13:40 - 2019-04-19 05:40 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-05-15 13:40 - 2019-04-19 05:40 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2019-05-15 13:40 - 2019-04-19 05:40 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetDriverInstall.dll
2019-05-15 13:40 - 2019-04-19 05:39 - 000567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-05-15 13:40 - 2019-04-19 05:39 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-05-15 13:40 - 2019-04-19 05:39 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll
2019-05-15 13:40 - 2019-04-19 05:39 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-05-15 13:40 - 2019-04-19 05:39 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-05-15 13:40 - 2019-04-19 05:38 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-05-15 13:40 - 2019-04-19 05:38 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-05-15 13:40 - 2019-04-19 05:38 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-05-15 13:40 - 2019-04-19 05:38 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-05-15 13:40 - 2019-04-19 05:38 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2019-05-15 13:40 - 2019-04-19 05:38 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-05-15 13:40 - 2019-04-19 05:37 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-05-15 13:40 - 2019-04-19 05:37 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2019-05-15 13:40 - 2019-04-19 05:37 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2019-05-15 13:40 - 2019-04-19 05:37 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2019-05-15 13:40 - 2019-04-19 05:37 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-05-15 13:40 - 2019-04-19 05:37 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-05-15 13:40 - 2019-04-19 05:37 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-05-15 13:40 - 2019-04-19 05:36 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-05-15 13:40 - 2019-04-19 05:36 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2019-05-15 13:40 - 2019-04-19 05:36 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-05-15 13:40 - 2019-04-19 05:36 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-05-15 13:40 - 2019-04-19 05:36 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2019-05-15 13:40 - 2019-04-19 05:36 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-05-15 13:40 - 2019-04-19 05:36 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-05-15 13:40 - 2019-04-19 05:35 - 001938944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2019-05-15 13:40 - 2019-04-19 05:35 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-05-15 13:40 - 2019-04-19 05:35 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-05-15 13:40 - 2019-04-19 05:35 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-05-15 13:40 - 2019-04-19 05:35 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2019-05-15 13:40 - 2019-04-19 05:35 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-05-15 13:40 - 2019-04-19 05:35 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2019-05-15 13:40 - 2019-04-19 05:35 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-05-15 13:40 - 2019-04-19 05:35 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-05-15 13:40 - 2019-04-19 05:34 - 000935936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-05-15 13:40 - 2019-04-19 05:34 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-05-15 13:40 - 2019-04-19 05:34 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-05-15 13:40 - 2019-04-19 05:34 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-05-15 13:40 - 2019-04-19 05:34 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2019-05-15 13:40 - 2019-04-19 04:18 - 000806360 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-05-15 13:40 - 2019-04-19 04:18 - 000806360 _____ C:\WINDOWS\system32\locale.nls
2019-05-15 13:40 - 2019-04-09 02:48 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-05-15 13:40 - 2019-04-09 02:48 - 000376320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-05-15 13:40 - 2019-04-09 02:48 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-05-15 13:40 - 2019-04-09 02:48 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-05-15 13:40 - 2019-04-09 02:48 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-05-13 13:50 - 2019-05-13 13:50 - 000126349 _____ C:\Users\Veronika and Michael\Desktop\Zandparts_ACLEADFORLAPTOP.pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-10 20:09 - 2018-06-08 17:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-06-10 20:08 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-06-10 19:14 - 2018-06-08 18:07 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-06-10 19:08 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-06-10 19:08 - 2016-12-24 15:33 - 000000000 __SHD C:\Users\Veronika and Michael\IntelGraphicsProfiles
2019-06-10 19:06 - 2018-06-08 18:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-06-10 19:06 - 2018-01-08 17:35 - 000000756 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-994686600-563732649-2125636377-1001.job
2019-06-10 19:06 - 2018-01-08 17:35 - 000000660 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-994686600-563732649-2125636377-1001.job
2019-06-10 19:05 - 2018-06-08 17:38 - 000000000 ____D C:\Users\Veronika and Michael
2019-06-10 19:05 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-06-10 19:04 - 2017-01-11 15:51 - 000000000 ____D C:\Users\Veronika and Michael\Documents\accts
2019-06-10 18:32 - 2017-01-09 03:35 - 000000000 ____D C:\Program Files (x86)\Steam
2019-06-10 15:19 - 2018-06-11 11:38 - 000000000 ____D C:\Users\Veronika and Michael\AppData\Local\Deployment
2019-06-09 12:11 - 2016-10-04 18:26 - 000000000 ____D C:\Program Files\Microsoft Office
2019-06-08 00:27 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-07 23:47 - 2018-01-08 17:35 - 000000000 ____D C:\Users\Veronika and Michael\AppData\Local\GoToMeeting
2019-06-07 22:37 - 2017-11-07 00:11 - 000000000 ____D C:\Users\Veronika and Michael\AppData\Local\Packages
2019-06-06 14:46 - 2018-06-08 18:07 - 000003952 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-994686600-563732649-2125636377-1001
2019-06-06 14:46 - 2018-06-08 18:07 - 000003856 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-994686600-563732649-2125636377-1001
2019-06-06 13:26 - 2018-06-08 14:00 - 000167872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-06-05 22:11 - 2018-06-08 18:07 - 000003406 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-994686600-563732649-2125636377-1001
2019-06-05 22:11 - 2018-06-08 17:38 - 000002410 _____ C:\Users\Veronika and Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-06-05 22:11 - 2016-12-24 15:35 - 000000000 ___RD C:\Users\Veronika and Michael\OneDrive
2019-06-04 19:55 - 2017-01-11 15:51 - 000000000 ____D C:\Users\Veronika and Michael\Documents\LF
2019-06-04 08:18 - 2017-01-11 15:51 - 000000000 ____D C:\Users\Veronika and Michael\Documents\Bristol Forge Ltd
2019-06-03 11:47 - 2018-06-08 14:00 - 000225608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-06-02 22:10 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-05-30 10:36 - 2018-06-08 14:00 - 000385880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-05-29 02:31 - 2019-04-17 15:25 - 000003856 _____ C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2019-05-29 02:31 - 2019-04-17 15:25 - 000003272 _____ C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2019-05-29 02:31 - 2018-09-13 10:20 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-05-29 02:31 - 2018-09-13 10:20 - 000002465 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2019-05-27 21:26 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-05-27 21:25 - 2019-02-13 12:30 - 000549200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2019-05-27 21:25 - 2019-01-14 18:07 - 000262496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-05-27 21:25 - 2019-01-07 12:03 - 000205848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-05-27 21:25 - 2019-01-07 12:03 - 000061472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-05-27 21:25 - 2018-10-27 11:10 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-05-27 21:25 - 2018-06-08 14:00 - 001030784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-05-27 21:25 - 2018-06-08 14:00 - 000477584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-05-27 21:25 - 2018-06-08 14:00 - 000207448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-05-27 21:25 - 2018-06-08 14:00 - 000112312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-05-27 21:25 - 2018-06-08 14:00 - 000087944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-05-27 16:57 - 2017-01-11 15:51 - 000000000 ____D C:\Users\Veronika and Michael\Documents\Dev
2019-05-24 19:24 - 2017-01-11 15:51 - 000000000 ____D C:\Users\Veronika and Michael\Documents\dharart ltd
2019-05-21 21:41 - 2017-01-16 12:59 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-21 21:41 - 2017-01-16 12:59 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-21 06:11 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-05-21 06:11 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-05-21 05:30 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-19 19:02 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-05-17 06:32 - 2019-01-23 12:21 - 000000000 ____D C:\Users\Veronika and Michael\Documents\jsep
2019-05-17 05:38 - 2018-11-16 04:22 - 000000000 ____D C:\Program Files\rempl
2019-05-16 11:32 - 2017-01-11 18:27 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-05-15 17:53 - 2018-06-08 17:52 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-15 17:53 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-05-15 17:47 - 2018-06-08 17:32 - 000397896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-05-15 17:43 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2019-05-15 17:43 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-05-15 13:39 - 2017-01-07 00:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-05-15 13:35 - 2017-01-07 00:17 - 132445408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-05-15 13:23 - 2018-06-08 18:07 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-15 13:23 - 2018-06-08 18:07 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories ================

2017-07-23 00:54 - 2017-07-23 01:39 - 262918640 _____ (BlueStack Systems Inc.) C:\Users\Veronika and Michael\BlueStacks-Installer_BS3_native_87c7f9da2691c7ce6afd55f074457750.exe
2016-12-24 15:57 - 2017-01-06 23:59 - 000018865 _____ () C:\Users\Veronika and Michael\AppData\Roaming\Henom
2016-12-24 15:33 - 2017-10-09 15:47 - 000000184 _____ () C:\Users\Veronika and Michael\AppData\Roaming\sp_data.sys
2016-12-26 11:57 - 2017-01-27 12:03 - 000000244 _____ () C:\Users\Veronika and Michael\AppData\Roaming\WB.CFG
2017-01-07 00:16 - 2017-01-07 00:16 - 000002546 _____ () C:\Users\Veronika and Michael\AppData\Local\recently-used.xbel
2017-08-04 19:27 - 2017-08-04 19:27 - 000000000 _____ () C:\Users\Veronika and Michael\AppData\Local\{50F71D83-F00A-44F8-8547-75A862CB53A4}
2017-08-04 19:08 - 2017-08-04 19:08 - 000000000 _____ () C:\Users\Veronika and Michael\AppData\Local\{8511FD18-8C6B-4AC5-A191-EA1B2DD5AAB9}

==================== FLock ================

2019-06-03 15:19 C:\System Volume Information

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-06-2019 01
Ran by Veronika and Michael (10-06-2019 20:15:05)
Running from C:\Users\Veronika and Michael\Desktop
Windows 10 Home Version 1803 17134.766 (X64) (2018-06-08 17:09:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-994686600-563732649-2125636377-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-994686600-563732649-2125636377-503 - Limited - Disabled)
Guest (S-1-5-21-994686600-563732649-2125636377-501 - Limited - Disabled)
Veronika and Michael (S-1-5-21-994686600-563732649-2125636377-1001 - Administrator - Enabled) => C:\Users\Veronika and Michael
WDAGUtilityAccount (S-1-5-21-994686600-563732649-2125636377-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20034 - Adobe Systems Incorporated)
Andica CorpTax 2016 (HKLM-x32\...\{D2D2FD47-0301-418C-B83A-748649871160}) (Version: 16.00.0003 - Andica Limited)
Ashampoo Photo Optimizer 6 (HKLM-x32\...\{91B33C97-546E-E89A-9F44-0BB2D57DBE96}_is1) (Version: 6.0.20 - Ashampoo GmbH & Co. KG)
Ashampoo ZIP Pro (HKLM-x32\...\{0A11EA01-70D5-56D4-0D19-0C45A40FEE08}_is1) (Version: 1.0.5 - Ashampoo GmbH & Co. KG)
ASUS GIFTBOX (HKLM-x32\...\ASUS GIFTBOX) (Version: 7.6.5 - ASUSTek Computer Inc)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.14.0006 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0041 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.135 - ICEpower a/s)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 19.5.2378 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 74.0.1376.132 - AVAST Software)
Avast SecureLine for Asustek (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.3 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Backup and Sync from Google (HKLM\...\{F9EEDE46-6409-4ECC-8AB6-7062464987A4}) (Version: 3.43.4275.9540 - Google, Inc.)
Basic PAYE Tools (HKLM-x32\...\Basic PAYE Tools - Real Time Information) (Version: 17.2.17125.433 - HM Revenue & Customs)
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.50.66.2547 - BlueStack Systems, Inc.)
BlueStacksFriends 11.0.2 (only current user) (HKU\S-1-5-21-994686600-563732649-2125636377-1001\...\d7102876-3e3d-5287-80d2-e4af8b7891ff) (Version: 11.0.2 - BlueStack Systems, Inc.)
Cisco VideoGuard Player (HKLM-x32\...\{30e4813e-2a86-4e4f-82ea-23df71ca8ffb}) (Version: 10.1.1.6570 - Cisco Systems, Inc)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.3 - ASUSTek Computer Inc.)
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.20.00 - Seiko Epson Corporation)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.54.0.0 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.20.0000 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{1028AD34-EB8A-4136-9A93-27FC60FD0A40}) (Version: 4.4.11 - Seiko Epson Corporation)
EPSON WF-2750 Series Printer Uninstall (HKLM\...\EPSON WF-2750 Series) (Version: - Seiko Epson Corporation)
EPSON XP-302 303 305 306 Series Printer Uninstall (HKLM\...\EPSON XP-302 303 305 306 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
EViews 9 (64-bit) (HKLM\...\{907404D2-8C9D-428D-AB5B-FD8CA68A7305}) (Version: 9.00.0000 - IHS Global Inc.) Hidden
EViews 9 (64-bit) (HKLM-x32\...\InstallShield_{907404D2-8C9D-428D-AB5B-FD8CA68A7305}) (Version: 9.00.0000 - IHS Global Inc.)
GnuCash 2.6.17 (HKLM-x32\...\GnuCash_is1) (Version: - GnuCash Development Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
GoToMeeting 8.45.2.13190 (HKU\S-1-5-21-994686600-563732649-2125636377-1001\...\GoToMeeting) (Version: 8.45.2.13190 - LogMeIn, Inc.)
Inkscape 0.91 (HKLM-x32\...\Inkscape) (Version: 0.91 - )
Intel(R) Chipset Device Software (HKLM-x32\...\{a2d9fda8-65eb-4c06-81ef-31e0a4daa335}) (Version: 10.1.1.11 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel(R) Processor Identification Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 1.0.0.0 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
JetBrains PyCharm Community Edition 2019.1.1 (HKLM-x32\...\PyCharm Community Edition 2019.1.1) (Version: 191.6605.12 - JetBrains s.r.o.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.523.1 - McAfee, Inc.)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11629.20214 - Microsoft Corporation)
Microsoft Office Professional 2016 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 16.0.11629.20214 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-994686600-563732649-2125636377-1001\...\OneDriveSetup.exe) (Version: 19.070.0410.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 7 - Notepad++ Team)
NOW TV Player 5.1.0.0 (HKU\S-1-5-21-994686600-563732649-2125636377-1001\...\com.bskyb.nowtvplayer_is1) (Version: 5.1.0.0 - NOW TV)
Nullifire Product Calculator (HKLM-x32\...\{8235723D-DA2D-4818-B9CA-E983C2B43386}) (Version: 6.4.0.0 - FPSI Limited)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11629.20214 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11629.20214 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11629.20214 - Microsoft Corporation) Hidden
Python 3.7.3 (32-bit) (HKU\S-1-5-21-994686600-563732649-2125636377-1001\...\{24ac8299-2abd-4ddd-8be3-031debb6093c}) (Version: 3.7.3150.0 - Python Software Foundation)
Python 3.7.3 Core Interpreter (32-bit) (HKLM-x32\...\{33AB9CEA-621E-4064-9FB0-7048E79DB5B5}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Development Libraries (32-bit) (HKLM-x32\...\{52DDE5D8-B45C-4C1D-81DD-D72317DE8B08}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Documentation (32-bit) (HKLM-x32\...\{2BC067C0-B392-49C0-988B-C839C62D8B65}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Executables (32-bit) (HKLM-x32\...\{E3E61712-C062-45E7-8348-D7DBF66FACFD}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 pip Bootstrap (32-bit) (HKLM-x32\...\{9846DC93-4A39-496F-8AE3-0E3AB4EF4385}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Standard Library (32-bit) (HKLM-x32\...\{DC6190E7-D05E-465A-9FB6-7418BC901991}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Tcl/Tk Support (32-bit) (HKLM-x32\...\{1341418F-C713-4943-ACB2-9F4D4743D193}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Test Suite (32-bit) (HKLM-x32\...\{FE5E4BF9-7487-4CE8-A2AC-F78C6B4BE487}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python 3.7.3 Utility Scripts (32-bit) (HKLM-x32\...\{AE9303AD-EBD0-4C85-A9D0-55B1BA972D11}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{A28C27E4-A725-482A-9C65-61EDC0E4D583}) (Version: 3.7.6657.0 - Python Software Foundation)
Qualcomm Atheros 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.10299 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.)
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.2 - VideoLAN)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.6.547 - ASUS Cloud Corporation)
WebViewer Plugin (HKLM-x32\...\{2DEF112F-847B-4DC4-9FC9-97EB52E2D7FC}) (Version: 2.3.0.1 - Samsung Techwin Co., Ltd.) Hidden
WebViewer Plugin (HKLM-x32\...\InstallShield_{2DEF112F-847B-4DC4-9FC9-97EB52E2D7FC}) (Version: 2.3.0.1 - Samsung Techwin Co., Ltd.)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.1.1.8 - WildTangent)
Windows Driver Package - ASUS (AsusSGDrv) Mouse (11/11/2015 8.1.0.23) (HKLM\...\CE9F8A5C26E472BB4969272641CF8811329A5E29) (Version: 11/11/2015 8.1.0.23 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.1.0 - ASUS)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
Yahoo! Powered (HKLM-x32\...\{7A6092A0-2AE0-4320-9B60-33A04BE0E020}) (Version: - ) <==== ATTENTION

Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.140.300.0_x86__kgqvnymyfvs32 [2019-05-29] (king.com)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-04-04] (Microsoft Corporation) [MS Ad]
Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-09] (Microsoft Corporation)
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-02-13] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.3.4032.0_x86__8wekyb3d8bbwe [2019-04-10] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.29.10701.0_x64__8wekyb3d8bbwe [2019-03-22] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.28.3242.0_x64__8wekyb3d8bbwe [2018-12-15] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_2.3.1055.0_x64__a2t3txkz9j1jw [2017-06-10] (MAGIX)
MyASUS-Service Center -> C:\Program Files\WindowsApps\B9ECED6F.MyASUS_3.3.11.0_x86__qmba6cd70vzyy [2018-04-27] (ASUSTeK COMPUTER INC.)
TripAdvisor Hotels Flights Restaurants -> C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotelsFlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2016-12-24] (TripAdvisor LLC)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-994686600-563732649-2125636377-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Veronika and Michael\AppData\Local\GoToMeeting\8126\G2MOutlookAddin64.dll => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-04-09] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-09-21] (Notepad++ -> )
ContextMenuHandlers1-x32: [ASZip] -> {d03d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Pro\ASZSHLEXT.DLL [2015-10-27] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers1: [ASZip64] -> {d03d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Pro\ASZSHLEXT64.DLL [2015-10-27] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-04-09] (Google LLC -> Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSContextMenu.dll [2015-12-24] (ASUS Cloud Corporation -> ASUS Cloud Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-04-09] (Google LLC -> Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxDTCM.dll [2016-11-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6-x32: [ASZip] -> {d03d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Pro\ASZSHLEXT.DLL [2015-10-27] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers6: [ASZip64] -> {d03d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Pro\ASZSHLEXT64.DLL [2015-10-27] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Veronika and Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7634a48803fa655b\ASUS GIFTBOX.lnk -> C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe (ASUSTek Computer Inc) -> --user-data-dir="C:\Users\Veronika and Michael\AppData\Local\ASUS GIFTBOX\User Data" --profile-directory=Default --app-id=gicdkbgeaegfghgkdgaejkfeppmlobel

==================== Loaded Modules (Whitelisted) ==============

2015-12-24 08:31 - 2015-12-24 08:31 - 000075264 _____ (ASUS Cloud Corporation) [File not signed] C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe
2015-04-22 14:59 - 2015-04-22 14:59 - 001489920 _____ (ASUS Cloud Corporation.) [File not signed] C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll
2015-05-19 09:11 - 2015-05-19 09:11 - 000335872 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
2016-09-14 15:31 - 2016-09-14 15:31 - 000500736 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2019-06-10 18:34 - 000000895 _____ C:\WINDOWS\system32\drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

2017-07-28 11:42 - 2017-07-28 11:42 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-994686600-563732649-2125636377-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\asus\wallpapers\asus.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKU\S-1-5-21-994686600-563732649-2125636377-1001\...\StartupApproved\Run: => "BlueStacksFriends"
HKU\S-1-5-21-994686600-563732649-2125636377-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-994686600-563732649-2125636377-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
HKU\S-1-5-21-994686600-563732649-2125636377-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_31FB6EA7B7AC9C0CAF4EF71615E443DB"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C396B04A-9807-412D-B31E-821B6A1679A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empire Total War\Empire.exe (Sega Europe Limited -> The Creative Assembly Ltd)
FirewallRules: [{4F3F554F-0E3A-40EA-A98A-5C700CE11829}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empire Total War\Empire.exe (Sega Europe Limited -> The Creative Assembly Ltd)
FirewallRules: [{C04BE950-D466-4AAF-9A7B-316EC78311CB}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [UDP Query User{926DA681-2E25-49DF-990B-096E4C5DEE49}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{D4302475-59E9-4677-8BF6-2D917070DDBF}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5BB6939E-643F-49A0-B391-2151F8F7ECB0}] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [{585AC687-438C-427D-9A46-4B5A9E9C6917}] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [UDP Query User{70DBDE31-A670-42E6-840C-7E869CCF45DF}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [TCP Query User{50EE3789-02A9-486B-87EC-D12BD32AE8CB}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [{B7756D30-E5C9-411D-8AB2-995486B26194}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{173A73C8-DA77-4610-AC39-C45416701D3D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{AA55BBD4-7EA9-4CB9-A3C1-2A47048454DF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{81BB9EDD-613B-4EC3-B46A-170A7C8FABC1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{4893065A-75B4-411A-80F7-0EBE737C157C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{B29290A6-BDB5-42D5-AF04-AA26D5A54D86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{1D296E26-3C53-450C-AF07-76D6727CCF6E}] => (Allow) C:\Users\Veronika and Michael\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe No File
FirewallRules: [{B843CACE-D479-47D3-BE45-6921961356E3}] => (Allow) C:\Users\Veronika and Michael\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe No File
FirewallRules: [{1448FD62-2560-4538-86A4-0DC2D0E891FC}] => (Allow) C:\Users\Veronika and Michael\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe No File
FirewallRules: [{50B5AA93-C4C4-40AE-8AD6-6C1D5C756CF0}] => (Allow) C:\Users\Veronika and Michael\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe No File
FirewallRules: [{D6AA0589-D37B-4B70-B0EF-744CE59B7F95}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6DFFD28E-F9F7-411D-80F2-46F102BDE0FF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{A7B6B16A-3F9C-49E2-BD4A-62A3DBF67AC7}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [UDP Query User{42EA44F8-9526-49AE-A030-7B0828D4C6A8}C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [{CFF57778-DFCA-4CF7-98E9-1426F74BEF9B}] => (Block) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [{657E5AB9-38ED-42D3-9A9E-E6A717D0AB52}] => (Block) C:\program files (x86)\steam\steamapps\common\total war attila\attila.exe (SEGA EUROPE LIMITED -> The Creative Assembly Ltd)
FirewallRules: [{BF1A148F-FADB-4A21-84F8-32B69F83070E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{8F4011A6-3B46-4D27-A196-27FAE437DBA6}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{7EE9B8AD-DF6C-4533-91DC-6E0D955CDDA1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3CE73A48-6C08-4315-AF4E-77B9C75E198D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Attila\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{DC40755F-E1C0-4AB5-AA78-67E330C572BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Attila\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{09B05E85-5B11-41C1-A0CB-C8985BF6B760}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{1AD3906D-C433-4257-9214-B41BF8FB5D5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)

==================== Restore Points =========================

27-05-2019 01:02:35 Scheduled Checkpoint
03-06-2019 15:03:16 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2019 07:10:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.17134.766 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1090

Start Time: 01d51fb7a79ba349

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Report Id: 6820670b-5d0a-4f3a-917c-5ad3e20898d4

Faulting package full name: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: CortanaUI

Error: (06/10/2019 03:14:39 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (06/10/2019 03:14:39 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (06/09/2019 11:59:46 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (06/09/2019 11:59:46 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (06/07/2019 12:05:14 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (06/07/2019 10:35:29 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (06/06/2019 01:07:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.17134.619, time stamp: 0x7ba55a2a
Faulting module name: ICEsoundAPO64.dll, version: 1.0.0.18, time stamp: 0x564db767
Exception code: 0xc0000005
Fault offset: 0x00000000000309dc
Faulting process ID: 0x2628
Faulting application start time: 0x01d51c5fa340770b
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\system32\ICEsoundAPO64.dll
Report ID: e43b322d-2c49-4d4c-a1fa-57522723a248
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (06/10/2019 07:31:44 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-DT4GONI)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-DT4GONI\Veronika and Michael SID (S-1-5-21-994686600-563732649-2125636377-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/10/2019 07:25:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/10/2019 07:22:40 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-DT4GONI)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-DT4GONI\Veronika and Michael SID (S-1-5-21-994686600-563732649-2125636377-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/10/2019 07:11:35 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-DT4GONI)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-DT4GONI\Veronika and Michael SID (S-1-5-21-994686600-563732649-2125636377-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/10/2019 07:07:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/10/2019 07:05:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
The service did not start due to a logon failure.

Error: (06/10/2019 07:05:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (06/10/2019 07:05:38 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


CodeIntegrity:
===================================

Date: 2018-10-14 19:02:55.436
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\ashShA64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-14 19:02:54.966
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Common Files\AWS\2.2.6.547\AsusWSShellExt64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-14 19:02:54.960
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Common Files\AWS\2.2.6.547\AsusWSShellExt64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-14 19:02:54.770
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Common Files\AWS\2.2.6.547\AsusWSShellExt64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-14 19:02:53.818
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Google\Drive\googledrivesync64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-14 19:02:53.812
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Google\Drive\googledrivesync64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-10-14 19:02:53.778
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Google\Drive\googledrivesync64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-12 13:41:53.657
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\ashShA64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. X556UAM.308 08/24/2016
Motherboard: ASUSTeK COMPUTER INC. X556UAM
Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 32%
Total physical RAM: 12121.82 MB
Available physical RAM: 8234.87 MB
Total Virtual: 14532.82 MB
Available Virtual: 10838 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1862.26 GB) (Free:1665.83 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{83c4cc43-dbf0-4e0c-bcbd-d5a10e0dac9f}\ (RECOVERY) (Fixed) (Total:0.49 GB) (Free:0.1 GB) NTFS
\\?\Volume{e1fb84bd-5ef0-402a-a7bb-3fb1a28327f6}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: A72E61DB)

Partition: GPT.

==================== End of Addition.txt ============================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118197
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: hacked email

#6 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe (McAfee, Inc. -> McAfee, Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
C:\Program Files\McAfee Security Scan\3.11.523
Task: {276C04D4-8AC3-4570-904D-956A6108C820} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {93210028-4A2A-47C4-8AC3-CCCAF95E8D51} - System32\Tasks\Yahoo! Powered teref => C:\Windows\system32\wscript.exe "C:\ProgramData\{A7B762D4-2DF5-E812-AB33-76503171FD9E}\fefo.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b41374237363244342d324446352d453831322d414233332d3736353033313731464439457d5c73616c657465" "433a5c50726f6772616d446174615c7b41374237363244342d324446352d453831322d414233 (the data entry has 78 more characters). <==== ATTENTION
Task: {99F7EF03-0704-44CC-A387-CAC43F2DA49E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-01-06] (Google Inc -> Google Inc.)
Task: {E406A1CF-40CE-46EB-8AF5-AB9EE973C9BB} - System32\Tasks\Bing Search Engine teref => C:\Windows\system32\wscript.exe "C:\ProgramData\{401F857C-CA5D-0FBA-4C9B-91F8D6D91A36}\fefo.txt" "687474703a2f2f77617662736c792e636f6d" "433a5c50726f6772616d446174615c7b34303146383537432d434135442d304642412d344339422d3931463844364439314133367d5c73616c657465" "433a5c50726f6772616d446174615c7b34303146383537432d434135442d304642412d34 (the data entry has 82 more characters). <==== ATTENTION
Task: {F9A9B86B-B1F3-48D7-B381-D04ADCF34C78} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-01-06] (Google Inc -> Google Inc.)
Task: C:\WINDOWS\Tasks\Bing Search Engine teref.job => Wscript.exe C:\ProgramData\{401F857C-CA5D-0FBA-4C9B-91F8D6D91A36}\fefo.txt <==== ATTENTION
Task: C:\WINDOWS\Tasks\Yahoo! Powered teref.job => Wscript.exe C:\ProgramData\{A7B762D4-2DF5-E812-AB33-76503171FD9E}\fefo.txt <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2 ... c1eb291&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2 ... c1eb291&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2 ... c1eb291&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2 ... c1eb291&q={searchTerms}
SearchScopes: HKU\S-1-5-21-994686600-563732649-2125636377-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-994686600-563732649-2125636377-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Veronika and Michael\AppData\Local\{50F71D83-F00A-44F8-8547-75A862CB53A4}
C:\Users\Veronika and Michael\AppData\Local\{8511FD18-8C6B-4AC5-A191-EA1B2DD5AAB9}
C:\Users\Veronika and Michael\AppData\Roaming\Henom
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{B7756D30-E5C9-411D-8AB2-995486B26194}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{173A73C8-DA77-4610-AC39-C45416701D3D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{1D296E26-3C53-450C-AF07-76D6727CCF6E}] => (Allow) C:\Users\Veronika and Michael\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe No File
FirewallRules: [{B843CACE-D479-47D3-BE45-6921961356E3}] => (Allow) C:\Users\Veronika and Michael\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe No File
FirewallRules: [{1448FD62-2560-4538-86A4-0DC2D0E891FC}] => (Allow) C:\Users\Veronika and Michael\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe No File
FirewallRules: [{50B5AA93-C4C4-40AE-8AD6-6C1D5C756CF0}] => (Allow) C:\Users\Veronika and Michael\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe No File

EmptyTemp:
Hosts:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

korkis
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 157
Registrován: 16 zář 2007 14:37
Kontaktovat uživatele:

Re: hacked email

#7 Příspěvek od korkis »

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-06-2019 01
Ran by Veronika and Michael (10-06-2019 21:18:26) Run:1
Running from C:\Users\Veronika and Michael\Desktop
Loaded Profiles: Veronika and Michael (Available Profiles: Veronika and Michael)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe (McAfee, Inc. -> McAfee, Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
C:\Program Files\McAfee Security Scan\3.11.523
Task: {276C04D4-8AC3-4570-904D-956A6108C820} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {93210028-4A2A-47C4-8AC3-CCCAF95E8D51} - System32\Tasks\Yahoo! Powered teref => C:\Windows\system32\wscript.exe "C:\ProgramData\{A7B762D4-2DF5-E812-AB33-76503171FD9E}\fefo.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b41374237363244342d324446352d453831322d414233332d3736353033313731464439457d5c73616c657465" "433a5c50726f6772616d446174615c7b41374237363244342d324446352d453831322d414233 (the data entry has 78 more characters). <==== ATTENTION
Task: {99F7EF03-0704-44CC-A387-CAC43F2DA49E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-01-06] (Google Inc -> Google Inc.)
Task: {E406A1CF-40CE-46EB-8AF5-AB9EE973C9BB} - System32\Tasks\Bing Search Engine teref => C:\Windows\system32\wscript.exe "C:\ProgramData\{401F857C-CA5D-0FBA-4C9B-91F8D6D91A36}\fefo.txt" "687474703a2f2f77617662736c792e636f6d" "433a5c50726f6772616d446174615c7b34303146383537432d434135442d304642412d344339422d3931463844364439314133367d5c73616c657465" "433a5c50726f6772616d446174615c7b34303146383537432d434135442d304642412d34 (the data entry has 82 more characters). <==== ATTENTION
Task: {F9A9B86B-B1F3-48D7-B381-D04ADCF34C78} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-01-06] (Google Inc -> Google Inc.)
Task: C:\WINDOWS\Tasks\Bing Search Engine teref.job => Wscript.exe C:\ProgramData\{401F857C-CA5D-0FBA-4C9B-91F8D6D91A36}\fefo.txt <==== ATTENTION
Task: C:\WINDOWS\Tasks\Yahoo! Powered teref.job => Wscript.exe C:\ProgramData\{A7B762D4-2DF5-E812-AB33-76503171FD9E}\fefo.txt <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2 ... c1eb291&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2 ... c1eb291&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2 ... c1eb291&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2 ... c1eb291&q={searchTerms}
SearchScopes: HKU\S-1-5-21-994686600-563732649-2125636377-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-994686600-563732649-2125636377-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Veronika and Michael\AppData\Local\{50F71D83-F00A-44F8-8547-75A862CB53A4}
C:\Users\Veronika and Michael\AppData\Local\{8511FD18-8C6B-4AC5-A191-EA1B2DD5AAB9}
C:\Users\Veronika and Michael\AppData\Roaming\Henom
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{B7756D30-E5C9-411D-8AB2-995486B26194}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{173A73C8-DA77-4610-AC39-C45416701D3D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{1D296E26-3C53-450C-AF07-76D6727CCF6E}] => (Allow) C:\Users\Veronika and Michael\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe No File
FirewallRules: [{B843CACE-D479-47D3-BE45-6921961356E3}] => (Allow) C:\Users\Veronika and Michael\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe No File
FirewallRules: [{1448FD62-2560-4538-86A4-0DC2D0E891FC}] => (Allow) C:\Users\Veronika and Michael\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe No File
FirewallRules: [{50B5AA93-C4C4-40AE-8AD6-6C1D5C756CF0}] => (Allow) C:\Users\Veronika and Michael\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe No File

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe => moved successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
C:\Program Files\McAfee Security Scan\3.11.523 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{276C04D4-8AC3-4570-904D-956A6108C820}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{276C04D4-8AC3-4570-904D-956A6108C820}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93210028-4A2A-47C4-8AC3-CCCAF95E8D51}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93210028-4A2A-47C4-8AC3-CCCAF95E8D51}" => removed successfully
C:\WINDOWS\System32\Tasks\Yahoo! Powered teref => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Powered teref" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{99F7EF03-0704-44CC-A387-CAC43F2DA49E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99F7EF03-0704-44CC-A387-CAC43F2DA49E}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E406A1CF-40CE-46EB-8AF5-AB9EE973C9BB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E406A1CF-40CE-46EB-8AF5-AB9EE973C9BB}" => removed successfully
C:\WINDOWS\System32\Tasks\Bing Search Engine teref => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bing Search Engine teref" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9A9B86B-B1F3-48D7-B381-D04ADCF34C78}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9A9B86B-B1F3-48D7-B381-D04ADCF34C78}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
C:\WINDOWS\Tasks\Bing Search Engine teref.job => moved successfully
C:\WINDOWS\Tasks\Yahoo! Powered teref.job => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-21-994686600-563732649-2125636377-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-994686600-563732649-2125636377-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => removed successfully
HKLM\Software\Classes\CLSID\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => not found
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf => removed successfully
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\Users\Veronika and Michael\AppData\Local\{50F71D83-F00A-44F8-8547-75A862CB53A4} => moved successfully
C:\Users\Veronika and Michael\AppData\Local\{8511FD18-8C6B-4AC5-A191-EA1B2DD5AAB9} => moved successfully
C:\Users\Veronika and Michael\AppData\Roaming\Henom => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7756D30-E5C9-411D-8AB2-995486B26194}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{173A73C8-DA77-4610-AC39-C45416701D3D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1D296E26-3C53-450C-AF07-76D6727CCF6E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B843CACE-D479-47D3-BE45-6921961356E3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1448FD62-2560-4538-86A4-0DC2D0E891FC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{50B5AA93-C4C4-40AE-8AD6-6C1D5C756CF0}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 90238179 B
Java, Flash, Steam htmlcache => 380642333 B
Windows/system/drivers => 45458755 B
Edge => 1840749 B
Chrome => 482585019 B
Firefox => 0 B
Opera => 18122658 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 53934 B
LocalService => 0 B
NetworkService => 24034 B
NetworkService => 0 B
Veronika and Michael => 71985545 B

RecycleBin => 1588271264 B
EmptyTemp: => 2.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:19:42 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118197
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: hacked email

#8 Příspěvek od Rudy »

Smazáno. Pro jistotu ještě uděláme hloubkový sken. Stáhněte, nanistalujte a spusťte MBAM: http://www.malwarebytes.org/mbam.php . Proveďte kompletní sken a dejte sem log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

korkis
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 157
Registrován: 16 zář 2007 14:37
Kontaktovat uživatele:

Re: hacked email

#9 Příspěvek od korkis »

tak tady to je

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/06/2019
Scan Time: 12:13
Log File: e506dbb4-8c39-11e9-882a-38d547a58b24.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.10994
Licence: Free

-System Information-
OS: Windows 10 (Build 17134.766)
CPU: x64
File System: NTFS
User: DESKTOP-DT4GONI\Veronika and Michael

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 298950
Threats Detected: 46
Threats Quarantined: 0
Time Elapsed: 7 min, 17 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7A6092A0-2AE0-4320-9B60-33A04BE0E020}, No Action By User, [793], [484244],1.0.10994

Registry Value: 0
(No malicious items detected)

Registry Data: 1
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, No Action By User, [237], [293461],1.0.10994

Data Stream: 0
(No malicious items detected)

Folder: 4
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\HowToRemove, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\USERS\VERONIKA AND MICHAEL\APPDATA\LOCAL\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{401F857C-CA5D-0FBA-4C9B-91F8D6D91A36}, No Action By User, [793], [484243],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{A7B762D4-2DF5-E812-AB33-76503171FD9E}, No Action By User, [793], [484243],1.0.10994

File: 40
PUP.Optional.WinYahoo.TskLnk, C:\USERS\VERONIKA AND MICHAEL\APPDATA\LOCAL\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\delo, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\HowToRemove\chromium-min.jpg, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\HowToRemove\control panel-min-min.JPG, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\HowToRemove\down.png, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\HowToRemove\ff menu.JPG, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\HowToRemove\ff search engine-min.png, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\HowToRemove\HowToRemove.html, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\HowToRemove\hp-min ff.png, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\HowToRemove\hp-min ie.png, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\HowToRemove\search engine.gif, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\HowToRemove\setup pages.gif, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\HowToRemove\sp-min.png, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\HowToRemove\start-min.jpg, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\HowToRemove\up.png, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\bapi_chmm.dat, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\bapi_ff.dat, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\bapi_ie.dat, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\fisi, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\install.log, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\lidi, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\Sqlite3.dll, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\tano, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\uninst.dat, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\uninst.exe, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\Users\Veronika and Michael\AppData\Local\{CEF5F8A9-EA5D-9411-87C5-B1F9A3AD4D61}\uninstp.dat, No Action By User, [793], [484244],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{401F857C-CA5D-0FBA-4C9B-91F8D6D91A36}\simo, No Action By User, [793], [484243],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{401F857C-CA5D-0FBA-4C9B-91F8D6D91A36}\aowLC, No Action By User, [793], [484243],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{401F857C-CA5D-0FBA-4C9B-91F8D6D91A36}\hdat1, No Action By User, [793], [484243],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{401F857C-CA5D-0FBA-4C9B-91F8D6D91A36}\hdat2, No Action By User, [793], [484243],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{401F857C-CA5D-0FBA-4C9B-91F8D6D91A36}\salete, No Action By User, [793], [484243],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{A7B762D4-2DF5-E812-AB33-76503171FD9E}\sale, No Action By User, [793], [484243],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{A7B762D4-2DF5-E812-AB33-76503171FD9E}\aowLC, No Action By User, [793], [484243],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{A7B762D4-2DF5-E812-AB33-76503171FD9E}\hdat1, No Action By User, [793], [484243],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{A7B762D4-2DF5-E812-AB33-76503171FD9E}\hdat2, No Action By User, [793], [484243],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{A7B762D4-2DF5-E812-AB33-76503171FD9E}\salete, No Action By User, [793], [484243],1.0.10994
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{A7B762D4-2DF5-E812-AB33-76503171FD9E}\VXZbj, No Action By User, [793], [484243],1.0.10994
PUP.Optional.WinYahoo, C:\USERS\VERONIKA AND MICHAEL\APPDATA\ROAMING\LUCODEPO\TRZ3222.TMP, No Action By User, [237], [399493],1.0.10994
Generic.Malware/Suspicious, C:\USERS\VERONIKA AND MICHAEL\APPDATA\ROAMING\LUCODEPO\TRZ442C.TMP, No Action By User, [0], [392686],1.0.10994
PUP.Optional.BundleInstaller, C:\USERS\VERONIKA AND MICHAEL\DOWNLOADS\INKSCAPE.EXE, No Action By User, [455], [367467],1.0.10994
PUP.Optional.InstallCore, C:\USERS\VERONIKA AND MICHAEL\DOWNLOADS\VLC_SETUP.EXE.G1HRDKE.PARTIAL, No Action By User, [440], [301065],1.0.10994

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118197
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: hacked email

#10 Příspěvek od Rudy »

Vše smažte a restartujte. Pak by již měl být PC zcela čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

korkis
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 157
Registrován: 16 zář 2007 14:37
Kontaktovat uživatele:

Re: hacked email

#11 Příspěvek od korkis »

Díky moc jste zlatej :wink:

:closed:

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118197
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: hacked email

#12 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno