start::
closeprocesses:
createrestorepoint:
cmd: type C:\Users\Adaralih\AppData\Roaming\wosb_autostart_run2.bat
HKU\S-1-5-21-496309224-1351595554-1756755521-1001\...\Run: [WOSB2] => C:\Users\Adaralih\AppData\Roaming\wosb_autostart_run2.bat [670 2021-02-23] () [Fichier non signé]
Task: {6C1280AF-47C3-4D40-9340-8D84B75F2543} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Adaralih\Downloads\esetonlinescanner.exe [15019488 2021-02-23] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {8F2AF74A-B70E-4D8A-BA3B-160F8BFF3707} - System32\Tasks\fixed3 => C:\winini\winini3.exe [138752 2021-02-04] () [Fichier non signé] -> "C:\Users\Adaralih\AppData\Roaming\winlogon1.exe"
Task: {AFF7FEEC-7D5B-46BB-9361-B884F71D7C85} - System32\Tasks\fixed1 => C:\winini\winini.exe [1013928 2021-02-04] (AutoIt Consulting Ltd -> AutoIt Team) -> "C:\Users\Adaralih\AppData\Roaming\winlogon.au3"
Task: {E3F70A20-6C27-4074-B609-A4246F65B19D} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Adaralih\Downloads\esetonlinescanner.exe [15019488 2021-02-23] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {F2D6CAAC-3053-4143-A879-90D7A24937C0} - System32\Tasks\fixed2 => C:\winini\winini3.exe [138752 2021-02-04] () [Fichier non signé] -> "C:\Windows\bfsvc.exe"
2021-02-23 13:46 - 2021-02-23 13:46 - 000000670 _____ C:\Users\Adaralih\AppData\Roaming\wosb_autostart_run2.bat
2021-02-23 13:38 - 2021-02-23 13:38 - 000003816 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2021-02-23 13:38 - 2021-02-23 13:38 - 000003374 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2021-02-23 13:26 - 2021-02-23 13:26 - 000000781 _____ C:\Users\Adaralih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-02-23 13:26 - 2021-02-23 13:26 - 000000653 _____ C:\Users\Adaralih\Desktop\ESET Online Scanner.lnk
2021-02-23 13:26 - 2021-02-23 13:26 - 000000000 ____D C:\Users\Adaralih\AppData\Local\ESET
2021-02-23 13:25 - 2021-02-23 13:26 - 015019488 _____ (ESET spol. s r.o.) C:\Users\Adaralih\Downloads\esetonlinescanner.exe
2021-02-08 22:48 - 2021-02-08 22:48 - 000000075 _____ C:\Users\Adaralih\Desktop\windows.bat
2021-02-08 22:41 - 2021-02-09 23:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2021-02-08 22:41 - 2021-02-09 23:14 - 000000000 ____D C:\Program Files\KMSpico
2021-02-08 22:40 - 2021-02-08 22:40 - 000000000 ____D C:\Users\Adaralih\Downloads\KMSpico_10.2.0_et_portable_v10.2.0_trucnet.com
2021-02-08 22:28 - 2021-02-08 22:28 - 000000211 _____ C:\Users\Adaralih\Downloads\keys_207875.zip
2021-02-08 22:28 - 2021-02-08 22:28 - 000000000 ____D C:\Users\Adaralih\Downloads\keys_207875
2021-02-08 21:31 - 2021-02-08 21:31 - 000220392 _____ (AVAST Software) C:\Users\Adaralih\Downloads\avast_free_antivirus_setup_online.exe
2021-02-04 19:46 - 2021-02-04 19:46 - 000431109 _____ C:\Users\Adaralih\AppData\Roaming\winlogon.au3
2021-02-04 19:46 - 2021-02-04 19:46 - 000156672 _____ C:\Users\Adaralih\AppData\Roaming\winlogon1.exe
2021-02-04 19:46 - 2021-02-04 19:46 - 000003386 _____ C:\Windows\system32\Tasks\fixed3
2021-02-04 19:46 - 2021-02-04 19:46 - 000003382 _____ C:\Windows\system32\Tasks\fixed1
2021-02-04 19:46 - 2021-02-04 19:46 - 000003332 _____ C:\Windows\system32\Tasks\fixed2
2021-02-04 19:46 - 2021-02-04 19:46 - 000001695 _____ C:\Users\Adaralih\AppData\Roaming\fix3.xml
2021-02-04 19:46 - 2021-02-04 19:46 - 000001693 _____ C:\Users\Adaralih\AppData\Roaming\fix1.xml
2021-02-04 19:46 - 2021-02-04 19:46 - 000001668 _____ C:\Users\Adaralih\AppData\Roaming\fix2.xml
2021-02-04 19:45 - 2021-02-04 19:46 - 000000000 ____D C:\winini
2021-02-04 19:46 - 2021-02-04 19:46 - 000001693 _____ () C:\Users\Adaralih\AppData\Roaming\fix1.xml
2021-02-04 19:46 - 2021-02-04 19:46 - 000001668 _____ () C:\Users\Adaralih\AppData\Roaming\fix2.xml
2021-02-04 19:46 - 2021-02-04 19:46 - 000001695 _____ () C:\Users\Adaralih\AppData\Roaming\fix3.xml
2021-02-04 19:46 - 2021-02-04 19:46 - 000431109 _____ () C:\Users\Adaralih\AppData\Roaming\winlogon.au3
2021-02-04 19:46 - 2021-02-04 19:46 - 000156672 _____ () C:\Users\Adaralih\AppData\Roaming\winlogon1.exe
2021-02-23 13:46 - 2021-02-23 13:46 - 000000670 _____ () C:\Users\Adaralih\AppData\Roaming\wosb_autostart_run2.bat
cmd: cscript %windir%\System32\slmgr.vbs /dli
emptytemp:
end::