Asi mam hodne zavireny PC
Napsal: 11 kvě 2013 22:18
Dobry den,
prosim o kontrolu logu, pocitac bol podrobeny online scanu (slovak sro), ktory nasiel 20 virusov a neviem ci boli odstranene. DAKUJEM.
Nizsie prikladam log z DDS (log z RSIT je v prilohe, nedal sa sem vlepit, lebo ma viac ako 80000 znakov). Dakujem este raz.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16384
Run by Danielka at 21:24:21 on 2013-05-11
Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.2043.970 [GMT 1:00]
.
AV: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\dashost.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Windows\sppsvc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\LogonUI.exe
C:\Windows\System32\dwm.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\System32\LogonUI.exe
C:\Windows\System32\dwm.exe
C:\Windows\system32\dwm.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www2.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=E27F0016EA57D642
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [AdobeBridge] <no file>
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
StartupFolder: c:\users\danielka\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\danielka\appdata\roaming\dropbox\bin\Dropbox.exe
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{BDF477AF-0E1C-4F70-90B7-8EABBADBFE32} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{BDF477AF-0E1C-4F70-90B7-8EABBADBFE32}\37965647B616 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BDF477AF-0E1C-4F70-90B7-8EABBADBFE32}\F42377962756C6563737939353637333 : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\danielka\appdata\roaming\mozilla\firefox\profiles\yz92ukrs.default\
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: 2013-04-24 19:52; fhdp@fhdp.tv; c:\users\danielka\appdata\roaming\mozilla\firefox\profiles\yz92ukrs.default\extensions\fhdp@fhdp.tv.xpi
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - e27fcccb0000000000000016ea57d642
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15819
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1619:53:24
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2012-12-17 625816]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2012-8-30 969192]
R3 Ltn_stk7070P;PCTV LITEON based TV tuner device;c:\windows\system32\drivers\Ltn_stk7070P.sys [2008-2-4 542976]
R3 NETwNs32;@netwns32.inf,___ %NIC_Service_DispName_WIN7%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2012-6-2 7518208]
R3 yukonw8;NDIS6.3 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk63x86.sys [2012-7-25 238080]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\drivers\WUDFRd.sys [2012-7-26 155136]
.
=============== File Associations ===============
.
FileExt: .vbs: VBSFile="c:\windows\system32\WScript.exe" "%1" %* [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-11 15:52:32 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d7052c58-f252-49d2-8148-cee64474337f}\mpengine.dll
2013-04-24 17:59:07 -------- d-----w- c:\programdata\Tarma Installer
2013-04-14 18:07:38 -------- d-----w- c:\program files\common files\PCSuite
2013-04-14 18:07:33 -------- d-----w- c:\program files\common files\Nokia
2013-04-14 18:07:28 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2013-04-14 18:07:20 -------- d-----w- c:\program files\PC Connectivity Solution
.
==================== Find3M ====================
.
2018-08-27 06:11:05 132165 ----a-w- c:\windows\system32\slmgr.vbs
2013-03-24 14:23:33 31 ---ha-w- c:\windows\UKCpInfo.sys
2013-03-21 19:58:55 125 ----a-w- c:\windows\xUninstall.bat
.
============= FINISH: 21:25:13.30 ===============
prosim o kontrolu logu, pocitac bol podrobeny online scanu (slovak sro), ktory nasiel 20 virusov a neviem ci boli odstranene. DAKUJEM.
Nizsie prikladam log z DDS (log z RSIT je v prilohe, nedal sa sem vlepit, lebo ma viac ako 80000 znakov). Dakujem este raz.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16384
Run by Danielka at 21:24:21 on 2013-05-11
Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.2043.970 [GMT 1:00]
.
AV: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\dashost.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Windows\sppsvc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\LogonUI.exe
C:\Windows\System32\dwm.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\System32\LogonUI.exe
C:\Windows\System32\dwm.exe
C:\Windows\system32\dwm.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www2.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=E27F0016EA57D642
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [AdobeBridge] <no file>
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
StartupFolder: c:\users\danielka\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\danielka\appdata\roaming\dropbox\bin\Dropbox.exe
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{BDF477AF-0E1C-4F70-90B7-8EABBADBFE32} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{BDF477AF-0E1C-4F70-90B7-8EABBADBFE32}\37965647B616 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BDF477AF-0E1C-4F70-90B7-8EABBADBFE32}\F42377962756C6563737939353637333 : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\danielka\appdata\roaming\mozilla\firefox\profiles\yz92ukrs.default\
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: 2013-04-24 19:52; fhdp@fhdp.tv; c:\users\danielka\appdata\roaming\mozilla\firefox\profiles\yz92ukrs.default\extensions\fhdp@fhdp.tv.xpi
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - e27fcccb0000000000000016ea57d642
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15819
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1619:53:24
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2012-12-17 625816]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2012-8-30 969192]
R3 Ltn_stk7070P;PCTV LITEON based TV tuner device;c:\windows\system32\drivers\Ltn_stk7070P.sys [2008-2-4 542976]
R3 NETwNs32;@netwns32.inf,___ %NIC_Service_DispName_WIN7%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2012-6-2 7518208]
R3 yukonw8;NDIS6.3 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk63x86.sys [2012-7-25 238080]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\drivers\WUDFRd.sys [2012-7-26 155136]
.
=============== File Associations ===============
.
FileExt: .vbs: VBSFile="c:\windows\system32\WScript.exe" "%1" %* [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-11 15:52:32 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d7052c58-f252-49d2-8148-cee64474337f}\mpengine.dll
2013-04-24 17:59:07 -------- d-----w- c:\programdata\Tarma Installer
2013-04-14 18:07:38 -------- d-----w- c:\program files\common files\PCSuite
2013-04-14 18:07:33 -------- d-----w- c:\program files\common files\Nokia
2013-04-14 18:07:28 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2013-04-14 18:07:20 -------- d-----w- c:\program files\PC Connectivity Solution
.
==================== Find3M ====================
.
2018-08-27 06:11:05 132165 ----a-w- c:\windows\system32\slmgr.vbs
2013-03-24 14:23:33 31 ---ha-w- c:\windows\UKCpInfo.sys
2013-03-21 19:58:55 125 ----a-w- c:\windows\xUninstall.bat
.
============= FINISH: 21:25:13.30 ===============