Právě je 23 zář 2019 02:32

Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Všechny časy jsou v UTC + 1 hodina


Pravidla fóra


Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.



Odeslat nové téma Toto téma je zamknuté. Nemůžete posílat nové příspěvky ani odpovídat na starší.  [ Příspěvků: 10 ] 
Autor Zpráva
 Předmět příspěvku: Eset zachytil coinminer
PříspěvekNapsal: 21 pro 2017 17:38 
Offline
Vzorný návštěvník
Vzorný návštěvník

Registrován: 02 bře 2007 20:31
Příspěvky: 80
Bydliště: SK- kusok od TN
Dobry den, po rokoch navstili spet s mensim problemom. Eset zachytil JS/CoinMiner.D JS/CoinMiner.F , nieco blokne pri prezerani webu,alebo napise ze infikovany subor, ale nenapise kde a aky. Vopred dakujem za pomoc. adwcleaner neukaze nic

Logfile of random's system information tool 1.16 (written by random/random)
Run by ITjopo at 2017-12-21 17:35:31
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 101 GB (50%) free of 200 GB
Total RAM: 8075 MB (70% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:35:35, on 21. 12. 2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18860)
Boot mode: Normal

Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\Users\ITjopo\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Users\ITjopo\AppData\Local\Viber\Viber.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\trend micro\ITjopo_RSITx64.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office16\URLREDIR.DLL
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~4\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [DSATray] C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe
O4 - HKCU\..\Run: [f.lux] "C:\Users\ITjopo\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Viber] C:\Users\ITjopo\AppData\Local\Viber\Viber.exe StartMinimized
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office16\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - http://trensqad:18080/qadhome/client/setup.ocx
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.co ... 5.24.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A9FE76F-2539-433F-BA9C-B788E5315F75}: NameServer = 213.151.222.34 85.237.225.250
O17 - HKLM\System\CCS\Services\Tcpip\..\{A514C6E4-F26B-4881-9ED3-AB856C0B055A}: NameServer = 213.151.222.34 85.237.225.250
O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\PROGRAM FILES\THINKPAD\BLUETOOTH SOFTWARE\BTWDINS.EXE
O23 - Service: Connect2 Hotspot Service (connect2hotspot) - Lenovo - C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
O23 - Service: Intel(R) Driver & Support Assistant (DSAService) - Intel - C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ehttpsrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ESET SHA Service (eshasrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\eshasrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Reader Service (FoxitReaderService) - Foxit Software Inc. - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Lenovo Platform Service (LPlatSvc) - Unknown owner - C:\Windows\system32\LPlatSvc.exe (file missing)
O23 - Service: Lenovo Solution Center System Service (LSC.Services.SystemService) - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe
O23 - Service: MEmusvc - Microvirt Software Technology Co. Ltd. - C:\MEMU_ANDROID\Microvirt\MEmu\MemuService.exe
O23 - Service: Mobile Partner. OUC (Mobile Partner. RunOuc) - Unknown owner - C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Power Manager Service (Power Manager DBC Service) - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Screen Reading Optimizer Service Program (SROSVC) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: TeamViewer 13 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\PROGRAM FILES\INTEL\TURBOBOOST\TURBOBOOST.EXE
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Správca poverení (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\SYSWOW64\VMNETDHCP.EXE
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\SYSWOW64\VMNAT.EXE
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 15907 bytes

====== Enumerating Processes ======

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\winlogon.exe
"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\LPlatSvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-746aaa6d-8b41-4dc0-8b92-d7924580ae16 -SystemEventPortName:HostProcess-e923928d-e300-449e-ac34-33aec0760f74 -IoCancelEventPortName:HostProcess-244930e4-db0d-4bc6-b877-417e59c68865 -NonStateChangingEventPortName:HostProcess-af426839-71c0-4633-9eb6-4176ad937b35 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:194b18bd-863b-4b0d-a8e6-20c4808d8bc0 -DeviceGroupId:
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe 22647600
\??\C:\Windows\system32\conhost.exe "129090259732365962-146101953911508144022016960951-1055159284-1228438272-141591758
C:\Windows\System32\spoolsv.exe
"C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe"
"C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe"
"C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe"
"C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe"
"C:\PROGRAM FILES\THINKPAD\BLUETOOTH SOFTWARE\BTWDINS.EXE"
"C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe"
"C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe"
"C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe"
C:\Windows\system32\CxAudMsg64.exe
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
"C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe"
"C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service
"C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe"
"C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe"
"C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe"
"C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe"
"C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\MEMU_ANDROID\Microvirt\MEmu\MemuService.exe
"C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe" "C:/Program Files (x86)/Mobile Partner/UpdateDog/"
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\SysWOW64\SAsrv.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe"
"C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe"
"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe"
C:\WINDOWS\SYSWOW64\VMNAT.EXE
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
C:\WINDOWS\SYSWOW64\VMNETDHCP.EXE
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
"C:\Windows\system32\LPlatSvc.exe" -EM
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\ProgramData\DatacardService\DCSHelper.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\Windows\system32\rundll32.exe "C:\Program Files\LENOVO\HOTKEY\hotkey.dll",InstallAudioHotkeyHook
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.FullScreenMagnifier
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.OnScreenDisplay
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.ShortcutKey
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe"
"C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe"
"C:\Windows\System32\TpShocks.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Conexant\SAII\SmartAudio.exe" /t
"C:\Users\ITjopo\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide
"C:\Users\ITjopo\AppData\Local\Viber\Viber.exe" StartMinimized
"C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Windows\SysWOW64\rundll32.exe
"C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe"
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
"C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
"C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe" /AUTOHIDE
C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe" /IpNotifyInstance
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Lenovo\System Update\SUService.exe"
C:\Windows\system32\cmd.exe
\??\C:\Windows\system32\conhost.exe "-206472239-1907489185-2082378352-1130062887-1588520289-112820130494560964-198527016
"C:\Users\ITjopo\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe"
"C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -incognito
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\ITjopo\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\ITjopo\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\ITjopo\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=63.0.3239.108 --initial-client-data=0x80,0x84,0x88,0x7c,0x8c,0x7fed7785720,0x7fed7785760,0x7fed7785738
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=5084 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1196,14009604587343327002,1542520584141291312,131072 --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.17.10.4229 --gpu-driver-date=5-26-2015 --service-request-channel-token=061BB5599D81ABF84E0614B81585335A --mojo-platform-channel-handle=1208 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1196,14009604587343327002,1542520584141291312,131072 --disable-databases --service-pipe-token=61D2BF53DC270D694EA0C85225F5B938 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --service-request-channel-token=61D2BF53DC270D694EA0C85225F5B938 --renderer-client-id=7 --mojo-platform-channel-handle=3912 /prefetch:1
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\ITjopo\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

====== Scheduled tasks folder ======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\SystemToolsDailyTest.job - C:\Program Files\PC-Doctor\uaclauncher.exe -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently
C:\Windows\system32\tasks\Adobe Flash Player PPAPI Notifier - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe -check pepperplugin
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\AutoKMS - C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\system32\tasks\AutoPico Daily Restart - "C:\Program Files\KMSpico\AutoPico.exe" /silent
C:\Windows\system32\tasks\CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\DiskUpdate - C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic
C:\Windows\system32\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon - "C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe" --automatic
C:\Windows\system32\tasks\Launch HTC Sync Loader - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe -startup
C:\Windows\system32\tasks\MCP - "C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" /start
C:\Windows\system32\tasks\PCDEventLauncher - "C:\Program Files\PC-Doctor\sessionchecker.exe"
C:\Windows\system32\tasks\PMTask - C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe
C:\Windows\system32\tasks\SamsungMagician - "C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe" /AUTOHIDE
C:\Windows\system32\tasks\Synaptics TouchPad Enhancements - \Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\tasks\SystemToolsDailyTest - C:\Program Files\PC-Doctor\uaclauncher.exe -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-224352450-729261209-1096973701-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\TVT\TVSUUpdateTask - "C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe" /CM -search C -action INSTALL -includerebootpackages 1,3,4 -noicon -noreboot -nolicense -defaultupdate -schtask
C:\Windows\system32\tasks\TVT\TVSUUpdateTask_UserLogOn - "C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe" PendingTask
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\PLA\LSC Memory - C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Lpksetup - C:\Windows\System32\lpksetup.exe -v
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Mcbuilder - C:\Windows\System32\mcbuilder.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate_scheduled - %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Microsoft\Office\Office 15 Subscription Heartbeat - %ProgramFiles%\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 - "C:\Program Files\Microsoft Office\Office16\msoia.exe" scan upload mininterval:2880
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 - "C:\Program Files\Microsoft Office\Office16\msoia.exe" scan upload
C:\Windows\system32\tasks\Lenovo\Lenovo Customer Feedback Program - "%ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"
C:\Windows\system32\tasks\Lenovo\Lenovo Customer Feedback Program 64 - "%ProgramFiles(x86)%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"
C:\Windows\system32\tasks\Lenovo\Lenovo Solution Center Launcher - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe UpdateStatus
C:\Windows\system32\tasks\Lenovo\SROptimizer - %TRPATH%\SRORest.exe
C:\Windows\system32\tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-224352450-729261209-1096973701-1000 - "C:\Users\ITjopo\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe"
C:\Windows\system32\tasks\Intel\Intel Telemetry 2 - C:\Program Files\Intel\Telemetry 2.0\lrio.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\ITjopo\AppData\Roaming\Mozilla\Firefox\Profiles\ou6udbes.default

prefs.js - "browser.startup.homepage" - "www.qr.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 28.0.0.126 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1231201.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.66.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.66.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~4\Office16\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 28.0.0.126 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


C:\Users\ITjopo\AppData\Roaming\Mozilla\Firefox\Profiles\ou6udbes.default\extensions\
staged

C:\Users\ITjopo\AppData\Roaming\Mozilla\Firefox\Profiles\ou6udbes.default\addons.json
uBlock Origin - extension - uBlock0@raymondhill.net
AdBlocker for YouTube™ - extension - jid1-q4sG8pYhq8KGHs@jetpack
NoScript - extension - {73a6fe31-595d-460b-a920-fcc0f8843232}
Ghostery - extension - firefox@ghostery.com
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
Element Hiding Helper pre Adblock Plus - extension - elemhidehelper@adblockplus.org

C:\Users\ITjopo\AppData\Roaming\Mozilla\Firefox\Profiles\ou6udbes.default\extensions.json
ThinkVantage Password Manager - extension - {F74D5734-46F5-4B16-96F0-1E7FBF41B750} -
AdBlocker for YouTube™ - webextension - jid1-q4sG8pYhq8KGHs@jetpack -
Element Hiding Helper for Adblock Plus - extension - elemhidehelper@adblockplus.org -
NoScript - webextension - {73a6fe31-595d-460b-a920-fcc0f8843232} -
Application Update Service Helper - extension - aushelper@mozilla.org -
Multi-process staged rollout - extension - e10srollout@mozilla.org -
Pocket - extension - firefox@getpocket.com -
Web Compat - extension - webcompat@mozilla.org -
Firefox Screenshots - extension - screenshots@mozilla.org -
Follow-on Search Telemetry - extension - followonsearch@mozilla.com -
Shield Recipe Client - extension - shield-recipe-client@mozilla.org -
Activity Stream - extension - activity-stream@mozilla.org -
Form Autofill - extension - formautofill@mozilla.org -
Photon onboarding - extension - onboarding@mozilla.org -
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} -
Disable Media WMF NV12 format - extension - disable-media-wmf-nv12@mozilla.org -
Adblock Plus - webextension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -
Ghostery - webextension - firefox@ghostery.com -

C:\Users\ITjopo\AppData\Roaming\Mozilla\Firefox\Profiles\ou6udbes.default\pluginreg.dat
Plugin - Shockwave Flash - 28.0.0.126 - C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll

=========Google Chrome=========

C:\Users\ITjopo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentácie 0.10
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Web Store 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty 0.10
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabuľky 1.2
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google v režime offline 1.4
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension lifbcibllhkdhoafpjfnlhfpfgnpldfl 2 Skype 8.5.0.9167
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.5
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.3
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 6317.1002.0.5
Homepage:
default_search_provider.search_url:
C:\Users\ITjopo\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl]
"Path"=C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx


======Registry dump ======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FA83AD4F-B3B6-4482-A427-20AA783CB840}]
"URL"=http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{FA83AD4F-B3B6-4482-A427-20AA783CB840}]
"URL"=http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office16\URLREDIR.DLL [2015-07-31 580312]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-21 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office16\URLREDIR.DLL [2015-07-31 403672]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]
IePasswordManagerHelper Class - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2012-09-03 767912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\PROGRA~2\MICROS~4\Office16\GROOVEEX.DLL [2017-07-11 1524016]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-21 172640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LENOVO.TPKNRRES"=C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [2013-05-29 60920]
"TpShocks"=tpshocks.exe []
"IntelPROSet"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2014-01-17 4876528]
"AcWin7Hlpr"=C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [2017-03-17 70760]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2016-03-01 183216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2016-03-01 411056]
"Persistence"=C:\Windows\system32\igfxpers.exe [2016-03-01 453544]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2010-12-14 316032]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2013-11-21 36352]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\ecmds.exe [2017-11-06 323328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"f.lux"=C:\Users\ITjopo\AppData\Local\FluxSoftware\Flux\flux.exe [2017-10-10 1678840]
"Viber"=C:\Users\ITjopo\AppData\Local\Viber\Viber.exe [2017-12-12 34472016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALCKRESI.EXE]
C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [2013-04-15 388600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2012-09-03 5958056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
c:\windows\system32\igfxtray.exe [2016-03-01 183216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPKNRRES]
c:\program files\lenovo\communications utility\tpknrres.exe [2013-05-29 60920]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"=rundll32 C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL,PwrMgrBkGndMonitor []
"RotateImage"=C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [2008-10-30 55808]
"DSATray"=C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [2017-12-05 131360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2013-03-05 136488]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages" = scecli
C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"vidc.XVID"=xvidvfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

====== File associations ======

.js - edit - C:\Windows\System32\Notepad.exe %1

====== List of files/folders created in the last 1 month ======

2017-12-21 17:35:31 ----D---- C:\rsit
2017-12-21 17:14:51 ----D---- C:\AdwCleaner
2017-12-20 19:31:12 ----SHD---- C:\$RECYCLE.BIN
2017-12-20 19:30:21 ----SD---- C:\32788R22FWJFW
2017-12-20 18:30:32 ----D---- C:\Windows\erdnt
2017-12-20 18:02:12 ----A---- C:\autoexec.bat
2017-12-17 21:46:43 ----D---- C:\MEMU_ANDROID
2017-12-13 17:47:15 ----A---- C:\Windows\system32\mshtml.dll
2017-12-13 17:47:14 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-12-13 17:47:13 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-12-13 17:47:13 ----A---- C:\Windows\system32\ieframe.dll
2017-12-13 17:47:12 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-12-13 17:47:12 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-12-13 17:47:12 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-12-13 17:47:12 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-12-13 17:47:12 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-12-13 17:47:12 ----A---- C:\Windows\system32\vbscript.dll
2017-12-13 17:47:12 ----A---- C:\Windows\system32\urlmon.dll
2017-12-13 17:47:12 ----A---- C:\Windows\system32\jscript9.dll
2017-12-13 17:47:12 ----A---- C:\Windows\system32\jscript.dll
2017-12-13 17:47:12 ----A---- C:\Windows\system32\iprtrmgr.dll
2017-12-13 17:47:12 ----A---- C:\Windows\system32\iedkcs32.dll
2017-12-13 17:47:11 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-12-13 17:47:11 ----A---- C:\Windows\SYSWOW64\rtm.dll
2017-12-13 17:47:11 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-12-13 17:47:11 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-12-13 17:47:11 ----A---- C:\Windows\SYSWOW64\mprdim.dll
2017-12-13 17:47:11 ----A---- C:\Windows\SYSWOW64\itss.dll
2017-12-13 17:47:11 ----A---- C:\Windows\SYSWOW64\itircl.dll
2017-12-13 17:47:11 ----A---- C:\Windows\SYSWOW64\iprtrmgr.dll
2017-12-13 17:47:11 ----A---- C:\Windows\SYSWOW64\iprtprio.dll
2017-12-13 17:47:11 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-12-13 17:47:11 ----A---- C:\Windows\system32\wininet.dll
2017-12-13 17:47:11 ----A---- C:\Windows\system32\rtm.dll
2017-12-13 17:47:11 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-12-13 17:47:11 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-12-13 17:47:11 ----A---- C:\Windows\system32\msfeeds.dll
2017-12-13 17:47:11 ----A---- C:\Windows\system32\mprdim.dll
2017-12-13 17:47:11 ----A---- C:\Windows\system32\itss.dll
2017-12-13 17:47:11 ----A---- C:\Windows\system32\itircl.dll
2017-12-13 17:47:11 ----A---- C:\Windows\system32\iprtprio.dll
2017-12-13 17:47:11 ----A---- C:\Windows\system32\iertutil.dll
2017-12-13 17:47:10 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-12-13 17:47:10 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-12-13 17:47:10 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-12-13 17:47:10 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-12-13 17:47:10 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-12-13 17:47:10 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-12-13 17:47:10 ----A---- C:\Windows\system32\webcheck.dll
2017-12-13 17:47:10 ----A---- C:\Windows\system32\msrating.dll
2017-12-13 17:47:10 ----A---- C:\Windows\system32\mshtmled.dll
2017-12-13 17:47:10 ----A---- C:\Windows\system32\jscript9diag.dll
2017-12-13 17:47:10 ----A---- C:\Windows\system32\ieui.dll
2017-12-13 17:47:10 ----A---- C:\Windows\system32\ieapfltr.dll
2017-12-13 17:47:10 ----A---- C:\Windows\system32\dxtrans.dll
2017-12-13 17:47:10 ----A---- C:\Windows\system32\dxtmsft.dll
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\tzres.dll
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-12-13 17:47:09 ----A---- C:\Windows\system32\tzres.dll
2017-12-13 17:47:09 ----A---- C:\Windows\system32\occache.dll
2017-12-13 17:47:09 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-12-13 17:47:09 ----A---- C:\Windows\system32\jsproxy.dll
2017-12-13 17:47:09 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-12-13 17:47:09 ----A---- C:\Windows\system32\inseng.dll
2017-12-13 17:47:09 ----A---- C:\Windows\system32\ieUnatt.exe
2017-12-13 17:47:09 ----A---- C:\Windows\system32\iesetup.dll
2017-12-13 17:47:09 ----A---- C:\Windows\system32\iernonce.dll
2017-12-13 17:47:09 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-12-13 17:47:09 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-12-13 17:47:09 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-12-13 17:47:09 ----A---- C:\Windows\system32\ie4uinit.exe
2017-12-11 23:12:15 ----D---- C:\Program Files (x86)\Intel Driver and Support Assistant
2017-12-03 22:41:43 ----D---- C:\ProgramData\ESET
2017-12-03 22:41:43 ----D---- C:\Program Files\ESET
2017-12-03 22:00:39 ----D---- C:\Users\ITjopo\AppData\Roaming\vlc
2017-11-28 22:33:46 ----A---- C:\Windows\system32\win32k.sys
2017-11-28 22:33:45 ----A---- C:\Windows\SYSWOW64\gpedit.dll
2017-11-28 22:33:45 ----A---- C:\Windows\system32\gpedit.dll
2017-11-28 22:33:45 ----A---- C:\Windows\system32\drivers\rdbss.sys

====== List of files/folders modified in the last 1 month ======

2017-12-21 17:35:34 ----D---- C:\Program Files\trend micro
2017-12-21 17:34:59 ----D---- C:\Windows\temp
2017-12-21 17:31:35 ----D---- C:\Windows\inf
2017-12-21 17:31:34 ----D---- C:\Windows
2017-12-21 17:24:20 ----D---- C:\Windows\System32
2017-12-21 17:24:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-12-21 17:19:16 ----A---- C:\Windows\SYSWOW64\log.txt
2017-12-21 17:17:13 ----D---- C:\ProgramData\VMware
2017-12-21 17:16:36 ----D---- C:\Windows\system32\config
2017-12-21 16:56:12 ----D---- C:\Users\ITjopo\AppData\Roaming\ViberPC
2017-12-20 19:31:13 ----D---- C:\Users\ITjopo\AppData\Roaming\TeamViewer
2017-12-20 19:30:53 ----SHD---- C:\System Volume Information
2017-12-20 19:29:40 ----D---- C:\Windows\system32\drivers
2017-12-20 18:58:24 ----A---- C:\Windows\system.ini
2017-12-20 18:56:01 ----D---- C:\Windows\system32\drivers\etc
2017-12-20 18:40:59 ----D---- C:\ProgramData
2017-12-20 18:34:11 ----D---- C:\ProgramData\TEMP
2017-12-20 18:34:02 ----D---- C:\Windows\SYSWOW64\drivers
2017-12-20 18:34:02 ----D---- C:\Windows\SysWOW64
2017-12-20 18:34:02 ----D---- C:\Windows\AppPatch
2017-12-20 18:34:01 ----D---- C:\Program Files (x86)\Common Files
2017-12-20 18:26:38 ----RD---- C:\Program Files
2017-12-20 18:01:42 ----D---- C:\Windows\system32\Tasks
2017-12-19 18:17:28 ----D---- C:\ProgramData\Foxit Software
2017-12-19 13:05:36 ----D---- C:\Program Files (x86)\TeamViewer
2017-12-17 13:42:34 ----D---- C:\Windows\Prefetch
2017-12-16 21:25:00 ----D---- C:\Windows\rescache
2017-12-16 17:11:37 ----D---- C:\Users\ITjopo\AppData\Roaming\Skype
2017-12-14 17:44:28 ----SHD---- C:\Windows\Installer
2017-12-14 17:44:27 ----D---- C:\Config.Msi
2017-12-13 23:29:29 ----D---- C:\Windows\debug
2017-12-13 23:28:47 ----D---- C:\Windows\Tasks
2017-12-13 23:28:46 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-12-13 23:28:43 ----D---- C:\Windows\system32\Macromed
2017-12-13 23:28:36 ----D---- C:\Windows\SYSWOW64\Macromed
2017-12-13 17:56:08 ----D---- C:\Windows\winsxs
2017-12-13 17:54:45 ----D---- C:\Windows\SYSWOW64\sk-SK
2017-12-13 17:54:45 ----D---- C:\Windows\SYSWOW64\Setup
2017-12-13 17:54:45 ----D---- C:\Windows\SYSWOW64\en-US
2017-12-13 17:54:45 ----D---- C:\Windows\system32\sk-SK
2017-12-13 17:54:45 ----D---- C:\Windows\system32\Setup
2017-12-13 17:54:45 ----D---- C:\Windows\system32\en-US
2017-12-13 17:54:45 ----D---- C:\Program Files\Internet Explorer
2017-12-13 17:54:45 ----D---- C:\Program Files (x86)\Internet Explorer
2017-12-13 17:52:59 ----D---- C:\ProgramData\Microsoft Help
2017-12-13 17:51:29 ----D---- C:\Windows\system32\MRT
2017-12-13 17:48:03 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2017-12-13 17:47:56 ----AC---- C:\Windows\system32\MRT.exe
2017-12-13 17:45:55 ----D---- C:\Windows\system32\catroot2
2017-12-12 16:36:03 ----D---- C:\Program Files\Mozilla Firefox
2017-12-12 16:36:03 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-11 23:12:42 ----D---- C:\ProgramData\Package Cache
2017-12-11 23:12:15 ----D---- C:\Program Files (x86)
2017-12-03 22:41:57 ----D---- C:\Windows\system32\DriverStore
2017-12-03 22:25:17 ----D---- C:\Program Files (x86)\VirtualDJ
2017-12-03 22:00:54 ----D---- C:\Users\ITjopo\AppData\Roaming\MyPhoneExplorer
2017-12-03 21:45:08 ----D---- C:\Users\ITjopo\AppData\Roaming\uTorrent
2017-12-03 21:45:08 ----D---- C:\Users\ITjopo\AppData\Roaming\Notepad++
2017-12-03 21:37:48 ----D---- C:\Windows\system32\catroot
2017-12-03 21:28:26 ----D---- C:\Program Files\Lenovo
2017-12-03 21:27:23 ----D---- C:\Windows\Downloaded Installations
2017-11-29 19:07:20 ----HD---- C:\Windows\system32\WLANProfiles
2017-11-28 22:48:14 ----RSD---- C:\Windows\Fonts

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R0 DzHDD64;DzHDD64; C:\Windows\System32\DRIVERS\DzHDD64.sys [2017-07-27 29512]
R0 edevmon;edevmon; C:\Windows\system32\DRIVERS\edevmon.sys [2017-11-09 107840]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2012-05-30 569152]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2013-11-21 632168]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2013-11-21 28008]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [2011-03-29 139888]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [2011-03-29 23664]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 DNE;DNE LightWeight Filter; C:\Windows\system32\DRIVERS\dnelwf64.sys [2015-10-14 327976]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2017-11-09 133344]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2017-11-09 180088]
R1 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2017-11-09 77720]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2013-05-22 15472]
R1 PHCORE;PHCORE; \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [2012-03-26 33344]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2011-11-15 125376]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2017-07-27 39264]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2015-01-07 55488]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 17024]
R2 memudrv;memudrv; \??\C:\MEMU_ANDROID\Microvirt\MEmuHyperv\MEmuDrv.sys [2015-11-02 260368]
R2 risdxc;risdxc; C:\Windows\system32\DRIVERS\risdxc64.sys [2011-05-25 101888]
R2 smihlp2;SMI Helper Driver (smihlp2); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 13128]
R3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
R3 CAXHWAZL;CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-30 292864]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2014-03-25 1588440]
R3 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2011-03-04 306536]
R3 cykbfltrService;Cypress Keyboard Filter Driver; C:\Windows\system32\DRIVERS\cykbfltr.sys [2012-04-02 14848]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C; C:\Windows\system32\DRIVERS\e1c62x64.sys [2016-03-29 498640]
R3 ETDSMBus;ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [2016-07-20 32344]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys [2009-06-30 1486848]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2013-11-30 91648]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2017-09-05 86912]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2016-03-01 5384728]
R3 IntcDAud;Intel(R) Zvuk pre obrazovky; C:\Windows\system32\DRIVERS\IntcDAud.sys [2015-09-17 463112]
R3 iwdbus;IWD Bus Enumerator; C:\Windows\system32\DRIVERS\iwdbus.sys [2013-11-11 25528]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-11-09 57376]
R3 NAL;Nal Service ; \??\C:\Windows\system32\Drivers\iqvw64e.sys [2016-09-03 50640]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwsw01.sys [2015-05-04 11534096]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2011-12-27 40248]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2016-09-20 633432]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2016-02-05 147904]
S3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter; C:\Windows\system32\DRIVERS\AMPPAL.sys [2013-07-29 164832]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\drivers\bthpan.sys [2017-07-06 119296]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2012-04-01 594472]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2012-04-01 184872]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2012-03-05 210984]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-09-17 39976]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2012-03-05 21544]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CVirtA;Cisco Systems VPN Adapter for 64-bit Windows; C:\Windows\system32\DRIVERS\CVirtA64.sys [2010-02-08 14992]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 EsgScanner;EsgScanner; C:\Windows\system32\DRIVERS\EsgScanner.sys []
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2013-01-25 109568]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-12-22 14976]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2011-10-09 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2011-10-09 27176]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
S3 HtcVCom32;HTC Diagnostic Port; C:\Windows\system32\DRIVERS\HtcVComV64.sys [2010-03-09 121800]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2013-11-30 226176]
S3 hwusb_cdcacm;hwusb_cdcacm; C:\Windows\system32\DRIVERS\ew_cdcacm.sys [2014-07-25 125952]
S3 hwusb_wwanecm;hwusb_wwanecm; C:\Windows\system32\DRIVERS\ew_wwanecm.sys [2014-09-30 380672]
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2013-11-11 35256]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pmxdrv;pmxdrv; \??\C:\Windows\system32\drivers\pmxdrv.sys [2017-12-20 31152]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-26 19456]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 semav6msr64;semav6msr64; \??\C:\Windows\system32\drivers\semav6msr64.sys [2016-10-18 21984]
S3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2014-07-28 45296]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-10-26 30208]

====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R2 AcPrfMgrSvc;AcPrfMgrSvc; C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe [2017-03-17 140392]
R2 AcSvc;AcSvc; C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe [2017-03-17 283752]
R2 btwdins;Bluetooth Service; C:\PROGRAM FILES\THINKPAD\BLUETOOTH SOFTWARE\BTWDINS.EXE [2012-04-01 957216]
R2 connect2hotspot;Connect2 Hotspot Service; C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe [2017-02-08 100680]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe [2011-03-04 1529856]
R2 CxAudMsg;@C:\Windows\system32\CxAudMsg64.exe,-100; C:\Windows\system32\CxAudMsg64.exe [2010-12-17 198784]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll" = %SystemRoot%\system32\diagtrack.dll
R2 DSAService;Intel(R) Driver & Support Assistant; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [2017-12-05 22304]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2017-11-06 1994608]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2016-06-23 642464]
R2 FoxitReaderService;Foxit Reader Service; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [2017-12-11 1659456]
R2 HsfXAudioService;HsfXAudioService; %SystemRoot%\system32\svchost.exe -k HsfXAudioService;"ServiceDll" = C:\Windows\SysWOW64\XAudio64.dll
R2 HTCMonitorService;HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2014-04-02 87368]
R2 HWDeviceService64.exe;HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [2014-01-15 351824]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-11-21 15720]
R2 IBMPMSVC;Lenovo PM Service; C:\Windows\system32\ibmpmsvc.exe [2017-09-05 830032]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2014-07-09 214464]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2013-05-29 44024]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2014-05-27 110128]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2013-05-29 62456]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-07-02 327672]
R2 LPlatSvc;Lenovo Platform Service; C:\Windows\system32\LPlatSvc.exe [2017-09-05 774736]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MEmusvc;MEmusvc; C:\MEMU_ANDROID\Microvirt\MEmu\MemuService.exe [2017-05-26 269480]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2016-06-23 157088]
R2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe []
R2 SROSVC;Screen Reading Optimizer Service Program; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2012-03-05 446800]
R2 SynTPEnhService;SynTPEnh Caller Service; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-09-20 250456]
R2 TeamViewer;TeamViewer 13; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2017-12-15 10945776]
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2014-06-10 125424]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2014-05-27 125488]
R2 TSSCoreService;TSS Core Service; C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe [2012-09-03 989096]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2015-07-30 5132888]
R3 Power Manager DBC Service;Power Manager Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2017-07-27 1669488]
R3 SUService;System Update; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [2017-08-16 23928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-04 153752]
S2 HyperW7Svc;HyperW7 Service; C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-04-23 145472]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [2013-10-26 651856]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-07-18 317408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-13 272384]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2016-03-01 290224]
S3 DozeSvc;Lenovo Doze Mode Service; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2017-07-27 326160]
S3 EHttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\ehttpsrv.exe [2017-11-06 55928]
S3 eshasrv;ESET SHA Service; C:\Program Files\ESET\ESET NOD32 Antivirus\eshasrv.exe [2017-11-06 197240]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-04 153752]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-11-14 116224]
S3 iumsvc;Intel(R) Update Manager; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28 174368]
S3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [2015-01-15 619776]
S3 LSC.Services.SystemService;Lenovo Solution Center System Service; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [2017-06-09 271128]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-12-11 194000]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2016-06-23 268704]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2015-07-22 3611808]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2017-09-13 253128]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\system32\storsvc.dll
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG64.exe [2011-03-29 47728]
S4 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\appmgmts.dll
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\cscsvc.dll
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll" = %SystemRoot%\system32\peerdistsvc.dll
S4 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-08-15 76888]

-----------------EOF-----------------

_________________
The Prodigy

CCleaner|HJT|SFF|MWAV|Vundo,Virtumonde


Nahoru
 Profil  
 
 Předmět příspěvku: Re: Eset zachytil coinminer
PříspěvekNapsal: 21 pro 2017 18:41 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 109481
Bydliště: Plzeň
Zdravím!
Spusťte tuto utilitu:

Citace:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
 
 Předmět příspěvku: Re: Eset zachytil coinminer
PříspěvekNapsal: 21 pro 2017 19:01 
Offline
Vzorný návštěvník
Vzorný návštěvník

Registrován: 02 bře 2007 20:31
Příspěvky: 80
Bydliště: SK- kusok od TN
vyssie som spominal ze adwcleaner nenasiel nic, ale pustil aj tak, prikladam log

# AdwCleaner 7.0.5.0 - Logfile created on Thu Dec 21 18:00:34 2017
# Updated on 2017/29/11 by Malwarebytes
# Database: 12-19-2017.1
# Running on Windows 7 Professional (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1139 B] - [2017/12/21 16:16:33]
C:/AdwCleaner/AdwCleaner[S0].txt - [970 B] - [2017/12/21 16:16:21]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

_________________
The Prodigy

CCleaner|HJT|SFF|MWAV|Vundo,Virtumonde


Nahoru
 Profil  
 
 Předmět příspěvku: Re: Eset zachytil coinminer
PříspěvekNapsal: 21 pro 2017 20:01 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 109481
Bydliště: Plzeň
Toto je OK. Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

Citace:
:files
C:\Windows\system32\tasks\AutoKMS
C:\Windows\AutoKMS
C:\Windows\system32\tasks\AutoPico Daily Restart
C:\Program Files\KMSpico
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA
C:\Program Files (x86)\Skype\Toolbars

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FA83AD4F-B3B6-4482-A427-20AA783CB840}]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{FA83AD4F-B3B6-4482-A427-20AA783CB840}]/64

:commands
[Purity]
[Emptytemp]
[Emptyflash]


a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
 
 Předmět příspěvku: Re: Eset zachytil coinminer
PříspěvekNapsal: 21 pro 2017 20:13 
Offline
Vzorný návštěvník
Vzorný návštěvník

Registrován: 02 bře 2007 20:31
Příspěvky: 80
Bydliště: SK- kusok od TN
novy RSIT log po OTM cisteni

Logfile of random's system information tool 1.16 (written by random/random)
Run by ITjopo at 2017-12-21 20:12:01
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 100 GB (50%) free of 200 GB
Total RAM: 8075 MB (64% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:12:05, on 21. 12. 2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18860)
Boot mode: Normal

Running processes:
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\Users\ITjopo\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Users\ITjopo\AppData\Local\Viber\Viber.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\trend micro\ITjopo_RSITx64.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office16\URLREDIR.DLL
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~4\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [DSATray] C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [f.lux] "C:\Users\ITjopo\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Viber] C:\Users\ITjopo\AppData\Local\Viber\Viber.exe StartMinimized
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office16\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - http://trensqad:18080/qadhome/client/setup.ocx
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.co ... 5.24.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A9FE76F-2539-433F-BA9C-B788E5315F75}: NameServer = 213.151.222.34 85.237.225.250
O17 - HKLM\System\CCS\Services\Tcpip\..\{A514C6E4-F26B-4881-9ED3-AB856C0B055A}: NameServer = 213.151.222.34 85.237.225.250
O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\PROGRAM FILES\THINKPAD\BLUETOOTH SOFTWARE\BTWDINS.EXE
O23 - Service: Connect2 Hotspot Service (connect2hotspot) - Lenovo - C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
O23 - Service: Intel(R) Driver & Support Assistant (DSAService) - Intel - C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ehttpsrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ESET SHA Service (eshasrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\eshasrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Reader Service (FoxitReaderService) - Foxit Software Inc. - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Lenovo Platform Service (LPlatSvc) - Unknown owner - C:\Windows\system32\LPlatSvc.exe (file missing)
O23 - Service: Lenovo Solution Center System Service (LSC.Services.SystemService) - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe
O23 - Service: MEmusvc - Microvirt Software Technology Co. Ltd. - C:\MEMU_ANDROID\Microvirt\MEmu\MemuService.exe
O23 - Service: Mobile Partner. OUC (Mobile Partner. RunOuc) - Unknown owner - C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Power Manager Service (Power Manager DBC Service) - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Screen Reading Optimizer Service Program (SROSVC) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: TeamViewer 13 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\PROGRAM FILES\INTEL\TURBOBOOST\TURBOBOOST.EXE
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Správca poverení (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\SYSWOW64\VMNETDHCP.EXE
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\SYSWOW64\VMNAT.EXE
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 16082 bytes

====== Enumerating Processes ======

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\LPlatSvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-b694dcc3-57ea-49fe-a72c-5e5a24365e05 -SystemEventPortName:HostProcess-e65937ef-ec35-4068-aeb9-314b797daa38 -IoCancelEventPortName:HostProcess-5fd49979-5a23-4f93-817f-ba1a0d0cedfa -NonStateChangingEventPortName:HostProcess-89924fce-df6e-46ef-a566-c84bff5f7f58 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:115ba87f-b221-4663-835a-695d526548ee -DeviceGroupId:
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe 22850320
\??\C:\Windows\system32\conhost.exe "70895918-1749465122243723443-1820972773-1920905481-17333937892619372222015951235
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
"C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe"
"C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe"
"C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe"
"C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe"
"C:\PROGRAM FILES\THINKPAD\BLUETOOTH SOFTWARE\BTWDINS.EXE"
"C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe"
"C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe"
"C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe"
C:\Windows\system32\CxAudMsg64.exe
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe"
C:\Windows\system32\svchost.exe -k HsfXAudioService
"C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe"
"C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service
"C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe"
"C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe"
"C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe"
"C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe"
"C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\MEMU_ANDROID\Microvirt\MEmu\MemuService.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe" "C:/Program Files (x86)/Mobile Partner/UpdateDog/"
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\SysWOW64\SAsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe"
"C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe"
"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe"
C:\WINDOWS\SYSWOW64\VMNAT.EXE
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
C:\WINDOWS\SYSWOW64\VMNETDHCP.EXE
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe
C:\Windows\system32\rundll32.exe "C:\Program Files\LENOVO\HOTKEY\hotkey.dll",InstallAudioHotkeyHook
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.FullScreenMagnifier
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.OnScreenDisplay
C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.ShortcutKey
"C:\ProgramData\DatacardService\DCSHelper.exe"
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
"C:\Windows\system32\LPlatSvc.exe" -EM
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\Windows\system32\rundll32.exe "C:\Program Files\LENOVO\HOTKEY\hotkey.dll",InstallAudioHotkeyHook
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
C:\Windows\system32\taskeng.exe
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe"
"C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe" /IpNotifyInstance
C:\Windows\system32\taskeng.exe
"C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe" /AUTOHIDE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Lenovo\System Update\SUService.exe"
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\system32\cmd.exe
\??\C:\Windows\system32\conhost.exe "-1427814676-1584151558-16467904929554113601118520484293435571191748850447011528
"C:\Users\ITjopo\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe"
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe"
"C:\Windows\System32\TpShocks.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Conexant\SAII\SmartAudio.exe" /t
"C:\Users\ITjopo\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide
"C:\Users\ITjopo\AppData\Local\Viber\Viber.exe" StartMinimized
"C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
"C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe"
"C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Users\ITjopo\Desktop\RSITx64.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

====== Scheduled tasks folder ======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\SystemToolsDailyTest.job - C:\Program Files\PC-Doctor\uaclauncher.exe -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently
C:\Windows\system32\tasks\Adobe Flash Player PPAPI Notifier - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe -check pepperplugin
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\AutoKMS - C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\system32\tasks\AutoPico Daily Restart - "C:\Program Files\KMSpico\AutoPico.exe" /silent
C:\Windows\system32\tasks\CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\DiskUpdate - C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic
C:\Windows\system32\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon - "C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe" --automatic
C:\Windows\system32\tasks\Launch HTC Sync Loader - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe -startup
C:\Windows\system32\tasks\MCP - "C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" /start
C:\Windows\system32\tasks\PCDEventLauncher - "C:\Program Files\PC-Doctor\sessionchecker.exe"
C:\Windows\system32\tasks\PMTask - C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe
C:\Windows\system32\tasks\SamsungMagician - "C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe" /AUTOHIDE
C:\Windows\system32\tasks\Synaptics TouchPad Enhancements - \Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\tasks\SystemToolsDailyTest - C:\Program Files\PC-Doctor\uaclauncher.exe -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-224352450-729261209-1096973701-1000 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\TVT\TVSUUpdateTask - "C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe" /CM -search C -action INSTALL -includerebootpackages 1,3,4 -noicon -noreboot -nolicense -defaultupdate -schtask
C:\Windows\system32\tasks\TVT\TVSUUpdateTask_UserLogOn - "C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe" PendingTask
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\PLA\LSC Memory - C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Lpksetup - C:\Windows\System32\lpksetup.exe -v
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Mcbuilder - C:\Windows\System32\mcbuilder.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate_scheduled - %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Microsoft\Office\Office 15 Subscription Heartbeat - %ProgramFiles%\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 - "C:\Program Files\Microsoft Office\Office16\msoia.exe" scan upload mininterval:2880
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 - "C:\Program Files\Microsoft Office\Office16\msoia.exe" scan upload
C:\Windows\system32\tasks\Lenovo\Lenovo Customer Feedback Program - "%ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"
C:\Windows\system32\tasks\Lenovo\Lenovo Customer Feedback Program 64 - "%ProgramFiles(x86)%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"
C:\Windows\system32\tasks\Lenovo\Lenovo Solution Center Launcher - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe UpdateStatus
C:\Windows\system32\tasks\Lenovo\SROptimizer - %TRPATH%\SRORest.exe
C:\Windows\system32\tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-224352450-729261209-1096973701-1000 - "C:\Users\ITjopo\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe"
C:\Windows\system32\tasks\Intel\Intel Telemetry 2 - C:\Program Files\Intel\Telemetry 2.0\lrio.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\ITjopo\AppData\Roaming\Mozilla\Firefox\Profiles\ou6udbes.default

prefs.js - "browser.startup.homepage" - "www.qr.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 28.0.0.126 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1231201.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.151.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.151.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~4\Office16\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 28.0.0.126 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


C:\Users\ITjopo\AppData\Roaming\Mozilla\Firefox\Profiles\ou6udbes.default\extensions\
staged

C:\Users\ITjopo\AppData\Roaming\Mozilla\Firefox\Profiles\ou6udbes.default\addons.json
uBlock Origin - extension - uBlock0@raymondhill.net
AdBlocker for YouTube™ - extension - jid1-q4sG8pYhq8KGHs@jetpack
NoScript - extension - {73a6fe31-595d-460b-a920-fcc0f8843232}
Ghostery - extension - firefox@ghostery.com
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
Element Hiding Helper pre Adblock Plus - extension - elemhidehelper@adblockplus.org

C:\Users\ITjopo\AppData\Roaming\Mozilla\Firefox\Profiles\ou6udbes.default\extensions.json
ThinkVantage Password Manager - extension - {F74D5734-46F5-4B16-96F0-1E7FBF41B750} -
AdBlocker for YouTube™ - webextension - jid1-q4sG8pYhq8KGHs@jetpack -
Element Hiding Helper for Adblock Plus - extension - elemhidehelper@adblockplus.org -
NoScript - webextension - {73a6fe31-595d-460b-a920-fcc0f8843232} -
Application Update Service Helper - extension - aushelper@mozilla.org -
Multi-process staged rollout - extension - e10srollout@mozilla.org -
Pocket - extension - firefox@getpocket.com -
Web Compat - extension - webcompat@mozilla.org -
Firefox Screenshots - extension - screenshots@mozilla.org -
Follow-on Search Telemetry - extension - followonsearch@mozilla.com -
Shield Recipe Client - extension - shield-recipe-client@mozilla.org -
Activity Stream - extension - activity-stream@mozilla.org -
Form Autofill - extension - formautofill@mozilla.org -
Photon onboarding - extension - onboarding@mozilla.org -
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} -
Disable Media WMF NV12 format - extension - disable-media-wmf-nv12@mozilla.org -
Adblock Plus - webextension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -
Ghostery - webextension - firefox@ghostery.com -

C:\Users\ITjopo\AppData\Roaming\Mozilla\Firefox\Profiles\ou6udbes.default\pluginreg.dat
Plugin - Shockwave Flash - 28.0.0.126 - C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll

=========Google Chrome=========

C:\Users\ITjopo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentácie 0.10
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Web Store 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty 0.10
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabuľky 1.2
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google v režime offline 1.4
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension lifbcibllhkdhoafpjfnlhfpfgnpldfl 2 Skype 8.5.0.9167
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.5
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.3
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 6317.1002.0.5
Homepage:
default_search_provider.search_url:
C:\Users\ITjopo\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

======Registry dump ======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office16\URLREDIR.DLL [2015-07-31 580312]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-21 473664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office16\URLREDIR.DLL [2015-07-31 403672]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]
IePasswordManagerHelper Class - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2012-09-03 767912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\PROGRA~2\MICROS~4\Office16\GROOVEEX.DLL [2017-07-11 1524016]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-21 187968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LENOVO.TPKNRRES"=C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [2013-05-29 60920]
"TpShocks"=C:\Windows\system32\tpshocks.exe [2011-03-29 380776]
"IntelPROSet"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2014-01-17 4876528]
"AcWin7Hlpr"=C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [2017-03-17 70760]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2016-03-01 183216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2016-03-01 411056]
"Persistence"=C:\Windows\system32\igfxpers.exe [2016-03-01 453544]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2010-12-14 316032]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2013-11-21 36352]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\ecmds.exe [2017-11-06 323328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"f.lux"=C:\Users\ITjopo\AppData\Local\FluxSoftware\Flux\flux.exe [2017-10-10 1678840]
"Viber"=C:\Users\ITjopo\AppData\Local\Viber\Viber.exe [2017-12-12 34472016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALCKRESI.EXE]
C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [2013-04-15 388600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2012-09-03 5958056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
c:\windows\system32\igfxtray.exe [2016-03-01 183216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPKNRRES]
c:\program files\lenovo\communications utility\tpknrres.exe [2013-05-29 60920]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"=rundll32 C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL,PwrMgrBkGndMonitor []
"RotateImage"=C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [2008-10-30 55808]
"DSATray"=C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [2017-12-05 131360]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-09-05 587288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2016-03-01 451584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2013-03-05 136488]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages" = scecli
C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.108\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"vidc.XVID"=xvidvfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

====== File associations ======

.js - edit - C:\Windows\System32\Notepad.exe %1

====== List of files/folders created in the last 1 month ======

2017-12-21 20:12:01 ----D---- C:\rsit
2017-12-21 20:04:55 ----D---- C:\_OTM
2017-12-21 19:02:47 ----A---- C:\DelFix.txt
2017-12-20 19:31:12 ----SHD---- C:\$RECYCLE.BIN
2017-12-20 18:30:32 ----D---- C:\Windows\erdnt
2017-12-20 18:02:12 ----A---- C:\autoexec.bat
2017-12-17 21:46:43 ----D---- C:\MEMU_ANDROID
2017-12-13 17:47:15 ----A---- C:\Windows\system32\mshtml.dll
2017-12-13 17:47:14 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-12-13 17:47:13 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-12-13 17:47:13 ----A---- C:\Windows\system32\ieframe.dll
2017-12-13 17:47:12 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-12-13 17:47:12 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-12-13 17:47:12 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-12-13 17:47:12 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-12-13 17:47:12 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-12-13 17:47:12 ----A---- C:\Windows\system32\vbscript.dll
2017-12-13 17:47:12 ----A---- C:\Windows\system32\urlmon.dll
2017-12-13 17:47:12 ----A---- C:\Windows\system32\jscript9.dll
2017-12-13 17:47:12 ----A---- C:\Windows\system32\jscript.dll
2017-12-13 17:47:12 ----A---- C:\Windows\system32\iprtrmgr.dll
2017-12-13 17:47:12 ----A---- C:\Windows\system32\iedkcs32.dll
2017-12-13 17:47:11 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-12-13 17:47:11 ----A---- C:\Windows\SYSWOW64\rtm.dll
2017-12-13 17:47:11 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-12-13 17:47:11 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-12-13 17:47:11 ----A---- C:\Windows\SYSWOW64\mprdim.dll
2017-12-13 17:47:11 ----A---- C:\Windows\SYSWOW64\itss.dll
2017-12-13 17:47:11 ----A---- C:\Windows\SYSWOW64\itircl.dll
2017-12-13 17:47:11 ----A---- C:\Windows\SYSWOW64\iprtrmgr.dll
2017-12-13 17:47:11 ----A---- C:\Windows\SYSWOW64\iprtprio.dll
2017-12-13 17:47:11 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-12-13 17:47:11 ----A---- C:\Windows\system32\wininet.dll
2017-12-13 17:47:11 ----A---- C:\Windows\system32\rtm.dll
2017-12-13 17:47:11 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-12-13 17:47:11 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-12-13 17:47:11 ----A---- C:\Windows\system32\msfeeds.dll
2017-12-13 17:47:11 ----A---- C:\Windows\system32\mprdim.dll
2017-12-13 17:47:11 ----A---- C:\Windows\system32\itss.dll
2017-12-13 17:47:11 ----A---- C:\Windows\system32\itircl.dll
2017-12-13 17:47:11 ----A---- C:\Windows\system32\iprtprio.dll
2017-12-13 17:47:11 ----A---- C:\Windows\system32\iertutil.dll
2017-12-13 17:47:10 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-12-13 17:47:10 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-12-13 17:47:10 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-12-13 17:47:10 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-12-13 17:47:10 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-12-13 17:47:10 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-12-13 17:47:10 ----A---- C:\Windows\system32\webcheck.dll
2017-12-13 17:47:10 ----A---- C:\Windows\system32\msrating.dll
2017-12-13 17:47:10 ----A---- C:\Windows\system32\mshtmled.dll
2017-12-13 17:47:10 ----A---- C:\Windows\system32\jscript9diag.dll
2017-12-13 17:47:10 ----A---- C:\Windows\system32\ieui.dll
2017-12-13 17:47:10 ----A---- C:\Windows\system32\ieapfltr.dll
2017-12-13 17:47:10 ----A---- C:\Windows\system32\dxtrans.dll
2017-12-13 17:47:10 ----A---- C:\Windows\system32\dxtmsft.dll
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\tzres.dll
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-12-13 17:47:09 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-12-13 17:47:09 ----A---- C:\Windows\system32\tzres.dll
2017-12-13 17:47:09 ----A---- C:\Windows\system32\occache.dll
2017-12-13 17:47:09 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-12-13 17:47:09 ----A---- C:\Windows\system32\jsproxy.dll
2017-12-13 17:47:09 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-12-13 17:47:09 ----A---- C:\Windows\system32\inseng.dll
2017-12-13 17:47:09 ----A---- C:\Windows\system32\ieUnatt.exe
2017-12-13 17:47:09 ----A---- C:\Windows\system32\iesetup.dll
2017-12-13 17:47:09 ----A---- C:\Windows\system32\iernonce.dll
2017-12-13 17:47:09 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-12-13 17:47:09 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-12-13 17:47:09 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-12-13 17:47:09 ----A---- C:\Windows\system32\ie4uinit.exe
2017-12-11 23:12:15 ----D---- C:\Program Files (x86)\Intel Driver and Support Assistant
2017-12-03 22:41:43 ----D---- C:\ProgramData\ESET
2017-12-03 22:41:43 ----D---- C:\Program Files\ESET
2017-12-03 22:00:39 ----D---- C:\Users\ITjopo\AppData\Roaming\vlc
2017-11-28 22:33:46 ----A---- C:\Windows\system32\win32k.sys
2017-11-28 22:33:45 ----A---- C:\Windows\SYSWOW64\gpedit.dll
2017-11-28 22:33:45 ----A---- C:\Windows\system32\gpedit.dll
2017-11-28 22:33:45 ----A---- C:\Windows\system32\drivers\rdbss.sys

====== List of files/folders modified in the last 1 month ======

2017-12-21 20:12:05 ----D---- C:\Program Files\trend micro
2017-12-21 20:10:23 ----D---- C:\Windows\System32
2017-12-21 20:10:23 ----D---- C:\Windows\inf
2017-12-21 20:10:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-12-21 20:08:59 ----D---- C:\Windows\system32\config
2017-12-21 20:08:58 ----D---- C:\Windows\temp
2017-12-21 20:08:11 ----A---- C:\Windows\SYSWOW64\log.txt
2017-12-21 20:06:09 ----D---- C:\ProgramData\VMware
2017-12-21 20:06:04 ----D---- C:\Windows
2017-12-21 20:05:59 ----D---- C:\Config.Msi
2017-12-21 20:04:56 ----RD---- C:\Program Files (x86)\Skype
2017-12-21 18:15:22 ----SHD---- C:\Windows\Installer
2017-12-21 18:15:17 ----D---- C:\Windows\SysWOW64
2017-12-21 18:15:08 ----D---- C:\Program Files (x86)\Common Files
2017-12-21 18:14:53 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2017-12-21 18:14:41 ----D---- C:\Program Files (x86)\Java
2017-12-21 18:12:48 ----SHD---- C:\System Volume Information
2017-12-21 16:56:12 ----D---- C:\Users\ITjopo\AppData\Roaming\ViberPC
2017-12-20 19:31:13 ----D---- C:\Users\ITjopo\AppData\Roaming\TeamViewer
2017-12-20 19:29:40 ----D---- C:\Windows\system32\drivers
2017-12-20 18:58:24 ----A---- C:\Windows\system.ini
2017-12-20 18:56:01 ----D---- C:\Windows\system32\drivers\etc
2017-12-20 18:40:59 ----D---- C:\ProgramData
2017-12-20 18:34:11 ----D---- C:\ProgramData\TEMP
2017-12-20 18:34:02 ----D---- C:\Windows\SYSWOW64\drivers
2017-12-20 18:34:02 ----D---- C:\Windows\AppPatch
2017-12-20 18:26:38 ----RD---- C:\Program Files
2017-12-20 18:01:42 ----D---- C:\Windows\system32\Tasks
2017-12-19 18:17:28 ----D---- C:\ProgramData\Foxit Software
2017-12-19 13:05:36 ----D---- C:\Program Files (x86)\TeamViewer
2017-12-17 13:42:34 ----D---- C:\Windows\Prefetch
2017-12-16 21:25:00 ----D---- C:\Windows\rescache
2017-12-16 17:11:37 ----D---- C:\Users\ITjopo\AppData\Roaming\Skype
2017-12-13 23:29:29 ----D---- C:\Windows\debug
2017-12-13 23:28:47 ----D---- C:\Windows\Tasks
2017-12-13 23:28:46 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2017-12-13 23:28:43 ----D---- C:\Windows\system32\Macromed
2017-12-13 23:28:36 ----D---- C:\Windows\SYSWOW64\Macromed
2017-12-13 17:56:08 ----D---- C:\Windows\winsxs
2017-12-13 17:54:45 ----D---- C:\Windows\SYSWOW64\sk-SK
2017-12-13 17:54:45 ----D---- C:\Windows\SYSWOW64\Setup
2017-12-13 17:54:45 ----D---- C:\Windows\SYSWOW64\en-US
2017-12-13 17:54:45 ----D---- C:\Windows\system32\sk-SK
2017-12-13 17:54:45 ----D---- C:\Windows\system32\Setup
2017-12-13 17:54:45 ----D---- C:\Windows\system32\en-US
2017-12-13 17:54:45 ----D---- C:\Program Files\Internet Explorer
2017-12-13 17:54:45 ----D---- C:\Program Files (x86)\Internet Explorer
2017-12-13 17:52:59 ----D---- C:\ProgramData\Microsoft Help
2017-12-13 17:51:29 ----D---- C:\Windows\system32\MRT
2017-12-13 17:48:03 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2017-12-13 17:47:56 ----AC---- C:\Windows\system32\MRT.exe
2017-12-13 17:45:55 ----D---- C:\Windows\system32\catroot2
2017-12-12 16:36:03 ----D---- C:\Program Files\Mozilla Firefox
2017-12-12 16:36:03 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-11 23:12:42 ----D---- C:\ProgramData\Package Cache
2017-12-11 23:12:15 ----D---- C:\Program Files (x86)
2017-12-03 22:41:57 ----D---- C:\Windows\system32\DriverStore
2017-12-03 22:25:17 ----D---- C:\Program Files (x86)\VirtualDJ
2017-12-03 22:00:54 ----D---- C:\Users\ITjopo\AppData\Roaming\MyPhoneExplorer
2017-12-03 21:45:08 ----D---- C:\Users\ITjopo\AppData\Roaming\uTorrent
2017-12-03 21:45:08 ----D---- C:\Users\ITjopo\AppData\Roaming\Notepad++
2017-12-03 21:37:48 ----D---- C:\Windows\system32\catroot
2017-12-03 21:28:26 ----D---- C:\Program Files\Lenovo
2017-12-03 21:27:23 ----D---- C:\Windows\Downloaded Installations
2017-11-29 19:07:20 ----HD---- C:\Windows\system32\WLANProfiles
2017-11-28 22:48:14 ----RSD---- C:\Windows\Fonts

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

====== List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R0 DzHDD64;DzHDD64; C:\Windows\System32\DRIVERS\DzHDD64.sys [2017-07-27 29512]
R0 edevmon;edevmon; C:\Windows\system32\DRIVERS\edevmon.sys [2017-11-09 107840]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2012-05-30 569152]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2013-11-21 632168]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2013-11-21 28008]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [2011-03-29 139888]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [2011-03-29 23664]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 DNE;DNE LightWeight Filter; C:\Windows\system32\DRIVERS\dnelwf64.sys [2015-10-14 327976]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2017-11-09 133344]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2017-11-09 180088]
R1 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2017-11-09 77720]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2013-05-22 15472]
R1 PHCORE;PHCORE; \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [2012-03-26 33344]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2011-11-15 125376]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2017-07-27 39264]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2015-01-07 55488]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 17024]
R2 memudrv;memudrv; \??\C:\MEMU_ANDROID\Microvirt\MEmuHyperv\MEmuDrv.sys [2015-11-02 260368]
R2 risdxc;risdxc; C:\Windows\system32\DRIVERS\risdxc64.sys [2011-05-25 101888]
R2 smihlp2;SMI Helper Driver (smihlp2); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 13128]
R3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
R3 CAXHWAZL;CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-30 292864]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2014-03-25 1588440]
R3 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2011-03-04 306536]
R3 cykbfltrService;Cypress Keyboard Filter Driver; C:\Windows\system32\DRIVERS\cykbfltr.sys [2012-04-02 14848]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C; C:\Windows\system32\DRIVERS\e1c62x64.sys [2016-03-29 498640]
R3 ETDSMBus;ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [2016-07-20 32344]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys [2009-06-30 1486848]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2013-11-30 91648]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2017-09-05 86912]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2016-03-01 5384728]
R3 IntcDAud;Intel(R) Zvuk pre obrazovky; C:\Windows\system32\DRIVERS\IntcDAud.sys [2015-09-17 463112]
R3 iwdbus;IWD Bus Enumerator; C:\Windows\system32\DRIVERS\iwdbus.sys [2013-11-11 25528]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-11-09 57376]
R3 NAL;Nal Service ; \??\C:\Windows\system32\Drivers\iqvw64e.sys [2016-09-03 50640]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwsw01.sys [2015-05-04 11534096]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2011-12-27 40248]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2016-09-20 633432]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2016-02-05 147904]
S3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter; C:\Windows\system32\DRIVERS\AMPPAL.sys [2013-07-29 164832]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\drivers\bthpan.sys [2017-07-06 119296]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2012-04-01 594472]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2012-04-01 184872]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2012-03-05 210984]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-09-17 39976]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2012-03-05 21544]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CVirtA;Cisco Systems VPN Adapter for 64-bit Windows; C:\Windows\system32\DRIVERS\CVirtA64.sys [2010-02-08 14992]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 EsgScanner;EsgScanner; C:\Windows\system32\DRIVERS\EsgScanner.sys []
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2013-01-25 109568]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-12-22 14976]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2011-10-09 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2011-10-09 27176]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
S3 HtcVCom32;HTC Diagnostic Port; C:\Windows\system32\DRIVERS\HtcVComV64.sys [2010-03-09 121800]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2013-11-30 226176]
S3 hwusb_cdcacm;hwusb_cdcacm; C:\Windows\system32\DRIVERS\ew_cdcacm.sys [2014-07-25 125952]
S3 hwusb_wwanecm;hwusb_wwanecm; C:\Windows\system32\DRIVERS\ew_wwanecm.sys [2014-09-30 380672]
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2013-11-11 35256]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pmxdrv;pmxdrv; \??\C:\Windows\system32\drivers\pmxdrv.sys [2017-12-20 31152]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-26 19456]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 semav6msr64;semav6msr64; \??\C:\Windows\system32\drivers\semav6msr64.sys [2016-10-18 21984]
S3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2014-07-28 45296]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-10-26 30208]

====== List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled) ======

R2 AcPrfMgrSvc;AcPrfMgrSvc; C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe [2017-03-17 140392]
R2 AcSvc;AcSvc; C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe [2017-03-17 283752]
R2 btwdins;Bluetooth Service; C:\PROGRAM FILES\THINKPAD\BLUETOOTH SOFTWARE\BTWDINS.EXE [2012-04-01 957216]
R2 connect2hotspot;Connect2 Hotspot Service; C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe [2017-02-08 100680]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe [2011-03-04 1529856]
R2 CxAudMsg;@C:\Windows\system32\CxAudMsg64.exe,-100; C:\Windows\system32\CxAudMsg64.exe [2010-12-17 198784]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll" = %SystemRoot%\system32\diagtrack.dll
R2 DSAService;Intel(R) Driver & Support Assistant; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [2017-12-05 22304]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2017-11-06 1994608]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2016-06-23 642464]
R2 FoxitReaderService;Foxit Reader Service; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [2017-12-11 1659456]
R2 HsfXAudioService;HsfXAudioService; %SystemRoot%\system32\svchost.exe -k HsfXAudioService;"ServiceDll" = C:\Windows\SysWOW64\XAudio64.dll
R2 HTCMonitorService;HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2014-04-02 87368]
R2 HWDeviceService64.exe;HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [2014-01-15 351824]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-11-21 15720]
R2 IBMPMSVC;Lenovo PM Service; C:\Windows\system32\ibmpmsvc.exe [2017-09-05 830032]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2014-07-09 214464]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2013-05-29 44024]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2014-05-27 110128]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2013-05-29 62456]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-07-02 327672]
R2 LPlatSvc;Lenovo Platform Service; C:\Windows\system32\LPlatSvc.exe [2017-09-05 774736]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MEmusvc;MEmusvc; C:\MEMU_ANDROID\Microvirt\MEmu\MemuService.exe [2017-05-26 269480]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2016-06-23 157088]
R2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe []
R2 SROSVC;Screen Reading Optimizer Service Program; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2012-03-05 446800]
R2 SynTPEnhService;SynTPEnh Caller Service; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-09-20 250456]
R2 TeamViewer;TeamViewer 13; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2017-12-15 10945776]
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2014-06-10 125424]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2014-05-27 125488]
R2 TSSCoreService;TSS Core Service; C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe [2012-09-03 989096]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
R3 SUService;System Update; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [2017-08-16 23928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-04-21 128648]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-04 153752]
S2 HyperW7Svc;HyperW7 Service; C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-04-23 145472]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [2013-10-26 651856]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-07-18 317408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-13 272384]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-04-21 52856]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2016-03-01 290224]
S3 DozeSvc;Lenovo Doze Mode Service; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2017-07-27 326160]
S3 EHttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\ehttpsrv.exe [2017-11-06 55928]
S3 eshasrv;ESET SHA Service; C:\Program Files\ESET\ESET NOD32 Antivirus\eshasrv.exe [2017-11-06 197240]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-04 153752]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-11-14 116224]
S3 iumsvc;Intel(R) Update Manager; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28 174368]
S3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [2015-01-15 619776]
S3 LSC.Services.SystemService;Lenovo Solution Center System Service; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [2017-06-09 271128]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2017-12-11 194000]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2016-06-23 268704]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2015-07-22 3611808]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2017-09-13 253128]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2015-07-30 5132888]
S3 Power Manager DBC Service;Power Manager Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2017-07-27 1669488]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\system32\storsvc.dll
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG64.exe [2011-03-29 47728]
S4 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll" = %SystemRoot%\System32\appmgmts.dll
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll" = %SystemRoot%\System32\cscsvc.dll
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll" = %SystemRoot%\system32\peerdistsvc.dll
S4 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-08-15 76888]

-----------------EOF-----------------

_________________
The Prodigy

CCleaner|HJT|SFF|MWAV|Vundo,Virtumonde


Nahoru
 Profil  
 
 Předmět příspěvku: Re: Eset zachytil coinminer
PříspěvekNapsal: 21 pro 2017 20:59 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 109481
Bydliště: Plzeň
Smazáno. Nastala nějaká změna?

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
 
 Předmět příspěvku: Re: Eset zachytil coinminer
PříspěvekNapsal: 21 pro 2017 21:06 
Offline
Vzorný návštěvník
Vzorný návštěvník

Registrován: 02 bře 2007 20:31
Příspěvky: 80
Bydliště: SK- kusok od TN
vyzera byt pokoj, ale na jednom webe kde som obcas zabludil to stale vyhadzuje, vyzera ze ten web je napadnuty a pouzivany na tazenie kryptomeny, tak ako robili nedavno test na na domenach .sk , mne to eset hlasi a blokuje na webe www.slovolam.sk , aj automaticke rozsirenie NoCoin do chrome alebo FF to hned detekuje, takze bude asi pokoj a spravne to detekuje

_________________
The Prodigy

CCleaner|HJT|SFF|MWAV|Vundo,Virtumonde


Nahoru
 Profil  
 
 Předmět příspěvku: Re: Eset zachytil coinminer
PříspěvekNapsal: 21 pro 2017 22:07 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 109481
Bydliště: Plzeň
Jj. Vypadá to tak.

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
 
 Předmět příspěvku: Re: Eset zachytil coinminer
PříspěvekNapsal: 21 pro 2017 22:37 
Offline
Vzorný návštěvník
Vzorný návštěvník

Registrován: 02 bře 2007 20:31
Příspěvky: 80
Bydliště: SK- kusok od TN
ok, dik za pomoc, aspon sa nieco precistilo, mozete lock

ps : prajem prijemne prezitie vianocnych sviatkov a stastny novy rok , vela uspechov

_________________
The Prodigy

CCleaner|HJT|SFF|MWAV|Vundo,Virtumonde


Nahoru
 Profil  
 
 Předmět příspěvku: Re: Eset zachytil coinminer
PříspěvekNapsal: 22 pro 2017 16:46 
Offline
Site Admin
Site Admin
Uživatelský avatar

Registrován: 30 říj 2003 13:42
Příspěvky: 109481
Bydliště: Plzeň
I ván hezké svátky a nemáte zač! :)

_________________
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.


Nahoru
 Profil  
 
Zobrazit příspěvky za předchozí:  Seřadit podle  
Odeslat nové téma Toto téma je zamknuté. Nemůžete posílat nové příspěvky ani odpovídat na starší.  [ Příspěvků: 10 ] 

Všechny časy jsou v UTC + 1 hodina


Kdo je online

Uživatelé procházející toto fórum: Žádní registrovaní uživatelé


Nemůžete zakládat nová témata v tomto fóru
Nemůžete odpovídat v tomto fóru
Nemůžete upravovat své příspěvky v tomto fóru
Nemůžete mazat své příspěvky v tomto fóru
Nemůžete přikládat soubory v tomto fóru

Hledat:
Přejít na:  
cron
Založeno na phpBB® Forum Software © phpBB Group
Český překlad – phpBB.cz
Přispějete na provoz fóra?