Logfile of HiJackThis Fork (Alpha) by Alex Dragokas v.2.7.0.19 Platform: x64 Windows 10 (Enterprise), 10.0.16299.98 (ReleaseId: 1709), Service Pack: 0 Time: 03.12.2017 - 21:32, Uptime: 01:52 Language: OS: Russian (0x419). Display: English (0x409). Non-Unicode: Russian (0x419) Elevated: Yes Ran by: Alex (group: Administrator) on DESKTOP-2, FirstRun: yes Chrome: 62.0.3202.94 Edge: 11.0.16299.98 Internet Explorer: 11.0.16299.98 Default: "C:\WINDOWS\system32\LaunchWinApp.exe" "%1" (Microsoft Edge) Boot mode: Normal Running processes: Number | Path 1 C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe 1 C:\Program Files\VMware\VMware Tools\vmacthlp.exe 2 C:\Program Files\VMware\VMware Tools\vmtoolsd.exe 1 C:\Program Files\Windows Defender\MSASCuiL.exe 1 C:\Program Files\Windows Defender\MpCmdRun.exe 1 C:\Program Files\Windows Defender\MsMpEng.exe 1 C:\Program Files\Windows Defender\NisSrv.exe 1 C:\ProgramData\KMSAutoS\bin\KMSSS.exe 1 C:\Users\Alex\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\HiJackThis (1).exe 1 C:\Users\Alex\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\MemCompression 1 C:\Windows\System32\ApplicationFrameHost.exe 5 C:\Windows\System32\RuntimeBroker.exe 1 C:\Windows\System32\SearchIndexer.exe 1 C:\Windows\System32\SecurityHealthService.exe 1 C:\Windows\System32\VSSVC.exe 1 C:\Windows\System32\WUDFHost.exe 1 C:\Windows\System32\audiodg.exe 1 C:\Windows\System32\browser_broker.exe 2 C:\Windows\System32\csrss.exe 1 C:\Windows\System32\ctfmon.exe 1 C:\Windows\System32\dllhost.exe 1 C:\Windows\System32\dwm.exe 2 C:\Windows\System32\fontdrvhost.exe 1 C:\Windows\System32\lsass.exe 1 C:\Windows\System32\msdtc.exe 1 C:\Windows\System32\services.exe 1 C:\Windows\System32\sihost.exe 1 C:\Windows\System32\smartscreen.exe 1 C:\Windows\System32\smss.exe 1 C:\Windows\System32\spoolsv.exe 20 C:\Windows\System32\svchost.exe 2 C:\Windows\System32\taskhostw.exe 1 C:\Windows\System32\wbem\WmiPrvSE.exe 1 C:\Windows\System32\wininit.exe 1 C:\Windows\System32\winlogon.exe 1 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe 5 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 1 C:\Windows\explorer.exe R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes: DefaultScope = {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} - Яндекс - https://yandex.ru/search/?text={searchTerms}&clid=2233627 R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8} - Яндекс - https://suggest.yandex.ru/suggest-ff.cgi?srv=ie11&part={searchTerms}&clid=2233627 (SuggestionsURL_JSON) R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8} - Яндекс - https://yandex.ru/search/?text={searchTerms}&clid=2233627 (URL) O4 - HKLM\..\FileRenameOperations: C:\WINDOWS\AppCompat\Programs\Amcache.hve.tmp -> C:\WINDOWS\AppCompat\Programs\Amcache.hve O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\vmtoolsd.exe -n vmusr O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] (1601/01/01) C:\Program Files\Windows Defender\MSASCuiL.exe O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup O17 - DHCP DNS - 1: 192.168.132.2 O21 - ShellIconOverlayIdentifiers: ErrorOverlayHandler Class - {BBACC218-34EA-4666-9D7A-C78F2274A524} - C:\Users\Alex\AppData\Local\Microsoft\OneDrive\17.3.7076.1026_1\amd64\FileSyncShell64.dll O21 - ShellIconOverlayIdentifiers: ReadOnlyOverlayHandler Class - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - C:\Users\Alex\AppData\Local\Microsoft\OneDrive\17.3.7076.1026_1\amd64\FileSyncShell64.dll O21 - ShellIconOverlayIdentifiers: SharedOverlayHandler Class - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - C:\Users\Alex\AppData\Local\Microsoft\OneDrive\17.3.7076.1026_1\amd64\FileSyncShell64.dll O21 - ShellIconOverlayIdentifiers: SharedSyncingOverlayHandler Class - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - C:\Users\Alex\AppData\Local\Microsoft\OneDrive\17.3.7076.1026_1\amd64\FileSyncShell64.dll O21 - ShellIconOverlayIdentifiers: SyncingOverlayHandler Class - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - C:\Users\Alex\AppData\Local\Microsoft\OneDrive\17.3.7076.1026_1\amd64\FileSyncShell64.dll O21 - ShellIconOverlayIdentifiers: UpToDateOverlayHandler Class - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - C:\Users\Alex\AppData\Local\Microsoft\OneDrive\17.3.7076.1026_1\amd64\FileSyncShell64.dll O21-32 - ShellIconOverlayIdentifiers: ErrorOverlayHandler Class - {BBACC218-34EA-4666-9D7A-C78F2274A524} - C:\Users\Alex\AppData\Local\Microsoft\OneDrive\17.3.7076.1026_1\FileSyncShell.dll O21-32 - ShellIconOverlayIdentifiers: ReadOnlyOverlayHandler Class - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - C:\Users\Alex\AppData\Local\Microsoft\OneDrive\17.3.7076.1026_1\FileSyncShell.dll O21-32 - ShellIconOverlayIdentifiers: SharedOverlayHandler Class - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - C:\Users\Alex\AppData\Local\Microsoft\OneDrive\17.3.7076.1026_1\FileSyncShell.dll O21-32 - ShellIconOverlayIdentifiers: SharedSyncingOverlayHandler Class - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - C:\Users\Alex\AppData\Local\Microsoft\OneDrive\17.3.7076.1026_1\FileSyncShell.dll O21-32 - ShellIconOverlayIdentifiers: SyncingOverlayHandler Class - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - C:\Users\Alex\AppData\Local\Microsoft\OneDrive\17.3.7076.1026_1\FileSyncShell.dll O21-32 - ShellIconOverlayIdentifiers: UpToDateOverlayHandler Class - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - C:\Users\Alex\AppData\Local\Microsoft\OneDrive\17.3.7076.1026_1\FileSyncShell.dll O22 - Task (disabled): GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c O22 - Task (disabled): GoogleUpdateTaskMachineCore1d23443bda3b83e - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c O22 - Task (disabled): GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler O22 - Task (disabled): KMSAutoNet - C:\ProgramData\KMSAutoS\KMSAuto Net.exe /win=act O22 - Task (disabled): \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical - {613FBA38-A3DF-4AB8-9674-5604984A299A},/RuntimeWide - C:\Windows\System32\mscoree.dll O22 - Task (disabled): \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical - {DE434264-8FE9-4C0B-A83B-89EBEEBFF78E},/RuntimeWide - C:\Windows\System32\mscoree.dll O22 - Task (disabled): \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) - {CF2CF428-325B-48D3-8CA8-7633E36E5A32} - C:\WINDOWS\system32\msdrm.dll O22 - Task (disabled): \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) - {BF5CB148-7C77-4D8A-A53E-D81C70CF743C} - C:\WINDOWS\system32\msdrm.dll O22 - Task (disabled): \Microsoft\Windows\AppID\EDP Policy Manager - {DECA92E0-AF85-439E-9204-86679978DA08},EdpPolicyManager - C:\WINDOWS\System32\AppLockerCsp.dll O22 - Task (disabled): \Microsoft\Windows\AppID\SmartScreenSpecific - {9F2B0085-9218-42A1-88B0-9F0E65851666},U - (no file) O22 - Task (disabled): \Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - C:\WINDOWS\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask (Microsoft) O22 - Task (disabled): \Microsoft\Windows\BitLocker\BitLocker MDM policy Refresh - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},BitLockerPolicy - C:\WINDOWS\System32\edptask.dll O22 - Task (disabled): \Microsoft\Windows\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask - {E984D939-0E00-4DD9-AC3A-7ACA04745521} - (no file) O22 - Task (disabled): \Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask - {47E30D54-DAC1-473A-AFF7-2355BF78881F},AIKCertEnroll - C:\WINDOWS\system32\ngctasks.dll O22 - Task (disabled): \Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask - {47E30D54-DAC1-473A-AFF7-2355BF78881F},CryptoPolicy - C:\WINDOWS\system32\ngctasks.dll O22 - Task (disabled): \Microsoft\Windows\CertificateServicesClient\KeyPreGenTask - {47E30D54-DAC1-473A-AFF7-2355BF78881F},NGCKeyPregen - C:\WINDOWS\system32\ngctasks.dll O22 - Task (disabled): \Microsoft\Windows\CertificateServicesClient\SystemTask - {58FB76B9-AC85-4E55-AC04-427593B1D060},SYSTEM - C:\WINDOWS\system32\dimsjob.dll O22 - Task (disabled): \Microsoft\Windows\CertificateServicesClient\UserTask - {58FB76B9-AC85-4E55-AC04-427593B1D060},USER - C:\WINDOWS\system32\dimsjob.dll O22 - Task (disabled): \Microsoft\Windows\CertificateServicesClient\UserTask-Roam - {58FB76B9-AC85-4E55-AC04-427593B1D060},KEYROAMING - C:\WINDOWS\system32\dimsjob.dll O22 - Task (disabled): \Microsoft\Windows\Chkdsk\ProactiveScan - {CF4270F5-2E43-4468-83B3-A8C45BB33EA1} - C:\Windows\System32\pstask.dll O22 - Task (disabled): \Microsoft\Windows\Chkdsk\SyspartRepair - C:\WINDOWS\system32\bcdboot.exe %windir% /sysrepair (Microsoft) O22 - Task (disabled): \Microsoft\Windows\CloudExperienceHost\CreateObjectTask - {E4544ABA-62BF-4C54-AAB2-EC246342626C} - (no file) O22 - Task (disabled): \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip - {C27F6B1D-FE0B-45E4-9257-38799FA69BC8},SYSTEM - C:\WINDOWS\System32\usbceip.dll O22 - Task (disabled): \Microsoft\Windows\Data Integrity Scan\Data Integrity Scan - {DCFD3EA8-D960-4719-8206-490AE315F94F} - C:\Windows\System32\discan.dll O22 - Task (disabled): \Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery - {DCFD3EA8-D960-4719-8206-490AE315F94F},-CrashRecovery - C:\Windows\System32\discan.dll O22 - Task (disabled): \Microsoft\Windows\Device Setup\Metadata Refresh - {23C1F3CF-C110-4512-ACA9-7B6174ECE888} - C:\WINDOWS\System32\DeviceSetupManagerAPI.dll O22 - Task (disabled): \Microsoft\Windows\DeviceDirectoryClient\HandleCommand - {AE31B729-D5FD-401E-AF42-784074835AFE},-HandleCommand - C:\WINDOWS\system32\DeviceDirectoryClient.dll O22 - Task (disabled): \Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand - {AE31B729-D5FD-401E-AF42-784074835AFE},-WnsCommand - C:\WINDOWS\system32\DeviceDirectoryClient.dll O22 - Task (disabled): \Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck - {AE31B729-D5FD-401E-AF42-784074835AFE},-IntegrityCheck - C:\WINDOWS\system32\DeviceDirectoryClient.dll O22 - Task (disabled): \Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession - {AE31B729-D5FD-401E-AF42-784074835AFE},-UserSessionCommand - C:\WINDOWS\system32\DeviceDirectoryClient.dll O22 - Task (disabled): \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -AccountChange - C:\WINDOWS\system32\DeviceDirectoryClient.dll O22 - Task (disabled): \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -ConnectedToNetwork - C:\WINDOWS\system32\DeviceDirectoryClient.dll O22 - Task (disabled): \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -SettingChange -NoLocation - C:\WINDOWS\system32\DeviceDirectoryClient.dll O22 - Task (disabled): \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1 - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -Periodic -FreeNetworkOnly - C:\WINDOWS\system32\DeviceDirectoryClient.dll O22 - Task (disabled): \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24 - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -Periodic - C:\WINDOWS\system32\DeviceDirectoryClient.dll O22 - Task (disabled): \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6 - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -Periodic - C:\WINDOWS\system32\DeviceDirectoryClient.dll O22 - Task (disabled): \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -SettingChange -NoLocation - C:\WINDOWS\system32\DeviceDirectoryClient.dll O22 - Task (disabled): \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -ProtectionStateChanged -FreeNetworkOnly -NoLocation - C:\WINDOWS\system32\DeviceDirectoryClient.dll O22 - Task (disabled): \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -ScreenOnOff - C:\WINDOWS\system32\DeviceDirectoryClient.dll O22 - Task (disabled): \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -SettingChange -Full - C:\WINDOWS\system32\DeviceDirectoryClient.dll O22 - Task (disabled): \Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterUserDevice -NewAccount - C:\WINDOWS\system32\DeviceDirectoryClient.dll O22 - Task (disabled): \Microsoft\Windows\Diagnosis\Scheduled - {C1F85EF8-BCC2-4606-BB39-70C523715EB3} - C:\WINDOWS\System32\sdiagschd.dll O22 - Task (disabled): \Microsoft\Windows\DiskCleanup\SilentCleanup - C:\WINDOWS\system32\cleanmgr.exe /autoclean /d %systemdrive% (Microsoft) O22 - Task (disabled): \Microsoft\Windows\DiskFootprint\StorageSense - {AB2A519B-03B0-43CE-940A-A73DF850B49A} - C:\WINDOWS\system32\StorageUsage.dll O22 - Task (disabled): \Microsoft\Windows\EDP\EDP App Launch Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},AppLaunch - C:\WINDOWS\System32\edptask.dll O22 - Task (disabled): \Microsoft\Windows\EDP\EDP Auth Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},ReAuth - C:\WINDOWS\System32\edptask.dll O22 - Task (disabled): \Microsoft\Windows\EDP\EDP Inaccessible Credentials Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},MissingCredentials - C:\WINDOWS\System32\edptask.dll O22 - Task (disabled): \Microsoft\Windows\EDP\StorageCardEncryption Task - {61BCD1B9-340C-40EC-9D41-D7F1C0632F05},SDCardEncryptionPolicy - C:\WINDOWS\System32\edptask.dll O22 - Task (disabled): \Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate - {FE285C8C-5360-41C1-A700-045501C740DE} - (no file) O22 - Task (disabled): \Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate - {9CDA66BE-3271-4723-8D35-DD834C58AD92} - (no file) O22 - Task (disabled): \Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh - {711001CD-CC1D-4470-9B7E-1EF73849C79E},ExploitGuardPolicy - C:\WINDOWS\System32\MitigationConfiguration.dll O22 - Task (disabled): \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync - {2AE64751-B728-4D6B-97A0-B2DA2E7D2A3B} - C:\Windows\System32\srmclient.dll O22 - Task (disabled): \Microsoft\Windows\FileHistory\File History (maintenance mode) - {89917B7C-A1A6-11DF-8BF6-18A90531A85A} - C:\WINDOWS\System32\fhtask.dll O22 - Task (disabled): \Microsoft\Windows\LanguageComponentsInstaller\Installation - {6F58F65F-EC0E-4ACA-99FE-FC5A1A25E4BE},Install $(Arg0) - C:\Windows\System32\LanguageComponentsInstaller.dll O22 - Task (disabled): \Microsoft\Windows\LanguageComponentsInstaller\Uninstallation - {6F58F65F-EC0E-4ACA-99FE-FC5A1A25E4BE},Uninstall - C:\Windows\System32\LanguageComponentsInstaller.dll O22 - Task (disabled): \Microsoft\Windows\License Manager\TempSignedLicenseExchange - {77646A68-AD14-4D53-897D-7BE4DDE5F929} - C:\Windows\System32\TempSignedLicenseExchangeTask.dll O22 - Task (disabled): \Microsoft\Windows\Maintenance\WinSAT - {A9A33436-678B-4C9C-A211-7CC38785E79D} - C:\WINDOWS\system32\WinSATAPI.dll O22 - Task (disabled): \Microsoft\Windows\Management\Provisioning\Cellular - C:\WINDOWS\system32\ProvTool.exe /turn 7 /source CellStateChangeTask (Microsoft) O22 - Task (disabled): \Microsoft\Windows\Management\Provisioning\Logon - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source LogonIdleTask (Microsoft) O22 - Task (disabled): \Microsoft\Windows\Management\Provisioning\PostResetBoot - C:\WINDOWS\system32\ProvTool.exe /turn 3 /source ProvResetBoot (Microsoft) O22 - Task (disabled): \Microsoft\Windows\Maps\MapsToastTask - {9885AEF2-BD9F-41E0-B15E-B3141395E803},$(Arg0);$(Arg1);$(Arg2);$(Arg3);$(Arg4);$(Arg5);$(Arg6);$(Arg7) - C:\WINDOWS\System32\mapstoasttask.dll O22 - Task (disabled): \Microsoft\Windows\Maps\MapsUpdateTask - {B9033E87-33CF-4D77-BC9B-895AFBBA72E4} - C:\WINDOWS\System32\mapsupdatetask.dll O22 - Task (disabled): \Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents - {8168E74A-B39F-46D8-ADCD-7BED477B80A3},Event - C:\WINDOWS\System32\MemoryDiagnostic.dll O22 - Task (disabled): \Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic - {8168E74A-B39F-46D8-ADCD-7BED477B80A3},Time - C:\WINDOWS\System32\MemoryDiagnostic.dll O22 - Task (disabled): \Microsoft\Windows\Multimedia\SystemSoundsService - {2DEA658F-54C1-4227-AF9B-260AB5FC3543} - C:\WINDOWS\System32\PlaySndSrv.dll O22 - Task (disabled): \Microsoft\Windows\Offline Files\Background Synchronization - {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8} - C:\WINDOWS\System32\cscui.dll O22 - Task (disabled): \Microsoft\Windows\Offline Files\Logon Synchronization - {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8},Logon - C:\WINDOWS\System32\cscui.dll O22 - Task (disabled): \Microsoft\Windows\PI\Secure-Boot-Update - {5014B7C8-934E-4262-9816-887FA745A6C4},SBServicing - C:\WINDOWS\system32\TpmTasks.dll O22 - Task (disabled): \Microsoft\Windows\PI\Sqm-Tasks - {5014B7C8-934E-4262-9816-887FA745A6C4},PiSqmTasks - C:\WINDOWS\system32\TpmTasks.dll O22 - Task (disabled): \Microsoft\Windows\Plug and Play\Device Install Group Policy - {60400283-B242-4FA8-8C25-CAF695B88209} - C:\Windows\System32\pnppolicy.dll O22 - Task (disabled): \Microsoft\Windows\Plug and Play\Device Install Reboot Required - {48794782-6A1F-47B9-BD52-1D5F95D49C1B} - C:\Windows\System32\pnpui.dll O22 - Task (disabled): \Microsoft\Windows\Plug and Play\Plug and Play Cleanup - {DEF03232-9688-11E2-BE7F-B4B52FD966FF} - (no file) O22 - Task (disabled): \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - {927EA2AF-1C54-43D5-825E-0074CE028EEE} - C:\WINDOWS\System32\energytask.dll O22 - Task (disabled): \Microsoft\Windows\Printing\EduPrintProv - C:\WINDOWS\system32\eduprintprov.exe (Microsoft) O22 - Task (disabled): \Microsoft\Windows\PushToInstall\LoginCheck - C:\WINDOWS\system32\sc.exe start pushtoinstall login (Microsoft) O22 - Task (disabled): \Microsoft\Windows\Ras\MobilityManager - {C463A0FC-794F-4FDF-9201-01938CEACAFA} - C:\WINDOWS\system32\rasmbmgr.dll O22 - Task (disabled): \Microsoft\Windows\RecoveryEnvironment\VerifyWinRE - {89D1D0C2-A3CF-490C-ABE3-B86CDE34B047},VerifyWinRE - C:\WINDOWS\System32\ReAgentTask.dll O22 - Task (disabled): \Microsoft\Windows\Registry\RegIdleBackup - {CA767AA8-9157-4604-B64B-40747123D5F2} - C:\WINDOWS\System32\regidle.dll O22 - Task (disabled): \Microsoft\Windows\Servicing\StartComponentCleanup - {752073A1-23F2-4396-85F0-8FDB879ED0ED} - C:\WINDOWS\servicing\TrustedInstaller.exe O22 - Task (disabled): \Microsoft\Windows\SettingSync\BackgroundUploadTask - {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} - C:\WINDOWS\system32\SettingSyncCore.dll O22 - Task (disabled): \Microsoft\Windows\SettingSync\BackupTask - {60A4C78C-E2B8-4E6E-876F-DA203B02C05E} - C:\WINDOWS\system32\SettingSyncCore.dll O22 - Task (disabled): \Microsoft\Windows\SettingSync\NetworkStateChangeTask - {A4173A49-F373-4475-9A0F-2D615204DC20} - C:\WINDOWS\system32\SettingSyncCore.dll O22 - Task (disabled): \Microsoft\Windows\Setup\SetupCleanupTask - {7C83C056-1D0D-4C8E-A6B0-89E79C213559} - C:\WINDOWS\system32\oobe\SetupCleanupTask.dll O22 - Task (disabled): \Microsoft\Windows\SharedPC\Account Cleanup - C:\WINDOWS\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance (Microsoft) O22 - Task (disabled): \Microsoft\Windows\Shell\CreateObjectTask - {990A9F8F-301F-45F7-8D0E-68C5952DBA43} - C:\WINDOWS\system32\shell32.dll O22 - Task (disabled): \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask - {D2CBF5F7-5702-440B-8D8F-8203034A6B82},$(Arg0) - C:\WINDOWS\System32\WpcRefreshTask.dll O22 - Task (disabled): \Microsoft\Windows\Shell\FamilySafetyRefreshTask - {C844C79D-AED8-4DCE-AB25-4D359BED84F8},$(Arg0) - C:\WINDOWS\System32\WpcRefreshTask.dll O22 - Task (disabled): \Microsoft\Windows\Shell\IndexerAutomaticMaintenance - {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6} - C:\WINDOWS\System32\srchadmin.dll O22 - Task (disabled): \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon - {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC},logon - C:\WINDOWS\System32\sppcext.dll O22 - Task (disabled): \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork - {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC},network - C:\WINDOWS\System32\sppcext.dll O22 - Task (disabled): \Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization - {5C9AB547-345D-4175-9AF6-65133463A100} - C:\WINDOWS\system32\TieringEngineService.exe O22 - Task (disabled): \Microsoft\Windows\Subscription\EnableLicenseAcquisition - C:\WINDOWS\system32\ClipRenew.exe -e (Microsoft) O22 - Task (disabled): \Microsoft\Windows\Subscription\LicenseAcquisition - C:\WINDOWS\system32\ClipRenew.exe (Microsoft) O22 - Task (disabled): \Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate - {17C82257-654E-4C47-8E23-DCA24EAA76A0} - C:\WINDOWS\system32\sysmain.dll O22 - Task (disabled): \Microsoft\Windows\Sysmain\HybridDriveCacheRebalance - {D44377B8-1F2F-4FAA-9C8E-6C4AD2928E47} - C:\WINDOWS\system32\sysmain.dll O22 - Task (disabled): \Microsoft\Windows\Sysmain\ResPriStaticDbSync - {297EE78C-BA95-4E94-81D3-D6E7F089C7B5} - C:\WINDOWS\system32\sysmain.dll O22 - Task (disabled): \Microsoft\Windows\TPM\Tpm-HASCertRetr - {5014B7C8-934E-4262-9816-887FA745A6C4},HASCertRetr - C:\WINDOWS\system32\TpmTasks.dll O22 - Task (disabled): \Microsoft\Windows\TPM\Tpm-Maintenance - {5014B7C8-934E-4262-9816-887FA745A6C4},TpmTasks - C:\WINDOWS\system32\TpmTasks.dll O22 - Task (disabled): \Microsoft\Windows\Task Manager\Interactive - {855FEC53-D2E4-4999-9E87-3414E9CF0FF4},$(Arg0) - C:\WINDOWS\system32\wdc.dll O22 - Task (disabled): \Microsoft\Windows\TextServicesFramework\MsCtfMonitor - {01575CFE-9A55-4003-A5E1-F38D1EBDCBE1} - C:\WINDOWS\system32\MsCtfMonitor.dll O22 - Task (disabled): \Microsoft\Windows\Time Synchronization\ForceSynchronizeTime - {A31AD6C2-FF4C-43D4-8E90-7101023096F9},TimeSyncTask - C:\WINDOWS\system32\TimeSyncTask.dll O22 - Task (disabled): \Microsoft\Windows\UNP\RunUpdateNotificationMgr - C:\WINDOWS\System32\UNP\UpdateNotificationMgr.exe (Microsoft) O22 - Task (disabled): \Microsoft\Windows\USB\Usb-Notifications - {E05BE1C8-92A8-4757-B575-ACAECB4E6A40} - C:\Windows\System32\UsbTask.dll O22 - Task (disabled): \Microsoft\Windows\User Profile Service\HiveUploadTask - {BA677074-762C-444B-94C8-8C83F93F6605} - C:\WINDOWS\system32\profsvc.dll O22 - Task (disabled): \Microsoft\Windows\WDI\ResolutionHost - {900BE39D-6BE8-461A-BC4D-B0FA71F5ECB1} - C:\WINDOWS\System32\wdi.dll O22 - Task (disabled): \Microsoft\Windows\WOF\WIM-Hash-Management - {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1},WimHashManagement - C:\WINDOWS\system32\WofTasks.dll O22 - Task (disabled): \Microsoft\Windows\WOF\WIM-Hash-Validation - {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1},WimHashValidation - C:\WINDOWS\system32\WofTasks.dll O22 - Task (disabled): \Microsoft\Windows\WaaSMedic\PerformRemediation - C:\WINDOWS\System32\WaaSMedic.exe None (Microsoft) O22 - Task (disabled): \Microsoft\Windows\WindowsColorSystem\Calibration Loader - {B210D694-C8DF-490D-9576-9E20CDBC20BD} - C:\Windows\System32\mscms.dll O22 - Task (disabled): \Microsoft\Windows\WindowsUpdate\Automatic App Update - {A6BA00FE-40E8-477C-B713-C64A14F18ADB} - C:\Windows\System32\wuautoappupdate.dll O22 - Task (disabled): \Microsoft\Windows\Wininet\CacheTask - {0358B920-0AC7-461F-98F4-58E32CD89148} - C:\WINDOWS\system32\wininet.dll O22 - Task (disabled): \Microsoft\Windows\Work Folders\Work Folders Logon Synchronization - {97D47D56-3777-49FB-8E8F-90D7E30E1A1E},Logon - C:\Windows\System32\WorkFoldersShell.dll O22 - Task (disabled): \Microsoft\Windows\Work Folders\Work Folders Maintenance Work - {63260BCE-A3FB-4A34-AA51-D4D8E877B62B} - C:\Windows\System32\WorkFoldersShell.dll O22 - Task (disabled): \Microsoft\Windows\Workplace Join\Recovery-Check - C:\WINDOWS\System32\dsregcmd.exe /checkrecovery (Microsoft) O22 - Task (disabled): \Microsoft\Windows\WwanSvc\NotificationTask - C:\WINDOWS\System32\WiFiTask.exe wwan (Microsoft) O22 - Task: CreateExplorerShellUnelevatedTask - C:\Windows\explorer.exe O22 - Task: OneDrive Standalone Update Task-S-1-5-21-400914-882055339-2671312820-1002 - C:\Users\Alex\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe O22 - Task: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 - {84F0FAE1-C27B-4F6F-807B-28CF6F96287D},/RuntimeWide - C:\Windows\System32\mscoree.dll O22 - Task: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 - {429BC048-379E-45E0-80E4-EB1977941B5C},/RuntimeWide - C:\Windows\System32\mscoree.dll O22 - Task: \Microsoft\Windows\PushToInstall\Registration - C:\WINDOWS\system32\sc.exe start pushtoinstall registration (Microsoft) O22 - Task: \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC},timer - C:\WINDOWS\System32\sppcext.dll O22 - Task: \Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display - C:\WINDOWS\system32\MusNotification.exe Display (Microsoft) O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - C:\Program Files\Windows Defender\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 (Microsoft) O23 - Service R2: KMSEmulator - C:\ProgramData\KMSAutoS\bin\KMSSS.exe O23 - Service R2: VMware Alias Manager and Ticket Service - (VGAuthService) - C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe O23 - Service R2: VMware Physical Disk Helper Service - C:\Program Files\VMware\VMware Tools\vmacthlp.exe O23 - Service R2: VMware Tools - (VMTools) - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe O23 - Service R2: Windows Defender Antivirus Service - (WinDefend) - C:\Program Files\Windows Defender\MsMpEng.exe O23 - Service R2: Windows Defender Security Center Service - (SecurityHealthService) - C:\WINDOWS\system32\SecurityHealthService.exe O23 - Service R3: Windows Defender Antivirus Network Inspection Service - (WdNisSvc) - C:\Program Files\Windows Defender\NisSrv.exe O23 - Service S2: Служба Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service S3: TP AutoConnect Service - (TPAutoConnSvc) - C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe O23 - Service S3: TP VC Gateway Service - (TPVCGateway) - C:\Program Files\VMware\VMware Tools\TPVCGateway.exe O23 - Service S3: Windows Defender Advanced Threat Protection Service - (Sense) - C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe O23 - Service S3: Служба Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Debug information: Warning! Integrity of HiJackThis program is corrupted. Perhaps, file is patched or infected by file virus. It is recommended to download the program again from official source: https://github.com/dragokas/hijackthis If error repeats, check your PC on viruses by boot disk LiveCD, e.g.: https://support.kaspersky.com/viruses/rescuedisk -- End of file - Time spent: 31 sec. - 56150 bytes, CRC32: FFFFFFFF. Sign: ႝ탕