Okno v čínštině?

Zpráva

jirka.hrom · #1 Příspěvek od **jirka.hrom** » 27 dub 2016 17:41

Ahoj,před 3 dny mi na notas nabehla nova domovská stránka MPC Safe Navigation a nejde změnit a ještě se mi tady objevila nová ikona-modrý trojuhelník se zaoblenými rohy a bílým háčkem uprostřed a vždycky vyplivne na obrazovku okno,které je v čínštině?bez žádného anglického slova a další okénko problém se zástupcem-položka Zps.exe byla změněna a proto tento zástupce nebude pracovat správně.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Admin at 2016-04-27 18:22:02
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 182 GB (30%) free of 598 GB
Total RAM: 3957 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:22:14, on 27.4.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18283)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe
C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\QQPCNetFlow.exe
C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRealTimeSpeedup.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\ProgramData\smp2.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\MPC Cleaner\MPCNews.exe
C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMSignScan.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Wtl8MgqIe7lvN6zfSshyQigKrYT25C4RmX2wOKFRh5Fdxmrp-PKSM1zGSkrpaVjKthNiKFz0AvqKjnhMEsDT-pqkmWAtm3k-wERbB1wZuqzqoTpnMWXEKSxvw-j_QBSYcysM2-NB8rP-PH7CzUEvTgdtyR_KQ,,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Wtl8MgqIe7lvN6zfSshyQigKrYT25C4RmX2wOKFRh5Fdxmrp-PKSM1zGSkrpaVjKthNiKFz0AvqKjnhMEsDT-pqkmWAtm3k-wERbB1wZuqzqoTpnMWXEKSxvw-j_QBSYcysM2-NB8rP-PH7CzUEvTgdtyR_KQ,,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Wtl8MgqIe7lvN6zfSshyQigKrYT25C4RmX2wOKFRh5Fdxmrp-PKSM1zGSkrpaVjKthNiKFz0AvqKjnhMEsDT-pqkmWAtm3k-wERbB1wZuqzqoTpnMWXEKSxvw-j_QBSYcysM2-NB8rP-PH7CzUEvTgdtyR_KQ,,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Wtl8MgqIe7lvN6zfSshyQigKrYT25C4RmX2wOKFRh5Fdxmrp-PKSM1zGSkrpaVjKthNiKFz0AvqKjnhMEsDT-pqkmWAtm3k-wERbB1wZuqzqoTpnMWXEKSxvw-j_QBSYcysM2-NB8rP-PH7CzUEvTgdtyR_KQ,,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QPMIEHelper - {50F4150A-48B2-417A-BE4C-C83F580FB904} - C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [22] C:\Users\Admin\AppData\Local\Temp\22.exe /start
O4 - HKLM\..\Run: [ QQPCTray] "C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTRAY.EXE" /regrun /qqrepair
O4 - HKCU\..\Run: [Google Update] "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
O4 - Global Startup: NewShortcut1.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\ProgramData\Quoteex\Re-Tip.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: BugreportW - Unknown owner - (no file)
O23 - Service: CloudPrinter - Unknown owner - C:\ProgramData\\CloudPrinter\\CloudPrinter.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MPC Core Protect Service (MPCProtectService) - DotC United Inc - C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QQPCMgr RTP Service (QQPCRTP) - Tencent - C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe
O23 - Service: QQRepair1319 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: QQRepairFixSVC - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Quoteex - Unknown owner - C:\ProgramData\\Quoteex\\Quoteex.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - c:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Search Module Update (SMUpd) - Search Module Ltd. - C:\Program Files\Common Files\Doobzo\GSUpdate\smu.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13492 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRtp.exe" -r
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {B5EDC293-1FBA-4FDD-B539-AA25A572C40E}
"C:\Program Files\LSI SoftModem\agr64svc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\System32\lpksetup.exe -v
"C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe"
"taskhost.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
taskeng.exe {8756BBB2-2D46-4235-B6D3-A62690470A1A}
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"
"C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe"
"C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe"
"C:\Program Files (x86)\MPC Cleaner\MPCTray.exe"
"C:\Program Files\Common Files\Doobzo\GSUpdate\smu.exe" /service
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
"C:\Windows\system32\GWX\GWX.exe"
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
"taskhost.exe"
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe" /elevated /regrun
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\QQPCNetFlow.exe" /regrun /elevated
"C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRealTimeSpeedup.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" search.mpc.am
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=50.0.2661.87 --handshake-handle=0xd0
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="408.0.1121719628\258004103" --disable-d3d11 --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,10,12,24,53,71 --gpu-vendor-id=0x1002 --gpu-device-id=0x68e0 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.682.1.0 --ignored=" --type=renderer " /prefetch:2
C:\ProgramData\smp2.exe install1 "http://www%2dsearching.com/?prd=set_epf&s=g4ozamobl2140am,1914fd8f-d573-4471-ac85-7f69bfa77ae5," Search
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/NewSuggestType_A9_Stable_R2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithModuleLoadAnalysis/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_25/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="408.4.34076128\1253168784" /prefetch:1
consent.exe 1368 532 00000000064A98E0
C:\Windows\servicing\TrustedInstaller.exe
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/NewSuggestType_A9_Stable_R2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithModuleLoadAnalysis/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_25/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="408.6.722275900\1752330362" /prefetch:1
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/NewSuggestType_A9_Stable_R2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithModuleLoadAnalysis/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_25/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="408.7.1069928912\2014542734" /prefetch:1
/delay
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532

"C:\Users\Admin\Desktop\Nová složka\RSITx64.exe"
/force
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Acer Registration Reminder.job - C:\Program Files (x86)\Acer\Registration\GREG.exe RR
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-466881666-2337764228-364123011-1002Core.job - C:\Users\MÍŠA\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-466881666-2337764228-364123011-1000Core.job - C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-466881666-2337764228-364123011-1000Core.job - C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe /c

=========Mozilla firefox=========

ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1

prefs.js - "browser.startup.homepage" - "http://www-searching.com/?site=shyosffd ... mobl2140am, 1914fd8f-d573-4471-ac85-7f69bfa77ae5, "
prefs.js - "keyword.URL" - "http://www-searching.com/search.aspx?s=G4Ozamobl2140AM, 1914fd8f-d573-4471-ac85-7f69bfa77ae5, &prd=smw&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.213 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@qq.com/npAndroidAssistant]
"Description"=QQPhoneManager Onekey-Install plug-in for Android Phones
"Path"=C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@qq.com/QQPCMgr]
"Description"=QQPCMgr Detector
"Path"=C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\npQMExtensionsMozilla.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.213 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\
DD1B66D4.xml
findit.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}]
电脑管家网页防火墙 - C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSWebMon64.dat [2016-04-24 423104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904}]
Ó¦ÓĂ±¦Ň»Ľü°˛×°˛ĺĽţ - C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30 140344]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-01-11 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-01-11 155384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-05 186904]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-10-29 8312352]
"Acer ePower Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2009-10-01 823840]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2016-01-29 1340192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30 144200]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-12-10 98304]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"UpdatePDRShortCut"=C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-01-04 222504]
"22"=C:\Users\Admin\AppData\Local\Temp\22.exe /start []
" QQPCTray"=C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTRAY.EXE [2016-04-24 362304]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
NewShortcut1.lnk - C:\Program Files (x86)\USB_video_device\Utility\RemoteTool\BDARemote.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\ProgramData\Quoteex\Latip.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\QQPCRTP]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-04-27 18:22:02 ----D---- C:\rsit
2016-04-27 18:22:02 ----D---- C:\Program Files\trend micro
2016-04-25 05:26:53 ----D---- C:\Users\Admin\AppData\Roaming\MCorp
2016-04-25 05:23:28 ----A---- C:\Windows\SYSWOW64\drivers\TS888x64.sys
2016-04-24 16:50:49 ----D---- C:\Program Files\Common Files\Tencent
2016-04-24 16:50:49 ----A---- C:\Windows\system32\drivers\TAOKernel64.sys
2016-04-24 16:50:48 ----A---- C:\Windows\system32\drivers\TAOAccelerator64.sys
2016-04-24 16:49:56 ----D---- C:\ProgramData\TXQMPC
2016-04-24 16:48:52 ----A---- C:\Windows\system32\drivers\TSSKX64.sys
2016-04-24 16:48:24 ----A---- C:\Windows\system32\drivers\TFsFltX64.sys
2016-04-24 16:44:48 ----D---- C:\Program Files (x86)\Tencent
2016-04-24 16:44:26 ----D---- C:\ProgramData\Tencent
2016-04-24 16:43:26 ----D---- C:\Users\Admin\AppData\Roaming\Tencent
2016-04-24 16:42:16 ----D---- C:\Users\Admin\AppData\Roaming\vnlgp
2016-04-24 16:41:45 ----D---- C:\ProgramData\SearchModule
2016-04-24 16:41:33 ----D---- C:\Program Files\Common Files\Doobzo
2016-04-24 16:40:57 ----A---- C:\ProgramData\smp2.exe
2016-04-24 16:39:21 ----D---- C:\Program Files (x86)\Nimeckreelule
2016-04-24 16:39:09 ----D---- C:\Program Files (x86)\yesbnd
2016-04-24 16:36:21 ----A---- C:\Windows\system32\drivers\MPCKpt.sys
2016-04-24 16:36:19 ----D---- C:\Program Files (x86)\MPC Cleaner
2016-04-24 16:35:36 ----D---- C:\ProgramData\Quoteexs
2016-04-24 16:35:21 ----D---- C:\ProgramData\Quoteex
2016-04-24 16:35:13 ----A---- C:\Users\Admin\AppData\Roaming\noah.dat
2016-04-24 16:35:13 ----A---- C:\Users\Admin\AppData\Roaming\Main.dat
2016-04-24 16:35:13 ----A---- C:\Users\Admin\AppData\Roaming\agent.dat
2016-04-24 16:34:59 ----A---- C:\Users\Admin\AppData\Roaming\ZaamQvocom.exe
2016-04-24 16:34:34 ----D---- C:\ProgramData\CloudPrinter
2016-04-24 16:34:28 ----A---- C:\Users\Admin\AppData\Roaming\lobby.dat
2016-04-24 16:34:28 ----A---- C:\Users\Admin\AppData\Roaming\ApplicationHosting.dat
2016-04-24 16:34:18 ----A---- C:\Users\Admin\AppData\Roaming\Lalight.exe
2016-04-24 16:30:35 ----A---- C:\Users\Admin\AppData\Roaming\Installer.dat
2016-04-23 10:48:45 ----A---- C:\Windows\system32\bi2.exe
2016-04-15 18:20:55 ----A---- C:\Windows\system32\mtxoci.dll
2016-04-15 18:20:52 ----A---- C:\Windows\SYSWOW64\mtxoci.dll
2016-04-15 18:20:52 ----A---- C:\Windows\SYSWOW64\msorcl32.dll
2016-04-15 18:20:36 ----A---- C:\Windows\system32\rpcss.dll
2016-04-15 18:20:36 ----A---- C:\Windows\system32\msxml3.dll
2016-04-15 18:20:35 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2016-04-15 18:20:35 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2016-04-15 18:20:35 ----A---- C:\Windows\system32\msxml3r.dll
2016-04-15 18:20:32 ----A---- C:\Windows\system32\ole32.dll
2016-04-15 18:20:31 ----A---- C:\Windows\SYSWOW64\ole32.dll
2016-04-15 18:20:31 ----A---- C:\Windows\system32\lsasrv.dll
2016-04-15 18:20:30 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2016-04-15 18:20:30 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2016-04-15 18:20:30 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-04-15 18:20:29 ----A---- C:\Windows\system32\ntdll.dll
2016-04-15 18:20:28 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-04-15 18:20:28 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-04-15 18:20:28 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-04-15 18:20:28 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-04-15 18:20:26 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2016-04-15 18:20:26 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-04-15 18:20:26 ----A---- C:\Windows\system32\smss.exe
2016-04-15 18:20:26 ----A---- C:\Windows\system32\rpcrt4.dll
2016-04-15 18:20:26 ----A---- C:\Windows\system32\kernel32.dll
2016-04-15 18:20:26 ----A---- C:\Windows\system32\kerberos.dll
2016-04-15 18:20:26 ----A---- C:\Windows\system32\certcli.dll
2016-04-15 18:20:26 ----A---- C:\Windows\system32\advapi32.dll
2016-04-15 18:20:25 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2016-04-15 18:20:25 ----A---- C:\Windows\SYSWOW64\schannel.dll
2016-04-15 18:20:25 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-04-15 18:20:25 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-04-15 18:20:25 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-04-15 18:20:25 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\wow64win.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\wow64.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\winsrv.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\wdigest.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\TSpkg.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\sspicli.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\srcore.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\schannel.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\ncrypt.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\msv1_0.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\KernelBase.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-04-15 18:20:25 ----A---- C:\Windows\system32\conhost.exe
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\srclient.dll
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\wow64cpu.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\sspisrv.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\srclient.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\secur32.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\rstrui.exe
2016-04-15 18:20:24 ----A---- C:\Windows\system32\rpchttp.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\ntvdm64.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\lsass.exe
2016-04-15 18:20:24 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-04-15 18:20:24 ----A---- C:\Windows\system32\drivers\appid.sys
2016-04-15 18:20:24 ----A---- C:\Windows\system32\csrsrv.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\cryptbase.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\credssp.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\appidsvc.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-04-15 18:20:24 ----A---- C:\Windows\system32\appidapi.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-15 18:20:23 ----A---- C:\Windows\SYSWOW64\wow32.dll
2016-04-15 18:20:23 ----A---- C:\Windows\SYSWOW64\secur32.dll
2016-04-15 18:20:23 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2016-04-15 18:20:23 ----A---- C:\Windows\SYSWOW64\credssp.dll
2016-04-15 18:20:23 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2016-04-15 18:20:23 ----A---- C:\Windows\system32\auditpol.exe
2016-04-15 18:20:23 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-15 18:20:22 ----A---- C:\Windows\SYSWOW64\setup16.exe
2016-04-15 18:20:22 ----A---- C:\Windows\SYSWOW64\instnm.exe
2016-04-15 18:20:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-15 18:20:21 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-15 18:20:21 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-15 18:20:21 ----A---- C:\Windows\SYSWOW64\user.exe
2016-04-15 18:20:21 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2016-04-15 18:20:21 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2016-04-15 18:20:21 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2016-04-15 18:20:21 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2016-04-15 18:20:21 ----A---- C:\Windows\system32\msobjs.dll
2016-04-15 18:20:21 ----A---- C:\Windows\system32\msaudite.dll
2016-04-15 18:20:21 ----A---- C:\Windows\system32\apisetschema.dll
2016-04-15 18:20:21 ----A---- C:\Windows\system32\adtschema.dll
2016-04-15 18:20:11 ----A---- C:\Windows\system32\drivers\disk.sys
2016-04-15 18:20:10 ----A---- C:\Windows\system32\win32k.sys
2016-04-15 18:20:05 ----A---- C:\Windows\SYSWOW64\tbs.dll
2016-04-15 18:20:05 ----A---- C:\Windows\system32\tbs.dll
2016-04-15 18:20:05 ----A---- C:\Windows\system32\fveapi.dll
2016-04-15 18:20:04 ----A---- C:\Windows\system32\fveapibase.dll
2016-04-15 18:19:54 ----A---- C:\Windows\system32\generaltel.dll
2016-04-15 18:19:54 ----A---- C:\Windows\system32\devinv.dll
2016-04-15 18:19:54 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-04-15 18:19:54 ----A---- C:\Windows\system32\appraiser.dll
2016-04-15 18:19:53 ----A---- C:\Windows\system32\invagent.dll
2016-04-15 18:19:53 ----A---- C:\Windows\system32\aepic.dll
2016-04-15 18:19:53 ----A---- C:\Windows\system32\aeinv.dll
2016-04-15 18:19:53 ----A---- C:\Windows\system32\acmigration.dll
2016-04-15 18:19:50 ----A---- C:\Windows\system32\samsrv.dll
2016-04-15 18:19:49 ----A---- C:\Windows\SYSWOW64\samlib.dll
2016-04-15 18:19:49 ----A---- C:\Windows\system32\samlib.dll
2016-04-15 18:19:39 ----A---- C:\Windows\SYSWOW64\tzres.dll
2016-04-15 18:19:39 ----A---- C:\Windows\system32\tzres.dll
2016-04-15 18:19:30 ----A---- C:\Windows\SYSWOW64\inseng.dll
2016-04-15 18:19:30 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2016-04-15 18:19:30 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2016-04-15 18:19:30 ----A---- C:\Windows\system32\iernonce.dll
2016-04-15 18:19:29 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2016-04-15 18:19:29 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-04-15 18:19:29 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-04-15 18:19:28 ----A---- C:\Windows\SYSWOW64\occache.dll
2016-04-15 18:19:28 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2016-04-15 18:19:27 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-04-15 18:19:27 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-04-15 18:19:27 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2016-04-15 18:19:27 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-04-15 18:19:27 ----A---- C:\Windows\system32\inseng.dll
2016-04-15 18:19:27 ----A---- C:\Windows\system32\ie4uinit.exe
2016-04-15 18:19:26 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-04-15 18:19:26 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-04-15 18:19:26 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2016-04-15 18:19:26 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-15 18:19:23 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2016-04-15 18:19:23 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-04-15 18:19:23 ----A---- C:\Windows\system32\occache.dll
2016-04-15 18:19:23 ----A---- C:\Windows\system32\iedkcs32.dll
2016-04-15 18:19:22 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-04-15 18:19:22 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-04-15 18:19:22 ----A---- C:\Windows\system32\urlmon.dll
2016-04-15 18:19:22 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-04-15 18:19:21 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2016-04-15 18:19:21 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2016-04-15 18:19:21 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-15 18:19:20 ----A---- C:\Windows\SYSWOW64\ieui.dll
2016-04-15 18:19:20 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-04-15 18:19:20 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2016-04-15 18:19:20 ----A---- C:\Windows\system32\msfeeds.dll
2016-04-15 18:19:20 ----A---- C:\Windows\system32\dxtrans.dll
2016-04-15 18:19:19 ----A---- C:\Windows\system32\iesetup.dll
2016-04-15 18:19:18 ----A---- C:\Windows\system32\ieapfltr.dll
2016-04-15 18:19:15 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-04-15 18:19:15 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2016-04-15 18:19:15 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2016-04-15 18:19:15 ----A---- C:\Windows\system32\iertutil.dll
2016-04-15 18:19:14 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-04-15 18:19:14 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-04-15 18:19:14 ----A---- C:\Windows\system32\vbscript.dll
2016-04-15 18:19:14 ----A---- C:\Windows\system32\jsproxy.dll
2016-04-15 18:19:13 ----A---- C:\Windows\SYSWOW64\msrating.dll
2016-04-15 18:19:12 ----A---- C:\Windows\system32\ieui.dll
2016-04-15 18:19:12 ----A---- C:\Windows\system32\dxtmsft.dll
2016-04-15 18:19:11 ----A---- C:\Windows\system32\ieframe.dll
2016-04-15 18:19:10 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-04-15 18:19:10 ----A---- C:\Windows\system32\mshtmled.dll
2016-04-15 18:19:10 ----A---- C:\Windows\system32\ieUnatt.exe
2016-04-15 18:19:09 ----A---- C:\Windows\system32\webcheck.dll
2016-04-15 18:19:09 ----A---- C:\Windows\system32\jscript9diag.dll
2016-04-15 18:19:09 ----A---- C:\Windows\system32\jscript.dll
2016-04-15 18:19:08 ----A---- C:\Windows\system32\jscript9.dll
2016-04-15 18:19:07 ----A---- C:\Windows\system32\wininet.dll
2016-04-15 18:19:06 ----A---- C:\Windows\system32\msrating.dll
2016-04-15 18:19:06 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-04-15 18:19:05 ----A---- C:\Windows\system32\mshtml.dll
2016-04-08 15:23:08 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe

======List of files/folders modified in the last 1 month======

2016-04-27 18:22:13 ----D---- C:\Windows\Temp
2016-04-27 18:22:02 ----RD---- C:\Program Files
2016-04-27 18:06:38 ----D---- C:\Windows\system32\config
2016-04-27 18:03:09 ----D---- C:\Windows\system32\Tasks
2016-04-27 18:03:06 ----D---- C:\Windows\Tasks
2016-04-27 18:00:02 ----A---- C:\Windows\SYSWOW64\log.txt
2016-04-26 19:46:39 ----SHD---- C:\System Volume Information
2016-04-25 21:17:34 ----D---- C:\Windows\System32
2016-04-25 21:17:34 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-04-25 21:17:33 ----D---- C:\Windows\inf
2016-04-25 21:03:37 ----A---- C:\Windows\NeroDigital.ini
2016-04-25 05:23:28 ----D---- C:\Windows\SYSWOW64\drivers
2016-04-24 20:51:08 ----A---- C:\Windows\wininit.ini
2016-04-24 16:50:49 ----D---- C:\Windows\system32\drivers
2016-04-24 16:50:49 ----D---- C:\Program Files\Common Files
2016-04-24 16:49:56 ----HD---- C:\ProgramData
2016-04-24 16:48:44 ----RSD---- C:\Windows\Fonts
2016-04-24 16:48:33 ----D---- C:\Program Files (x86)\Common Files
2016-04-24 16:45:16 ----D---- C:\Windows\winsxs
2016-04-24 16:44:48 ----RD---- C:\Program Files (x86)
2016-04-24 16:39:39 ----D---- C:\Users\Admin\AppData\Roaming\Seznam Browser
2016-04-24 16:35:38 ----D---- C:\Windows\SysWOW64
2016-04-22 09:57:45 ----N---- C:\Windows\system32\MpSigStub.exe
2016-04-17 08:53:34 ----D---- C:\Windows\Microsoft.NET
2016-04-17 08:52:53 ----RSD---- C:\Windows\assembly
2016-04-16 21:06:48 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-04-16 21:06:46 ----D---- C:\Windows\system32\cs-CZ
2016-04-16 21:06:45 ----D---- C:\Windows\system32\en-US
2016-04-16 21:06:18 ----D---- C:\Windows\AppPatch
2016-04-16 21:06:17 ----D---- C:\Windows\system32\Boot
2016-04-16 21:06:14 ----D---- C:\Windows\SYSWOW64\wbem
2016-04-16 21:06:13 ----D---- C:\Windows\system32\wbem
2016-04-16 21:06:13 ----D---- C:\Windows\system32\drivers\cs-CZ
2016-04-16 21:06:11 ----D---- C:\Windows\system32\appraiser
2016-04-16 21:06:11 ----D---- C:\Windows\Logs
2016-04-16 21:05:48 ----D---- C:\Program Files\Internet Explorer
2016-04-16 21:05:46 ----D---- C:\Windows\SYSWOW64\en-US
2016-04-16 21:05:29 ----D---- C:\Program Files (x86)\Internet Explorer
2016-04-16 21:05:08 ----D---- C:\Windows\system32\DriverStore
2016-04-15 22:27:09 ----SHD---- C:\Windows\Installer
2016-04-15 22:27:07 ----SHD---- C:\Config.Msi
2016-04-15 22:27:07 ----D---- C:\ProgramData\Microsoft Help
2016-04-15 22:01:08 ----D---- C:\Windows\system32\MRT
2016-04-15 22:01:06 ----A---- C:\Windows\system32\MRT.exe
2016-04-15 21:56:41 ----D---- C:\Windows\system32\catroot2
2016-04-08 15:23:40 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-04-05 18:42:44 ----D---- C:\Program Files\McAfee Security Scan

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-05 408600]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-11-13 289120]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-04 834544]
R1 MPCKpt;MPCKpt; C:\Windows\system32\DRIVERS\MPCKpt.sys [2016-04-24 60136]
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
R1 QMUdisk;tencent QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUdisk64.sys [2016-04-18 184952]
R1 softaal;softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\softaal64.sys [2016-04-24 44664]
R1 SRepairDrv;SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [2016-04-27 172664]
R1 TAOKernelDriver;Tencent Auto Optimize Platform.; \??\C:\Windows\system32\Drivers\TAOKernel64.sys [2016-04-24 147576]
R1 TSDefenseBt;TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSDefenseBT64.sys [2016-04-24 28984]
R1 TSSysKit;TSSysKit; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSSysKit64.sys [2016-04-24 96888]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-08-04 42696]
R2 QQSysMonX64;QQSysMonX64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQSysMonX64.sys [2016-04-24 154744]
R2 tsnethlpx64;TsNetHlpX64.sys; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TsNetHlpX64.sys [2016-04-24 57976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-08-13 1209856]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-11-06 1550848]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-12-10 6179328]
R3 DKbFltr;Dritek Keyboard Filter Driver (64-bit); C:\Windows\SysWOW64\Drivers\DKbFltr.sys [2009-03-26 25608]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-10-28 2018080]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-11-13 133816]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-06 18432]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2009-06-25 205472]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-09-18 292912]
R3 TAOAccelerator;Tencent TAOAccelerator driver.; \??\C:\Windows\system32\Drivers\TAOAccelerator64.sys [2016-04-24 99480]
R3 TFsFlt;TFsFlt; C:\Windows\system32\Drivers\TFsFltX64.sys [2016-04-24 97400]
R3 TS888x64;TS888x64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TS888x64.sys [2016-04-27 38520]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-06 16896]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-08-04 310984]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-07-23 40448]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2009-07-02 52264]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-10-03 98344]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2009-08-29 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 35104]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-08-29 21160]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20); C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-06-20 54272]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2007-09-17 29184]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 SMUpdd;Search Module UpdateD; \??\C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys []
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys []
S3 TSSKX64;TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [2016-04-24 54904]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 USB28xxBGA;USB 2863 Device; C:\Windows\system32\DRIVERS\emBDA64.sys [2008-05-14 644608]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\Windows\system32\DRIVERS\emOEM64.sys [2008-05-14 352384]
S3 WinUSB;YunOS USB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2009-03-28 16896]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-12-10 202752]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-10-03 873248]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-01 844320]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-05 354840]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-10-01 268824]
R2 MPCProtectService;MPC Core Protect Service; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [2016-04-24 350688]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-01-29 23808]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
R2 QQPCRTP;QQPCMgr RTP Service; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe [2016-04-24 313936]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2008-12-31 247152]
R2 RS_Service;Raw Socket Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
R2 SMUpd;Search Module Update; C:\Program Files\Common Files\Doobzo\GSUpdate\smu.exe [2016-04-23 2439168]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2016-01-29 374344]
S2 CloudPrinter;CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f C:\ProgramData\\CloudPrinter\\CloudPrinter.dat -l -a []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S2 QQRepair1319;QQRepair1319; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepair1319 [2016-04-27 140608]
S2 QQRepairFixSVC;QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepairFixSVC [2016-04-27 140608]
S2 Quoteex;Quoteex; C:\ProgramData\\Quoteex\\Quoteex.exe shuz -f C:\ProgramData\\Quoteex\\Quoteex.dat -l -a []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08 269504]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-03-31 114688]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [2016-03-11 293128]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-03-10 146888]
S3 MWLService;MyWinLocker Service; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; c:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-24 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 27 dub 2016 18:04

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

jirka.hrom · #3 Příspěvek od **jirka.hrom** » 28 dub 2016 20:32

Rudy píše:Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Ahoj,
# AdwCleaner v5.114 - Log soubor vytvořen 28/04/2016 o 21:02:26
# Aktualizováno 27/04/2016 by Xplode
# Databáze : 2016-04-27.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Jméno uživatele : Admin - ADMIN-PC
# Spuštěno z : C:\Users\Admin\Desktop\adwcleaner_5.114.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****

[-] Služba smazáno : QQPCRTP
[-] Služba smazáno : SMUpd
[-] Služba smazáno : SMUpdd
[-] Služba smazáno : TAOAccelerator
[-] Služba smazáno : TSDefenseBt
[-] Služba smazáno : TSSysKit
[-] Služba smazáno : QMUdisk
[-] Služba smazáno : TS888x64
[-] Služba smazáno : QQSysMonX64
[-] Služba smazáno : TFsFlt
[-] Služba smazáno : TAOKernelDriver
[-] Služba smazáno : TSSKX64
[-] Služba smazáno : MPCProtectService
[-] Služba smazáno : MPCKpt
[-] Služba smazáno : softaal
[-] Služba smazáno : CloudPrinter
[!] Služba Ne smazáno : SRepairDrv
[-] Služba smazáno : tsnethlpx64
[-] Služba smazáno : BugreportW
[-] Služba smazáno : QQRepairFixSVC

***** [ Složky ] *****

#4 Příspěvek od **Rudy** » 28 dub 2016 21:16

Log není kompletní.

jirka.hrom · #5 Příspěvek od **jirka.hrom** » 29 dub 2016 17:23

Rudy píše:Log není kompletní.

Ahoj,snad bude log celý
# AdwCleaner v5.114 - Log soubor vytvořen 29/04/2016 o 18:11:43
# Aktualizováno 27/04/2016 by Xplode
# Databáze : 2016-04-27.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Jméno uživatele : Admin - ADMIN-PC
# Spuštěno z : C:\Users\Admin\Desktop\adwcleaner_5.114.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****

[-] Služba smazáno : TSDefenseBt
[-] Služba smazáno : TSSKX64
[-] Služba smazáno : MPCProtectService
[-] Služba smazáno : MPCKpt
[-] Služba smazáno : SRepairDrv
[-] Služba smazáno : QQRepair187a

***** [ Složky ] *****

[-] Složka smazáno : C:\ProgramData\tencent
[-] Složka smazáno : C:\ProgramData\TXQMPC
[#] Složka smazáno : C:\ProgramData\Application Data\tencent
[#] Složka smazáno : C:\ProgramData\Application Data\TXQMPC
[-] Složka smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
[#] Složka smazáno : C:\Program Files (x86)\MPC Cleaner
[-] Složka smazáno : C:\Program Files (x86)\tencent
[-] Složka smazáno : C:\Users\Admin\AppData\Roaming\tencent

***** [ Soubory ] *****

[-] Soubor smazáno : C:\Users\Public\Desktop\MPC Cleaner.lnk
[-] Soubor smazáno : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mmotraffic.com_0.localstorage-journal
[#] Soubor smazáno : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage
[-] Soubor smazáno : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage-journal
[-] Soubor smazáno : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage
[-] Soubor smazáno : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage-journal
[#] Soubor smazáno : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage
[#] Soubor smazáno : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage-journal
[#] Soubor smazáno : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage
[#] Soubor smazáno : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage-journal
[#] Soubor smazáno : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage
[#] Soubor smazáno : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage-journal
[#] Soubor smazáno : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage
[#] Soubor smazáno : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage-journal
[-] Soubor smazáno : C:\Users\MAMKA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage
[-] Soubor smazáno : C:\Users\MAMKA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage-journal
[#] Soubor smazáno : C:\Users\MAMKA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage
[#] Soubor smazáno : C:\Users\MAMKA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage-journal
[#] Soubor smazáno : C:\Users\MAMKA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage
[#] Soubor smazáno : C:\Users\MAMKA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage-journal
[-] Soubor smazáno : C:\Users\MÍŠA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage
[-] Soubor smazáno : C:\Users\MÍŠA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage-journal
[#] Soubor smazáno : C:\Users\MÍŠA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage
[#] Soubor smazáno : C:\Users\MÍŠA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage-journal
[#] Soubor smazáno : C:\Users\MÍŠA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage
[#] Soubor smazáno : C:\Users\MÍŠA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage-journal
[-] Soubor smazáno : C:\Users\JIRKA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage
[-] Soubor smazáno : C:\Users\JIRKA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage-journal
[-] Soubor smazáno : C:\Users\JIRKA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage
[-] Soubor smazáno : C:\Users\JIRKA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage-journal
[#] Soubor smazáno : C:\Users\JIRKA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage
[#] Soubor smazáno : C:\Users\JIRKA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage-journal
[#] Soubor smazáno : C:\Users\JIRKA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage
[#] Soubor smazáno : C:\Users\JIRKA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage-journal
[#] Soubor smazáno : C:\Users\JIRKA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage
[#] Soubor smazáno : C:\Users\JIRKA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.mpc.am_0.localstorage-journal
[#] Soubor smazáno : C:\Users\JIRKA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage
[#] Soubor smazáno : C:\Users\JIRKA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage-journal
[-] Soubor smazáno : C:\Windows\SysNative\drivers\TFsFltX64.sys
[#] Soubor smazáno : C:\Windows\SysNative\drivers\MPCKpt.sys

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

[-] Zástupce odvirováno : C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Zástupce odvirováno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Zástupce odvirováno : C:\Users\MAMKA\Desktop\Google Chrome.lnk
[-] Zástupce odvirováno : C:\Users\MAMKA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Zástupce odvirováno : C:\Users\MAMKA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Zástupce odvirováno : C:\Users\MAMKA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Zástupce odvirováno : C:\Users\MAMKA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Zástupce odvirováno : C:\Users\MÍŠA\Desktop\Google Chrome.lnk
[-] Zástupce odvirováno : C:\Users\MÍŠA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Zástupce odvirováno : C:\Users\MÍŠA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Zástupce odvirováno : C:\Users\MÍŠA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Zástupce odvirováno : C:\Users\MÍŠA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
[-] Zástupce odvirováno : C:\Users\MÍŠA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
[-] Zástupce odvirováno : C:\Users\JIRKA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Zástupce odvirováno : C:\Users\JIRKA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Zástupce odvirováno : C:\Users\JIRKA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Zástupce odvirováno : C:\Users\JIRKA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Naplánované úkoly ] *****

***** [ Registr ] *****

[-] Klávesa smazáno : HKLM\SOFTWARE\MPC
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQPCMgr
[-] Data Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
[-] Data Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [SearchAssistant]
[-] Data Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data Obnoveno : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Data Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Data Obnoveno : HKU\S-1-5-21-466881666-2337764228-364123011-1000\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Obnoveno : HKU\S-1-5-21-466881666-2337764228-364123011-1000\Software\Microsoft\Internet Explorer\Main [Search Bar]
[-] Data Obnoveno : HKU\S-1-5-21-466881666-2337764228-364123011-1000\Software\Microsoft\Internet Explorer\Main [SearchAssistant]
[-] Data Obnoveno : HKU\S-1-5-21-466881666-2337764228-364123011-1000\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data Obnoveno : HKU\S-1-5-21-466881666-2337764228-364123011-1000\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Hodnota smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Klávesa smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{89792E5C-A858-4676-832D-17A610113FF8}
[-] Klávesa smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B3F04FF1-58B1-4745-5C29-8E98089E77B8}
[-] Hodnota smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[#] Hodnota smazáno : HKU\S-1-5-21-466881666-2337764228-364123011-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Klávesa smazáno : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mpc.am
[-] Klávesa smazáno : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\search.mpc.am

***** [ Webové prohlížeče ] *****

[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] smazáno : user_pref("browser.newtab.url", "hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=g4ozamobl2140am,1914fd8f-d573-4471-ac85-7f69bfa77ae5,");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] smazáno : user_pref("browser.search.searchengine.hp", "hxxp://www.yessearches.com/?ts=AHEqAHIkC3QoBU. ... =ffsengext");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] smazáno : user_pref("browser.search.searchengine.sp", "hxxp://www.yessearches.com/chrome.php?mode=ffs ... v=20160421");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] smazáno : user_pref("browser.search.searchengine.url", "hxxp://www.yessearches.com/chrome.php?mode=ffs ... v=20160421");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] smazáno : user_pref("browser.search.selectedEngine", "yessearches");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] smazáno : user_pref("browser.startup.homepage", "hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=g4ozamobl2140am,1914fd8f-d573-4471-ac85-7f69bfa77ae5,");
[-] [C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] smazáno : user_pref("keyword.URL", "hxxp://www-searching.com/search.aspx?s=G4Ozamobl2140AM,1914fd8f-d573-4471-ac85-7f69bfa77ae5,&prd=smw&q=");

*************************

:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [13458 bytes] - [28/04/2016 21:02:26]
C:\AdwCleaner\AdwCleaner[C2].txt - [12688 bytes] - [29/04/2016 18:11:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [12951 bytes] - [28/04/2016 20:56:20]
C:\AdwCleaner\AdwCleaner[S2].txt - [16231 bytes] - [29/04/2016 18:07:39]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [12910 bytes] ##########

#6 Příspěvek od **Rudy** » 29 dub 2016 18:34

Teď je to celé. Vše smažte.

jirka.hrom · #7 Příspěvek od **jirka.hrom** » 01 kvě 2016 17:14

Rudy píše:Teď je to celé. Vše smažte.

Ahoj,
log smazán.

#8 Příspěvek od **Rudy** » 01 kvě 2016 17:40

Dejte nový log RSIT.

jirka.hrom · #9 Příspěvek od **jirka.hrom** » 02 kvě 2016 16:48

Rudy píše:Dejte nový log RSIT.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Admin at 2016-05-02 17:40:46
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 181 GB (30%) free of 598 GB
Total RAM: 3957 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:40:57, on 2.5.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18283)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [22] C:\Users\Admin\AppData\Local\Temp\22.exe /start
O4 - HKLM\..\Run: [ QQPCTray] "C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTRAY.EXE" /regrun /qqrepair
O4 - HKCU\..\Run: [Google Update] "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
O4 - Global Startup: NewShortcut1.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\ProgramData\Quoteex\Re-Tip.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MPC Core Protect Service (MPCProtectService) - DotC United Inc - C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Quoteex - Unknown owner - C:\ProgramData\\Quoteex\\Quoteex.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - c:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10882 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\LSI SoftModem\agr64svc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"
"C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe"
"C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\MPC Cleaner\MPCTray.exe"
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"taskhost.exe"
"C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" search.mpc.am
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=50.0.2661.94 --handshake-handle=0xd0
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2344.0.1316642092\274476858" --disable-d3d11 --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,10,12,24,53,71 --gpu-vendor-id=0x1002 --gpu-device-id=0x68e0 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.682.1.0 --ignored=" --type=renderer " /prefetch:2
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
consent.exe 956 512 000000000366E670

"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/127ByteCrimePaddingOn/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/NewSuggestType_A9_Stable_R2/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch50pct_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithModuleLoadAnalysis/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_25/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="2344.4.1147989847\1687603145" /prefetch:1
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/127ByteCrimePaddingOn/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/NewSuggestType_A9_Stable_R2/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch50pct_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithModuleLoadAnalysis/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_25/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="2344.6.979080213\1323109704" /prefetch:1
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\Users\Admin\Desktop\Nová složka\RSITx64 (1).exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Acer Registration Reminder.job - C:\Program Files (x86)\Acer\Registration\GREG.exe RR
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-466881666-2337764228-364123011-1002Core.job - C:\Users\MÍŠA\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-466881666-2337764228-364123011-1000Core.job - C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-466881666-2337764228-364123011-1000Core.job - C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe /c

=========Mozilla firefox=========

ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.213 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.213 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}]
电脑管家网页防火墙 - C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSWebMon64.dat []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-01-11 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-01-11 155384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-05 186904]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-10-29 8312352]
"Acer ePower Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2009-10-01 823840]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2016-01-29 1340192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30 144200]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-12-10 98304]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"UpdatePDRShortCut"=C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-01-04 222504]
"22"=C:\Users\Admin\AppData\Local\Temp\22.exe /start []
" QQPCTray"=C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTRAY.EXE /regrun /qqrepair []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
NewShortcut1.lnk - C:\Program Files (x86)\USB_video_device\Utility\RemoteTool\BDARemote.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\ProgramData\Quoteex\Latip.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-04-28 20:55:03 ----D---- C:\AdwCleaner
2016-04-27 18:22:02 ----D---- C:\rsit
2016-04-27 18:22:02 ----D---- C:\Program Files\trend micro
2016-04-25 05:26:53 ----D---- C:\Users\Admin\AppData\Roaming\MCorp
2016-04-24 16:39:21 ----D---- C:\Program Files (x86)\Nimeckreelule
2016-04-24 16:36:21 ----N---- C:\Windows\system32\drivers\MPCKpt.sys
2016-04-24 16:36:19 ----D---- C:\Program Files (x86)\MPC Cleaner
2016-04-24 16:35:36 ----D---- C:\ProgramData\Quoteexs
2016-04-24 16:35:21 ----D---- C:\ProgramData\Quoteex
2016-04-24 16:35:13 ----A---- C:\Users\Admin\AppData\Roaming\noah.dat
2016-04-24 16:35:13 ----A---- C:\Users\Admin\AppData\Roaming\Main.dat
2016-04-24 16:35:13 ----A---- C:\Users\Admin\AppData\Roaming\agent.dat
2016-04-24 16:34:59 ----A---- C:\Users\Admin\AppData\Roaming\ZaamQvocom.exe
2016-04-24 16:34:28 ----A---- C:\Users\Admin\AppData\Roaming\lobby.dat
2016-04-24 16:34:28 ----A---- C:\Users\Admin\AppData\Roaming\ApplicationHosting.dat
2016-04-24 16:34:18 ----A---- C:\Users\Admin\AppData\Roaming\Lalight.exe
2016-04-24 16:30:35 ----A---- C:\Users\Admin\AppData\Roaming\Installer.dat
2016-04-23 10:48:45 ----A---- C:\Windows\system32\bi2.exe
2016-04-15 18:20:55 ----A---- C:\Windows\system32\mtxoci.dll
2016-04-15 18:20:52 ----A---- C:\Windows\SYSWOW64\mtxoci.dll
2016-04-15 18:20:52 ----A---- C:\Windows\SYSWOW64\msorcl32.dll
2016-04-15 18:20:36 ----A---- C:\Windows\system32\rpcss.dll
2016-04-15 18:20:36 ----A---- C:\Windows\system32\msxml3.dll
2016-04-15 18:20:35 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2016-04-15 18:20:35 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2016-04-15 18:20:35 ----A---- C:\Windows\system32\msxml3r.dll
2016-04-15 18:20:32 ----A---- C:\Windows\system32\ole32.dll
2016-04-15 18:20:31 ----A---- C:\Windows\SYSWOW64\ole32.dll
2016-04-15 18:20:31 ----A---- C:\Windows\system32\lsasrv.dll
2016-04-15 18:20:30 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2016-04-15 18:20:30 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2016-04-15 18:20:30 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-04-15 18:20:29 ----A---- C:\Windows\system32\ntdll.dll
2016-04-15 18:20:28 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-04-15 18:20:28 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-04-15 18:20:28 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-04-15 18:20:28 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-04-15 18:20:26 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2016-04-15 18:20:26 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-04-15 18:20:26 ----A---- C:\Windows\system32\smss.exe
2016-04-15 18:20:26 ----A---- C:\Windows\system32\rpcrt4.dll
2016-04-15 18:20:26 ----A---- C:\Windows\system32\kernel32.dll
2016-04-15 18:20:26 ----A---- C:\Windows\system32\kerberos.dll
2016-04-15 18:20:26 ----A---- C:\Windows\system32\certcli.dll
2016-04-15 18:20:26 ----A---- C:\Windows\system32\advapi32.dll
2016-04-15 18:20:25 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2016-04-15 18:20:25 ----A---- C:\Windows\SYSWOW64\schannel.dll
2016-04-15 18:20:25 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-04-15 18:20:25 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-04-15 18:20:25 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-04-15 18:20:25 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\wow64win.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\wow64.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\winsrv.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\wdigest.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\TSpkg.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\sspicli.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\srcore.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\schannel.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\ncrypt.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\msv1_0.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\KernelBase.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-04-15 18:20:25 ----A---- C:\Windows\system32\conhost.exe
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\srclient.dll
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\wow64cpu.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\sspisrv.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\srclient.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\secur32.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\rstrui.exe
2016-04-15 18:20:24 ----A---- C:\Windows\system32\rpchttp.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\ntvdm64.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\lsass.exe
2016-04-15 18:20:24 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-04-15 18:20:24 ----A---- C:\Windows\system32\drivers\appid.sys
2016-04-15 18:20:24 ----A---- C:\Windows\system32\csrsrv.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\cryptbase.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\credssp.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\appidsvc.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-04-15 18:20:24 ----A---- C:\Windows\system32\appidapi.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-15 18:20:23 ----A---- C:\Windows\SYSWOW64\wow32.dll
2016-04-15 18:20:23 ----A---- C:\Windows\SYSWOW64\secur32.dll
2016-04-15 18:20:23 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2016-04-15 18:20:23 ----A---- C:\Windows\SYSWOW64\credssp.dll
2016-04-15 18:20:23 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2016-04-15 18:20:23 ----A---- C:\Windows\system32\auditpol.exe
2016-04-15 18:20:23 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-15 18:20:22 ----A---- C:\Windows\SYSWOW64\setup16.exe
2016-04-15 18:20:22 ----A---- C:\Windows\SYSWOW64\instnm.exe
2016-04-15 18:20:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-15 18:20:21 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-15 18:20:21 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-15 18:20:21 ----A---- C:\Windows\SYSWOW64\user.exe
2016-04-15 18:20:21 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2016-04-15 18:20:21 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2016-04-15 18:20:21 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2016-04-15 18:20:21 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2016-04-15 18:20:21 ----A---- C:\Windows\system32\msobjs.dll
2016-04-15 18:20:21 ----A---- C:\Windows\system32\msaudite.dll
2016-04-15 18:20:21 ----A---- C:\Windows\system32\apisetschema.dll
2016-04-15 18:20:21 ----A---- C:\Windows\system32\adtschema.dll
2016-04-15 18:20:11 ----A---- C:\Windows\system32\drivers\disk.sys
2016-04-15 18:20:10 ----A---- C:\Windows\system32\win32k.sys
2016-04-15 18:20:05 ----A---- C:\Windows\SYSWOW64\tbs.dll
2016-04-15 18:20:05 ----A---- C:\Windows\system32\tbs.dll
2016-04-15 18:20:05 ----A---- C:\Windows\system32\fveapi.dll
2016-04-15 18:20:04 ----A---- C:\Windows\system32\fveapibase.dll
2016-04-15 18:19:54 ----A---- C:\Windows\system32\generaltel.dll
2016-04-15 18:19:54 ----A---- C:\Windows\system32\devinv.dll
2016-04-15 18:19:54 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-04-15 18:19:54 ----A---- C:\Windows\system32\appraiser.dll
2016-04-15 18:19:53 ----A---- C:\Windows\system32\invagent.dll
2016-04-15 18:19:53 ----A---- C:\Windows\system32\aepic.dll
2016-04-15 18:19:53 ----A---- C:\Windows\system32\aeinv.dll
2016-04-15 18:19:53 ----A---- C:\Windows\system32\acmigration.dll
2016-04-15 18:19:50 ----A---- C:\Windows\system32\samsrv.dll
2016-04-15 18:19:49 ----A---- C:\Windows\SYSWOW64\samlib.dll
2016-04-15 18:19:49 ----A---- C:\Windows\system32\samlib.dll
2016-04-15 18:19:39 ----A---- C:\Windows\SYSWOW64\tzres.dll
2016-04-15 18:19:39 ----A---- C:\Windows\system32\tzres.dll
2016-04-15 18:19:30 ----A---- C:\Windows\SYSWOW64\inseng.dll
2016-04-15 18:19:30 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2016-04-15 18:19:30 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2016-04-15 18:19:30 ----A---- C:\Windows\system32\iernonce.dll
2016-04-15 18:19:29 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2016-04-15 18:19:29 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-04-15 18:19:29 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-04-15 18:19:28 ----A---- C:\Windows\SYSWOW64\occache.dll
2016-04-15 18:19:28 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2016-04-15 18:19:27 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-04-15 18:19:27 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-04-15 18:19:27 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2016-04-15 18:19:27 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-04-15 18:19:27 ----A---- C:\Windows\system32\inseng.dll
2016-04-15 18:19:27 ----A---- C:\Windows\system32\ie4uinit.exe
2016-04-15 18:19:26 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-04-15 18:19:26 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-04-15 18:19:26 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2016-04-15 18:19:26 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-15 18:19:23 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2016-04-15 18:19:23 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-04-15 18:19:23 ----A---- C:\Windows\system32\occache.dll
2016-04-15 18:19:23 ----A---- C:\Windows\system32\iedkcs32.dll
2016-04-15 18:19:22 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-04-15 18:19:22 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-04-15 18:19:22 ----A---- C:\Windows\system32\urlmon.dll
2016-04-15 18:19:22 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-04-15 18:19:21 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2016-04-15 18:19:21 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2016-04-15 18:19:21 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-15 18:19:20 ----A---- C:\Windows\SYSWOW64\ieui.dll
2016-04-15 18:19:20 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-04-15 18:19:20 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2016-04-15 18:19:20 ----A---- C:\Windows\system32\msfeeds.dll
2016-04-15 18:19:20 ----A---- C:\Windows\system32\dxtrans.dll
2016-04-15 18:19:19 ----A---- C:\Windows\system32\iesetup.dll
2016-04-15 18:19:18 ----A---- C:\Windows\system32\ieapfltr.dll
2016-04-15 18:19:15 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-04-15 18:19:15 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2016-04-15 18:19:15 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2016-04-15 18:19:15 ----A---- C:\Windows\system32\iertutil.dll
2016-04-15 18:19:14 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-04-15 18:19:14 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-04-15 18:19:14 ----A---- C:\Windows\system32\vbscript.dll
2016-04-15 18:19:14 ----A---- C:\Windows\system32\jsproxy.dll
2016-04-15 18:19:13 ----A---- C:\Windows\SYSWOW64\msrating.dll
2016-04-15 18:19:12 ----A---- C:\Windows\system32\ieui.dll
2016-04-15 18:19:12 ----A---- C:\Windows\system32\dxtmsft.dll
2016-04-15 18:19:11 ----A---- C:\Windows\system32\ieframe.dll
2016-04-15 18:19:10 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-04-15 18:19:10 ----A---- C:\Windows\system32\mshtmled.dll
2016-04-15 18:19:10 ----A---- C:\Windows\system32\ieUnatt.exe
2016-04-15 18:19:09 ----A---- C:\Windows\system32\webcheck.dll
2016-04-15 18:19:09 ----A---- C:\Windows\system32\jscript9diag.dll
2016-04-15 18:19:09 ----A---- C:\Windows\system32\jscript.dll
2016-04-15 18:19:08 ----A---- C:\Windows\system32\jscript9.dll
2016-04-15 18:19:07 ----A---- C:\Windows\system32\wininet.dll
2016-04-15 18:19:06 ----A---- C:\Windows\system32\msrating.dll
2016-04-15 18:19:06 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-04-15 18:19:05 ----A---- C:\Windows\system32\mshtml.dll
2016-04-08 15:23:08 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe

======List of files/folders modified in the last 1 month======

2016-05-02 17:40:52 ----D---- C:\Windows\Temp
2016-05-02 15:46:25 ----D---- C:\Windows\system32\config
2016-05-02 15:35:30 ----A---- C:\Windows\SYSWOW64\log.txt
2016-05-01 18:07:44 ----D---- C:\Windows\system32\Tasks
2016-05-01 18:07:43 ----HD---- C:\ProgramData
2016-05-01 18:07:43 ----D---- C:\Program Files\Common Files
2016-05-01 16:18:28 ----A---- C:\Windows\NeroDigital.ini
2016-05-01 13:08:30 ----D---- C:\Fraps
2016-04-30 15:23:54 ----SHD---- C:\System Volume Information
2016-04-29 18:11:49 ----D---- C:\Windows\system32\drivers
2016-04-29 18:11:47 ----RD---- C:\Program Files (x86)
2016-04-28 21:06:26 ----D---- C:\Windows\SYSWOW64\drivers
2016-04-28 21:06:26 ----D---- C:\Windows\SysWOW64
2016-04-28 21:03:27 ----D---- C:\Program Files (x86)\Common Files
2016-04-27 20:42:37 ----D---- C:\Users\Admin\AppData\Roaming\vlc
2016-04-27 18:22:02 ----RD---- C:\Program Files
2016-04-27 18:03:06 ----D---- C:\Windows\Tasks
2016-04-25 21:17:34 ----D---- C:\Windows\System32
2016-04-25 21:17:34 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-04-25 21:17:33 ----D---- C:\Windows\inf
2016-04-24 20:51:08 ----A---- C:\Windows\wininit.ini
2016-04-24 16:48:44 ----RSD---- C:\Windows\Fonts
2016-04-24 16:45:16 ----D---- C:\Windows\winsxs
2016-04-24 16:39:39 ----D---- C:\Users\Admin\AppData\Roaming\Seznam Browser
2016-04-22 09:57:45 ----N---- C:\Windows\system32\MpSigStub.exe
2016-04-17 08:53:34 ----D---- C:\Windows\Microsoft.NET
2016-04-17 08:52:53 ----RSD---- C:\Windows\assembly
2016-04-16 21:06:48 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-04-16 21:06:46 ----D---- C:\Windows\system32\cs-CZ
2016-04-16 21:06:45 ----D---- C:\Windows\system32\en-US
2016-04-16 21:06:18 ----D---- C:\Windows\AppPatch
2016-04-16 21:06:17 ----D---- C:\Windows\system32\Boot
2016-04-16 21:06:14 ----D---- C:\Windows\SYSWOW64\wbem
2016-04-16 21:06:13 ----D---- C:\Windows\system32\wbem
2016-04-16 21:06:13 ----D---- C:\Windows\system32\drivers\cs-CZ
2016-04-16 21:06:11 ----D---- C:\Windows\system32\appraiser
2016-04-16 21:06:11 ----D---- C:\Windows\Logs
2016-04-16 21:05:48 ----D---- C:\Program Files\Internet Explorer
2016-04-16 21:05:46 ----D---- C:\Windows\SYSWOW64\en-US
2016-04-16 21:05:29 ----D---- C:\Program Files (x86)\Internet Explorer
2016-04-16 21:05:08 ----D---- C:\Windows\system32\DriverStore
2016-04-15 22:27:09 ----SHD---- C:\Windows\Installer
2016-04-15 22:27:07 ----SHD---- C:\Config.Msi
2016-04-15 22:27:07 ----D---- C:\ProgramData\Microsoft Help
2016-04-15 22:01:08 ----D---- C:\Windows\system32\MRT
2016-04-15 22:01:06 ----A---- C:\Windows\system32\MRT.exe
2016-04-15 21:56:41 ----D---- C:\Windows\system32\catroot2
2016-04-08 15:23:40 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-04-05 18:42:44 ----D---- C:\Program Files\McAfee Security Scan

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-05 408600]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-11-13 289120]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-04 834544]
R1 MPCKpt;MPCKpt; C:\Windows\system32\DRIVERS\MPCKpt.sys [2016-04-24 60136]
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-08-04 42696]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-08-13 1209856]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-11-06 1550848]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-12-10 6179328]
R3 DKbFltr;Dritek Keyboard Filter Driver (64-bit); C:\Windows\SysWOW64\Drivers\DKbFltr.sys [2009-03-26 25608]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-10-28 2018080]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-11-13 133816]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-06 18432]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2009-06-25 205472]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-09-18 292912]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-06 16896]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-08-04 310984]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-07-23 40448]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2009-07-02 52264]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-10-03 98344]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2009-08-29 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 35104]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-08-29 21160]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20); C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-06-20 54272]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2007-09-17 29184]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 USB28xxBGA;USB 2863 Device; C:\Windows\system32\DRIVERS\emBDA64.sys [2008-05-14 644608]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\Windows\system32\DRIVERS\emOEM64.sys [2008-05-14 352384]
S3 WinUSB;YunOS USB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2009-03-28 16896]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-12-10 202752]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-10-03 873248]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-01 844320]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-05 354840]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-10-01 268824]
R2 MPCProtectService;MPC Core Protect Service; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [2016-04-24 350688]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-01-29 23808]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2008-12-31 247152]
R2 RS_Service;Raw Socket Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2016-01-29 374344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S2 Quoteex;Quoteex; C:\ProgramData\\Quoteex\\Quoteex.exe shuz -f C:\ProgramData\\Quoteex\\Quoteex.dat -l -a []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08 269504]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-03-31 114688]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [2016-03-11 293128]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-03-10 146888]
S3 MWLService;MyWinLocker Service; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; c:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-24 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

#10 Příspěvek od **Rudy** » 02 kvě 2016 17:36

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-466881666-2337764228-364123011-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-466881666-2337764228-364123011-1000Core.job
C:\Program Files (x86)\Tencent
C:\Program Files\McAfee Security Scan
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
C:\ProgramData\\Quoteex

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}]/64
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"22"=-
" QQPCTray"=-

:services
Quoteex
McComponentHostService

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

jirka.hrom · #11 Příspěvek od **jirka.hrom** » 02 kvě 2016 18:41

Rudy píše:Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-466881666-2337764228-364123011-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-466881666-2337764228-364123011-1000Core.job
C:\Program Files (x86)\Tencent
C:\Program Files\McAfee Security Scan
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
C:\ProgramData\\Quoteex

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}]/64
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"22"=-
" QQPCTray"=-

:services
Quoteex
McComponentHostService

:commands
[Purity]
[Emptytemp]
[Emptyflash]
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Admin at 2016-05-02 19:37:35
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 185 GB (31%) free of 598 GB
Total RAM: 3957 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:37:48, on 2.5.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18283)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: NewShortcut1.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\ProgramData\Quoteex\Re-Tip.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MPC Core Protect Service (MPCProtectService) - DotC United Inc - C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - c:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10147 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
taskeng.exe {57D94A8C-7B74-46D3-9260-794AFDC5C1CB}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\LSI SoftModem\agr64svc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"
"C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe"
"C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\MPC Cleaner\MPCTray.exe"
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe"
"taskhost.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\notepad.exe" C:\_OTM\MovedFiles\05022016_192031.log
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" search.mpc.am
C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=50.0.2661.94 --handshake-handle=0xd0
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="1560.0.988641772\413708973" --disable-d3d11 --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,10,12,24,53,71 --gpu-vendor-id=0x1002 --gpu-device-id=0x68e0 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.682.1.0 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/NewSuggestType_A9_Stable_R2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch50pct_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithModuleLoadAnalysis/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_25/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="1560.2.580997836\734949500" /prefetch:1
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=cs --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/NewSuggestType_A9_Stable_R2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Launch50pct_11011_1_1_10/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Disabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithModuleLoadAnalysis/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_25/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=fetchDeferLateScripts=true,fetchIncreaseFontPriority=true,fetchIncreasePriorities=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="1560.3.846827172\1483478377" /prefetch:1
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\Users\Admin\Desktop\Nová složka\RSITx64 (2).exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Acer Registration Reminder.job - C:\Program Files (x86)\Acer\Registration\GREG.exe RR
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-466881666-2337764228-364123011-1002Core.job - C:\Users\MÍŠA\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c

=========Mozilla firefox=========

ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.213 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.213 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-01-11 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-01-11 155384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-05 186904]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-10-29 8312352]
"Acer ePower Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2009-10-01 823840]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2016-01-29 1340192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30 144200]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-12-10 98304]
"UpdatePDRShortCut"=C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-01-04 222504]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
NewShortcut1.lnk - C:\Program Files (x86)\USB_video_device\Utility\RemoteTool\BDARemote.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\ProgramData\Quoteex\Latip.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-04-28 20:55:03 ----D---- C:\AdwCleaner
2016-04-27 18:22:02 ----D---- C:\rsit
2016-04-27 18:22:02 ----D---- C:\Program Files\trend micro
2016-04-25 05:26:53 ----D---- C:\Users\Admin\AppData\Roaming\MCorp
2016-04-24 16:39:21 ----D---- C:\Program Files (x86)\Nimeckreelule
2016-04-24 16:36:21 ----N---- C:\Windows\system32\drivers\MPCKpt.sys
2016-04-24 16:36:19 ----D---- C:\Program Files (x86)\MPC Cleaner
2016-04-24 16:35:36 ----D---- C:\ProgramData\Quoteexs
2016-04-24 16:35:21 ----D---- C:\ProgramData\Quoteex
2016-04-24 16:35:13 ----A---- C:\Users\Admin\AppData\Roaming\noah.dat
2016-04-24 16:35:13 ----A---- C:\Users\Admin\AppData\Roaming\Main.dat
2016-04-24 16:35:13 ----A---- C:\Users\Admin\AppData\Roaming\agent.dat
2016-04-24 16:34:59 ----A---- C:\Users\Admin\AppData\Roaming\ZaamQvocom.exe
2016-04-24 16:34:28 ----A---- C:\Users\Admin\AppData\Roaming\lobby.dat
2016-04-24 16:34:28 ----A---- C:\Users\Admin\AppData\Roaming\ApplicationHosting.dat
2016-04-24 16:34:18 ----A---- C:\Users\Admin\AppData\Roaming\Lalight.exe
2016-04-24 16:30:35 ----A---- C:\Users\Admin\AppData\Roaming\Installer.dat
2016-04-23 10:48:45 ----A---- C:\Windows\system32\bi2.exe
2016-04-15 18:20:55 ----A---- C:\Windows\system32\mtxoci.dll
2016-04-15 18:20:52 ----A---- C:\Windows\SYSWOW64\mtxoci.dll
2016-04-15 18:20:52 ----A---- C:\Windows\SYSWOW64\msorcl32.dll
2016-04-15 18:20:36 ----A---- C:\Windows\system32\rpcss.dll
2016-04-15 18:20:36 ----A---- C:\Windows\system32\msxml3.dll
2016-04-15 18:20:35 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2016-04-15 18:20:35 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2016-04-15 18:20:35 ----A---- C:\Windows\system32\msxml3r.dll
2016-04-15 18:20:32 ----A---- C:\Windows\system32\ole32.dll
2016-04-15 18:20:31 ----A---- C:\Windows\SYSWOW64\ole32.dll
2016-04-15 18:20:31 ----A---- C:\Windows\system32\lsasrv.dll
2016-04-15 18:20:30 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2016-04-15 18:20:30 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2016-04-15 18:20:30 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-04-15 18:20:29 ----A---- C:\Windows\system32\ntdll.dll
2016-04-15 18:20:28 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-04-15 18:20:28 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-04-15 18:20:28 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-04-15 18:20:28 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-04-15 18:20:26 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2016-04-15 18:20:26 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-04-15 18:20:26 ----A---- C:\Windows\system32\smss.exe
2016-04-15 18:20:26 ----A---- C:\Windows\system32\rpcrt4.dll
2016-04-15 18:20:26 ----A---- C:\Windows\system32\kernel32.dll
2016-04-15 18:20:26 ----A---- C:\Windows\system32\kerberos.dll
2016-04-15 18:20:26 ----A---- C:\Windows\system32\certcli.dll
2016-04-15 18:20:26 ----A---- C:\Windows\system32\advapi32.dll
2016-04-15 18:20:25 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2016-04-15 18:20:25 ----A---- C:\Windows\SYSWOW64\schannel.dll
2016-04-15 18:20:25 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-04-15 18:20:25 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-04-15 18:20:25 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-04-15 18:20:25 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\wow64win.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\wow64.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\winsrv.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\wdigest.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\TSpkg.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\sspicli.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\srcore.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\schannel.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\ncrypt.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\msv1_0.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\KernelBase.dll
2016-04-15 18:20:25 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-04-15 18:20:25 ----A---- C:\Windows\system32\conhost.exe
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\srclient.dll
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2016-04-15 18:20:24 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\wow64cpu.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\sspisrv.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\srclient.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\setbcdlocale.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\secur32.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\rstrui.exe
2016-04-15 18:20:24 ----A---- C:\Windows\system32\rpchttp.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\ntvdm64.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\lsass.exe
2016-04-15 18:20:24 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-04-15 18:20:24 ----A---- C:\Windows\system32\drivers\appid.sys
2016-04-15 18:20:24 ----A---- C:\Windows\system32\csrsrv.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\cryptbase.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\credssp.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\appidsvc.dll
2016-04-15 18:20:24 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2016-04-15 18:20:24 ----A---- C:\Windows\system32\appidapi.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-15 18:20:23 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-15 18:20:23 ----A---- C:\Windows\SYSWOW64\wow32.dll
2016-04-15 18:20:23 ----A---- C:\Windows\SYSWOW64\secur32.dll
2016-04-15 18:20:23 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2016-04-15 18:20:23 ----A---- C:\Windows\SYSWOW64\credssp.dll
2016-04-15 18:20:23 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2016-04-15 18:20:23 ----A---- C:\Windows\system32\auditpol.exe
2016-04-15 18:20:23 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-15 18:20:22 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-15 18:20:22 ----A---- C:\Windows\SYSWOW64\setup16.exe
2016-04-15 18:20:22 ----A---- C:\Windows\SYSWOW64\instnm.exe
2016-04-15 18:20:21 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-15 18:20:21 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-15 18:20:21 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-15 18:20:21 ----A---- C:\Windows\SYSWOW64\user.exe
2016-04-15 18:20:21 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2016-04-15 18:20:21 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2016-04-15 18:20:21 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2016-04-15 18:20:21 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2016-04-15 18:20:21 ----A---- C:\Windows\system32\msobjs.dll
2016-04-15 18:20:21 ----A---- C:\Windows\system32\msaudite.dll
2016-04-15 18:20:21 ----A---- C:\Windows\system32\apisetschema.dll
2016-04-15 18:20:21 ----A---- C:\Windows\system32\adtschema.dll
2016-04-15 18:20:11 ----A---- C:\Windows\system32\drivers\disk.sys
2016-04-15 18:20:10 ----A---- C:\Windows\system32\win32k.sys
2016-04-15 18:20:05 ----A---- C:\Windows\SYSWOW64\tbs.dll
2016-04-15 18:20:05 ----A---- C:\Windows\system32\tbs.dll
2016-04-15 18:20:05 ----A---- C:\Windows\system32\fveapi.dll
2016-04-15 18:20:04 ----A---- C:\Windows\system32\fveapibase.dll
2016-04-15 18:19:54 ----A---- C:\Windows\system32\generaltel.dll
2016-04-15 18:19:54 ----A---- C:\Windows\system32\devinv.dll
2016-04-15 18:19:54 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-04-15 18:19:54 ----A---- C:\Windows\system32\appraiser.dll
2016-04-15 18:19:53 ----A---- C:\Windows\system32\invagent.dll
2016-04-15 18:19:53 ----A---- C:\Windows\system32\aepic.dll
2016-04-15 18:19:53 ----A---- C:\Windows\system32\aeinv.dll
2016-04-15 18:19:53 ----A---- C:\Windows\system32\acmigration.dll
2016-04-15 18:19:50 ----A---- C:\Windows\system32\samsrv.dll
2016-04-15 18:19:49 ----A---- C:\Windows\SYSWOW64\samlib.dll
2016-04-15 18:19:49 ----A---- C:\Windows\system32\samlib.dll
2016-04-15 18:19:39 ----A---- C:\Windows\SYSWOW64\tzres.dll
2016-04-15 18:19:39 ----A---- C:\Windows\system32\tzres.dll
2016-04-15 18:19:30 ----A---- C:\Windows\SYSWOW64\inseng.dll
2016-04-15 18:19:30 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2016-04-15 18:19:30 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2016-04-15 18:19:30 ----A---- C:\Windows\system32\iernonce.dll
2016-04-15 18:19:29 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2016-04-15 18:19:29 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-04-15 18:19:29 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-04-15 18:19:28 ----A---- C:\Windows\SYSWOW64\occache.dll
2016-04-15 18:19:28 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2016-04-15 18:19:27 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-04-15 18:19:27 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-04-15 18:19:27 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2016-04-15 18:19:27 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-04-15 18:19:27 ----A---- C:\Windows\system32\inseng.dll
2016-04-15 18:19:27 ----A---- C:\Windows\system32\ie4uinit.exe
2016-04-15 18:19:26 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-04-15 18:19:26 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-04-15 18:19:26 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2016-04-15 18:19:26 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-15 18:19:23 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2016-04-15 18:19:23 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-04-15 18:19:23 ----A---- C:\Windows\system32\occache.dll
2016-04-15 18:19:23 ----A---- C:\Windows\system32\iedkcs32.dll
2016-04-15 18:19:22 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-04-15 18:19:22 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-04-15 18:19:22 ----A---- C:\Windows\system32\urlmon.dll
2016-04-15 18:19:22 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-04-15 18:19:21 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2016-04-15 18:19:21 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2016-04-15 18:19:21 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-15 18:19:20 ----A---- C:\Windows\SYSWOW64\ieui.dll
2016-04-15 18:19:20 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-04-15 18:19:20 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2016-04-15 18:19:20 ----A---- C:\Windows\system32\msfeeds.dll
2016-04-15 18:19:20 ----A---- C:\Windows\system32\dxtrans.dll
2016-04-15 18:19:19 ----A---- C:\Windows\system32\iesetup.dll
2016-04-15 18:19:18 ----A---- C:\Windows\system32\ieapfltr.dll
2016-04-15 18:19:15 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-04-15 18:19:15 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2016-04-15 18:19:15 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2016-04-15 18:19:15 ----A---- C:\Windows\system32\iertutil.dll
2016-04-15 18:19:14 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-04-15 18:19:14 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-04-15 18:19:14 ----A---- C:\Windows\system32\vbscript.dll
2016-04-15 18:19:14 ----A---- C:\Windows\system32\jsproxy.dll
2016-04-15 18:19:13 ----A---- C:\Windows\SYSWOW64\msrating.dll
2016-04-15 18:19:12 ----A---- C:\Windows\system32\ieui.dll
2016-04-15 18:19:12 ----A---- C:\Windows\system32\dxtmsft.dll
2016-04-15 18:19:11 ----A---- C:\Windows\system32\ieframe.dll
2016-04-15 18:19:10 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-04-15 18:19:10 ----A---- C:\Windows\system32\mshtmled.dll
2016-04-15 18:19:10 ----A---- C:\Windows\system32\ieUnatt.exe
2016-04-15 18:19:09 ----A---- C:\Windows\system32\webcheck.dll
2016-04-15 18:19:09 ----A---- C:\Windows\system32\jscript9diag.dll
2016-04-15 18:19:09 ----A---- C:\Windows\system32\jscript.dll
2016-04-15 18:19:08 ----A---- C:\Windows\system32\jscript9.dll
2016-04-15 18:19:07 ----A---- C:\Windows\system32\wininet.dll
2016-04-15 18:19:06 ----A---- C:\Windows\system32\msrating.dll
2016-04-15 18:19:06 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-04-15 18:19:05 ----A---- C:\Windows\system32\mshtml.dll
2016-04-08 15:23:08 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe

======List of files/folders modified in the last 1 month======

2016-05-02 19:37:34 ----D---- C:\Windows\Temp
2016-05-02 19:33:00 ----RD---- C:\Program Files
2016-05-02 19:32:25 ----D---- C:\Windows\system32\config
2016-05-02 19:31:46 ----A---- C:\Windows\SYSWOW64\log.txt
2016-05-02 19:28:46 ----D---- C:\Windows
2016-05-02 19:20:32 ----D---- C:\Windows\Tasks
2016-05-01 18:07:44 ----D---- C:\Windows\system32\Tasks
2016-05-01 18:07:43 ----HD---- C:\ProgramData
2016-05-01 18:07:43 ----D---- C:\Program Files\Common Files
2016-05-01 16:18:28 ----A---- C:\Windows\NeroDigital.ini
2016-05-01 13:08:30 ----D---- C:\Fraps
2016-04-30 15:23:54 ----SHD---- C:\System Volume Information
2016-04-29 18:11:49 ----D---- C:\Windows\system32\drivers
2016-04-29 18:11:47 ----RD---- C:\Program Files (x86)
2016-04-28 21:06:26 ----D---- C:\Windows\SYSWOW64\drivers
2016-04-28 21:06:26 ----D---- C:\Windows\SysWOW64
2016-04-28 21:03:27 ----D---- C:\Program Files (x86)\Common Files
2016-04-27 20:42:37 ----D---- C:\Users\Admin\AppData\Roaming\vlc
2016-04-25 21:17:34 ----D---- C:\Windows\System32
2016-04-25 21:17:34 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-04-25 21:17:33 ----D---- C:\Windows\inf
2016-04-24 20:51:08 ----A---- C:\Windows\wininit.ini
2016-04-24 16:48:44 ----RSD---- C:\Windows\Fonts
2016-04-24 16:45:16 ----D---- C:\Windows\winsxs
2016-04-24 16:39:39 ----D---- C:\Users\Admin\AppData\Roaming\Seznam Browser
2016-04-22 09:57:45 ----N---- C:\Windows\system32\MpSigStub.exe
2016-04-17 08:53:34 ----D---- C:\Windows\Microsoft.NET
2016-04-17 08:52:53 ----RSD---- C:\Windows\assembly
2016-04-16 21:06:48 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-04-16 21:06:46 ----D---- C:\Windows\system32\cs-CZ
2016-04-16 21:06:45 ----D---- C:\Windows\system32\en-US
2016-04-16 21:06:18 ----D---- C:\Windows\AppPatch
2016-04-16 21:06:17 ----D---- C:\Windows\system32\Boot
2016-04-16 21:06:14 ----D---- C:\Windows\SYSWOW64\wbem
2016-04-16 21:06:13 ----D---- C:\Windows\system32\wbem
2016-04-16 21:06:13 ----D---- C:\Windows\system32\drivers\cs-CZ
2016-04-16 21:06:11 ----D---- C:\Windows\system32\appraiser
2016-04-16 21:06:11 ----D---- C:\Windows\Logs
2016-04-16 21:05:48 ----D---- C:\Program Files\Internet Explorer
2016-04-16 21:05:46 ----D---- C:\Windows\SYSWOW64\en-US
2016-04-16 21:05:29 ----D---- C:\Program Files (x86)\Internet Explorer
2016-04-16 21:05:08 ----D---- C:\Windows\system32\DriverStore
2016-04-15 22:27:09 ----SHD---- C:\Windows\Installer
2016-04-15 22:27:07 ----SHD---- C:\Config.Msi
2016-04-15 22:27:07 ----D---- C:\ProgramData\Microsoft Help
2016-04-15 22:01:08 ----D---- C:\Windows\system32\MRT
2016-04-15 22:01:06 ----A---- C:\Windows\system32\MRT.exe
2016-04-15 21:56:41 ----D---- C:\Windows\system32\catroot2
2016-04-08 15:23:40 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-05 408600]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-11-13 289120]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-04 834544]
R1 MPCKpt;MPCKpt; C:\Windows\system32\DRIVERS\MPCKpt.sys [2016-04-24 60136]
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-08-04 42696]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-08-13 1209856]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-11-06 1550848]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-12-10 6179328]
R3 DKbFltr;Dritek Keyboard Filter Driver (64-bit); C:\Windows\SysWOW64\Drivers\DKbFltr.sys [2009-03-26 25608]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-10-28 2018080]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-11-13 133816]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-06 18432]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2009-06-25 205472]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-09-18 292912]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-06 16896]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-08-04 310984]
S3 a4nhj8z6;a4nhj8z6; C:\Windows\system32\drivers\a4nhj8z6.sys []
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-07-23 40448]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2009-07-02 52264]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-10-03 98344]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2009-08-29 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 35104]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-08-29 21160]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20); C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-06-20 54272]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2007-09-17 29184]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 USB28xxBGA;USB 2863 Device; C:\Windows\system32\DRIVERS\emBDA64.sys [2008-05-14 644608]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\Windows\system32\DRIVERS\emOEM64.sys [2008-05-14 352384]
S3 WinUSB;YunOS USB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2009-03-28 16896]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-12-10 202752]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-10-03 873248]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-01 844320]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-05 354840]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-10-01 268824]
R2 MPCProtectService;MPC Core Protect Service; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [2016-04-24 350688]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2016-01-29 23808]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2008-12-31 247152]
R2 RS_Service;Raw Socket Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2016-01-29 374344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08 269504]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-03-31 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-03-10 146888]
S3 MWLService;MyWinLocker Service; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; c:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-24 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

#12 Příspěvek od **Rudy** » 02 kvě 2016 19:08

Smazáno. Nastala nějaká změna?

jirka.hrom · #13 Příspěvek od **jirka.hrom** » 02 kvě 2016 19:51

Rudy píše:Smazáno. Nastala nějaká změna?

Ahoj,
okno v čínštině mi tam už nevyskakuje-ta ikonka se zdá ,že je pryč.Tabulka s problemovým zástupcem taky nevyskakuje.Zůstal mi tam viset MPC Safe Navigation jako domovská stránka a nemůžu ho nahradit seznamem.

#14 Příspěvek od **Rudy** » 02 kvě 2016 20:13

Ještě proveďte tyto skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

jirka.hrom · #15 Příspěvek od **jirka.hrom** » 03 kvě 2016 19:31

Rudy píše:Ještě proveďte tyto skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Ahoj, provedl jsem Run Script v Zoeku, nbk dlouho něco chroustal ale nezrestartoval se,tak jsem ho zrestartoval ale log mi nevyjel.

VIRY.CZ

Okno v čínštině?

Okno v čínštině?

Re: Okno v čínštině?

Re: Okno v čínštině?

Re: Okno v čínštině?

Re: Okno v čínštině?

Re: Okno v čínštině?

Re: Okno v čínštině?

Re: Okno v čínštině?

Re: Okno v čínštině?

Re: Okno v čínštině?

Re: Okno v čínštině?

Re: Okno v čínštině?

Re: Okno v čínštině?

Re: Okno v čínštině?

Re: Okno v čínštině?