script host

[blaider1]

zdravím, pred pár týždňami som riešil problém s neustálym vyskakovaním okien, spôsobený vírusom z USB z verejnej tlačiarne, až teraz som zistil že to isté robí aj priateľke na ntb, odkaz n topic: https://forum.viry.cz/viewtopic.php?f=1 ... 0bbf596f04

postup som zopakoval v rozsahu zakázania script hostu, a vymazaní MicrosoftSearchIndexer ako to pomohlo na mojom pc. tuna však stále hádže hlášku windows script host "prístup k programu win script host je na tomto pc vypnutý. prebehol som pc cez eset online scan, adwcleaner, jrt a stále ne pomohlo, pridávam log z frt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017 01
Ran by Miriam (administrator) on LAPTOP-730KM96J (16-06-2017 19:16:45)
Running from C:\Users\Miriam\Desktop
Loaded Profiles: Miriam (Available Profiles: Miriam)
Platform: Windows 10 Home Version 1607 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2015-11-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [912768 2017-05-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [67680 2017-06-01] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3369260048-4190040626-483431282-1001\...\Run: [uTorrent] => C:\Users\Miriam\AppData\Roaming\uTorrent\uTorrent.exe [1980608 2017-05-21] (BitTorrent Inc.)
HKU\S-1-5-21-3369260048-4190040626-483431282-1001\...\Run: [MicrosoftSearchIndexer] => "wscript.exe //E:vbscript C:\Users\Miriam\AppData\Roaming\MicrosoftSearchIndexer"
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
Startup: C:\Users\Miriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zSpeedup.lnk [2017-06-16]
ShortcutTarget: zSpeedup.lnk -> C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{45861224-4c5c-4e6d-9773-6273655b73e9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fe01d4a4-b76c-47a1-8d30-c34220e7ee84}: [DhcpNameServer] 192.18.128.24

Internet Explorer:
==================
HKU\S-1-5-21-3369260048-4190040626-483431282-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer15.msn.com/?pc=ACTE
HKU\S-1-5-21-3369260048-4190040626-483431282-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-3369260048-4190040626-483431282-1001 -> DefaultScope {3799F91A-24AE-43AF-B35E-BA1A5F7BE576} URL =
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)

FireFox:
========
FF DefaultProfile: agkj8evj.default
FF ProfilePath: C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\agkj8evj.default [2017-03-15]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\agkj8evj.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\agkj8evj.default -> about:home
FF Session Restore: Mozilla\Firefox\Profiles\agkj8evj.default -> is enabled.
FF Extension: (Avira Browser Safety) - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\agkj8evj.default\Extensions\abs@avira.com.xpi [2017-02-11]
FF Extension: (Slovak (SK) Language Pack) - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\agkj8evj.default\Extensions\langpack-sk@firefox.mozilla.org.xpi [2017-02-05]
FF Extension: (Mozilla Partner Defaults) - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\agkj8evj.default\Extensions\partnerdefaults@mozilla.com [2016-07-08]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\agkj8evj.default\Extensions\safesearchplus2@avira.com.xpi [2017-03-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-04-24] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-04-24] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-11-23] ()

Chrome:
=======
CHR Profile: C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default [2017-06-16]
CHR Extension: (Prezentácie Google) - C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-08]
CHR Extension: (Dokumenty Google) - C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-08]
CHR Extension: (Disk Google) - C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-08]
CHR Extension: (YouTube) - C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-08]
CHR Extension: (Tabuľky Google) - C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-08]
CHR Extension: (Avira Browser Safety) - C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-10]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-18]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1119712 2017-05-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [488920 2017-05-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [488920 2017-05-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1520680 2017-05-04] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [374352 2017-05-22] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [334064 2017-05-18] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [100816 2017-04-21] (Avira Operations GmbH & Co. KG)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2278152 2015-07-18] (Broadcom Corporation.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-11-23] (WildTangent)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373720 2016-12-19] (Intel Corporation)
R3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel(R) Corporation)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-07] (Intel Corporation)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [401248 2015-09-05] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [453984 2015-09-05] (Acer Incorporated)
S2 scupdate; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [116312 2017-03-08] (Avira Operations GmbH & Co. KG)
S3 scupdatem; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [116312 2017-03-08] (Avira Operations GmbH & Co. KG)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-07-08] ()
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74800 2017-06-01] (Avira Operations GmbH & Co. KG)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [908256 2016-07-22] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-07-22] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-07-22] (McAfee, Inc.)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-27] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [161824 2017-05-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [163976 2017-05-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-05-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-05-04] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [48584 2017-05-04] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [199472 2015-07-18] (Broadcom Corporation.)
R3 BCMWL63A; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11669736 2016-03-29] (Broadcom Corp)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2015-09-05] (Acer Incorporated)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2015-09-05] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [889584 2015-09-23] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [408280 2015-11-17] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [47784 2015-07-29] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-16 19:16 - 2017-06-16 19:17 - 00018585 _____ C:\Users\Miriam\Desktop\FRST.txt
2017-06-16 19:16 - 2017-06-16 19:16 - 00000000 ____D C:\FRST
2017-06-16 19:15 - 2017-06-16 19:16 - 02438656 _____ (Farbar) C:\Users\Miriam\Desktop\FRST64.exe
2017-06-16 19:15 - 2017-06-16 19:15 - 02438656 _____ (Farbar) C:\Users\Miriam\Downloads\FRST64.exe
2017-06-16 19:15 - 2017-06-16 19:15 - 02438656 _____ (Farbar) C:\Users\Miriam\Downloads\FRST64 (1).exe
2017-06-16 19:12 - 2017-06-16 19:12 - 01663672 _____ (Malwarebytes) C:\Users\Miriam\Downloads\JRT.exe
2017-06-16 19:12 - 2017-06-16 19:12 - 01663672 _____ (Malwarebytes) C:\Users\Miriam\Desktop\JRT.exe
2017-06-16 19:04 - 2017-06-16 19:04 - 00000000 ____D C:\Users\Miriam\AppData\LocalLow\uTorrent
2017-06-16 19:00 - 2017-06-16 19:03 - 00000000 ____D C:\AdwCleaner
2017-06-16 19:00 - 2017-06-16 19:00 - 04110280 _____ C:\Users\Miriam\Desktop\adwcleaner_6.047.exe
2017-06-16 18:59 - 2017-06-16 18:59 - 04110280 _____ C:\Users\Miriam\Downloads\adwcleaner_6.047.exe
2017-06-14 19:57 - 2017-06-14 19:57 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-14 15:30 - 2017-06-03 12:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 15:30 - 2017-06-03 12:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-14 15:30 - 2017-06-03 12:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 15:30 - 2017-06-03 11:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 15:30 - 2017-06-03 11:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-14 15:30 - 2017-06-03 11:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-14 15:30 - 2017-06-03 11:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-14 15:30 - 2017-06-03 11:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-14 15:30 - 2017-06-03 11:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-14 15:30 - 2017-06-03 11:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-14 15:30 - 2017-06-03 11:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-14 15:30 - 2017-06-03 11:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 15:30 - 2017-06-03 11:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 15:30 - 2017-06-03 11:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 15:30 - 2017-06-03 11:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 15:30 - 2017-06-03 11:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 15:30 - 2017-06-03 11:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 15:30 - 2017-06-03 11:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-14 15:30 - 2017-06-03 11:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 15:30 - 2017-06-03 11:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-14 15:30 - 2017-06-03 11:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-14 15:30 - 2017-06-03 11:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-14 15:30 - 2017-06-03 11:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-14 15:30 - 2017-06-03 11:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-14 15:30 - 2017-06-03 11:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-14 15:30 - 2017-06-03 11:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-14 15:30 - 2017-06-03 11:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-14 15:30 - 2017-06-03 11:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-14 15:30 - 2017-06-03 11:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-14 15:30 - 2017-06-03 11:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 15:30 - 2017-06-03 11:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 15:30 - 2017-06-03 11:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-14 15:30 - 2017-06-03 11:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 15:30 - 2017-06-03 11:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-14 15:30 - 2017-06-03 11:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-14 15:30 - 2017-06-03 11:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-14 15:30 - 2017-06-03 11:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 15:30 - 2017-06-03 11:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 15:30 - 2017-06-03 11:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 15:30 - 2017-06-03 11:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 15:30 - 2017-06-03 10:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 15:30 - 2017-03-04 08:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-14 15:30 - 2016-09-07 06:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-14 15:29 - 2017-06-03 12:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-14 15:29 - 2017-06-03 12:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-14 15:29 - 2017-06-03 12:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-14 15:29 - 2017-06-03 12:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-14 15:29 - 2017-06-03 12:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-14 15:29 - 2017-06-03 12:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 15:29 - 2017-06-03 12:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-14 15:29 - 2017-06-03 12:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-14 15:29 - 2017-06-03 12:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-14 15:29 - 2017-06-03 12:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-14 15:29 - 2017-06-03 12:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-14 15:29 - 2017-06-03 12:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-14 15:29 - 2017-06-03 12:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-14 15:29 - 2017-06-03 12:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 15:29 - 2017-06-03 12:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 15:29 - 2017-06-03 12:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-14 15:29 - 2017-06-03 12:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 15:29 - 2017-06-03 12:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 15:29 - 2017-06-03 11:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-14 15:29 - 2017-06-03 11:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 15:29 - 2017-06-03 11:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 15:29 - 2017-06-03 11:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-14 15:29 - 2017-06-03 11:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 15:29 - 2017-06-03 11:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-14 15:29 - 2017-06-03 11:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-14 15:29 - 2017-06-03 11:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-14 15:29 - 2017-06-03 11:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-14 15:29 - 2017-06-03 11:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 15:29 - 2017-06-03 11:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 15:29 - 2017-06-03 11:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-14 15:29 - 2017-06-03 11:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-14 15:29 - 2017-06-03 11:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 15:29 - 2017-06-03 11:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-14 15:29 - 2017-06-03 11:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 15:29 - 2017-06-03 11:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 15:29 - 2017-06-03 11:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 15:29 - 2017-06-03 11:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-14 15:29 - 2017-06-03 11:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 15:29 - 2017-06-03 11:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 15:29 - 2017-06-03 11:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 15:29 - 2017-06-03 11:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 15:29 - 2017-06-03 11:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 15:29 - 2017-06-03 11:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 15:29 - 2017-06-03 11:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 15:29 - 2017-06-03 11:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 15:29 - 2017-06-03 11:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 15:29 - 2017-06-03 11:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 15:29 - 2017-06-03 11:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 15:29 - 2017-06-03 11:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 15:29 - 2017-06-03 11:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-14 15:29 - 2017-06-03 11:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-14 15:29 - 2017-06-03 11:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-14 15:29 - 2017-06-03 11:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-14 15:29 - 2017-06-03 11:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-14 15:29 - 2017-06-03 11:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-14 15:29 - 2017-06-03 11:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-14 15:29 - 2017-06-03 11:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 15:29 - 2017-06-03 11:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 15:29 - 2017-06-03 11:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-14 15:29 - 2017-06-03 11:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 15:29 - 2017-06-03 11:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 15:29 - 2017-06-03 11:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-14 15:29 - 2017-06-03 11:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-14 15:29 - 2017-06-03 11:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 15:29 - 2017-06-03 11:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-14 15:29 - 2017-06-03 11:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 15:29 - 2017-06-03 11:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-14 15:29 - 2017-06-03 11:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-14 15:29 - 2017-06-03 11:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 15:29 - 2017-06-03 10:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-14 15:29 - 2017-06-03 10:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 15:29 - 2017-06-03 10:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-14 15:29 - 2017-06-03 10:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 15:29 - 2017-06-03 10:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 15:29 - 2017-06-03 10:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-14 15:29 - 2017-06-03 10:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 15:29 - 2017-06-03 10:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-14 15:29 - 2017-06-03 10:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-14 15:29 - 2017-06-03 10:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-14 15:29 - 2017-06-03 10:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 15:29 - 2017-06-03 10:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 15:29 - 2017-06-03 10:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 15:29 - 2017-06-03 10:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 15:29 - 2017-06-03 10:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 15:29 - 2017-06-03 10:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-14 15:29 - 2017-06-03 10:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 15:29 - 2017-06-03 10:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 15:29 - 2017-06-03 10:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 15:29 - 2017-06-03 10:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-14 15:29 - 2017-06-03 10:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-14 15:29 - 2017-06-03 10:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 15:29 - 2017-06-03 10:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 15:29 - 2017-06-03 10:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-14 15:29 - 2017-06-03 10:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 15:29 - 2017-06-03 08:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-14 15:29 - 2017-05-25 07:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-14 15:29 - 2017-03-04 08:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-14 15:29 - 2017-03-04 08:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-14 15:29 - 2017-03-04 08:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-10 09:55 - 2017-06-16 19:04 - 00000000 ____D C:\Users\Public\Speedup Sessions
2017-06-08 14:50 - 2017-06-08 14:50 - 00011676 _____ C:\Users\Miriam\Downloads\menny-zoznam---tabulka.xlsx
2017-06-07 14:45 - 2017-06-07 14:45 - 00625381 _____ C:\Users\Miriam\Downloads\PORADIE-NA-ŠTÁTNICE-A-POKYNY (1).pdf
2017-06-07 13:57 - 2017-06-07 14:01 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-06-07 11:15 - 2017-06-07 11:15 - 00412172 _____ C:\WINDOWS\Minidump\060717-6343-01.dmp
2017-06-07 11:04 - 2017-06-07 11:04 - 00412172 _____ C:\WINDOWS\Minidump\060717-5656-01.dmp
2017-06-07 10:45 - 2017-06-07 10:45 - 00017722 _____ C:\Users\Miriam\Downloads\[CzT]Zpivej_Sing_2016_CZ_.torrent
2017-06-05 13:58 - 2017-06-07 14:29 - 00000000 ____D C:\Users\Miriam\AppData\Local\ESET
2017-06-05 13:57 - 2017-06-05 13:58 - 06754944 _____ (ESET spol. s r.o.) C:\Users\Miriam\Downloads\esetonlinescanner_enu.exe
2017-06-04 15:37 - 2017-06-04 15:37 - 00436374 _____ C:\Users\Miriam\Downloads\a418c6a3.pptx
2017-06-03 21:28 - 2017-06-05 13:54 - 00426517 _____ C:\Users\Miriam\Desktop\PrezentáciaBP_Štangová.pptx
2017-06-03 20:24 - 2017-06-03 20:24 - 01035777 _____ C:\Users\Miriam\Downloads\Hurtalova_BP.pptx
2017-06-01 12:29 - 2017-06-01 12:29 - 00061066 _____ C:\Users\Miriam\Downloads\Kalendár 2017.pptx
2017-05-31 15:00 - 2017-05-31 15:00 - 00290971 _____ C:\Users\Miriam\Downloads\DBFA4C014AB94634AA643D824D576979.pdf
2017-05-30 13:40 - 2017-05-30 13:40 - 00213895 _____ C:\Users\Miriam\Downloads\06FA134B1F6C4B8D843C39F0FBBBCDE3.pdf
2017-05-29 15:57 - 2017-05-29 15:57 - 00625381 _____ C:\Users\Miriam\Downloads\PORADIE-NA-ŠTÁTNICE-A-POKYNY.pdf
2017-05-18 20:41 - 2017-05-18 20:41 - 00835619 _____ C:\Users\Miriam\Desktop\28900320171054_Štangová.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-16 19:10 - 2016-10-18 13:03 - 00626384 _____ C:\WINDOWS\system32\perfh01B.dat
2017-06-16 19:10 - 2016-10-18 13:03 - 00186896 _____ C:\WINDOWS\system32\perfc01B.dat
2017-06-16 19:10 - 2016-07-13 10:40 - 00000000 ____D C:\Users\Miriam\AppData\Roaming\uTorrent
2017-06-16 19:10 - 2016-01-05 08:55 - 02071478 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-16 19:04 - 2016-10-13 18:57 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-16 19:04 - 2016-07-08 12:52 - 00000000 __SHD C:\Users\Miriam\IntelGraphicsProfiles
2017-06-16 19:03 - 2016-10-13 19:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-16 19:03 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-06-16 19:01 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-16 19:01 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-16 18:52 - 2017-05-08 20:41 - 00000000 ____D C:\Users\Miriam\AppData\Local\Jagex
2017-06-16 18:52 - 2017-05-03 17:37 - 00000000 ____D C:\ProgramData\Jagex
2017-06-16 18:52 - 2016-10-13 18:58 - 00000000 ____D C:\Users\Miriam
2017-06-16 18:51 - 2016-12-18 17:16 - 00004212 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{266312B4-B0F1-4B15-847E-9D0A558C6253}
2017-06-16 18:51 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-16 18:51 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-16 18:49 - 2016-01-05 08:51 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-16 18:48 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-16 18:47 - 2016-10-13 18:56 - 00344264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-14 19:57 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-14 19:57 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 19:57 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-14 19:46 - 2016-07-09 21:03 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 19:44 - 2017-03-22 18:12 - 00004648 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-06-14 19:44 - 2016-07-11 19:21 - 00000000 ____D C:\Users\Miriam\AppData\Local\Adobe
2017-06-14 15:43 - 2016-07-09 21:03 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 15:42 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-14 15:14 - 2016-10-13 18:56 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-14 14:59 - 2016-11-12 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-06-14 14:59 - 2016-03-29 02:15 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-10 17:01 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-10 09:55 - 2016-11-12 16:43 - 00000000 ____D C:\Program Files (x86)\Avira
2017-06-07 11:15 - 2017-01-08 14:40 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-07 11:15 - 2016-07-09 21:20 - 503446401 _____ C:\WINDOWS\MEMORY.DMP
2017-06-07 10:46 - 2016-07-13 10:30 - 00000000 ____D C:\Users\Miriam\Desktop\Filmy
2017-06-05 17:45 - 2016-10-03 13:47 - 00000000 ___RD C:\Users\Miriam\Desktop\Škola
2017-06-03 22:14 - 2017-03-24 14:54 - 00000000 ____D C:\Users\Miriam\Desktop\Bac
2017-06-03 08:36 - 2016-07-16 13:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 08:36 - 2016-07-16 13:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-17 20:57 - 2017-04-29 12:30 - 00000000 ___RD C:\Users\Miriam\Documents\Scanned Documents
2017-05-17 17:09 - 2017-03-08 20:19 - 00002288 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2016-10-13 18:57 - 2016-10-13 18:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-07 15:44

==================== End of FRST.txt ============================

[Rudy]

Zdravím!
Předpokládám, že to, co nalezl ADW jsta smazal. Pokud ano, otevřte poznámkový blok a zkopírujte do něj:

Start
SearchScopes: HKU\S-1-5-21-3369260048-4190040626-483431282-1001 -> DefaultScope {3799F91A-24AE-43AF-B35E-BA1A5F7BE576} URL =
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\ProgramData\DP45977C.lfl

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[blaider1]

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
Ran by Miriam (17-06-2017 09:35:18) Run:1
Running from C:\Users\Miriam\Desktop
Loaded Profiles: Miriam (Available Profiles: Miriam)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
SearchScopes: HKU\S-1-5-21-3369260048-4190040626-483431282-1001 -> DefaultScope {3799F91A-24AE-43AF-B35E-BA1A5F7BE576} URL =
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\ProgramData\DP45977C.lfl

EmptyTemp:
End
*****************

HKU\S-1-5-21-3369260048-4190040626-483431282-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 583648 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 82204297 B
Java, Flash, Steam htmlcache => 5082 B
Windows/system/drivers => 42698423 B
Edge => 38959889 B
Chrome => 512724913 B
Firefox => 377776851 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 5337549 B
systemprofile32 => 128 B
LocalService => 68406 B
NetworkService => 20410 B
Miriam => 582666914 B

RecycleBin => 2413 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:36:30 ====




Zatiaľ to vyzerá dobre, nevyskočilo žiadne okno za prvých minút.

[Rudy]

OK. Vše bylo smazáno.

[blaider1]

Po pár dňoch problém stále pretrváva, avšak otravné vyskakovacie okno sa spustí len občas,,,,niekedy zapnem ntb a hodinu som na ňom, nič mi nevyskoči a niekedy ihned po zapnutí pc. zatial som nespozoroval , ktorý úkon aktivuje okno daej otravuje, nieaké dalšie rady ???

[Rudy]

Zkusíme vyčistit prohlížeče. Spusťte posrupně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

[blaider1]

pridávam log zo zoek:


Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Miriam on 24.06.2017 at 20:20:35,20.
Microsoft Windows 10 Home 10.0.14393 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Miriam\Downloads\zoek.exe [Scan all users] [Quick Scan] [Auto Clean]

==== System Restore Info ======================

24.06.2017 20:21:44 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Miriam\AppData\Local\ActiveSync deleted successfully
C:\Users\Miriam\AppData\Local\AviraSpeedup deleted successfully
C:\Users\Miriam\AppData\Local\NetworkTiles deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\agkj8evj.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs__2036_.backup

==== Deleting Files \ Folders ======================

C:\windows\SysNative\Tasks\Software Update Application deleted
C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\Tasks\Avast SecureLine deleted
C:\windows\SysNative\Tasks\avast! SL Update deleted
C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\agkj8evj.default\extensions\partnerdefaults@mozilla.com deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2017-06-16 17:34:12 B0C72A8C72E1DD8FFD9587D318F1C089 2259 ----a-w- C:\WINDOWS\epplauncher.mif
2017-06-14 13:29:20 E8B796A523D2B63A9C7BB0576DFE793E 975872 ----a-w- C:\WINDOWS\HelpPane.exe
====== C:\Users\Miriam\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2017-06-14 13:30:08 7E866F728EC98B40CAC7DC3211452A16 545944 ----a-w- C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 13:30:08 0F28A83057FB22765B58F58860312694 315744 ----a-w- C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 13:30:08 00EAA3BC620929BE3E6D24146C7CC1EE 483840 ----a-w- C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 13:30:07 FBFF9BF41479031BA892670A69E94AF8 2006528 ----a-w- C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 13:30:07 EB9F8A08F96CDEE70C6E85CB530ECF5B 224256 ----a-w- C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-14 13:30:07 9722B441E20C9C3B34EECA660303B3B5 780640 ----a-w- C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-14 13:30:07 59D8A8C06114DE6E5F277B4CA6039D51 368128 ----a-w- C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-14 13:30:07 12D38105EF6B39287B9479A0B5D0750D 2048496 ----a-w- C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 13:30:06 D8DD468AD61EA092F0F9B9FA51AEA929 755712 ----a-w- C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-14 13:30:06 8F638F134BEED7E1A097FF5DD4F32D33 37376 ----a-w- C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 13:30:06 17E04FC6F7004025AD303F884600B93F 1412640 ----a-w- C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 13:30:06 07680AD9B1ADC68B65FBF06BF0E07848 2997760 ----a-w- C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 13:30:05 1A81E067094E519882FBE65674A31DA6 20967840 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 13:30:04 C772EE3E956DA3B21549C44DD1CBA022 231936 ----a-w- C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-14 13:30:04 2B2C59488185FCDD94C8077879F7D2EC 5686272 ----a-w- C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 13:30:04 207D69F66829C89B23BB206A1DEBFF3E 285184 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-14 13:30:03 DD822D3B371DA4BBAA167B9279338074 1988096 ----a-w- C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 13:30:03 38CD97EABCD0989375DE31C55DB64744 1221120 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-14 13:30:02 AE3C94E8C7E0820AE6D014048F8E92F4 886272 ----a-w- C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 13:30:02 91D374EB0852B8D83939AF8B44056436 1021784 ----a-w- C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-14 13:30:02 83DB1B53D6B80A8A2219DDC661DC4AF3 607072 ----a-w- C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-14 13:30:02 804C6C0A17BC054C8FCAF3FA59C59EED 2643968 ----a-w- C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 13:30:02 613CAF12F074D723B62BCF13383EA513 709120 ----a-w- C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-14 13:30:01 D01B678C1B3DC6A8CEB1E5BE8C80F28A 181760 ----a-w- C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-14 13:30:01 C04621FEDE5AF0F91675AF80CF3F8D16 340832 ----a-w- C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 13:30:01 B7CFC1C5B3353FF0BE171E76E599B122 364544 ----a-w- C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-14 13:30:01 AFFA1FD1984250537436990FAB04A47C 295424 ----a-w- C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-14 13:30:01 838192E7C51BA80217277169EEBC0BE3 327168 ----a-w- C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-14 13:30:01 66E2AA655F4E11F40362995D1E3FBE41 773120 ----a-w- C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 13:30:01 5181B7BE1B912B9AA50858C5D860E8D9 111968 ----a-w- C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-14 13:30:01 4D0BBCC85007F01B1E69B926B97D38FA 118272 ----a-w- C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-14 13:30:01 20C0C534C203004F271585F7B8A7276E 100352 ----a-w- C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-14 13:30:01 1C5F45D0C096B30660CD6478E83340E8 95232 ----a-w- C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 13:30:01 00D5767DC76922C810EDCA01B8C23ED6 1164288 ----a-w- C:\WINDOWS\SysWOW64\certutil.exe
2017-06-14 13:30:00 D18BFA3288DE0F05721F3C5C0EA5ADC9 232448 ----a-w- C:\WINDOWS\SysWOW64\edputil.dll
2017-06-14 13:30:00 820EFB58A8BE5D0D0901B42C5B87948D 2560 ----a-w- C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 13:30:00 4931D908A1EBFD82A6C34CD13D5EC2BA 27136 ----a-w- C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-14 13:29:57 E31E12A238ED955FCA7505436C9EA681 1706488 ----a-w- C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 13:29:38 EE5471ED61FCA6EBB955F69657A51E96 18364928 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 13:29:38 46B73619AA04C2932B72274901A00C91 635904 ----a-w- C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-14 13:29:36 C09B9EC9CFED978918F7A0137D41AA92 3664384 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 13:29:36 A325B781E64B9D02BA6B2E9E0DF13844 822784 ----a-w- C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-14 13:29:35 615F788383682C3931D89CAC00BC9D40 306688 ----a-w- C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 13:29:35 4B4D68731C21CB4CB5313270FCC7136E 19414016 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 13:29:34 82933E2FC5235A185C5FB15BD1C174E7 6042624 ----a-w- C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 13:29:33 3264894312F31CA89EB9BAAF46DB323B 12187648 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 13:29:03 ACE32CBDDF2BE6B5151A02F30B8E7208 192856 ----a-w- C:\WINDOWS\SysWOW64\aepic.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2017-06-17 07:37:24 5C5A797761421CF9B72087F3BC8A5259 180 ----a-w- C:\WINDOWS\Sysnative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-14 13:30:00 BE7696381EADA160D20D172D5881E011 857440 ----a-w- C:\WINDOWS\Sysnative\WWAHost.exe
2017-06-14 13:29:59 9CB576709100152AC1C5E9FB223D29B7 552960 ----a-w- C:\WINDOWS\Sysnative\MusUpdateHandlers.dll
2017-06-14 13:29:59 90F392BF1D30D878CA96B431741AD547 391168 ----a-w- C:\WINDOWS\Sysnative\wuuhext.dll
2017-06-14 13:29:59 7A2CF02E4120AA5B5465D79D78C0DEC2 2538496 ----a-w- C:\WINDOWS\Sysnative\mssrch.dll
2017-06-14 13:29:59 2F5D3B6FEF24DD0824964C36FDC7E0B7 3403264 ----a-w- C:\WINDOWS\Sysnative\tquery.dll
2017-06-14 13:29:58 E7F14801E038AD77A64AF30AC78B905A 903680 ----a-w- C:\WINDOWS\Sysnative\SearchIndexer.exe
2017-06-14 13:29:58 D10DFA27265E6E9729AC0D5963C8B7CA 1217024 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Audio.dll
2017-06-14 13:29:58 07716E97BCC70C9577425EB98D2B35BC 124416 ----a-w- C:\WINDOWS\Sysnative\mssprxy.dll
2017-06-14 13:29:57 4EE256C1721939A0240FE8550E5B7879 38752 ----a-w- C:\WINDOWS\Sysnative\OOBEUpdater.exe
2017-06-14 13:29:57 0B578557804EF663D120D63255632687 119808 ----a-w- C:\WINDOWS\Sysnative\UserDataTimeUtil.dll
2017-06-14 13:29:55 22A034F884D3A749C9F1E378D88866C3 857952 ----a-w- C:\WINDOWS\Sysnative\NetSetupEngine.dll
2017-06-14 13:29:54 D190D4F089EACA940D5233478CD94E4F 1131008 ----a-w- C:\WINDOWS\Sysnative\localspl.dll
2017-06-14 13:29:54 09788178ECBD170263A19D067DF1363B 2213760 ----a-w- C:\WINDOWS\Sysnative\KernelBase.dll
2017-06-14 13:29:53 908CC42EE5D8CC73D4C136B5577EA08D 22220864 ----a-w- C:\WINDOWS\Sysnative\shell32.dll
2017-06-14 13:29:50 E0981C2DA535C7D579601C967210E25E 266752 ----a-w- C:\WINDOWS\Sysnative\NetSetupSvc.dll
2017-06-14 13:29:50 AC6E9ED99F0D3814D3B35387709747EF 834048 ----a-w- C:\WINDOWS\Sysnative\win32spl.dll
2017-06-14 13:29:50 749F864C24C69BE5D129C34A445F32B8 100864 ----a-w- C:\WINDOWS\Sysnative\wpninprc.dll
2017-06-14 13:29:50 3FE979055667B0E488855856ABA70BB1 456192 ----a-w- C:\WINDOWS\Sysnative\puiobj.dll
2017-06-14 13:29:50 29D1A548F8544222EC7C3C50F73D8003 238592 ----a-w- C:\WINDOWS\Sysnative\MusNotification.exe
2017-06-14 13:29:49 C9779ED5EB5A97C652E77CBCE9CE51D3 98304 ----a-w- C:\WINDOWS\Sysnative\MusNotificationUx.exe
2017-06-14 13:29:49 9888D91E8B5679FAF3E4E57B5A59BD5C 148832 ----a-w- C:\WINDOWS\Sysnative\NetSetupApi.dll
2017-06-14 13:29:49 038E6D6F2C86E574556D1AAF2A99BBA6 53248 ----a-w- C:\WINDOWS\Sysnative\musdialoghandlers.dll
2017-06-14 13:29:39 25B2F6E8FCA707EEE8101D20A8587FCC 441344 ----a-w- C:\WINDOWS\Sysnative\netcorehc.dll
2017-06-14 13:29:34 2D906DD0D937EF6B3318F174DBDFF059 4744704 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll
2017-06-14 13:29:33 A4C55CB11E20A04531F80603C984AF76 691200 ----a-w- C:\WINDOWS\Sysnative\ieproxy.dll
2017-06-14 13:29:32 B7AAA1FBABF23938FF429FE7D04D9399 8125440 ----a-w- C:\WINDOWS\Sysnative\Chakra.dll
2017-06-14 13:29:32 623C8989860C6162971A240A99903410 13091840 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll
2017-06-14 13:29:31 FE2D97721969818E483780C9FE4333BC 1513472 ----a-w- C:\WINDOWS\Sysnative\win32kbase.sys
2017-06-14 13:29:31 5070B37B20DDC257AF93EB0BE8AB5690 1845248 ----a-w- C:\WINDOWS\Sysnative\FntCache.dll
2017-06-14 13:29:30 512FAC578366299C2DD4D94BE36F5A0D 23677440 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll
2017-06-14 13:29:29 8F176DA53E5AD6F3B9FEFDC93346EFFC 7783256 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe
2017-06-14 13:29:28 DDD49029DA039B2D1A9E3ACA8F2E97F0 2475520 ----a-w- C:\WINDOWS\Sysnative\DWrite.dll
2017-06-14 13:29:28 76142A00FDA4E0B192D1057BBAECF17A 2681200 ----a-w- C:\WINDOWS\Sysnative\CoreUIComponents.dll
2017-06-14 13:29:28 7478F2B823BFBFF75ECF805BC03B2C83 932864 ----a-w- C:\WINDOWS\Sysnative\kerberos.dll
2017-06-14 13:29:27 5C60B2D2144E792EC68C35DA1644C502 22569984 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll
2017-06-14 13:29:22 3C64F2BE8C71B03F4C69D4C116109E1D 418304 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.BlockedShutdown.dll
2017-06-14 13:29:21 ECB92C17AC64FF64148BE807AC29386A 337408 ----a-w- C:\WINDOWS\Sysnative\NetworkBindingEngineMigPlugin.dll
2017-06-14 13:29:21 B247CEF0A92DC1D3E377BE6AA365B01A 1121280 ----a-w- C:\WINDOWS\Sysnative\aadtb.dll
2017-06-14 13:29:20 BA247C2CCC1F037D5EF4AEB5AC23E1F5 1112416 ----a-w- C:\WINDOWS\Sysnative\AppxPackaging.dll
2017-06-14 13:29:20 B7D7188C0AD7526D5425F8F0C88C712C 353792 ----a-w- C:\WINDOWS\Sysnative\cloudAP.dll
2017-06-14 13:29:20 B06DAED17F67FFD124F397E4353D985C 404824 ----a-w- C:\WINDOWS\Sysnative\msv1_0.dll
2017-06-14 13:29:20 31BFADFB13EBC9CB06D6E250FEA0FD36 856064 ----a-w- C:\WINDOWS\Sysnative\efscore.dll
2017-06-14 13:29:19 FB30AD7EAD9E77C61778DE7E27E30C59 351744 ----a-w- C:\WINDOWS\Sysnative\hnetcfg.dll
2017-06-14 13:29:16 A64CF9D11F695E8BE7E88DB2FF9ACBE9 379232 ----a-w- C:\WINDOWS\Sysnative\atmfd.dll
2017-06-14 13:29:16 63B6CCF24C70F16976B8AD11389B4B80 628552 ----a-w- C:\WINDOWS\Sysnative\fontdrvhost.exe
2017-06-14 13:29:15 9E4231D238FF2D1F5086DC8AF934F1A2 886784 ----a-w- C:\WINDOWS\Sysnative\CPFilters.dll
2017-06-14 13:29:15 833B3B359F0206401810503E570EDEBC 1566552 ----a-w- C:\WINDOWS\Sysnative\gdi32full.dll
2017-06-14 13:29:14 B306E46465689426AC31FF472607BE62 2318848 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll
2017-06-14 13:29:14 1E287D5A69A485F23749BCE65F83018A 1600624 ----a-w- C:\WINDOWS\Sysnative\sppobjs.dll
2017-06-14 13:29:14 12F68C1BA2D9BB2239B24E16F90246FF 3615744 ----a-w- C:\WINDOWS\Sysnative\win32kfull.sys
2017-06-14 13:29:13 156DA1A406F1909107E048584021B631 1490432 ----a-w- C:\WINDOWS\Sysnative\lsasrv.dll
2017-06-14 13:29:11 9171E680ADE30F22D78AF28F84DA27D5 764392 ----a-w- C:\WINDOWS\Sysnative\CoreMessaging.dll
2017-06-14 13:29:11 85898A239780D457B73AAC42B73B4CB1 7217152 ----a-w- C:\WINDOWS\Sysnative\Windows.Data.Pdf.dll
2017-06-14 13:29:08 304AFBB7C4FB4FA26538602C02E5EA73 2510848 ----a-w- C:\WINDOWS\Sysnative\NetworkMobileSettings.dll
2017-06-14 13:29:08 0865275CF6DF73BD560C1A49600A4FA9 324608 ----a-w- C:\WINDOWS\Sysnative\Windows.ApplicationModel.LockScreen.dll
2017-06-14 13:29:06 A8AC0C570C3629718A6CF06BDCE53A55 334176 ----a-w- C:\WINDOWS\Sysnative\invagent.dll
2017-06-14 13:29:06 7D4E7B74E017D343089CE49559A159D1 233824 ----a-w- C:\WINDOWS\Sysnative\aepic.dll
2017-06-14 13:29:06 7B856A5EE257489AB7EDBC77089A836C 989024 ----a-w- C:\WINDOWS\Sysnative\hvax64.exe
2017-06-14 13:29:06 4BD676CC2DBA76D4B00C1664160F488C 1100128 ----a-w- C:\WINDOWS\Sysnative\hvix64.exe
2017-06-14 13:29:06 00F9F8F9FF615D71CC178DEA0B1ED720 1214816 ----a-w- C:\WINDOWS\Sysnative\aeinv.dll
2017-06-14 13:29:05 961E25D8F68C638F42199DDD6FA96342 455520 ----a-w- C:\WINDOWS\Sysnative\securekernel.exe
2017-06-14 13:29:05 7BD6C15F1C1CB0B74FB167042F20E0C9 1564512 ----a-w- C:\WINDOWS\Sysnative\appraiser.dll
2017-06-14 13:29:04 AA0D47B6CC0D5D3DAD069A01F3F91E86 629088 ----a-w- C:\WINDOWS\Sysnative\generaltel.dll
2017-06-14 13:29:04 32A8CD2D7B5D4F503B4F8E559FE05B13 96608 ----a-w- C:\WINDOWS\Sysnative\CompatTelRunner.exe
2017-06-14 13:29:04 18DE0596384F02237F805BD1A352FD75 544096 ----a-w- C:\WINDOWS\Sysnative\devinv.dll
2017-06-14 13:29:03 F1B41E1EB362B1FD8A8EB6011D17D58F 489472 ----a-w- C:\WINDOWS\Sysnative\NetSetupShim.dll
2017-06-14 13:29:03 BA775B101B5E6C12D4A7AE9CBFA4F008 335712 ----a-w- C:\WINDOWS\Sysnative\dcntel.dll
2017-06-14 13:29:03 0FA65256069B1B65581144F206027DE5 147456 ----a-w- C:\WINDOWS\Sysnative\winsrv.dll
2017-06-14 13:29:02 E863706E7D0E6061689D7721959C0437 136032 ----a-w- C:\WINDOWS\Sysnative\acmigration.dll
2017-06-14 13:29:02 A3E5C464520434D873BF1BD092117853 45056 ----a-w- C:\WINDOWS\Sysnative\atmlib.dll
2017-06-14 13:29:02 597C96281C55868CDBB06E22ADAEDCA9 80078 ----a-w- C:\WINDOWS\Sysnative\normidna.nls
2017-06-14 13:29:02 1503DA64D20DD3ECB18A27686B3FF7EA 34648 ----a-w- C:\WINDOWS\Sysnative\DeviceCensus.exe
2017-06-14 13:29:02 063DED567D61B4CC817CF8E69D480336 1418240 ----a-w- C:\WINDOWS\Sysnative\certutil.exe
2017-06-14 13:29:01 FAD89A8156FA444E0962BC5C2A23B103 117760 ----a-w- C:\WINDOWS\Sysnative\AuthBrokerUI.dll
2017-06-14 13:29:01 C9DAA29BDD6E2C61A6603DE75F6EE761 255488 ----a-w- C:\WINDOWS\Sysnative\HNetCfgClient.dll
2017-06-14 13:29:01 388E910ADC7F7E8BB21514FAA4A478E2 198144 ----a-w- C:\WINDOWS\Sysnative\dpapisrv.dll
2017-06-14 13:29:01 3209DC681B5F46F4CDF724C48569ED11 136024 ----a-w- C:\WINDOWS\Sysnative\ImplatSetup.dll
2017-06-14 13:29:01 2EB64622FEB3E6790FD72D06C9BEB319 252928 ----a-w- C:\WINDOWS\Sysnative\edputil.dll
2017-06-14 13:29:00 75FD10B0F7721B6548BE8D7F1F79DE04 2560 ----a-w- C:\WINDOWS\Sysnative\tzres.dll
2017-06-14 13:29:00 06C58C9B85A77AB69D9C319D690B27C8 64512 ----a-w- C:\WINDOWS\Sysnative\fdProxy.dll
====== C:\WINDOWS\Sysnative\drivers =====
2017-06-14 13:30:01 D515CD0012EBFF9EF255798F3A4BA1EE 187232 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys
2017-06-14 13:30:01 72ABA6AC74F7AA9C9A4AC61BE628ADD1 41472 ----a-w- C:\WINDOWS\Sysnative\drivers\BasicRender.sys
2017-06-14 13:30:01 58827BEFC54D4396D3FD191F5DD31C1D 381792 ----a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS
2017-06-14 13:30:01 08ED027CD8A43E3412BDD134A43B13E8 279904 ----a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys
2017-06-14 13:29:55 4ED37041ADB4BD4BEEB1279AFA5808A9 2532192 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys
2017-06-14 13:29:54 A530D0C58A657BCD1629816B887661CB 1181024 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys
2017-06-14 13:29:50 A7C267671EDDF066E8CFBF897BC4B626 118112 ----a-w- C:\WINDOWS\Sysnative\drivers\tdx.sys
2017-06-14 13:29:31 9E407EAF1B5FFD4209C2B5F7A8B83BE5 402272 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys
2017-06-14 13:29:28 C867FABEFF1A553330093384D022F963 2187104 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys
2017-06-14 13:29:05 8360BD603D3596E1D6D9BD04E69DE5E9 624048 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys
2017-06-14 13:29:02 0C81E5D3E37D8D350088596D23FF21A4 509280 ----a-w- C:\WINDOWS\Sysnative\drivers\storport.sys
2017-06-14 13:29:01 1065D7283659DC301AF94A47847616C4 128864 ----a-w- C:\WINDOWS\Sysnative\drivers\tm.sys
====== C:\WINDOWS\Tasks ======
2017-06-07 11:57:48 2D78977A40CC6F58D6F51167D4D5087E 214 ----a-w- C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\Miriam\AppData\Roaming ======
2017-06-14 17:57:55 -------- d-----w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2017-06-14 17:57:55 -------- d-----w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2017-06-05 11:58:06 -------- d-----w- C:\Users\Miriam\AppData\Local\ESET
====== C:\Users\Miriam ======
2017-06-21 11:37:19 -------- d-----w- C:\ProgramData\TrueKey
2017-06-16 17:33:26 44986EBCA91F0F0667C2B6918BED7CA1 15085760 ----a-w- C:\Users\Miriam\Downloads\MSEInstall (1).exe
2017-06-16 17:32:43 79B0F632FDDB5FE8D5F1A90E719E7C3B 12257112 ----a-w- C:\Users\Miriam\Downloads\MSEInstall.exe
2017-06-16 17:15:50 7E487D5248A284DBC763DD8BC0F7DAFC 2438656 ----a-w- C:\Users\Miriam\Desktop\FRST64.exe
2017-06-16 17:15:46 7E487D5248A284DBC763DD8BC0F7DAFC 2438656 ----a-w- C:\Users\Miriam\Downloads\FRST64 (1).exe
2017-06-16 17:15:41 7E487D5248A284DBC763DD8BC0F7DAFC 2438656 ----a-w- C:\Users\Miriam\Downloads\FRST64.exe
2017-06-16 17:12:13 B8B83A8B45F745089DFF6FF5E30ECE25 1663672 ----a-w- C:\Users\Miriam\Desktop\JRT.exe
2017-06-16 17:12:03 B8B83A8B45F745089DFF6FF5E30ECE25 1663672 ----a-w- C:\Users\Miriam\Downloads\JRT.exe
2017-06-16 17:00:12 1ACE8128CFA67E825635012B2CF705A9 4110280 ----a-w- C:\Users\Miriam\Desktop\adwcleaner_6.047.exe
2017-06-16 16:59:35 1ACE8128CFA67E825635012B2CF705A9 4110280 ----a-w- C:\Users\Miriam\Downloads\adwcleaner_6.047.exe

====== C: exe-files ==
2017-06-21 11:39:56 9D85CD8E245989DE49CB1A7FF89EF320 26435280 ----a-w- C:\Users\Miriam\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
2017-06-21 11:39:56 9D85CD8E245989DE49CB1A7FF89EF320 26435280 ----a-w- C:\Users\Miriam\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\OneDriveSetup.exe
2017-06-21 11:38:27 1358394DD0CF1191D726692A9372FE8F 236240 ----a-w- C:\Users\Miriam\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncConfig.exe
2017-06-21 11:38:25 9EB92488BA203BA99FF632500689A221 229584 ----a-w- C:\Users\Miriam\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileCoAuth.exe
2017-06-20 19:05:02 75A171FBCAD34BBBFDE05C581A36DFFE 1243416 ----a-w- C:\Users\Miriam\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe
2017-06-20 19:04:48 374D5289F0F14069474C1C73FB27EA5E 36352 ----a-w- C:\Users\Miriam\AppData\Roaming\WildTangent\Updater\GameConsole\Park-{bfbbe5ba-6566-42ea-af7f-5eda816d3cea}.exe
2017-06-20 19:04:35 59BCF85090595D5E95542D2094A0BA83 2452328 ----a-w- C:\Users\Miriam\AppData\Roaming\WildTangent\Updater\GameConsole\GameConsole-4.3.1.51-to-4.4.0.83.exe
=== C: other files ==
2017-06-24 18:20:26 D651C8CFEB8D37D4C20CDAA1267E57FB 297 ----a-w- C:\ProgramData\OEM\Fub Tracking Program\Upload\_1498335626.zip
2017-06-20 19:06:07 90FEBBA28704D9108DAC86459A05ECBB 671764 ----a-w- C:\Users\Miriam\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\INetCache\89HKIV11\MSCasualGames[1].zip
2017-06-20 19:06:06 8EDD870C7F12BD70CAE4B76E2D3A16E8 3835 ----a-w- C:\Users\Miriam\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\INetCache\1RD4RXVW\manifest[1].zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-3369260048-4190040626-483431282-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Miriam\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"uTorrent"="C:\Users\Miriam\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"MicrosoftSearchIndexer"="wscript.exe //E:vbscript C:\Users\Miriam\AppData\Roaming\MicrosoftSearchIndexer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Miriam\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"uTorrent"="C:\Users\Miriam\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED"
"MicrosoftSearchIndexer"="wscript.exe //E:vbscript C:\Users\Miriam\AppData\Roaming\MicrosoftSearchIndexer"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"WindowsDefender"=""%ProgramFiles%\Windows Defender\MSASCuiL.exe""

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job --a-------- C:\WINDOWS\explorer.exe [28.04.2017 02:34]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\ACC" [C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe]
"C:\WINDOWS\SysNative\tasks\ACCAgent" [C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe]
"C:\WINDOWS\SysNative\tasks\ACCBackgroundApplication" [C:\Program Files (x86)\Acer\Care Center\ACCStd.exe]
"C:\WINDOWS\SysNative\tasks\AcerCloud" [C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe]
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player PPAPI Notifier" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe]
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\BacKGroundAgent" [C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe]
"C:\WINDOWS\SysNative\tasks\FUBTrackingByPLD" ["C:\OEM\Preload\FubTracking\FubTracking.exe"]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task v2" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe]
"C:\WINDOWS\SysNative\tasks\Power Management" ["C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe"]
"C:\WINDOWS\SysNative\tasks\Quick Access" ["C:\Program Files\Acer\Acer Quick Access\QALauncher.exe"]
"C:\WINDOWS\SysNative\tasks\UbtFrameworkService" ["C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{266312B4-B0F1-4B15-847E-9D0A558C6253}" [C:\WINDOWS\system32\msfeedssync.exe]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Miriam\AppData\Roaming\Mozilla\Firefox\Profiles\agkj8evj.default
- Undetermined - %ProfilePath%\extensions\abs@avira.com.xpi
- Slovak SK Language Pack - %ProfilePath%\extensions\langpack-sk@firefox.mozilla.org.xpi
- Avira SafeSearch Plus - %ProfilePath%\extensions\safesearchplus2@avira.com.xpi

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]

Google Slides - Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Sheets - Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Avira Browser Safety - Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
Google Docs Offline - Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Chrome Web Store Payments - Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Chrome Media Router - Miriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://acer15.msn.com/?pc=ACTE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://acer15.msn.com/?pc=ACTE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default.migrated\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Miriam\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Miriam\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Miriam\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=37 folders=33 32432494 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Miriam\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 24.06.2017 at 20:43:23,51 ======================

ak sa to ešte objavi pridám log aj z JRT

[Rudy]

OK. Nechám to tu ještě otevřené.

[blaider1]

výstup z JRT.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by Miriam (Administrator) on 25.06.2017 at 10:47:16,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.06.2017 at 10:49:21,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

spomínané okno zas začalo vyskakovat cca po hodinách práce na fb

[Rudy]

Jak to vypadá nyní?

[blaider1]

problém stále pretrváva, po hodine dvoch práce na pc je tu otravne okno zas

[Rudy]

Zkuste ho vypnout podle tohoto návodu: http://wintip.cz/524-jak-vypnout-windows-script-host .

[blaider1]

ako som písal vyššie, skor ako som tento topic založil som to už vypol, postup som teda znovu zopakoval podla navodu no problem to neriešie, okno stále vyskakuje s tým že script je vypnutý. dokonca je subor aj odstranený v nudzovom režime z registrov na hlášky sa nie a nie zbavit. zajtra odlietam na dovolenku tak porposim nezamykať topic. dva týždne budem mimo

[JaRon]

zaskocim:
skus cez regedit najst a zmazat polozku:
HKU\S-1-5-21-3369260048-4190040626-483431282-1001\...\Run: [MicrosoftSearchIndexer] => "wscript.exe //E:vbscript C:\Users\Miriam\AppData\Roaming\MicrosoftSearchIndexer"

[Rudy]

OK, nechám to otevřené. Hezkou dovolenou!