Windows Update-přístup odepřen

Zpráva

SGC · #1 Příspěvek od **SGC** » 29 bře 2017 20:06

Nejde mi spustit Windows Update, pokud ve službách chci nastavit "Automaticky(zpožděné spuštění)", vyskočí na mne chyba:"Příznak automatického zpožděného spuštění nelze nastavit. Chyba 5: Přístup byl odepřen." Nastavení na "Automaticky" a "ručně", ukáže jen hlášku, že "přístup byl odepřen".

Příkaz NET START WUAUSERV v CMD, ukázal tohle: "Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení."

RSIT log:

Logfile of random's system information tool 1.16 (written by random/random)
Run by Chuck at 2017-03-29 20:52:00
Microsoft Windows 10 Home
System drive C: has 92 GB (59%) free of 155 GB
Total RAM: 3552 MB (43% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:52:04, on středa.29.3.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe
D:\Karol\Archive\1. Extensions\Software\Portable\x32\portable start menu\PStart\PStart.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Sandboxie\32\SbieSvc.exe
D:\Karol\Archive\1. Extensions\Software\Portable\x64\File Browser\xyplorer_full_noinstall\XYplorer.exe
D:\Karol\Archive\1. Extensions\Software\Portable\x32\Time\Time Trackers\Alarm Clocks\FreeAlarmClockPortable\FreeAlarmClock.exe
C:\Program Files\trend micro\Chuck_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (file missing)
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [Bonus.SSR.FR12] "C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [ABNotify] C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe -auto
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Chuck\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2887156172-1520988294-1417751805-1001\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" (User 'Karol')
O4 - S-1-5-21-2887156172-1520988294-1417751805-1001 Startup: Odeslat do OneNote.lnk = C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (User 'Karol')
O4 - S-1-5-21-2887156172-1520988294-1417751805-1001 User Startup: Odeslat do OneNote.lnk = C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (User 'Karol')
O8 - Extra context menu item: Download all links with IDM - C:\Users\Chuck\AppData\Local\Temp\OfficeDC\_tools\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Users\Chuck\AppData\Local\Temp\OfficeDC\_tools\IEExt.htm
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - https://catalog.update.microsoft.com/v7 ... 9752415659
O17 - HKLM\System\CCS\Services\Tcpip\..\{02995505-7560-4198-93f7-75295ae169a2}: NameServer = 217.31.204.130,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{2205f461-a79b-4c21-a3d6-5f9ff19b6685}: NameServer = 217.31.204.130,8.8.8.8,192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5a324acc-cd9d-4d7a-ac0c-3573eccbdd06}: NameServer = 217.31.204.130,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{86177912-d0b5-40fe-8877-9d1e9dd6dcc6}: NameServer = 217.31.204.130,8.8.8.8,
O17 - HKLM\System\CCS\Services\Tcpip\..\{f27690ee-9433-475b-863f-23634ed6d325}: NameServer = 217.31.204.130,8.8.8.8,
O17 - HKLM\System\CS1\Services\Tcpip\..\{02995505-7560-4198-93f7-75295ae169a2}: NameServer = 217.31.204.130,8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{02995505-7560-4198-93F7-75295AE169A2}: NameServer = 217.31.204.130,8.8.8.8,
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AOMEI Backupper Scheduler Service (Backupper Service) - AOMEI Tech Co., Ltd. - C:\Program Files (x86)\AOMEI Backupper\ABService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Everything - Unknown owner - C:\Program Files\Everything\Everything.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem7.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing)
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Macrium Service (MacriumService) - Paramount Software UK Ltd - C:\Program Files\Macrium\Common\MacriumService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\SysWoW64\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\SysWoW64\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 13573 bytes

====== Enumerating Processes ======

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\atiesrxx.exe
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\Hpservice.exe
"C:\Program Files\Sandboxie\SbieSvc.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
"C:\Program Files\IDT\WDM\AESTSr64.exe"
C:\WINDOWS\system32\svchost.exe -k apphost
"C:\Program Files (x86)\AOMEI Backupper\ABService.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files\Everything\Everything.exe" -svc
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"C:\Program Files\Macrium\Common\MacriumService.exe"
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\system32\svchost.exe -k appmodel
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
C:\WINDOWS\SysWoW64\vmnetdhcp.exe
C:\WINDOWS\SysWoW64\vmnat.exe
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
"C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe"
"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe"
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe"
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\atieclxx.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\WINDOWS\Explorer.EXE
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\Everything\Everything.exe" -startup
C:\WINDOWS\system32\DllHost.exe /Processid:{49F6E667-6658-4BD1-9DE9-6AF87F9FAF85}
"C:\Program Files\Sandboxie\SbieCtrl.exe"
"C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE" /tsr
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
"D:\Karol\Archive\1. Extensions\Software\Portable\x32\Fan Control\NoteBookFanControl-0.14.4.60.beta\NoteBookFanControl.exe"
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe" -auto
"C:\Program Files\Sandboxie\SbieSvc.exe" Sandboxie_GuiProxy_00000002,1812
"C:\Program Files\Sandboxie\SandboxieRpcSs.exe"
"C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe"
"D:\Karol\Archive\1. Extensions\Software\Portable\x32\portable start menu\PStart\PStart.exe"
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files\Sandboxie\32\SbieSvc.exe" Sandboxie_ComProxy_S-1-5-21-2887156172-1520988294-1417751805-1001_DefaultBox_2_1_:
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"D:\Karol\Archive\1. Extensions\Software\Portable\x64\File Browser\xyplorer_full_noinstall\XYplorer.exe"
"D:\Karol\Archive\1. Extensions\Software\Portable\x32\Screen\screen brightness\SunsetScreen\SunsetScreen.exe"
"D:\Karol\Archive\1. Extensions\Software\Portable\x32\Time\Time Trackers\Alarm Clocks\FreeAlarmClockPortable\FreeAlarmClock.exe"
"C:\WINDOWS\system32\cmd.exe"
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\WINDOWS\system32\mmc.exe" "C:\WINDOWS\system32\services.msc"
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"D:\Karol\Archive\1. Extensions\Software\Portable\x64\File Browser\xyplorer_full_noinstall\ContextMenu64.exe" "C:\Users\Karol\AppData\Local\Temp\~XY7756.tmp"
C:\WINDOWS\system32\AUDIODG.EXE 0x338
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 648 652 660 8192 656
C:\WINDOWS\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding
C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
"C:\Users\Karol\Desktop\update\books\RSITx64.exe"

====== Scheduled tasks folder ======

C:\WINDOWS\system32\tasks\Adobe Flash Player PPAPI Notifier - C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe -check pepperplugin
C:\WINDOWS\system32\tasks\Adobe Flash Player Updater - C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\system32\tasks\DisableLockScreen - reg.exe add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData /t REG_DWORD /v AllowLockScreen /d 0 /f
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task v2 - %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\{768B319C-4286-4539-9A64-D45279719C54} - C:\Windows\system32\pcalua.exe -a C:\Users\Chuck\Desktop\sp56876.exe -d C:\Users\Chuck\Desktop
C:\WINDOWS\system32\tasks\WPD\SqmUpload_S-1-5-21-2887156172-1520988294-1417751805-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\WINDOWS\system32\tasks\WPD\SqmUpload_S-1-5-21-2887156172-1520988294-1417751805-1001 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification - %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings - %systemroot%\system32\usoclient.exe RefreshSettings
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - C:\windows\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - C:\windows\system32\MusNotification.exe ReadyToReboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\WINDOWS\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\Lpksetup - C:\Windows\System32\lpksetup.exe -v
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\Mcbuilder - C:\Windows\System32\mcbuilder.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\mcupdate_scheduled - %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\WINDOWS\system32\tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask - %windir%\system32\MDMAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\WINDOWS\system32\tasks\Microsoft\Office\Office 15 Subscription Heartbeat - %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
C:\WINDOWS\system32\tasks\Microsoft\Office\OfficeTelemetryAgentFallBack - "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload mininterval:2880
C:\WINDOWS\system32\tasks\Microsoft\Office\OfficeTelemetryAgentLogOn - "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload
C:\WINDOWS\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe /send
C:\WINDOWS\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /f

=========Mozilla firefox=========

ProfilePath - C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ypbhsodm.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.127 Plugin
"Path"=C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_25_0_0_127.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.127 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll

C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ypbhsodm.default\extensions\
@all-aboard-v1-5

C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ypbhsodm.default\addons.json
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ypbhsodm.default\extensions.json
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ypbhsodm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
All Aboard - extension - @all-aboard-v1-5 - C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ypbhsodm.default\extensions\@all-aboard-v1-5
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Application Update Service Helper - extension - aushelper@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\ypbhsodm.default\pluginreg.dat
Plugin - Photo Gallery - 16.4.3528.331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
Plugin - Microsoft Office 2013 - 15.0.4514.1000 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
Plugin - Silverlight Plug-In - 5.1.50901.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll
Plugin - Microsoft Office 2013 - 15.0.4849.1000 - C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
Plugin - Shockwave for Director - 12.2.4.194 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll
Plugin - Shockwave Flash - 25.0.0.127 - C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_25_0_0_127.dll
Plugin - Unity Player - 5.0.3.35960 - C:\Users\Chuck\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

======Registry dump ======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13 229064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2016-11-15 2351920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}]
Adblock Plus for IE Browser Helper Object - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22 857792]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13 163528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2016-11-15 1743664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}]
Adblock Plus for IE Browser Helper Object - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22 755392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=c:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [2012-04-11 97280]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-10-24 1664000]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-03 3944136]
"Everything"=C:\Program Files\Everything\Everything.exe [2016-11-21 2024040]
"USB Safely Remove"=C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe /startup []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2016-12-14 799376]
"OneDrive"=C:\Users\Chuck\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-11-30 554176]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-08-30 766208]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2012-03-14 319360]
"Bonus.SSR.FR12"=C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [2016-01-20 1527960]
"ABNotify"=C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe [2016-07-11 77432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"DisableCAD"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath" = %SystemRoot%\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

====== File associations ======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

====== List of files/folders created in the last 1 month ======

2017-03-29 17:48:16 ----D---- C:\WINDOWS\Panther
2017-03-29 15:26:21 ----D---- C:\Program Files (x86)\Macrium

====== List of files/folders modified in the last 1 month ======

2017-03-29 20:52:02 ----D---- C:\Program Files\trend micro
2017-03-29 20:51:21 ----D---- C:\WINDOWS\Prefetch
2017-03-29 20:38:42 ----D---- C:\WINDOWS\Temp
2017-03-29 20:11:41 ----D---- C:\WINDOWS\system32\sru
2017-03-29 18:13:47 ----D---- C:\WINDOWS\System32
2017-03-29 18:02:25 ----D---- C:\Users\Chuck\AppData\Roaming\Everything
2017-03-29 18:02:16 ----D---- C:\Users\Chuck\AppData\Roaming\Mozilla
2017-03-29 18:00:01 ----D---- C:\WINDOWS\system32\LogFiles
2017-03-29 17:52:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-29 17:48:27 ----AD---- C:\ProgramData\VMware
2017-03-29 17:48:27 ----AD---- C:\Program Files (x86)\AOMEI Backupper
2017-03-29 17:48:16 ----D---- C:\Windows
2017-03-29 17:40:34 ----D---- C:\WINDOWS\system32\config
2017-03-29 17:35:41 ----A---- C:\WINDOWS\Sandboxie.ini
2017-03-29 17:34:46 ----D---- C:\WINDOWS\Logs
2017-03-29 17:34:33 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-29 17:33:49 ----D---- C:\WINDOWS\system32\catroot2
2017-03-29 16:50:13 ----D---- C:\WINDOWS\system32\DriverStore
2017-03-29 16:50:04 ----D---- C:\WINDOWS\WinSxS
2017-03-29 16:26:28 ----D---- C:\ProgramData\AomeiBR
2017-03-29 16:26:24 ----D---- C:\WINDOWS\system32\SleepStudy
2017-03-29 16:06:16 ----SHD---- C:\System Volume Information
2017-03-29 15:32:41 ----D---- C:\WINDOWS\system32\msmq
2017-03-29 15:26:39 ----A---- C:\WINDOWS\Macrium Reflect Patch Log.txt
2017-03-29 15:26:21 ----RD---- C:\Program Files (x86)
2017-03-19 14:10:06 ----HD---- C:\ProgramData
2017-03-19 11:44:48 ----D---- C:\WINDOWS\system32\Macromed
2017-03-19 11:44:46 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2017-03-19 11:43:07 ----D---- C:\WINDOWS\Tasks
2017-03-19 11:43:07 ----D---- C:\WINDOWS\system32\Tasks
2017-03-18 15:21:06 ----D---- C:\Program Files (x86)\Mozilla Firefox

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R0 ambakdrv;ambakdrv; C:\WINDOWS\system32\ambakdrv.sys [2016-07-04 31192]
R0 amd_sata;amd_sata; C:\WINDOWS\System32\drivers\amd_sata.sys [2013-07-23 80640]
R0 amd_xata;amd_xata; C:\WINDOWS\System32\drivers\amd_xata.sys [2013-07-23 25344]
R0 hpdskflt;@oem7.inf,%service_desc%;HP Filter; C:\WINDOWS\system32\DRIVERS\hpdskflt.sys [2012-09-24 31040]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-11-30 48992]
R0 pwdrvio;pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [2013-09-30 19152]
R2 ammntdrv;ammntdrv; \??\C:\WINDOWS\system32\ammntdrv.sys [2016-07-04 152024]
R2 amwrtdrv;amwrtdrv; \??\C:\WINDOWS\system32\amwrtdrv.sys [2016-07-04 18392]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 70144]
R2 hcmon;VMware hcmon; C:\WINDOWS\system32\DRIVERS\hcmon.sys [2016-09-06 83008]
R3 Accelerometer;@oem7.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2012-09-24 43840]
R3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2013-08-30 12528640]
R3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2013-08-30 618496]
R3 athr;@netathrx.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\System32\drivers\athwnx.sys [2016-07-16 4233728]
R3 AtiHDAudioService;@oem12.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdWB6.sys [2013-06-22 138240]
R3 BTATH_BUS;@oem30.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\WINDOWS\System32\drivers\btath_bus.sys [2013-09-25 34384]
R3 BtFilter;BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [2016-07-13 610336]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2016-11-30 84992]
R3 HpqKbFiltr;@oem24.inf,%HpqKbFiltr.SvcDesc%;HpqKbFilter Driver; C:\WINDOWS\System32\drivers\HpqKbFiltr.sys [2011-07-18 25912]
R3 JMCR;JMCR; C:\WINDOWS\System32\drivers\jmcr.sys [2012-07-31 175928]
R3 MQAC;@mqutil.dll,-6101; C:\WINDOWS\system32\drivers\mqac.sys [2016-11-30 175616]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2016-07-16 589824]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2016-12-14 205968]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [2012-10-24 543744]
R3 SynTP;@oem33.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2015-07-03 614088]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-11-30 64352]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2016-07-16 88416]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 ampa;ampa; \??\C:\Windows\system32\ampa.sys [2015-11-10 19568]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2016-11-11 967168]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2016-11-30 73568]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 120320]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\WINDOWS\system32\drivers\nusb3hub.sys [2010-07-27 78848]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\WINDOWS\system32\drivers\nusb3xhc.sys [2010-07-27 180224]
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2013-09-30 12504]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-07-16 123904]

====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2013-08-30 239616]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; %windir%\system32\svchost.exe -k apphost;"ServiceDll" = %windir%\system32\inetsrv\apphostsvc.dll
R2 Backupper Service;AOMEI Backupper Scheduler Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [2016-07-11 52856]
R2 CDPUserSvc_16d2d5;CDPUserSvc_16d2d5; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 Everything;Everything; C:\Program Files\Everything\Everything.exe [2016-11-21 2024040]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-03-14 197504]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-03-14 365440]
R2 hpsrv;@oem7.inf,%hpservice_desc%;HP Service; C:\WINDOWS\system32\Hpservice.exe [2012-09-24 31040]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-12-07 31776]
R2 MacriumService;Macrium Service; C:\Program Files\Macrium\Common\MacriumService.exe [2016-12-12 3877768]
R2 MSMQ;@mqutil.dll,-6102; C:\WINDOWS\system32\mqsvc.exe [2016-11-30 26112]
R2 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8195; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-07-16 136360]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8197; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-07-16 136360]
R2 OneSyncSvc_16d2d5;Hostitel synchronizace_16d2d5; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2016-12-14 197776]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2012-10-24 327680]
R2 SynTPEnhService;SynTPEnh Caller Service; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2015-07-03 246472]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2015-04-28 1102472]
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\TimeBrokerServer.dll
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" = %SystemRoot%\System32\CDPUserSvc.dll
S2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8199; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-07-16 136360]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll" = %SystemRoot%\system32\FrameServer.dll
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\hvhostsvc.dll
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\irmon.dll
S3 MessagingService_16d2d5;Služba zasílání zpráv_16d2d5; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-03-18 172488]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-01-23 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2014-01-21 5132888]
S3 PimIndexMaintenanceSvc_16d2d5;Data kontaktů_16d2d5; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll" =
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\RMapi.dll
S4 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-07-16 52920]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll" = %systemroot%\system32\Windows.SharedPC.AccountManager.dll

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 29 bře 2017 21:04

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

SGC · #3 Příspěvek od **SGC** » 30 bře 2017 10:34

Log nenaskočil, ale naštěstí AdwCleaner ukládá logy...

Tady je ten log:

# AdwCleaner v6.045 - Log vytvořen 30/03/2017 v 11:10:23
# Aktualizováno dne 28/03/2017 z Malwarebytes
# Databáze : 2017-03-29.1 [Server]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Chuck - CHUCK-PC
# Spuštěno z : C:\Users\Karol\Desktop\adwcleaner_6.045.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support

***** [ Služby ] *****

***** [ Složky ] *****

[-] Složka smazána: C:\Users\Chuck\AppData\Roaming\mipony
[-] Složka smazána: C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mipony
[-] Složka smazána: C:\Users\Karol\AppData\Roaming\mipony
[-] Složka smazána: C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\ic9tendn.Karol-Portable\ConduitCommon
[#] Složka smazána po restartu: C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\ic9tendn.Karol-Portable\conduitcommon
[-] Složka smazána: C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\1rw1tvrp.Karol\ConduitCommon
[#] Složka smazána po restartu: C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\1rw1tvrp.Karol\conduitcommon
[-] Složka smazána: C:\ProgramData\Auslogics
[-] Složka smazána: C:\Program Files (x86)\mipony
[-] Složka smazána: C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\ic9tendn.Karol-Portable\extensions\{DD3D7613-0246-469D-BC65-2A3CC1668ADC}
[-] Složka smazána: C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\ic9tendn.Karol-Portable\CT1060933
[-] Složka smazána: C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\1rw1tvrp.Karol\CT1060933

***** [ Soubory ] *****

[-] Soubor smazán: C:\Users\Chuck\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
[-] Soubor smazán: C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\ic9tendn.Karol-Portable\extensions\rssicon@jasnapaka.com.xpi
[-] Soubor smazán: C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\1rw1tvrp.Karol\extensions\rssicon@jasnapaka.com.xpi
[-] Soubor smazán: C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\ic9tendn.Karol-Portable\extensions\searchy@searchy.xpi
[-] Soubor smazán: C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\ic9tendn.Karol-Portable\invalidprefs.js
[-] Soubor smazán: C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\1rw1tvrp.Karol\invalidprefs.js

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

***** [ Naplánované úlohy ] *****

***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\Classes\mipony
[-] Klíč smazán: HKLM\SOFTWARE\Classes\mipony-ext
[-] Klíč smazán: HKLM\SOFTWARE\Classes\mpybrowser
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\mipony
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\mipony-ext
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\mpybrowser
[-] Klíč smazán: HKLM\SOFTWARE\Auslogics
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MiPony
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MiPony.exe

***** [ Prohlížeče ] *****

[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.aflt" - "babsst"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.babExt" - ""
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.hardId" - "80e02459000000000000beb70d484192"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.id" - "80e02459000000000000beb70d484192"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.instlDay" - "15542"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.instlRef" - "sst"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.prdct" - "BabylonToolbar"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.prtnrId" - "babylon"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.smplGrp" - "none"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.srcExt" - "ss"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.tlbrId" - "base"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.vrsn" - "1.5.3.17"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.vrsnTs" - "1.5.3.1717:32:57"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.vrsni" - "1.5.3.17"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.babExt" - ""
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.srcExt" - "ss"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.id" - "80e02459000000000000beb70d484192"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.hardId" - "80e02459000000000000beb70d484192"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.instlDay" - "15542"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.vrsn" - "1.5.3.17"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.vrsni" - "1.5.3.17"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.vrsnTs" - "1.5.3.1717:32:57"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.prtnrId" - "babylon"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.prdct" - "BabylonToolbar"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.aflt" - "babsst"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.smplGrp" - "none"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.tlbrId" - "base"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.instlRef" - "sst"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.aflt" - "babsst"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.babExt" - ""
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.hardId" - "80e02459000000000000beb70d484192"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.id" - "80e02459000000000000beb70d484192"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.instlDay" - "15542"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.instlRef" - "sst"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.prdct" - "BabylonToolbar"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.prtnrId" - "babylon"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.smplGrp" - "none"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.srcExt" - "ss"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.tlbrId" - "base"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.vrsn" - "1.5.3.17"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.vrsnTs" - "1.5.3.1717:32:57"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.vrsni" - "1.5.3.17"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.babExt" - ""
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.srcExt" - "ss"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.id" - "80e02459000000000000beb70d484192"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.hardId" - "80e02459000000000000beb70d484192"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.instlDay" - "15542"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.vrsn" - "1.5.3.17"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.vrsni" - "1.5.3.17"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.vrsnTs" - "1.5.3.1717:32:57"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.prtnrId" - "babylon"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.prdct" - "BabylonToolbar"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.aflt" - "babsst"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.smplGrp" - "none"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.tlbrId" - "base"
[-] Firefox předvolby vyčištěny: "extensions.BabylonToolbar_i.instlRef" - "sst"

*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

\AdwCleaner\AdwCleaner[C0].txt - [8347 Bajty] - [30/03/2017 11:10:23]
\AdwCleaner\AdwCleaner[S0].txt - [13023 Bajty] - [30/03/2017 10:57:58]

########## EOF - \AdwCleaner\AdwCleaner[C0].txt - [8490 Bajty] ##########

Mám dva dotazy:
1.Proč se AdwCleaner musí ukládat na plochu?
2.Proč mi smazal doplnky ve Firefoxu rssicon@ jasnapaka.com .xpi(RSS Icon In Awesombar) a searchy@searchy .xpi(InstantFox Quick Search)? Druhý už nepoužívám, ale kdybych ho používal, tak by mne naštvalo, že ho AdwCleaner odstranil.

Portable Firefox neřeším, ten už nepoužívám, takže ho smažu. Ale vše, co mi AdwCleaner našel, mám v počítači už dlouho a Windows Update šel bez problémů...

#4 Příspěvek od **Rudy** » 30 bře 2017 16:07

ADWCleaner maže AdWary a některé toolbary (lišty prohlžeče). AdWary jsou jasný šmejd a toolbary zpomalují PC a používá je málokdo. To, co neodstraní ADW, pak dočišťujeme ručně. Teď dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

SGC · #5 Příspěvek od **SGC** » 30 bře 2017 19:27

Ty dva smazané doplnky byly nainstalovány přímo od Mozilly...

Nemůžu spustit, píše to, že "Vámi stazeny FRST64.exe se nenachazi na Plose, presunte jej tam prosim a pak znovu spustte FRSTLauncher." A pritom na plose je. Musi byt spusteny v admin účtě? V administrátorském účtě se mi vytvořil LM.bat, kde je:

@echo off
set verzeLM=30_09_2013 (01)
cls
if not exist Addition.txt goto End

echo.Probiha kompletace logu. Prosim cekejte.
echo.
echo.Pozadovany log se za malou chvili otevre v Poznamkovem bloku a
echo.bude rovnez ulozen na Plose jako FRST.txt.

#6 Příspěvek od **Rudy** » 30 bře 2017 20:16

Zkuste ho přesunout do jiného adresáře.

SGC · #7 Příspěvek od **SGC** » 30 bře 2017 20:28

Stále nejde.

#8 Příspěvek od **Rudy** » 30 bře 2017 21:09

Udělejte tedy kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

SGC · #9 Příspěvek od **SGC** » 31 bře 2017 16:04

Tady je ten log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: pátek.31.3.2017
Scan Time: 9:12
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.03.31.02
Rootkit Database: v2017.03.11.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Chuck

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 664008
Time Elapsed: 7 hr, 2 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.VLCUpdaterDE, C:\Sandbox\Karol\DefaultBox\drive\C\Users\Chuck\AppData\Local\Temp\VLC Player\updater.exe, , [7c126e62abfd5fd7f48f1c8bd0308977],

Physical Sectors: 0
(No malicious items detected)

(end)

#10 Příspěvek od **Rudy** » 31 bře 2017 16:04

Nalezenou položku smažte

SGC · #11 Příspěvek od **SGC** » 31 bře 2017 16:09

Smazáno.

#12 Příspěvek od **Rudy** » 31 bře 2017 17:19

Smazáno. Změnilo se něco?

SGC · #13 Příspěvek od **SGC** » 31 bře 2017 17:30

Bohužel. Windows Update pořád hlásí, že přístup je odepřen. Zkusil sem i sfc /scannow a žádné chyby nebyly nalezeny.

#14 Příspěvek od **Rudy** » 31 bře 2017 18:12

Můžete ještě zkusit WUFix: http://www.smartestcomputing.us.com/top ... pdate-fix/ , nebo (pokud někdy update fungoval) obnovu systému k tomu datu.

SGC · #15 Příspěvek od **SGC** » 31 bře 2017 19:12

Vyzkouším, ale je divné, že ta sama chyba se objevuje na dalším počítači. Počítač byl taky proskenovaný MBAM a nic nenašel...

VIRY.CZ

Windows Update-přístup odepřen

Windows Update-přístup odepřen

Re: Windows Update-přístup odepřen

Re: Windows Update-přístup odepřen

Re: Windows Update-přístup odepřen

Re: Windows Update-přístup odepřen

Re: Windows Update-přístup odepřen

Re: Windows Update-přístup odepřen

Re: Windows Update-přístup odepřen

Re: Windows Update-přístup odepřen

Re: Windows Update-přístup odepřen

Re: Windows Update-přístup odepřen

Re: Windows Update-přístup odepřen

Re: Windows Update-přístup odepřen

Re: Windows Update-přístup odepřen

Re: Windows Update-přístup odepřen