100% CPU, Disk - svchost.exe

Zpráva

freemind.dnb · #1 Příspěvek od **freemind.dnb** » 27 říj 2016 10:40

Ahoj,

už dlhší čas sa mi stáva že mi CPU a disk ide na 100%. tento problém mi spôsobuje svchost.exe.
Všimol som si že táto téma sa tu už rozoberala (http://forum.viry.cz/viewtopic.php?p=788964#p788964) . Chcel by som sa teda spýtať či môžem postupovať rovnakým postupom ako tam radil moderátor alebo je lepšie sa pozrieť na môj log a z toho identifikovať problém? Prikladám teda rovno aj log vytvorený cez RSIT

Vopred ďakujem za odpoveď

Logfile of random's system information tool 1.13 (written by random/random)
Run by xhlavekj at 2016-10-27 11:25:07
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 249 GB (41%) free of 608 GB
Total RAM: 3996 MB (31% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:25:31, on 27.10.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18163)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\xhlavekj_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [QHSafeTray] "C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe" /start
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2447335282-1977187808-2655893882-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2447335282-1977187808-2655893882-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: O&O Defrag Tray.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: 360 Total Security (QHActiveDefense) - QIHU 360 SOFTWARE CO. LIMITED - C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Util trolatunt - Unknown owner - C:\Program Files (x86)\trolatunt\bin\utiltrolatunt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10986 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 41329680
\??\C:\Windows\system32\conhost.exe "-1659971171-1455288346159410198-744833234-2007651386675117726-1436296739142452997
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k utcsvc
taskeng.exe {475871B3-BB17-4AE6-ACA9-9D4BAB6F215B}
"\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\OO Software\Defrag\oodag.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files\OO Software\Defrag\oodtray.exe"
"C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe" /start
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe" /watch
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
WLIDSvcM.exe 3488
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"taskhost.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Windows\System32\perfmon.exe" /res
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel="6948.0.2049684704\1525652370" "C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox\plugins\nptswp.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 6948 "\\.\pipe\gecko-crash-server-pipe.6948" plugin
"C:\Windows\system32\taskmgr.exe" /1
C:\Windows\system32\wbem\wmiprvse.exe

"C:\Users\User\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\MirageAgent - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Windows\system32\tasks\OFFICE2010ACT - C:\Windows\system32\OFFICEICON.vbs
C:\Windows\system32\tasks\Synaptics TouchPad Enhancements - \Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\tasks\{372ADCDE-7B67-4C40-A012-CBA32948E9A0} - C:\Windows\system32\pcalua.exe -a G:\.autorun\autorun.exe -d G:\
C:\Windows\system32\tasks\{CA25C8D8-7D3D-47B4-8DAA-082B11C0CC9B} - C:\Windows\system32\pcalua.exe -a C:\Users\User\Downloads\Camel.Audio.CamelPhat.VST.v3.42.incl.Keygen-AiR\Camel.Audio.CamelPhat.VST.v3.42.incl.Keygen-AiR\Setup.exe -d C:\Users\User\Downloads\Camel.Audio.CamelPhat.VST.v3.42.incl.Keygen-AiR\Camel.Audio.CamelPhat.VST.v3.42.incl.Keygen-AiR
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-2447335282-1977187808-2655893882-1001 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B - %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess - %windir%\system32\GWX\GWX.exe /tasklaunch
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig - %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent - %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfigAndContent
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent - %windir%\system32\GWX\GWXConfigManager.exe /RefreshContent
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Lpksetup - C:\Windows\System32\lpksetup.exe -v
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Mcbuilder - C:\Windows\System32\mcbuilder.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Lenovo\Lenovo Customer Feedback Program - "%ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"
C:\Windows\system32\tasks\Lenovo\LSC\CreateHardwareScanTask - "C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe" WMI WMIController CreateFirstHWSchedule

=========Mozilla firefox=========

ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default

prefs.js - "browser.startup.homepage" - "google.sk"
prefs.js - "keyword.URL" - "google.sk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.213 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@iqiyi.com/npclient]
"Description"=iQiyi Browser Plugin
"Path"=C:\IQIYI Video\LStyle\npclient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@iqiyi.com/npWebPlayer]
"Description"=pps-webplayer-plugin
"Path"=C:\IQIYI Video\LStyle\npWebPlayer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nitropdf.com/NitroPDF]
"Description"=NitroPDF Web Browser Plugin
"Path"=C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.213 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@iqiyi.com/npclient]
"Description"=iQiyi Browser Plugin
"Path"=C:\IQIYI Video\LStyle\npclient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@iqiyi.com/npWebPlayer]
"Description"=pps-webplayer-plugin
"Path"=C:\IQIYI Video\LStyle\npWebPlayer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.77.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.77.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default\addons.json
Todoist: To-Do list and Task Manager - extension - support@todoist.com
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
Greasemonkey - extension - {e4a8a97b-f2ed-450b-b12d-ee082ba24781}
360 Internet Protection for Firefox - extension - WebProtection@360safe.com

C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default\extensions.json
McAfee SiteAdvisor - extension - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - C:\Program Files (x86)\McAfee\SiteAdvisor
Todoist: To-Do list and Task Manager - extension - support@todoist.com - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default\extensions\support@todoist.com.xpi
360 Internet Protection - extension - WebProtection@360safe.com - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
Greasemonkey - extension - {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default\pluginreg.dat
Plugin - AdobeAAMDetect - 1.0.0.0 - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
Plugin - Adobe Acrobat - 15.20.20039.7108 - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
Plugin - Google Update - 1.3.31.5 - C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
Plugin - Nitro PDF Plug-In - 7.4.1.12 - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
Plugin - Windows Live Photo Gallery - 15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
Plugin - Microsoft Office 2010 - 14.0.4730.1010 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
Plugin - Microsoft Office 2010 - 14.0.4761.1000 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
Plugin - Silverlight Plug-In - 5.1.41212.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll
Plugin - Intel® Identity Protection Technology - 2.0.59.0 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
Plugin - Shockwave for Director - 12.1.8.158 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll
Plugin - Shockwave Flash - 21.0.0.213 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll
Plugin - Unity Player - 5.0.1.11919 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
Plugin - 360 Total Security - 6.0.0.1004 - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox\plugins\nptswp.dll

=========Google Chrome=========

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension fheoggkfdfchfphceeifdbepaooicaho 0 McAfee® WebAdvisor 4.0.0.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension gighmmpiobklfepjocnamgkkbiglidom 1 AdBlock 3.4.0
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Chrome Web Store Payments 1.0.0.0
Extension pbjikboenpfhbbejgkoklgkhjpfogcam 0 Amazon Assistant for Chrome 10.1610.8.120
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5416.905.0.6
Homepage:
default_search_provider.search_url:
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam]
"Path"=C:\Program Files (x86)\Amazon\ABB\AmazonChrome-lenovo-abb.crx

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
"URL"=http://www.google.com/search?q={searchT ... urceid=ie7

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
"URL"=http://www.google.com/search?q={searchT ... urceid=ie7

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-02 553024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2014-01-24 301104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}]
SafeMon Class - C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-08-10 1070160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-02 214080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2014-01-24 252664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2014-01-24 301104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2014-01-24 252664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-06-07 170304]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-06-07 440128]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2012-08-06 8079408]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2012-08-06 6202416]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26 500936]
"OODefragTray"=C:\Program Files\OO Software\Defrag\oodtray.exe [2016-02-15 4468424]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2016-04-29 7943072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\331BigDog]
C:\Program Files (x86)\USB Camera\VM331_STI.EXE [2011-11-24 548864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16 1156824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boxoft Tools]
C:\ProgramData\Boxtools\Boxofttoolbox.exe [2010-12-15 514048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cAudioFilterAgent]
C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2011-12-15 564352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dolby Advanced Audio v2]
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2011-12-21 507744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDCtrl]
C:\Program Files\Elantech\ETDCtrl.exe [2012-01-16 2809856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2012-06-07 398656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-11-30 284440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lenovo EE Boot Optimizer]
C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lenovo Registration]
C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [2012-01-26 4351712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LockKey]
C:\Program Files (x86)\LockKey\LockKey.exe [2011-08-26 337776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2014-06-27 408888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-03-20 595992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GShortCut]
C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2010-07-27 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePRCShortCut]
C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe C:\Program Files\Lenovo\OneKey App\OneKey Recovery UpdateWithCreateOnce Software\Lenovo\OneKey App\OneKey Recovery []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeriFaceManager]
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirage]
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29 136488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Tray]
C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2011-01-29 228448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\Lenovo\BLUETO~1\BTTray.exe [2012-02-02 1380128]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-05-21 291648]
"QHSafeTray"=C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [2016-08-10 1153448]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
O&O Defrag Tray.lnk - C:\Windows\Installer\{10F2471C-34AD-4C33-9F92-039B8BC44AC0}\app_icon.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit -
.js - open - C:\Program Files (x86)\JetBrains\PhpStorm 10.0\bin\PhpStorm.exe "%1"

======List of files/folders created in the last 1 month======

2016-10-27 11:25:07 ----D---- C:\rsit
2016-10-27 11:25:07 ----D---- C:\Program Files\trend micro
2016-10-26 20:30:00 ----A---- C:\Windows\SYSWOW64\HookDll.dll
2016-10-23 15:06:12 ----D---- C:\ProgramData\Schaack Audio Technologies
2016-10-23 12:00:50 ----SD---- C:\Program Files (x86)\Waves
2016-10-23 11:37:34 ----D---- C:\Program Files (x86)\Waves Central
2016-10-23 01:14:58 ----A---- C:\Windows\SYSWOW64\ReWire.dll
2016-10-13 15:14:41 ----D---- C:\Program Files\Slate Digital
2016-10-13 14:43:13 ----D---- C:\ProgramData\PACE
2016-10-13 14:34:23 ----D---- C:\Program Files (x86)\iLok License Manager
2016-10-13 14:31:08 ----D---- C:\ProgramData\Apple
2016-10-13 14:31:08 ----D---- C:\Program Files\Bonjour
2016-10-13 14:31:08 ----D---- C:\Program Files (x86)\Bonjour
2016-10-13 14:25:33 ----D---- C:\Program Files\Soundtoys
2016-10-10 13:29:14 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_yuv_.dll
2016-10-10 13:29:13 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_ycbcr_.dll
2016-10-10 13:29:12 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_xtrn_.dll
2016-10-10 13:29:11 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_xps_.dll
2016-10-10 13:29:10 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_xpm_.dll
2016-10-10 13:29:09 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_xc_.dll
2016-10-10 13:29:07 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_xcf_.dll
2016-10-10 13:29:06 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_xbm_.dll
2016-10-10 13:29:05 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_wpg_.dll
2016-10-10 13:29:04 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_wmf_.dll
2016-10-10 13:29:03 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_webp_.dll
2016-10-10 13:29:02 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_wbmp_.dll
2016-10-10 13:29:02 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_vips_.dll
2016-10-10 13:29:01 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_viff_.dll
2016-10-10 13:29:00 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_vid_.dll
2016-10-10 13:28:58 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_vicar_.dll
2016-10-10 13:28:58 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_uyvy_.dll
2016-10-10 13:28:57 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_url_.dll
2016-10-10 13:28:56 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_uil_.dll
2016-10-10 13:28:55 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_txt_.dll
2016-10-10 13:28:54 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_ttf_.dll
2016-10-10 13:28:53 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_tim_.dll
2016-10-10 13:28:52 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_tile_.dll
2016-10-10 13:28:52 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_tiff_.dll
2016-10-10 13:28:51 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_thumbnail_.dll
2016-10-10 13:28:50 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_tga_.dll
2016-10-10 13:28:49 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_svg_.dll
2016-10-10 13:28:48 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_sun_.dll
2016-10-10 13:28:47 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_stegano_.dll
2016-10-10 13:28:46 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_sgi_.dll
2016-10-10 13:28:46 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_sfw_.dll
2016-10-10 13:28:45 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_sct_.dll
2016-10-10 13:28:44 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_scr_.dll
2016-10-10 13:28:43 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_screenshot_.dll
2016-10-10 13:28:42 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_rle_.dll
2016-10-10 13:28:41 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_rla_.dll
2016-10-10 13:28:40 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_rgf_.dll
2016-10-10 13:28:40 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_rgb_.dll
2016-10-10 13:28:39 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_raw_.dll
2016-10-10 13:28:33 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pwp_.dll
2016-10-10 13:28:32 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_psd_.dll
2016-10-10 13:28:32 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_ps_.dll
2016-10-10 13:28:31 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_ps3_.dll
2016-10-10 13:28:30 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_ps2_.dll
2016-10-10 13:28:29 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_preview_.dll
2016-10-10 13:28:28 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pnm_.dll
2016-10-10 13:28:27 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_png_.dll
2016-10-10 13:28:27 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_plasma_.dll
2016-10-10 13:28:26 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pix_.dll
2016-10-10 13:28:24 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pict_.dll
2016-10-10 13:28:23 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pes_.dll
2016-10-10 13:28:22 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pdf_.dll
2016-10-10 13:28:22 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pdb_.dll
2016-10-10 13:28:21 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pcx_.dll
2016-10-10 13:28:19 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pcl_.dll
2016-10-10 13:28:19 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pcd_.dll
2016-10-10 13:28:14 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pattern_.dll
2016-10-10 13:28:13 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pango_.dll
2016-10-10 13:28:12 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_palm_.dll
2016-10-10 13:28:12 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_otb_.dll
2016-10-10 13:28:11 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_null_.dll
2016-10-10 13:28:10 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mvg_.dll
2016-10-10 13:28:09 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mtv_.dll
2016-10-10 13:28:08 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_msl_.dll
2016-10-10 13:28:07 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mpr_.dll
2016-10-10 13:28:03 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mpeg_.dll
2016-10-10 13:28:02 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mpc_.dll
2016-10-10 13:28:01 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mono_.dll
2016-10-10 13:28:00 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_miff_.dll
2016-10-10 13:27:59 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_meta_.dll
2016-10-10 13:27:58 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_matte_.dll
2016-10-10 13:27:58 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mat_.dll
2016-10-10 13:27:57 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mask_.dll
2016-10-10 13:27:56 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_map_.dll
2016-10-10 13:27:55 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_magick_.dll
2016-10-10 13:27:54 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mac_.dll
2016-10-10 13:27:53 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_label_.dll
2016-10-10 13:27:52 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_json_.dll
2016-10-10 13:27:51 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_jpeg_.dll
2016-10-10 13:27:49 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_jp2_.dll
2016-10-10 13:27:48 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_jnx_.dll
2016-10-10 13:27:47 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_jbig_.dll
2016-10-10 13:27:47 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_ipl_.dll
2016-10-10 13:27:46 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_inline_.dll
2016-10-10 13:27:45 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_info_.dll
2016-10-10 13:27:44 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_icon_.dll
2016-10-10 13:27:43 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_html_.dll
2016-10-10 13:27:43 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_hrz_.dll
2016-10-10 13:27:41 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_histogram_.dll
2016-10-10 13:27:40 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_hdr_.dll
2016-10-10 13:27:39 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_hald_.dll
2016-10-10 13:27:39 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_gray_.dll
2016-10-10 13:27:38 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_gradient_.dll
2016-10-10 13:27:37 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_gif_.dll
2016-10-10 13:27:36 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_fpx_.dll
2016-10-10 13:27:35 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_fits_.dll
2016-10-10 13:27:34 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_fd_.dll
2016-10-10 13:27:33 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_fax_.dll
2016-10-10 13:27:32 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_exr_.dll
2016-10-10 13:27:31 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_ept_.dll
2016-10-10 13:27:30 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_emf_.dll
2016-10-10 13:27:29 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_dpx_.dll
2016-10-10 13:27:28 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_dps_.dll
2016-10-10 13:27:28 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_dot_.dll
2016-10-10 13:27:27 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_dng_.dll
2016-10-10 13:27:26 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_djvu_.dll
2016-10-10 13:27:25 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_dib_.dll
2016-10-10 13:27:24 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_debug_.dll
2016-10-10 13:27:23 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_dds_.dll
2016-10-10 13:27:22 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_dcm_.dll
2016-10-10 13:27:22 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_cut_.dll
2016-10-10 13:27:20 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_cmyk_.dll
2016-10-10 13:27:19 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_clip_.dll
2016-10-10 13:27:18 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_clipboard_.dll
2016-10-10 13:27:17 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_cip_.dll
2016-10-10 13:27:16 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_cin_.dll
2016-10-10 13:27:16 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_caption_.dll
2016-10-10 13:27:15 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_cals_.dll
2016-10-10 13:27:14 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_braille_.dll
2016-10-10 13:27:13 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_bmp_.dll
2016-10-10 13:27:12 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_bgr_.dll
2016-10-10 13:27:11 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_avs_.dll
2016-10-10 13:27:10 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_art_.dll
2016-10-10 13:27:09 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_aai_.dll
2016-10-10 13:27:08 ----A---- C:\Windows\SYSWOW64\CORE_RL_zlib_.dll
2016-10-10 13:27:08 ----A---- C:\Windows\SYSWOW64\CORE_RL_webp_.dll
2016-10-10 13:27:07 ----A---- C:\Windows\SYSWOW64\CORE_RL_wand_.dll
2016-10-10 13:27:06 ----A---- C:\Windows\SYSWOW64\CORE_RL_ttf_.dll
2016-10-10 13:27:05 ----A---- C:\Windows\SYSWOW64\CORE_RL_tiff_.dll
2016-10-10 13:27:04 ----A---- C:\Windows\SYSWOW64\CORE_RL_png_.dll
2016-10-10 13:27:03 ----A---- C:\Windows\SYSWOW64\CORE_RL_pango_.dll
2016-10-10 13:27:02 ----A---- C:\Windows\SYSWOW64\CORE_RL_openjpeg_.dll
2016-10-10 13:27:01 ----A---- C:\Windows\SYSWOW64\CORE_RL_magick_.dll
2016-10-10 13:27:00 ----A---- C:\Windows\SYSWOW64\CORE_RL_Magick++_.dll
2016-10-10 13:26:59 ----A---- C:\Windows\SYSWOW64\CORE_RL_lqr_.dll
2016-10-10 13:26:58 ----A---- C:\Windows\SYSWOW64\CORE_RL_libxml_.dll
2016-10-10 13:26:56 ----A---- C:\Windows\SYSWOW64\CORE_RL_librsvg_.dll
2016-10-10 13:26:55 ----A---- C:\Windows\SYSWOW64\CORE_RL_lcms_.dll
2016-10-10 13:26:54 ----A---- C:\Windows\SYSWOW64\CORE_RL_jpeg_.dll
2016-10-10 13:26:53 ----A---- C:\Windows\SYSWOW64\CORE_RL_jp2_.dll
2016-10-10 13:26:52 ----A---- C:\Windows\SYSWOW64\CORE_RL_jbig_.dll
2016-10-10 13:26:50 ----A---- C:\Windows\SYSWOW64\CORE_RL_glib_.dll
2016-10-10 13:26:48 ----A---- C:\Windows\SYSWOW64\CORE_RL_bzlib_.dll
2016-10-10 13:24:41 ----D---- C:\MAMP
2016-10-07 12:56:17 ----D---- C:\Program Files (x86)\HuaweiUpdateExtractor
2016-10-07 11:43:12 ----AD---- C:\adb
2016-10-07 11:09:46 ----D---- C:\Perl
2016-10-07 11:06:37 ----D---- C:\Users\User\AppData\Roaming\ActiveState
2016-10-06 14:27:20 ----A---- C:\Windows\system32\drivers\usbser.sys
2016-10-06 14:27:20 ----A---- C:\Windows\system32\drivers\hw_usbdev.sys
2016-10-06 14:27:20 ----A---- C:\Windows\system32\drivers\hw_quusbnet.sys
2016-10-06 14:27:20 ----A---- C:\Windows\system32\drivers\hw_quusbmdm.sys
2016-10-06 14:27:20 ----A---- C:\Windows\system32\drivers\hw_cdcacm.sys
2016-10-06 14:27:20 ----A---- C:\Windows\system32\drivers\ew_usbccgpfilter.sys
2016-10-06 14:26:20 ----D---- C:\Program Files (x86)\HiSuite
2016-09-29 03:15:36 ----A---- C:\Windows\SYSWOW64\Pioneer_MIX_ASIO.dll
2016-09-28 11:01:41 ----D---- C:\ProgramData\Syncrosoft

======List of files/folders modified in the last 1 month======

2016-10-27 11:25:21 ----D---- C:\Windows\Prefetch
2016-10-27 11:25:12 ----D---- C:\Windows\Temp
2016-10-27 11:25:07 ----RD---- C:\Program Files
2016-10-27 11:23:32 ----D---- C:\ProgramData\360Quarant
2016-10-27 11:17:01 ----HD---- C:\ProgramData
2016-10-27 09:40:46 ----AD---- C:\Windows\System32
2016-10-27 09:40:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-10-27 09:40:45 ----D---- C:\Windows\inf
2016-10-26 21:40:18 ----D---- C:\Program Files\VstPlugins
2016-10-26 21:37:01 ----D---- C:\Users\User\AppData\Roaming\Waves Audio
2016-10-26 21:32:35 ----D---- C:\Program Files (x86)\VstPlugins
2016-10-26 21:30:59 ----D---- C:\Users\User\AppData\Roaming\vlc
2016-10-26 20:44:14 ----D---- C:\Windows\SysWOW64
2016-10-26 20:44:12 ----SHD---- C:\Windows\Installer
2016-10-26 20:41:15 ----D---- C:\Program Files\Common Files\VST3
2016-10-26 20:29:50 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2016-10-26 20:29:43 ----SHD---- C:\System Volume Information
2016-10-24 20:10:16 ----D---- C:\Windows\system32\config
2016-10-23 17:12:18 ----D---- C:\Users\User\AppData\Roaming\uTorrent
2016-10-23 14:48:15 ----D---- C:\ProgramData\ValhallaRoom
2016-10-23 13:59:17 ----A---- C:\Windows\SYSWOW64\msvcsv60.dll
2016-10-23 12:44:36 ----SD---- C:\ProgramData\Waves Audio
2016-10-23 12:40:21 ----D---- C:\ProgramData\Package Cache
2016-10-23 12:00:50 ----RD---- C:\Program Files (x86)
2016-10-23 12:00:50 ----D---- C:\Program Files (x86)\Common Files
2016-10-23 00:46:16 ----D---- C:\Users\User\AppData\Roaming\Skype
2016-10-21 19:46:45 ----A---- C:\Windows\SYSWOW64\log.txt
2016-10-21 19:44:55 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-10-21 19:44:32 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-21 19:36:37 ----D---- C:\Windows\system32\NDF
2016-10-21 10:29:10 ----D---- C:\Users\User\AppData\Roaming\PioneerLog
2016-10-20 21:12:31 ----D---- C:\Users\User\AppData\Roaming\Tokyo Dawn Labs
2016-10-16 15:34:34 ----D---- C:\Program Files (x86)\Pioneer
2016-10-16 01:48:33 ----D---- C:\Users\User\AppData\Roaming\Maize Sampler Player
2016-10-13 15:14:42 ----D---- C:\ProgramData\Slate Digital
2016-10-13 14:42:22 ----AD---- C:\Windows
2016-10-13 14:34:58 ----D---- C:\Windows\system32\DriverStore
2016-10-13 14:34:24 ----D---- C:\Windows\system32\drivers
2016-10-12 15:03:58 ----D---- C:\Windows\system32\Tasks
2016-10-10 13:29:52 ----D---- C:\Windows\winsxs
2016-10-07 11:43:53 ----D---- C:\Program Files\DIFX
2016-10-03 17:41:10 ----SD---- C:\Users\User\AppData\Roaming\Microsoft
2016-09-30 12:07:59 ----D---- C:\ProgramData\360TotalSecurity

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2011-11-29 568600]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-05-21 19264]
R0 LHDmgr;LHDmgr; C:\Windows\System32\DRIVERS\LhdX64.sys [2012-08-06 39008]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2012-05-01 28992]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 vmci;VMware VMCI Bus Driver; C:\Windows\system32\DRIVERS\vmci.sys [2015-08-04 90816]
R0 vsock;vSockets Driver; C:\Windows\system32\drivers\vsock.sys [2015-08-04 75512]
R1 360AntiHacker;360Safe Anti Hacker Service; C:\Windows\System32\Drivers\360AntiHacker64.sys [2016-08-10 151784]
R1 360Box64;360Box mini-filter driver; C:\Windows\system32\DRIVERS\360Box64.sys [2016-08-10 330472]
R1 360Camera;360Safe Camera Filter Service; C:\Windows\System32\Drivers\360Camera64.sys [2015-12-17 40520]
R1 360FsFlt;360FsFlt mini-filter driver; C:\Windows\system32\DRIVERS\360FsFlt.sys [2016-08-10 391392]
R1 BAPIDRV;BAPIDRV; C:\Windows\system32\DRIVERS\BAPIDRV64.sys [2016-08-10 190696]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-08-03 283064]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\system32\drivers\HWiNFO64A.SYS [2014-11-03 27552]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2014-06-27 131856]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2015-08-11 57536]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2015-08-14 48832]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2015-08-14 26816]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys [2015-08-14 66752]
R3 360AvFlt;360AvFlt mini-filter driver; C:\Windows\system32\DRIVERS\360AvFlt.sys [2016-08-10 86248]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\Windows\system32\DRIVERS\AcpiVpc.sys [2012-08-06 30816]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-10-27 4746304]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2011-01-29 31088]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-06-07 14760096]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-05-21 357184]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-05-21 789824]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2012-03-02 104048]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2012-11-06 461624]
R3 vm331avs;Digital Camera 1; C:\Windows\System32\Drivers\vm331avs.sys [2011-12-06 952832]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2015-08-14 28864]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter; C:\Windows\system32\drivers\bcbtums.sys [2012-02-02 134696]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-10-10 80384]
S3 btwampfl;btwampfl Bluetooth filter driver; \??\C:\Windows\system32\drivers\btwampfl.sys [2012-02-02 615976]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2012-02-02 184360]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2012-02-02 211496]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2012-02-02 39976]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2012-02-02 21544]
S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2012-01-31 1601152]
S3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2012-01-16 208168]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2015-10-26 34720]
S3 HWHandSet;HWUSBSERSP; C:\Windows\system32\DRIVERS\hw_quusbmdm.sys [2016-05-25 223232]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-03-05 25816]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUVStor.sys [2011-11-15 313960]
S3 SynasUSB;SynasUSB; C:\Windows\system32\drivers\SynUSB64.sys [2006-11-16 31248]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S4 DamageGuard;DamageGuard; C:\Windows\system32\DRIVERS\DamageGuardX64.sys [2012-02-11 217392]
S4 dgFltr;dgFltr; C:\Windows\system32\drivers\dgFltrX64.sys [2011-12-13 23648]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2014-07-23 172344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-09-16 82128]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-28 161560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-02-28 277784]
R2 OODefragAgent;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2016-02-15 3636936]
R2 QHActiveDefense;360 Total Security; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [2016-08-10 914344]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2012-02-11 129624]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-28 363800]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [2016-08-26 192200]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc []
S2 PaceLicenseDServices;PACE License Services; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2016-06-30 45692456]
S2 Util trolatunt;Util trolatunt; C:\Program Files (x86)\trolatunt\bin\utiltrolatunt.exe []
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-06-07 276288]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-07-25 139776]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-12-12 114688]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 50942144]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 Te.Service;Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 126976]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-04 269504]
S4 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2012-02-02 945440]
S4 CxAudMsg;@C:\Windows\system32\CxAudMsg64.exe,-100; C:\Windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S4 DamageGuardSvc;Lenovo Instant Reset Service; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [2012-03-26 572976]
S4 HiSuiteOuc64.exe;HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe -/service []
S4 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-03-05 857912]
S4 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-03-05 1809720]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-10-21 172488]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2014-01-23 11936560]
S4 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-06-21 216072]
S4 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\SysWOW64\NLSSRV32.EXE [2012-06-21 69640]
S4 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-05-01 889664]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-01 2458944]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-18 833728]
S4 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-11-12 5405456]
S4 VMAuthdService;VMware Authorization Service; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [2015-08-14 89792]
S4 VMnetDHCP;VMware DHCP Service; C:\Windows\SysWOW64\vmnetdhcp.exe [2015-08-14 358080]
S4 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2015-08-11 906944]
S4 VMware NAT Service;VMware NAT Service; C:\Windows\SysWOW64\vmnat.exe [2015-08-14 391872]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 27 říj 2016 16:47

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

freemind.dnb · #3 Příspěvek od **freemind.dnb** » 28 říj 2016 08:44

# AdwCleaner v6.030 - Log soubor vytvořen 28/10/2016 na 09:36:45
# Aktualizováno dne 19/10/2016 z Malwarebytes
# Databáze : 2016-10-18.1 [Místní]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : xhlavekj - USER-PC
# Beží od : C:\Users\User\Desktop\adwcleaner_6.030.exe
# Mod: Čištění
# Podpora : hxxps://www.malwarebytes.com/support

***** [ Služby ] *****

[-] Služby smazány:Util trolatunt

***** [ Adresáře ] *****

[-] Adresář smazán:C:\Users\User\AppData\Local\globalUpdate
[-] Adresář smazán:C:\Users\User\AppData\Roaming\IQIYI Video
[#] Adresář nelze smazat:C:\Users\User\AppData\Local\globalUpdate
[#] Adresář nelze smazat:C:\Users\User\AppData\Roaming\IQIYI Video
[-] Adresář smazán:C:\ProgramData\IQIYI Video
[-] Adresář smazán:C:\ProgramData\Partner
[#] Adresář nelze smazat:C:\ProgramData\Application Data\IQIYI Video
[#] Adresář nelze smazat:C:\ProgramData\Application Data\Partner
[-] Adresář smazán:C:\Program Files (x86)\Amazon\ABB
[-] Adresář smazán:C:\Program Files (x86)\globalUpdate
[-] Adresář smazán:C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
[#] Adresář nelze smazat:C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam

***** [ Soubory ] *****

[-] Soubor smazán:C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage
[#] Soubor smazán:C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupce ] *****

***** [ Plánovač úloh ] *****

***** [ Registry ] *****

[-] Klíč smazán:HKLM\SOFTWARE\Classes\GeePlayer.dir
[-] Klíč smazán:HKLM\SOFTWARE\Classes\HCDNProxy
[-] Klíč smazán:HKLM\SOFTWARE\Classes\ppsmb
[-] Klíč smazán:HKLM\SOFTWARE\Classes\qygameclient
[-] Klíč smazán:HKLM\SOFTWARE\Classes\QYPlugin.QYPluginCtrl.1
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\GeePlayer.dir
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\HCDNProxy
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\ppsmb
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\qygameclient
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\QYPlugin.QYPluginCtrl.1
[-] Klíč smazán:HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\Software\Classes\TypeLib\{E6F928E4-B672-4F3A-8CA2-53C4259235DE}
[-] Klíč smazán:HKCU\Software\Classes\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF-NOT}
[-] Klíč smazán:HKCU\Software\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Klíč smazán:HKCU\Software\Classes\CLSID\{61CED8F3-2CB2-4C3C-9484-7530E1127A58}
[-] Klíč smazán:HKCU\Software\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{307B3CDB-9EE3-4137-9D18-F9AD6537ECEB}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{D96C1D26-5CDF-4506-9244-57233C3984DF}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{138F4260-66CA-4F7C-812F-C6EED99B7EC7}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{790F2D3B-18EE-40E2-A45E-1FAC13B6AFB8}
[#] Klíč smazán po restartování:HKCU\Software\Classes\TypeLib\{E6F928E4-B672-4F3A-8CA2-53C4259235DE}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{B6360BD3-5CD0-40D3-BD87-DAFF37889F50}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{E1D75F62-CBBD-45C7-9D1D-6B5ECEC2E006}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{E6F928E4-B672-4F3A-8CA2-53C4259235DE}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Hodnota smazána:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Klíč smazán:[x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Klíč smazán:HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\SavePass 1.1
[-] Klíč smazán:HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\Software\Alexa Internet
[-] Klíč smazán:HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\Software\GlobalUpdate
[-] Klíč smazán:HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\Software\PPStream
[-] Klíč smazán:HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\Software\QyGameClient
[-] Klíč smazán:HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\Software\AppDataLow\Software\Crossrider
[-] Klíč smazán:HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\SavePass 1.1
[#] Klíč smazán po restartování:HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\SavePass 1.1
[#] Klíč smazán po restartování:HKCU\Software\Alexa Internet
[#] Klíč smazán po restartování:HKCU\Software\GlobalUpdate
[#] Klíč smazán po restartování:HKCU\Software\PPStream
[#] Klíč smazán po restartování:HKCU\Software\QyGameClient
[#] Klíč smazán po restartování:HKCU\Software\AppDataLow\Software\Crossrider
[-] Klíč smazán:HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Klíč smazán:HKLM\SOFTWARE\GlobalUpdate
[#] Klíč smazán po restartování:[x64] HKCU\Software\Alexa Internet
[#] Klíč smazán po restartování:[x64] HKCU\Software\GlobalUpdate
[#] Klíč smazán po restartování:[x64] HKCU\Software\PPStream
[#] Klíč smazán po restartování:[x64] HKCU\Software\QyGameClient
[#] Klíč smazán po restartování:[x64] HKCU\Software\AppDataLow\Software\Crossrider
[-] Klíč smazán:HKCU\Software\MozillaPlugins\@iqiyi.com/npWebPlayer
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Applications\GEEPLAYER.EXE
[-] Hodnota smazána:HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [QyBrowser.exe]
[-] Hodnota smazána:HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [QyClient.exe]
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\GeePlayer.exe
[-] Klíč smazán:HKLM\SOFTWARE\MozillaPlugins\@iqiyi.com/npclient
[-] Klíč smazán:HKLM\SOFTWARE\MozillaPlugins\@iqiyi.com/npWebPlayer
[#] Hodnota smazána po restartování:HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [QyBrowser.exe]
[#] Hodnota smazána po restartování:HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [QyClient.exe]
[#] Klíč smazán po restartování:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\GeePlayer.exe
[#] Klíč smazán po restartování:HKLM\SOFTWARE\CLASSES\APPLICATIONS\GEEPLAYER.EXE
[-] Klíč smazán:HKLM\SOFTWARE\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam

***** [ Prohlížeče ] *****

[-] Firefox nastavení vyčištěno:"extensions.crossrider.bic" - "1485909e0c2369449eba3340601026e2"
[-] Firefox nastavení vyčištěno:"extensions.crossrider.bic" - "1485909e0c2369449eba3340601026e2"
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazání:pbjikboenpfhbbejgkoklgkhjpfogcam
Ďakujem za skorú odpoveď. Tu je môj log z AdwCleaner.

[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazání:pbjikboenpfhbbejgkoklgkhjpfogcam

*************************

:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [9401 Bajtů] - [28/10/2016 09:36:45]
C:\AdwCleaner\AdwCleaner[S0].txt - [9222 Bajtů] - [28/10/2016 09:35:23]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [9549 Bajtů] ##########

#4 Příspěvek od **Rudy** » 28 říj 2016 11:14

Dejte nový log RSIT.

freemind.dnb · #5 Příspěvek od **freemind.dnb** » 28 říj 2016 11:35

Logfile of random's system information tool 1.13 (written by random/random)
Run by xhlavekj at 2016-10-28 12:34:15
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 260 GB (43%) free of 608 GB
Total RAM: 3996 MB (60% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:34:25, on 28.10.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18163)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Program Files\trend micro\xhlavekj_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [QHSafeTray] "C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe" /start
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: O&O Defrag Tray.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: 360 Total Security (QHActiveDefense) - QIHU 360 SOFTWARE CO. LIMITED - C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10479 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 44391472
\??\C:\Windows\system32\conhost.exe "1441565614281479120249922779146693111650170106-5548319101253571226-136374697
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\System32\svchost.exe -k utcsvc
taskeng.exe {FB64BB8E-066F-4D0A-9A29-ADA343AA7AF0}
"C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service
"\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files\OO Software\Defrag\oodag.exe"
"C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
"C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe" /watch
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe" /start
"C:\Program Files\OO Software\Defrag\oodtray.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel="4616.0.1562462773\52453425" "C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox\plugins\nptswp.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 4616 "\\.\pipe\gecko-crash-server-pipe.4616" plugin
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 5832
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-2447335282-1977187808-2655893882-10015_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-2447335282-1977187808-2655893882-10015 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Windows\system32\wbem\wmiprvse.exe
taskeng.exe {BFC9C916-B9CD-44AB-BFE9-C53ED86CCFD6}
taskeng.exe {917FAFB1-2829-48A5-A9FC-7D0A55110038}
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 636
"C:\Users\User\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\MirageAgent - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Windows\system32\tasks\OFFICE2010ACT - C:\Windows\system32\OFFICEICON.vbs
C:\Windows\system32\tasks\Synaptics TouchPad Enhancements - \Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\tasks\{372ADCDE-7B67-4C40-A012-CBA32948E9A0} - C:\Windows\system32\pcalua.exe -a G:\.autorun\autorun.exe -d G:\
C:\Windows\system32\tasks\{CA25C8D8-7D3D-47B4-8DAA-082B11C0CC9B} - C:\Windows\system32\pcalua.exe -a C:\Users\User\Downloads\Camel.Audio.CamelPhat.VST.v3.42.incl.Keygen-AiR\Camel.Audio.CamelPhat.VST.v3.42.incl.Keygen-AiR\Setup.exe -d C:\Users\User\Downloads\Camel.Audio.CamelPhat.VST.v3.42.incl.Keygen-AiR\Camel.Audio.CamelPhat.VST.v3.42.incl.Keygen-AiR
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-2447335282-1977187808-2655893882-1001 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B - %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess - %windir%\system32\GWX\GWX.exe /tasklaunch
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig - %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent - %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfigAndContent
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent - %windir%\system32\GWX\GWXConfigManager.exe /RefreshContent
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Lpksetup - C:\Windows\System32\lpksetup.exe -v
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Mcbuilder - C:\Windows\System32\mcbuilder.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Lenovo\Lenovo Customer Feedback Program - "%ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"
C:\Windows\system32\tasks\Lenovo\LSC\CreateHardwareScanTask - "C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe" WMI WMIController CreateFirstHWSchedule

=========Mozilla firefox=========

ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default

prefs.js - "browser.startup.homepage" - "google.sk"
prefs.js - "keyword.URL" - "google.sk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.213 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nitropdf.com/NitroPDF]
"Description"=NitroPDF Web Browser Plugin
"Path"=C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.213 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@iqiyi.com/npclient]
"Description"=iQiyi Browser Plugin
"Path"=C:\IQIYI Video\LStyle\npclient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@iqiyi.com/npWebPlayer]
"Description"=pps-webplayer-plugin
"Path"=C:\IQIYI Video\LStyle\npWebPlayer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.77.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.77.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default\addons.json
Todoist: To-Do list and Task Manager - extension - support@todoist.com
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
Greasemonkey - extension - {e4a8a97b-f2ed-450b-b12d-ee082ba24781}
YouTube ALL HTML5 - extension - jid1-qj0w91o64N7Eeg@jetpack
360 Internet Protection for Firefox - extension - WebProtection@360safe.com

C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default\extensions.json
McAfee SiteAdvisor - extension - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - C:\Program Files (x86)\McAfee\SiteAdvisor
Todoist: To-Do list and Task Manager - extension - support@todoist.com - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default\extensions\support@todoist.com.xpi
360 Internet Protection - extension - WebProtection@360safe.com - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
Greasemonkey - extension - {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
YouTube ALL HTML5 - extension - jid1-qj0w91o64N7Eeg@jetpack - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default\extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi

C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default\pluginreg.dat
Plugin - AdobeAAMDetect - 1.0.0.0 - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
Plugin - Adobe Acrobat - 15.20.20039.7108 - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
Plugin - Google Update - 1.3.31.5 - C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
Plugin - Nitro PDF Plug-In - 7.4.1.12 - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
Plugin - Windows Live Photo Gallery - 15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
Plugin - Microsoft Office 2010 - 14.0.4730.1010 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
Plugin - Microsoft Office 2010 - 14.0.4761.1000 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
Plugin - Silverlight Plug-In - 5.1.41212.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll
Plugin - Intel® Identity Protection Technology - 2.0.59.0 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
Plugin - Shockwave for Director - 12.1.8.158 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll
Plugin - Shockwave Flash - 21.0.0.213 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll
Plugin - Unity Player - 5.0.1.11919 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
Plugin - 360 Total Security - 6.0.0.1004 - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox\plugins\nptswp.dll

=========Google Chrome=========

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension fheoggkfdfchfphceeifdbepaooicaho 0 McAfee® WebAdvisor 4.0.0.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension gighmmpiobklfepjocnamgkkbiglidom 1 AdBlock 3.4.0
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Chrome Web Store Payments 1.0.0.0
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5416.905.0.6
Homepage:
default_search_provider.search_url:
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho]
"Path"=

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
"URL"=http://www.google.com/search?q={searchT ... urceid=ie7

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
"URL"=http://www.google.com/search?q={searchT ... urceid=ie7

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-02 553024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2014-01-24 301104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}]
SafeMon Class - C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-08-10 1070160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-02 214080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2014-01-24 252664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2014-01-24 301104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2014-01-24 252664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-06-07 170304]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-06-07 440128]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2012-08-06 8079408]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2012-08-06 6202416]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26 500936]
"OODefragTray"=C:\Program Files\OO Software\Defrag\oodtray.exe [2016-02-15 4468424]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2016-04-29 7943072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\331BigDog]
C:\Program Files (x86)\USB Camera\VM331_STI.EXE [2011-11-24 548864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16 1156824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boxoft Tools]
C:\ProgramData\Boxtools\Boxofttoolbox.exe [2010-12-15 514048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cAudioFilterAgent]
C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2011-12-15 564352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dolby Advanced Audio v2]
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2011-12-21 507744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDCtrl]
C:\Program Files\Elantech\ETDCtrl.exe [2012-01-16 2809856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2012-06-07 398656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-11-30 284440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lenovo EE Boot Optimizer]
C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lenovo Registration]
C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [2012-01-26 4351712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LockKey]
C:\Program Files (x86)\LockKey\LockKey.exe [2011-08-26 337776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2014-06-27 408888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-03-20 595992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GShortCut]
C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2010-07-27 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePRCShortCut]
C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe C:\Program Files\Lenovo\OneKey App\OneKey Recovery UpdateWithCreateOnce Software\Lenovo\OneKey App\OneKey Recovery []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeriFaceManager]
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirage]
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29 136488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Tray]
C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2011-01-29 228448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\Lenovo\BLUETO~1\BTTray.exe [2012-02-02 1380128]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-05-21 291648]
"QHSafeTray"=C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [2016-08-10 1153448]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
O&O Defrag Tray.lnk - C:\Windows\Installer\{10F2471C-34AD-4C33-9F92-039B8BC44AC0}\app_icon.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit -
.js - open - C:\Program Files (x86)\JetBrains\PhpStorm 10.0\bin\PhpStorm.exe "%1"

======List of files/folders created in the last 1 month======

2016-10-28 09:33:11 ----D---- C:\AdwCleaner
2016-10-27 11:25:07 ----D---- C:\rsit
2016-10-27 11:25:07 ----D---- C:\Program Files\trend micro
2016-10-26 20:30:00 ----A---- C:\Windows\SYSWOW64\HookDll.dll
2016-10-23 15:06:12 ----D---- C:\ProgramData\Schaack Audio Technologies
2016-10-23 12:00:50 ----SD---- C:\Program Files (x86)\Waves
2016-10-23 11:37:34 ----D---- C:\Program Files (x86)\Waves Central
2016-10-23 01:14:58 ----A---- C:\Windows\SYSWOW64\ReWire.dll
2016-10-13 15:14:41 ----D---- C:\Program Files\Slate Digital
2016-10-13 14:43:13 ----D---- C:\ProgramData\PACE
2016-10-13 14:34:23 ----D---- C:\Program Files (x86)\iLok License Manager
2016-10-13 14:31:08 ----D---- C:\ProgramData\Apple
2016-10-13 14:31:08 ----D---- C:\Program Files\Bonjour
2016-10-13 14:31:08 ----D---- C:\Program Files (x86)\Bonjour
2016-10-13 14:25:33 ----D---- C:\Program Files\Soundtoys
2016-10-10 13:29:14 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_yuv_.dll
2016-10-10 13:29:13 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_ycbcr_.dll
2016-10-10 13:29:12 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_xtrn_.dll
2016-10-10 13:29:11 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_xps_.dll
2016-10-10 13:29:10 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_xpm_.dll
2016-10-10 13:29:09 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_xc_.dll
2016-10-10 13:29:07 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_xcf_.dll
2016-10-10 13:29:06 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_xbm_.dll
2016-10-10 13:29:05 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_wpg_.dll
2016-10-10 13:29:04 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_wmf_.dll
2016-10-10 13:29:03 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_webp_.dll
2016-10-10 13:29:02 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_wbmp_.dll
2016-10-10 13:29:02 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_vips_.dll
2016-10-10 13:29:01 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_viff_.dll
2016-10-10 13:29:00 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_vid_.dll
2016-10-10 13:28:58 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_vicar_.dll
2016-10-10 13:28:58 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_uyvy_.dll
2016-10-10 13:28:57 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_url_.dll
2016-10-10 13:28:56 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_uil_.dll
2016-10-10 13:28:55 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_txt_.dll
2016-10-10 13:28:54 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_ttf_.dll
2016-10-10 13:28:53 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_tim_.dll
2016-10-10 13:28:52 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_tile_.dll
2016-10-10 13:28:52 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_tiff_.dll
2016-10-10 13:28:51 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_thumbnail_.dll
2016-10-10 13:28:50 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_tga_.dll
2016-10-10 13:28:49 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_svg_.dll
2016-10-10 13:28:48 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_sun_.dll
2016-10-10 13:28:47 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_stegano_.dll
2016-10-10 13:28:46 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_sgi_.dll
2016-10-10 13:28:46 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_sfw_.dll
2016-10-10 13:28:45 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_sct_.dll
2016-10-10 13:28:44 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_scr_.dll
2016-10-10 13:28:43 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_screenshot_.dll
2016-10-10 13:28:42 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_rle_.dll
2016-10-10 13:28:41 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_rla_.dll
2016-10-10 13:28:40 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_rgf_.dll
2016-10-10 13:28:40 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_rgb_.dll
2016-10-10 13:28:39 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_raw_.dll
2016-10-10 13:28:33 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pwp_.dll
2016-10-10 13:28:32 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_psd_.dll
2016-10-10 13:28:32 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_ps_.dll
2016-10-10 13:28:31 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_ps3_.dll
2016-10-10 13:28:30 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_ps2_.dll
2016-10-10 13:28:29 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_preview_.dll
2016-10-10 13:28:28 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pnm_.dll
2016-10-10 13:28:27 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_png_.dll
2016-10-10 13:28:27 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_plasma_.dll
2016-10-10 13:28:26 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pix_.dll
2016-10-10 13:28:24 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pict_.dll
2016-10-10 13:28:23 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pes_.dll
2016-10-10 13:28:22 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pdf_.dll
2016-10-10 13:28:22 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pdb_.dll
2016-10-10 13:28:21 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pcx_.dll
2016-10-10 13:28:19 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pcl_.dll
2016-10-10 13:28:19 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pcd_.dll
2016-10-10 13:28:14 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pattern_.dll
2016-10-10 13:28:13 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pango_.dll
2016-10-10 13:28:12 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_palm_.dll
2016-10-10 13:28:12 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_otb_.dll
2016-10-10 13:28:11 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_null_.dll
2016-10-10 13:28:10 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mvg_.dll
2016-10-10 13:28:09 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mtv_.dll
2016-10-10 13:28:08 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_msl_.dll
2016-10-10 13:28:07 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mpr_.dll
2016-10-10 13:28:03 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mpeg_.dll
2016-10-10 13:28:02 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mpc_.dll
2016-10-10 13:28:01 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mono_.dll
2016-10-10 13:28:00 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_miff_.dll
2016-10-10 13:27:59 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_meta_.dll
2016-10-10 13:27:58 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_matte_.dll
2016-10-10 13:27:58 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mat_.dll
2016-10-10 13:27:57 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mask_.dll
2016-10-10 13:27:56 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_map_.dll
2016-10-10 13:27:55 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_magick_.dll
2016-10-10 13:27:54 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mac_.dll
2016-10-10 13:27:53 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_label_.dll
2016-10-10 13:27:52 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_json_.dll
2016-10-10 13:27:51 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_jpeg_.dll
2016-10-10 13:27:49 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_jp2_.dll
2016-10-10 13:27:48 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_jnx_.dll
2016-10-10 13:27:47 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_jbig_.dll
2016-10-10 13:27:47 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_ipl_.dll
2016-10-10 13:27:46 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_inline_.dll
2016-10-10 13:27:45 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_info_.dll
2016-10-10 13:27:44 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_icon_.dll
2016-10-10 13:27:43 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_html_.dll
2016-10-10 13:27:43 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_hrz_.dll
2016-10-10 13:27:41 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_histogram_.dll
2016-10-10 13:27:40 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_hdr_.dll
2016-10-10 13:27:39 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_hald_.dll
2016-10-10 13:27:39 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_gray_.dll
2016-10-10 13:27:38 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_gradient_.dll
2016-10-10 13:27:37 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_gif_.dll
2016-10-10 13:27:36 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_fpx_.dll
2016-10-10 13:27:35 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_fits_.dll
2016-10-10 13:27:34 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_fd_.dll
2016-10-10 13:27:33 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_fax_.dll
2016-10-10 13:27:32 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_exr_.dll
2016-10-10 13:27:31 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_ept_.dll
2016-10-10 13:27:30 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_emf_.dll
2016-10-10 13:27:29 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_dpx_.dll
2016-10-10 13:27:28 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_dps_.dll
2016-10-10 13:27:28 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_dot_.dll
2016-10-10 13:27:27 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_dng_.dll
2016-10-10 13:27:26 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_djvu_.dll
2016-10-10 13:27:25 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_dib_.dll
2016-10-10 13:27:24 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_debug_.dll
2016-10-10 13:27:23 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_dds_.dll
2016-10-10 13:27:22 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_dcm_.dll
2016-10-10 13:27:22 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_cut_.dll
2016-10-10 13:27:20 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_cmyk_.dll
2016-10-10 13:27:19 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_clip_.dll
2016-10-10 13:27:18 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_clipboard_.dll
2016-10-10 13:27:17 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_cip_.dll
2016-10-10 13:27:16 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_cin_.dll
2016-10-10 13:27:16 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_caption_.dll
2016-10-10 13:27:15 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_cals_.dll
2016-10-10 13:27:14 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_braille_.dll
2016-10-10 13:27:13 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_bmp_.dll
2016-10-10 13:27:12 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_bgr_.dll
2016-10-10 13:27:11 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_avs_.dll
2016-10-10 13:27:10 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_art_.dll
2016-10-10 13:27:09 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_aai_.dll
2016-10-10 13:27:08 ----A---- C:\Windows\SYSWOW64\CORE_RL_zlib_.dll
2016-10-10 13:27:08 ----A---- C:\Windows\SYSWOW64\CORE_RL_webp_.dll
2016-10-10 13:27:07 ----A---- C:\Windows\SYSWOW64\CORE_RL_wand_.dll
2016-10-10 13:27:06 ----A---- C:\Windows\SYSWOW64\CORE_RL_ttf_.dll
2016-10-10 13:27:05 ----A---- C:\Windows\SYSWOW64\CORE_RL_tiff_.dll
2016-10-10 13:27:04 ----A---- C:\Windows\SYSWOW64\CORE_RL_png_.dll
2016-10-10 13:27:03 ----A---- C:\Windows\SYSWOW64\CORE_RL_pango_.dll
2016-10-10 13:27:02 ----A---- C:\Windows\SYSWOW64\CORE_RL_openjpeg_.dll
2016-10-10 13:27:01 ----A---- C:\Windows\SYSWOW64\CORE_RL_magick_.dll
2016-10-10 13:27:00 ----A---- C:\Windows\SYSWOW64\CORE_RL_Magick++_.dll
2016-10-10 13:26:59 ----A---- C:\Windows\SYSWOW64\CORE_RL_lqr_.dll
2016-10-10 13:26:58 ----A---- C:\Windows\SYSWOW64\CORE_RL_libxml_.dll
2016-10-10 13:26:56 ----A---- C:\Windows\SYSWOW64\CORE_RL_librsvg_.dll
2016-10-10 13:26:55 ----A---- C:\Windows\SYSWOW64\CORE_RL_lcms_.dll
2016-10-10 13:26:54 ----A---- C:\Windows\SYSWOW64\CORE_RL_jpeg_.dll
2016-10-10 13:26:53 ----A---- C:\Windows\SYSWOW64\CORE_RL_jp2_.dll
2016-10-10 13:26:52 ----A---- C:\Windows\SYSWOW64\CORE_RL_jbig_.dll
2016-10-10 13:26:50 ----A---- C:\Windows\SYSWOW64\CORE_RL_glib_.dll
2016-10-10 13:26:48 ----A---- C:\Windows\SYSWOW64\CORE_RL_bzlib_.dll
2016-10-10 13:24:41 ----D---- C:\MAMP
2016-10-07 12:56:17 ----D---- C:\Program Files (x86)\HuaweiUpdateExtractor
2016-10-07 11:43:12 ----AD---- C:\adb
2016-10-07 11:09:46 ----D---- C:\Perl
2016-10-07 11:06:37 ----D---- C:\Users\User\AppData\Roaming\ActiveState
2016-10-06 14:27:20 ----A---- C:\Windows\system32\drivers\usbser.sys
2016-10-06 14:27:20 ----A---- C:\Windows\system32\drivers\hw_usbdev.sys
2016-10-06 14:27:20 ----A---- C:\Windows\system32\drivers\hw_quusbnet.sys
2016-10-06 14:27:20 ----A---- C:\Windows\system32\drivers\hw_quusbmdm.sys
2016-10-06 14:27:20 ----A---- C:\Windows\system32\drivers\hw_cdcacm.sys
2016-10-06 14:27:20 ----A---- C:\Windows\system32\drivers\ew_usbccgpfilter.sys
2016-10-06 14:26:20 ----D---- C:\Program Files (x86)\HiSuite
2016-09-29 03:15:36 ----A---- C:\Windows\SYSWOW64\Pioneer_MIX_ASIO.dll

======List of files/folders modified in the last 1 month======

2016-10-28 12:34:25 ----D---- C:\Windows\Prefetch
2016-10-28 12:34:17 ----D---- C:\Windows\Temp
2016-10-28 09:50:30 ----D---- C:\Windows\system32\config
2016-10-28 09:42:49 ----A---- C:\Windows\SYSWOW64\log.txt
2016-10-28 09:38:57 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-28 09:38:57 ----AD---- C:\Windows
2016-10-28 09:36:07 ----RD---- C:\Program Files (x86)
2016-10-28 09:36:07 ----HD---- C:\ProgramData
2016-10-28 09:33:48 ----AD---- C:\Windows\System32
2016-10-28 09:33:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-10-28 09:33:47 ----D---- C:\Windows\inf
2016-10-27 23:16:21 ----D---- C:\Users\User\AppData\Roaming\vlc
2016-10-27 17:49:28 ----D---- C:\Users\User\AppData\Roaming\PioneerLog
2016-10-27 14:55:22 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-27 14:55:12 ----D---- C:\Windows\system32\drivers
2016-10-27 11:25:07 ----RD---- C:\Program Files
2016-10-27 11:23:32 ----D---- C:\ProgramData\360Quarant
2016-10-26 21:40:18 ----D---- C:\Program Files\VstPlugins
2016-10-26 21:37:01 ----D---- C:\Users\User\AppData\Roaming\Waves Audio
2016-10-26 21:32:35 ----D---- C:\Program Files (x86)\VstPlugins
2016-10-26 20:44:14 ----D---- C:\Windows\SysWOW64
2016-10-26 20:44:12 ----SHD---- C:\Windows\Installer
2016-10-26 20:41:15 ----D---- C:\Program Files\Common Files\VST3
2016-10-26 20:29:50 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2016-10-26 20:29:43 ----SHD---- C:\System Volume Information
2016-10-23 17:12:18 ----D---- C:\Users\User\AppData\Roaming\uTorrent
2016-10-23 14:48:15 ----D---- C:\ProgramData\ValhallaRoom
2016-10-23 13:59:17 ----A---- C:\Windows\SYSWOW64\msvcsv60.dll
2016-10-23 12:44:36 ----SD---- C:\ProgramData\Waves Audio
2016-10-23 12:40:21 ----D---- C:\ProgramData\Package Cache
2016-10-23 12:00:50 ----D---- C:\Program Files (x86)\Common Files
2016-10-23 00:46:16 ----D---- C:\Users\User\AppData\Roaming\Skype
2016-10-21 19:44:55 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-10-21 19:36:37 ----D---- C:\Windows\system32\NDF
2016-10-20 21:12:31 ----D---- C:\Users\User\AppData\Roaming\Tokyo Dawn Labs
2016-10-16 15:34:34 ----D---- C:\Program Files (x86)\Pioneer
2016-10-16 01:48:33 ----D---- C:\Users\User\AppData\Roaming\Maize Sampler Player
2016-10-13 15:14:42 ----D---- C:\ProgramData\Slate Digital
2016-10-13 14:34:58 ----D---- C:\Windows\system32\DriverStore
2016-10-12 15:03:58 ----D---- C:\Windows\system32\Tasks
2016-10-10 13:29:52 ----D---- C:\Windows\winsxs
2016-10-07 11:43:53 ----D---- C:\Program Files\DIFX
2016-10-03 17:41:10 ----SD---- C:\Users\User\AppData\Roaming\Microsoft
2016-09-30 12:07:59 ----D---- C:\ProgramData\360TotalSecurity

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2011-11-29 568600]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-05-21 19264]
R0 LHDmgr;LHDmgr; C:\Windows\System32\DRIVERS\LhdX64.sys [2012-08-06 39008]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2012-05-01 28992]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 vmci;VMware VMCI Bus Driver; C:\Windows\system32\DRIVERS\vmci.sys [2015-08-04 90816]
R0 vsock;vSockets Driver; C:\Windows\system32\drivers\vsock.sys [2015-08-04 75512]
R1 360AntiHacker;360Safe Anti Hacker Service; C:\Windows\System32\Drivers\360AntiHacker64.sys [2016-08-10 151784]
R1 360Box64;360Box mini-filter driver; C:\Windows\system32\DRIVERS\360Box64.sys [2016-08-10 330472]
R1 360Camera;360Safe Camera Filter Service; C:\Windows\System32\Drivers\360Camera64.sys [2015-12-17 40520]
R1 360FsFlt;360FsFlt mini-filter driver; C:\Windows\system32\DRIVERS\360FsFlt.sys [2016-08-10 391392]
R1 BAPIDRV;BAPIDRV; C:\Windows\system32\DRIVERS\BAPIDRV64.sys [2016-08-10 190696]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-08-03 283064]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\system32\drivers\HWiNFO64A.SYS [2014-11-03 27552]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2014-06-27 131856]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2015-08-11 57536]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2015-08-14 48832]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2015-08-14 26816]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys [2015-08-14 66752]
R3 360AvFlt;360AvFlt mini-filter driver; C:\Windows\system32\DRIVERS\360AvFlt.sys [2016-08-10 86248]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\Windows\system32\DRIVERS\AcpiVpc.sys [2012-08-06 30816]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-10-27 4746304]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2011-01-29 31088]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-06-07 14760096]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-05-21 357184]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-05-21 789824]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2012-03-02 104048]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2012-11-06 461624]
R3 vm331avs;Digital Camera 1; C:\Windows\System32\Drivers\vm331avs.sys [2011-12-06 952832]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2015-08-14 28864]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter; C:\Windows\system32\drivers\bcbtums.sys [2012-02-02 134696]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-10-10 80384]
S3 btwampfl;btwampfl Bluetooth filter driver; \??\C:\Windows\system32\drivers\btwampfl.sys [2012-02-02 615976]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2012-02-02 184360]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2012-02-02 211496]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2012-02-02 39976]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2012-02-02 21544]
S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2012-01-31 1601152]
S3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2012-01-16 208168]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2015-10-26 34720]
S3 HWHandSet;HWUSBSERSP; C:\Windows\system32\DRIVERS\hw_quusbmdm.sys [2016-05-25 223232]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUVStor.sys [2011-11-15 313960]
S3 SynasUSB;SynasUSB; C:\Windows\system32\drivers\SynUSB64.sys [2006-11-16 31248]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 VSPerfDrv110;Performance Tools Driver 11.0; \??\C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2012-07-13 70264]
S4 DamageGuard;DamageGuard; C:\Windows\system32\DRIVERS\DamageGuardX64.sys [2012-02-11 217392]
S4 dgFltr;dgFltr; C:\Windows\system32\drivers\dgFltrX64.sys [2011-12-13 23648]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2014-07-23 172344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-09-16 82128]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [2016-08-26 192200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-28 161560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-02-28 277784]
R2 OODefragAgent;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2016-02-15 3636936]
R2 PaceLicenseDServices;PACE License Services; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2016-06-30 45692456]
R2 QHActiveDefense;360 Total Security; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [2016-08-10 914344]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2012-02-11 129624]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-28 363800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc []
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-06-07 276288]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-07-25 139776]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-12-12 114688]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 50942144]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Te.Service;Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 126976]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-04 269504]
S4 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2012-02-02 945440]
S4 CxAudMsg;@C:\Windows\system32\CxAudMsg64.exe,-100; C:\Windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S4 DamageGuardSvc;Lenovo Instant Reset Service; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [2012-03-26 572976]
S4 HiSuiteOuc64.exe;HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe -/service []
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-10-21 172488]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2014-01-23 11936560]
S4 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-06-21 216072]
S4 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\SysWOW64\NLSSRV32.EXE [2012-06-21 69640]
S4 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-05-01 889664]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-01 2458944]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-18 833728]
S4 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-11-12 5405456]
S4 VMAuthdService;VMware Authorization Service; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [2015-08-14 89792]
S4 VMnetDHCP;VMware DHCP Service; C:\Windows\SysWOW64\vmnetdhcp.exe [2015-08-14 358080]
S4 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2015-08-11 906944]
S4 VMware NAT Service;VMware NAT Service; C:\Windows\SysWOW64\vmnat.exe [2015-08-14 391872]

-----------------EOF-----------------

#6 Příspěvek od **Rudy** » 28 říj 2016 16:33

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\system32\tasks\{372ADCDE-7B67-4C40-A012-CBA32948E9A0}
C:\Windows\system32\tasks\{CA25C8D8-7D3D-47B4-8DAA-082B11C0CC9B}

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
"URL"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
"URL"=-

:services
Bonjour Service

:commands
[Puriity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

freemind.dnb · #7 Příspěvek od **freemind.dnb** » 28 říj 2016 16:52

Logfile of random's system information tool 1.13 (written by random/random)
Run by xhlavekj at 2016-10-28 17:50:01
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 263 GB (43%) free of 608 GB
Total RAM: 3996 MB (65% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:50:26, on 28.10.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18163)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
C:\Program Files\trend micro\xhlavekj_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [QHSafeTray] "C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe" /start
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: O&O Defrag Tray.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: 360 Total Security (QHActiveDefense) - QIHU 360 SOFTWARE CO. LIMITED - C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10294 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

"C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 31090400
\??\C:\Windows\system32\conhost.exe "6960920772095477862-49240846-533652997-1086066578-1145807979-604735550662491857
taskeng.exe {FA42F743-3819-47F2-A652-EFF05ABE7A99}
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files\OO Software\Defrag\oodag.exe"
"taskhost.exe"
taskeng.exe {4D4834C3-E6D1-4498-B642-AFE6870DBA4C}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Windows\system32\Dwm.exe"
"\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe" /watch
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files\OO Software\Defrag\oodtray.exe"
"C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe" /start
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 5060
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Users\User\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\MirageAgent - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Windows\system32\tasks\OFFICE2010ACT - C:\Windows\system32\OFFICEICON.vbs
C:\Windows\system32\tasks\Synaptics TouchPad Enhancements - \Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\tasks\{372ADCDE-7B67-4C40-A012-CBA32948E9A0} - C:\Windows\system32\pcalua.exe -a G:\.autorun\autorun.exe -d G:\
C:\Windows\system32\tasks\{CA25C8D8-7D3D-47B4-8DAA-082B11C0CC9B} - C:\Windows\system32\pcalua.exe -a C:\Users\User\Downloads\Camel.Audio.CamelPhat.VST.v3.42.incl.Keygen-AiR\Camel.Audio.CamelPhat.VST.v3.42.incl.Keygen-AiR\Setup.exe -d C:\Users\User\Downloads\Camel.Audio.CamelPhat.VST.v3.42.incl.Keygen-AiR\Camel.Audio.CamelPhat.VST.v3.42.incl.Keygen-AiR
C:\Windows\system32\tasks\WPD\SqmUpload_S-1-5-21-2447335282-1977187808-2655893882-1001 - %windir%\system32\rundll32.exe portabledeviceapi.dll,#1
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B - %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess - %windir%\system32\GWX\GWX.exe /tasklaunch
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig - %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent - %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfigAndContent
C:\Windows\system32\tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent - %windir%\system32\GWX\GWXConfigManager.exe /RefreshContent
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Lpksetup - C:\Windows\System32\lpksetup.exe -v
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\MUI\Mcbuilder - C:\Windows\System32\mcbuilder.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Lenovo\Lenovo Customer Feedback Program - "%ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"
C:\Windows\system32\tasks\Lenovo\LSC\CreateHardwareScanTask - "C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe" WMI WMIController CreateFirstHWSchedule

=========Mozilla firefox=========

ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default

prefs.js - "browser.startup.homepage" - "google.sk"
prefs.js - "keyword.URL" - "google.sk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.213 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nitropdf.com/NitroPDF]
"Description"=NitroPDF Web Browser Plugin
"Path"=C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.213 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@iqiyi.com/npclient]
"Description"=iQiyi Browser Plugin
"Path"=C:\IQIYI Video\LStyle\npclient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@iqiyi.com/npWebPlayer]
"Description"=pps-webplayer-plugin
"Path"=C:\IQIYI Video\LStyle\npWebPlayer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.77.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.77.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default\addons.json
Todoist: To-Do list and Task Manager - extension - support@todoist.com
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
Greasemonkey - extension - {e4a8a97b-f2ed-450b-b12d-ee082ba24781}
YouTube ALL HTML5 - extension - jid1-qj0w91o64N7Eeg@jetpack
360 Internet Protection for Firefox - extension - WebProtection@360safe.com

C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default\extensions.json
McAfee SiteAdvisor - extension - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - C:\Program Files (x86)\McAfee\SiteAdvisor
Todoist: To-Do list and Task Manager - extension - support@todoist.com - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default\extensions\support@todoist.com.xpi
360 Internet Protection - extension - WebProtection@360safe.com - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
Greasemonkey - extension - {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
Multi-process staged rollout - extension - e10srollout@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Pocket - extension - firefox@getpocket.com - C:\Program Files (x86)\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Web Compat - extension - webcompat@mozilla.org - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Default - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
Adblock Plus - extension - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
YouTube ALL HTML5 - extension - jid1-qj0w91o64N7Eeg@jetpack - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default\extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi
Asynchronous Plugin Rendering - extension - asyncrendering@mozilla.org - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default\features\{abbd482e-f1b4-491b-9b3e-9c0765d673d6}\asyncrendering@mozilla.org.xpi

C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4pl7n31t.default\pluginreg.dat
Plugin - AdobeAAMDetect - 1.0.0.0 - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
Plugin - Adobe Acrobat - 15.20.20039.7108 - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
Plugin - Google Update - 1.3.31.5 - C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
Plugin - Nitro PDF Plug-In - 7.4.1.12 - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
Plugin - Windows Live Photo Gallery - 15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
Plugin - Microsoft Office 2010 - 14.0.4730.1010 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
Plugin - Microsoft Office 2010 - 14.0.4761.1000 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
Plugin - Silverlight Plug-In - 5.1.41212.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll
Plugin - Intel® Identity Protection Technology - 2.0.59.0 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
Plugin - Shockwave for Director - 12.1.8.158 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll
Plugin - Shockwave Flash - 21.0.0.213 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll
Plugin - Unity Player - 5.0.1.11919 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
Plugin - 360 Total Security - 6.0.0.1004 - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox\plugins\nptswp.dll

=========Google Chrome=========

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension fheoggkfdfchfphceeifdbepaooicaho 0 McAfee® WebAdvisor 4.0.0.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension gighmmpiobklfepjocnamgkkbiglidom 1 AdBlock 3.4.0
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Chrome Web Store Payments 1.0.0.0
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5416.905.0.6
Homepage:
default_search_provider.search_url:
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho]
"Path"=

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
"URL"=http://www.google.com/search?q={searchT ... urceid=ie7

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-02 553024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2014-01-24 301104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}]
SafeMon Class - C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-08-10 1070160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-02 214080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2014-01-24 252664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2014-01-24 301104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2014-01-24 252664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-06-07 170304]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-06-07 440128]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2012-08-06 8079408]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2012-08-06 6202416]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26 500936]
"OODefragTray"=C:\Program Files\OO Software\Defrag\oodtray.exe [2016-02-15 4468424]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2016-04-29 7943072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\331BigDog]
C:\Program Files (x86)\USB Camera\VM331_STI.EXE [2011-11-24 548864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16 1156824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boxoft Tools]
C:\ProgramData\Boxtools\Boxofttoolbox.exe [2010-12-15 514048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cAudioFilterAgent]
C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2011-12-15 564352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dolby Advanced Audio v2]
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2011-12-21 507744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDCtrl]
C:\Program Files\Elantech\ETDCtrl.exe [2012-01-16 2809856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2012-06-07 398656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-11-30 284440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lenovo EE Boot Optimizer]
C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lenovo Registration]
C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [2012-01-26 4351712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LockKey]
C:\Program Files (x86)\LockKey\LockKey.exe [2011-08-26 337776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2014-06-27 408888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-03-20 595992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GShortCut]
C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2010-07-27 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePRCShortCut]
C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe C:\Program Files\Lenovo\OneKey App\OneKey Recovery UpdateWithCreateOnce Software\Lenovo\OneKey App\OneKey Recovery []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeriFaceManager]
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirage]
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29 136488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Tray]
C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2011-01-29 228448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\Lenovo\BLUETO~1\BTTray.exe [2012-02-02 1380128]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-05-21 291648]
"QHSafeTray"=C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [2016-08-10 1153448]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
O&O Defrag Tray.lnk - C:\Windows\Installer\{10F2471C-34AD-4C33-9F92-039B8BC44AC0}\app_icon.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit -
.js - open - C:\Program Files (x86)\JetBrains\PhpStorm 10.0\bin\PhpStorm.exe "%1"

======List of files/folders created in the last 1 month======

2016-10-28 17:43:04 ----D---- C:\_OTM
2016-10-28 09:33:11 ----D---- C:\AdwCleaner
2016-10-27 11:25:07 ----D---- C:\rsit
2016-10-27 11:25:07 ----D---- C:\Program Files\trend micro
2016-10-26 20:30:00 ----A---- C:\Windows\SYSWOW64\HookDll.dll
2016-10-23 15:06:12 ----D---- C:\ProgramData\Schaack Audio Technologies
2016-10-23 12:00:50 ----SD---- C:\Program Files (x86)\Waves
2016-10-23 11:37:34 ----D---- C:\Program Files (x86)\Waves Central
2016-10-23 01:14:58 ----A---- C:\Windows\SYSWOW64\ReWire.dll
2016-10-13 15:14:41 ----D---- C:\Program Files\Slate Digital
2016-10-13 14:43:13 ----D---- C:\ProgramData\PACE
2016-10-13 14:34:23 ----D---- C:\Program Files (x86)\iLok License Manager
2016-10-13 14:31:08 ----D---- C:\ProgramData\Apple
2016-10-13 14:31:08 ----D---- C:\Program Files\Bonjour
2016-10-13 14:31:08 ----D---- C:\Program Files (x86)\Bonjour
2016-10-13 14:25:33 ----D---- C:\Program Files\Soundtoys
2016-10-10 13:29:14 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_yuv_.dll
2016-10-10 13:29:13 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_ycbcr_.dll
2016-10-10 13:29:12 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_xtrn_.dll
2016-10-10 13:29:11 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_xps_.dll
2016-10-10 13:29:10 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_xpm_.dll
2016-10-10 13:29:09 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_xc_.dll
2016-10-10 13:29:07 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_xcf_.dll
2016-10-10 13:29:06 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_xbm_.dll
2016-10-10 13:29:05 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_wpg_.dll
2016-10-10 13:29:04 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_wmf_.dll
2016-10-10 13:29:03 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_webp_.dll
2016-10-10 13:29:02 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_wbmp_.dll
2016-10-10 13:29:02 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_vips_.dll
2016-10-10 13:29:01 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_viff_.dll
2016-10-10 13:29:00 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_vid_.dll
2016-10-10 13:28:58 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_vicar_.dll
2016-10-10 13:28:58 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_uyvy_.dll
2016-10-10 13:28:57 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_url_.dll
2016-10-10 13:28:56 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_uil_.dll
2016-10-10 13:28:55 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_txt_.dll
2016-10-10 13:28:54 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_ttf_.dll
2016-10-10 13:28:53 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_tim_.dll
2016-10-10 13:28:52 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_tile_.dll
2016-10-10 13:28:52 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_tiff_.dll
2016-10-10 13:28:51 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_thumbnail_.dll
2016-10-10 13:28:50 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_tga_.dll
2016-10-10 13:28:49 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_svg_.dll
2016-10-10 13:28:48 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_sun_.dll
2016-10-10 13:28:47 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_stegano_.dll
2016-10-10 13:28:46 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_sgi_.dll
2016-10-10 13:28:46 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_sfw_.dll
2016-10-10 13:28:45 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_sct_.dll
2016-10-10 13:28:44 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_scr_.dll
2016-10-10 13:28:43 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_screenshot_.dll
2016-10-10 13:28:42 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_rle_.dll
2016-10-10 13:28:41 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_rla_.dll
2016-10-10 13:28:40 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_rgf_.dll
2016-10-10 13:28:40 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_rgb_.dll
2016-10-10 13:28:39 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_raw_.dll
2016-10-10 13:28:33 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pwp_.dll
2016-10-10 13:28:32 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_psd_.dll
2016-10-10 13:28:32 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_ps_.dll
2016-10-10 13:28:31 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_ps3_.dll
2016-10-10 13:28:30 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_ps2_.dll
2016-10-10 13:28:29 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_preview_.dll
2016-10-10 13:28:28 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pnm_.dll
2016-10-10 13:28:27 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_png_.dll
2016-10-10 13:28:27 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_plasma_.dll
2016-10-10 13:28:26 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pix_.dll
2016-10-10 13:28:24 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pict_.dll
2016-10-10 13:28:23 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pes_.dll
2016-10-10 13:28:22 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pdf_.dll
2016-10-10 13:28:22 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pdb_.dll
2016-10-10 13:28:21 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pcx_.dll
2016-10-10 13:28:19 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pcl_.dll
2016-10-10 13:28:19 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pcd_.dll
2016-10-10 13:28:14 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pattern_.dll
2016-10-10 13:28:13 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_pango_.dll
2016-10-10 13:28:12 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_palm_.dll
2016-10-10 13:28:12 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_otb_.dll
2016-10-10 13:28:11 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_null_.dll
2016-10-10 13:28:10 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mvg_.dll
2016-10-10 13:28:09 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mtv_.dll
2016-10-10 13:28:08 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_msl_.dll
2016-10-10 13:28:07 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mpr_.dll
2016-10-10 13:28:03 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mpeg_.dll
2016-10-10 13:28:02 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mpc_.dll
2016-10-10 13:28:01 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mono_.dll
2016-10-10 13:28:00 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_miff_.dll
2016-10-10 13:27:59 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_meta_.dll
2016-10-10 13:27:58 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_matte_.dll
2016-10-10 13:27:58 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mat_.dll
2016-10-10 13:27:57 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mask_.dll
2016-10-10 13:27:56 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_map_.dll
2016-10-10 13:27:55 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_magick_.dll
2016-10-10 13:27:54 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_mac_.dll
2016-10-10 13:27:53 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_label_.dll
2016-10-10 13:27:52 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_json_.dll
2016-10-10 13:27:51 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_jpeg_.dll
2016-10-10 13:27:49 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_jp2_.dll
2016-10-10 13:27:48 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_jnx_.dll
2016-10-10 13:27:47 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_jbig_.dll
2016-10-10 13:27:47 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_ipl_.dll
2016-10-10 13:27:46 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_inline_.dll
2016-10-10 13:27:45 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_info_.dll
2016-10-10 13:27:44 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_icon_.dll
2016-10-10 13:27:43 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_html_.dll
2016-10-10 13:27:43 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_hrz_.dll
2016-10-10 13:27:41 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_histogram_.dll
2016-10-10 13:27:40 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_hdr_.dll
2016-10-10 13:27:39 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_hald_.dll
2016-10-10 13:27:39 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_gray_.dll
2016-10-10 13:27:38 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_gradient_.dll
2016-10-10 13:27:37 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_gif_.dll
2016-10-10 13:27:36 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_fpx_.dll
2016-10-10 13:27:35 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_fits_.dll
2016-10-10 13:27:34 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_fd_.dll
2016-10-10 13:27:33 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_fax_.dll
2016-10-10 13:27:32 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_exr_.dll
2016-10-10 13:27:31 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_ept_.dll
2016-10-10 13:27:30 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_emf_.dll
2016-10-10 13:27:29 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_dpx_.dll
2016-10-10 13:27:28 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_dps_.dll
2016-10-10 13:27:28 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_dot_.dll
2016-10-10 13:27:27 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_dng_.dll
2016-10-10 13:27:26 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_djvu_.dll
2016-10-10 13:27:25 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_dib_.dll
2016-10-10 13:27:24 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_debug_.dll
2016-10-10 13:27:23 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_dds_.dll
2016-10-10 13:27:22 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_dcm_.dll
2016-10-10 13:27:22 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_cut_.dll
2016-10-10 13:27:20 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_cmyk_.dll
2016-10-10 13:27:19 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_clip_.dll
2016-10-10 13:27:18 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_clipboard_.dll
2016-10-10 13:27:17 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_cip_.dll
2016-10-10 13:27:16 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_cin_.dll
2016-10-10 13:27:16 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_caption_.dll
2016-10-10 13:27:15 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_cals_.dll
2016-10-10 13:27:14 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_braille_.dll
2016-10-10 13:27:13 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_bmp_.dll
2016-10-10 13:27:12 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_bgr_.dll
2016-10-10 13:27:11 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_avs_.dll
2016-10-10 13:27:10 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_art_.dll
2016-10-10 13:27:09 ----A---- C:\Windows\SYSWOW64\IM_MOD_RL_aai_.dll
2016-10-10 13:27:08 ----A---- C:\Windows\SYSWOW64\CORE_RL_zlib_.dll
2016-10-10 13:27:08 ----A---- C:\Windows\SYSWOW64\CORE_RL_webp_.dll
2016-10-10 13:27:07 ----A---- C:\Windows\SYSWOW64\CORE_RL_wand_.dll
2016-10-10 13:27:06 ----A---- C:\Windows\SYSWOW64\CORE_RL_ttf_.dll
2016-10-10 13:27:05 ----A---- C:\Windows\SYSWOW64\CORE_RL_tiff_.dll
2016-10-10 13:27:04 ----A---- C:\Windows\SYSWOW64\CORE_RL_png_.dll
2016-10-10 13:27:03 ----A---- C:\Windows\SYSWOW64\CORE_RL_pango_.dll
2016-10-10 13:27:02 ----A---- C:\Windows\SYSWOW64\CORE_RL_openjpeg_.dll
2016-10-10 13:27:01 ----A---- C:\Windows\SYSWOW64\CORE_RL_magick_.dll
2016-10-10 13:27:00 ----A---- C:\Windows\SYSWOW64\CORE_RL_Magick++_.dll
2016-10-10 13:26:59 ----A---- C:\Windows\SYSWOW64\CORE_RL_lqr_.dll
2016-10-10 13:26:58 ----A---- C:\Windows\SYSWOW64\CORE_RL_libxml_.dll
2016-10-10 13:26:56 ----A---- C:\Windows\SYSWOW64\CORE_RL_librsvg_.dll
2016-10-10 13:26:55 ----A---- C:\Windows\SYSWOW64\CORE_RL_lcms_.dll
2016-10-10 13:26:54 ----A---- C:\Windows\SYSWOW64\CORE_RL_jpeg_.dll
2016-10-10 13:26:53 ----A---- C:\Windows\SYSWOW64\CORE_RL_jp2_.dll
2016-10-10 13:26:52 ----A---- C:\Windows\SYSWOW64\CORE_RL_jbig_.dll
2016-10-10 13:26:50 ----A---- C:\Windows\SYSWOW64\CORE_RL_glib_.dll
2016-10-10 13:26:48 ----A---- C:\Windows\SYSWOW64\CORE_RL_bzlib_.dll
2016-10-10 13:24:41 ----D---- C:\MAMP
2016-10-07 12:56:17 ----D---- C:\Program Files (x86)\HuaweiUpdateExtractor
2016-10-07 11:43:12 ----AD---- C:\adb
2016-10-07 11:09:46 ----D---- C:\Perl
2016-10-07 11:06:37 ----D---- C:\Users\User\AppData\Roaming\ActiveState
2016-10-06 14:27:20 ----A---- C:\Windows\system32\drivers\usbser.sys
2016-10-06 14:27:20 ----A---- C:\Windows\system32\drivers\hw_usbdev.sys
2016-10-06 14:27:20 ----A---- C:\Windows\system32\drivers\hw_quusbnet.sys
2016-10-06 14:27:20 ----A---- C:\Windows\system32\drivers\hw_quusbmdm.sys
2016-10-06 14:27:20 ----A---- C:\Windows\system32\drivers\hw_cdcacm.sys
2016-10-06 14:27:20 ----A---- C:\Windows\system32\drivers\ew_usbccgpfilter.sys
2016-10-06 14:26:20 ----D---- C:\Program Files (x86)\HiSuite
2016-09-29 03:15:36 ----A---- C:\Windows\SYSWOW64\Pioneer_MIX_ASIO.dll

======List of files/folders modified in the last 1 month======

2016-10-28 17:49:43 ----D---- C:\Windows\Temp
2016-10-28 17:49:42 ----A---- C:\Windows\SYSWOW64\log.txt
2016-10-28 17:48:55 ----D---- C:\Windows\Prefetch
2016-10-28 17:47:41 ----D---- C:\Windows\system32\config
2016-10-28 17:44:42 ----AD---- C:\Windows
2016-10-28 17:44:34 ----D---- C:\Windows\inf
2016-10-28 17:44:34 ----AD---- C:\Windows\System32
2016-10-28 17:44:34 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-10-28 17:43:04 ----D---- C:\Windows\Tasks
2016-10-28 09:38:57 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-28 09:36:07 ----RD---- C:\Program Files (x86)
2016-10-28 09:36:07 ----HD---- C:\ProgramData
2016-10-27 23:16:21 ----D---- C:\Users\User\AppData\Roaming\vlc
2016-10-27 17:49:28 ----D---- C:\Users\User\AppData\Roaming\PioneerLog
2016-10-27 14:55:22 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-27 14:55:12 ----D---- C:\Windows\system32\drivers
2016-10-27 11:25:07 ----RD---- C:\Program Files
2016-10-27 11:23:32 ----D---- C:\ProgramData\360Quarant
2016-10-26 21:40:18 ----D---- C:\Program Files\VstPlugins
2016-10-26 21:37:01 ----D---- C:\Users\User\AppData\Roaming\Waves Audio
2016-10-26 21:32:35 ----D---- C:\Program Files (x86)\VstPlugins
2016-10-26 20:44:14 ----D---- C:\Windows\SysWOW64
2016-10-26 20:44:12 ----SHD---- C:\Windows\Installer
2016-10-26 20:41:15 ----D---- C:\Program Files\Common Files\VST3
2016-10-26 20:29:50 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2016-10-26 20:29:43 ----SHD---- C:\System Volume Information
2016-10-23 17:12:18 ----D---- C:\Users\User\AppData\Roaming\uTorrent
2016-10-23 14:48:15 ----D---- C:\ProgramData\ValhallaRoom
2016-10-23 13:59:17 ----A---- C:\Windows\SYSWOW64\msvcsv60.dll
2016-10-23 12:44:36 ----SD---- C:\ProgramData\Waves Audio
2016-10-23 12:40:21 ----D---- C:\ProgramData\Package Cache
2016-10-23 12:00:50 ----D---- C:\Program Files (x86)\Common Files
2016-10-23 00:46:16 ----D---- C:\Users\User\AppData\Roaming\Skype
2016-10-21 19:44:55 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-10-21 19:36:37 ----D---- C:\Windows\system32\NDF
2016-10-20 21:12:31 ----D---- C:\Users\User\AppData\Roaming\Tokyo Dawn Labs
2016-10-16 15:34:34 ----D---- C:\Program Files (x86)\Pioneer
2016-10-16 01:48:33 ----D---- C:\Users\User\AppData\Roaming\Maize Sampler Player
2016-10-13 15:14:42 ----D---- C:\ProgramData\Slate Digital
2016-10-13 14:34:58 ----D---- C:\Windows\system32\DriverStore
2016-10-12 15:03:58 ----D---- C:\Windows\system32\Tasks
2016-10-10 13:29:52 ----D---- C:\Windows\winsxs
2016-10-07 11:43:53 ----D---- C:\Program Files\DIFX
2016-10-03 17:41:10 ----SD---- C:\Users\User\AppData\Roaming\Microsoft
2016-09-30 12:07:59 ----D---- C:\ProgramData\360TotalSecurity

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2011-11-29 568600]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-05-21 19264]
R0 LHDmgr;LHDmgr; C:\Windows\System32\DRIVERS\LhdX64.sys [2012-08-06 39008]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2012-05-01 28992]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 vmci;VMware VMCI Bus Driver; C:\Windows\system32\DRIVERS\vmci.sys [2015-08-04 90816]
R0 vsock;vSockets Driver; C:\Windows\system32\drivers\vsock.sys [2015-08-04 75512]
R1 360AntiHacker;360Safe Anti Hacker Service; C:\Windows\System32\Drivers\360AntiHacker64.sys [2016-08-10 151784]
R1 360Box64;360Box mini-filter driver; C:\Windows\system32\DRIVERS\360Box64.sys [2016-08-10 330472]
R1 360Camera;360Safe Camera Filter Service; C:\Windows\System32\Drivers\360Camera64.sys [2015-12-17 40520]
R1 360FsFlt;360FsFlt mini-filter driver; C:\Windows\system32\DRIVERS\360FsFlt.sys [2016-08-10 391392]
R1 BAPIDRV;BAPIDRV; C:\Windows\system32\DRIVERS\BAPIDRV64.sys [2016-08-10 190696]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-08-03 283064]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\system32\drivers\HWiNFO64A.SYS [2014-11-03 27552]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2014-06-27 131856]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2015-08-11 57536]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2015-08-14 48832]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2015-08-14 26816]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys [2015-08-14 66752]
R3 360AvFlt;360AvFlt mini-filter driver; C:\Windows\system32\DRIVERS\360AvFlt.sys [2016-08-10 86248]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\Windows\system32\DRIVERS\AcpiVpc.sys [2012-08-06 30816]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-10-27 4746304]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2011-01-29 31088]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-06-07 14760096]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-05-21 357184]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-05-21 789824]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2012-03-02 104048]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2012-11-06 461624]
R3 vm331avs;Digital Camera 1; C:\Windows\System32\Drivers\vm331avs.sys [2011-12-06 952832]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2015-08-14 28864]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter; C:\Windows\system32\drivers\bcbtums.sys [2012-02-02 134696]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-10-10 80384]
S3 btwampfl;btwampfl Bluetooth filter driver; \??\C:\Windows\system32\drivers\btwampfl.sys [2012-02-02 615976]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2012-02-02 184360]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2012-02-02 211496]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2012-02-02 39976]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2012-02-02 21544]
S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2012-01-31 1601152]
S3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2012-01-16 208168]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2015-10-26 34720]
S3 HWHandSet;HWUSBSERSP; C:\Windows\system32\DRIVERS\hw_quusbmdm.sys [2016-05-25 223232]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUVStor.sys [2011-11-15 313960]
S3 SynasUSB;SynasUSB; C:\Windows\system32\drivers\SynUSB64.sys [2006-11-16 31248]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 VSPerfDrv110;Performance Tools Driver 11.0; \??\C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2012-07-13 70264]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S4 DamageGuard;DamageGuard; C:\Windows\system32\DRIVERS\DamageGuardX64.sys [2012-02-11 217392]
S4 dgFltr;dgFltr; C:\Windows\system32\drivers\dgFltrX64.sys [2011-12-13 23648]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2014-07-23 172344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-09-16 82128]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [2016-08-26 192200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-28 161560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-02-28 277784]
R2 OODefragAgent;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2016-02-15 3636936]
R2 QHActiveDefense;360 Total Security; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [2016-08-10 914344]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2012-02-11 129624]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-28 363800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc []
S2 PaceLicenseDServices;PACE License Services; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2016-06-30 45692456]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-06-07 276288]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-07-25 139776]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-12-12 114688]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 50942144]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Te.Service;Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 126976]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-04 269504]
S4 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2012-02-02 945440]
S4 CxAudMsg;@C:\Windows\system32\CxAudMsg64.exe,-100; C:\Windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S4 DamageGuardSvc;Lenovo Instant Reset Service; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [2012-03-26 572976]
S4 HiSuiteOuc64.exe;HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe -/service []
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-10-21 172488]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2014-01-23 11936560]
S4 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-06-21 216072]
S4 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\SysWOW64\NLSSRV32.EXE [2012-06-21 69640]
S4 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-05-01 889664]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-01 2458944]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-18 833728]
S4 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-11-12 5405456]
S4 VMAuthdService;VMware Authorization Service; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [2015-08-14 89792]
S4 VMnetDHCP;VMware DHCP Service; C:\Windows\SysWOW64\vmnetdhcp.exe [2015-08-14 358080]
S4 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2015-08-11 906944]
S4 VMware NAT Service;VMware NAT Service; C:\Windows\SysWOW64\vmnat.exe [2015-08-14 391872]

-----------------EOF-----------------

#8 Příspěvek od **Rudy** » 28 říj 2016 17:48

Smazáno. Nastala nějaká změna?

freemind.dnb · #9 Příspěvek od **freemind.dnb** » 28 říj 2016 18:20

Ďakujem veľmi pekne

Na "pocit" sa mi to zdá byť lepšie no tu prikladám link ( https://ctrlv.cz/OT1P ) so screenom zo správcu úloh.
svchost.exe sa stále zobrazuje a ako môžete vidieť na grafoch Disk stále skáče "hore/dole".

Plánujem spraviť defragmetáciu disku. Alebo radíte spraviť iné kroky?

Vopred ďakujem za odpoveď

#10 Příspěvek od **Rudy** » 28 říj 2016 19:35

Na zkoušku zkuste vypnout aut. aktualizace.

freemind.dnb · #11 Příspěvek od **freemind.dnb** » 28 říj 2016 19:55

Ak myslíte aktualizacie windowsu tak tie su uz dlhsiu dobu vypnute (ak sa teda nemylim, toto opatrenie som uz davnejsie vyriesil)

#12 Příspěvek od **Rudy** » 28 říj 2016 21:21

Ano, myslel. Udělejte tedy ještě kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

freemind.dnb · #13 Příspěvek od **freemind.dnb** » 28 říj 2016 22:24

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 28.10.2016
Čas skenování: 23:02
Protokol: mbam log.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.10.28.10
Databáze rootkitů: v2016.09.26.02
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: xhlavekj

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 420625
Uplynulý čas: 20 min, 33 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 38
PUP.Optional.IQIYI, HKLM\SOFTWARE\CLASSES\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}, , [3169801e742642f4a4d6d2c41fe348b8],
PUP.Optional.IQIYI, HKLM\SOFTWARE\CLASSES\CLSID\{5CD76C57-6893-478A-B776-47E7C82504BE}, , [1c7ea1fd5d3ddc5a8eacb5db4db50000],
PUP.Optional.IQIYI, HKLM\SOFTWARE\CLASSES\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}, , [e4b6acf2d8c2b97ddc9fdabce919c43c],
PUP.Optional.IQIYI, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}, , [e4b6acf2d8c2b97ddc9fdabce919c43c],
PUP.Optional.ChinAd, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}, , [e5b5dac4c0dad561828f22b35aa91ae6],
PUP.Optional.ChinAd, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}, , [dcbed6c8108a39fd60b129ac12f112ee],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B4A3CDC6-4BAA-4975-89C5-D8C21586804D}, , [5b3f138b6238c5712c61f5fed62dcd33],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\f6af8584-dcd5-474e-9022-ad749407ca1d-1, , [8317801e2278a98d27d60599966dad53],
PUP.Optional.IQIYIVideo, HKLM\SOFTWARE\MOZILLAPLUGINS\@iqiyi.com/npclient, , [b8e26935cccecf67062acdda10f39a66],
PUP.Optional.IQIYIVideo, HKLM\SOFTWARE\MOZILLAPLUGINS\@iqiyi.com/npWebPlayer, , [2f6b5d41bedc4aec939d9a0daf5437c9],
PUP.Optional.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}, , [9a0045593b5f1b1b52bf855014ef7d83],
PUP.Optional.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}, , [e0ba8d115842a98dfa17884dda29758b],
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1B8C6920-DA29-4505-9D5C-BB7CEB27A976}, , [8218cdd17b1fee484e983e6043c01ae6],
PUP.Optional.ChinAd, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}, , [24769a04bfdbb77f36d88a4b41c21ae6],
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21D869E7-ACBB-482E-B160-659F34F1ACF4}, , [fb9febb31f7b3402faeb3569e61de719],
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2B5BE516-C0A0-4E62-9C21-A863F9E2A9CC}, , [6e2c435b7d1db185b6307e2083807987],
PUP.Optional.ChinAd, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}, , [2f6becb26139b383ec22577e28dbf50b],
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{45AA1744-A05C-4481-8934-D5742CA61FAE}, , [6634cad4aaf0d066ebfa237b10f3b64a],
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5A88C752-8DB8-4F3B-B331-211355B640C7}, , [fb9ffba319817bbb5d89811d40c3a759],
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5D513D5E-A9F9-4DF8-A72C-FC2BB29938D3}, , [3f5b0698c4d643f3ecf9a8f6de25f10f],
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{91967E55-7B8A-446A-936F-3423FE3B8995}, , [33675d41a7f3af879550d1cd26dd926e],
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A5FE7036-51F2-4CE8-AC9C-3566F4CF7B60}, , [fc9e435b7e1c39fd5b8b495531d29b65],
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BCE6E86F-892D-455A-B1F6-C156704371AF}, , [19814d510a900c2abb2a0797669d629e],
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BE4BD43C-3E27-4E8C-BB78-C82A37888275}, , [d3c73d6112880c2aac39811dae557c84],
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E2821BF4-2489-48D2-8941-AAC271565078}, , [3e5c1e807921bf777373405e996a28d8],
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1B8C6920-DA29-4505-9D5C-BB7CEB27A976}, , [7e1c66385f3bec4aa93dddc10ff412ee],
PUP.Optional.ChinAd, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}, , [65355a44386274c2b559c70e8c7728d8],
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21D869E7-ACBB-482E-B160-659F34F1ACF4}, , [bbdfb5e9bddd9b9bf0f5cbd3cb3804fc],
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2B5BE516-C0A0-4E62-9C21-A863F9E2A9CC}, , [e4b69a04cfcbab8b974fa2fc05fe34cc],
PUP.Optional.ChinAd, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}, , [3862cfcf4b4ffa3cf915864f38cb916f],
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{45AA1744-A05C-4481-8934-D5742CA61FAE}, , [f5a54c52316976c028bdcfcf768d7b85],
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5A88C752-8DB8-4F3B-B331-211355B640C7}, , [31697b232476ef479b4bbde1748f26da],
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5D513D5E-A9F9-4DF8-A72C-FC2BB29938D3}, , [9406e4ba75254aec3baaaef0818229d7],
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{91967E55-7B8A-446A-936F-3423FE3B8995}, , [9505207ea8f25cda38ade0be11f26d93],
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A5FE7036-51F2-4CE8-AC9C-3566F4CF7B60}, , [34668618f1a9cf67489e0f8f897a946c],
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BCE6E86F-892D-455A-B1F6-C156704371AF}, , [2b6f603ec7d3f73fd90c5747eb183dc3],
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BE4BD43C-3E27-4E8C-BB78-C82A37888275}, , [fd9da7f74159f83e885d86181de67888],
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E2821BF4-2489-48D2-8941-AAC271565078}, , [e4b60f8fa3f7a393e105c5d9ca39e818],

Hodnoty registru: 31
PUP.Optional.ChinAd, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}|AppPath, C:\IQIYI Video\LStyle\, , [e5b5dac4c0dad561828f22b35aa91ae6]
PUP.Optional.ChinAd, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}|AppPath, C:\IQIYI Video\LStyle\, , [dcbed6c8108a39fd60b129ac12f112ee]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B4A3CDC6-4BAA-4975-89C5-D8C21586804D}|Path, \f6af8584-dcd5-474e-9022-ad749407ca1d-1, , [5b3f138b6238c5712c61f5fed62dcd33]
PUP.Optional.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}|AppPath, C:\IQIYI Video\LStyle\, , [9a0045593b5f1b1b52bf855014ef7d83]
PUP.Optional.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}|AppPath, C:\IQIYI Video\LStyle\, , [e0ba8d115842a98dfa17884dda29758b]
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1B8C6920-DA29-4505-9D5C-BB7CEB27A976}|AppName, f6af8584-dcd5-474e-9022-ad749407ca1d-2.exe-codedownloader.exe, , [8218cdd17b1fee484e983e6043c01ae6]
PUP.Optional.ChinAd, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}|AppPath, C:\IQIYI Video\LStyle\, , [24769a04bfdbb77f36d88a4b41c21ae6]
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21D869E7-ACBB-482E-B160-659F34F1ACF4}|AppName, f6af8584-dcd5-474e-9022-ad749407ca1d-2.exe-buttonutil.exe, , [fb9febb31f7b3402faeb3569e61de719]
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2B5BE516-C0A0-4E62-9C21-A863F9E2A9CC}|AppName, f6af8584-dcd5-474e-9022-ad749407ca1d-2.exe-codedownloader.exe, , [6e2c435b7d1db185b6307e2083807987]
PUP.Optional.ChinAd, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}|AppPath, C:\IQIYI Video\LStyle\, , [2f6becb26139b383ec22577e28dbf50b]
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{45AA1744-A05C-4481-8934-D5742CA61FAE}|AppName, f6af8584-dcd5-474e-9022-ad749407ca1d-2.exe-buttonutil.exe, , [6634cad4aaf0d066ebfa237b10f3b64a]
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5A88C752-8DB8-4F3B-B331-211355B640C7}|AppName, f6af8584-dcd5-474e-9022-ad749407ca1d-2.exe-codedownloader.exe, , [fb9ffba319817bbb5d89811d40c3a759]
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5D513D5E-A9F9-4DF8-A72C-FC2BB29938D3}|AppName, f6af8584-dcd5-474e-9022-ad749407ca1d-2.exe-buttonutil.exe, , [3f5b0698c4d643f3ecf9a8f6de25f10f]
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{91967E55-7B8A-446A-936F-3423FE3B8995}|AppName, f6af8584-dcd5-474e-9022-ad749407ca1d-2.exe-buttonutil.exe, , [33675d41a7f3af879550d1cd26dd926e]
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A5FE7036-51F2-4CE8-AC9C-3566F4CF7B60}|AppName, f6af8584-dcd5-474e-9022-ad749407ca1d-2.exe-codedownloader.exe, , [fc9e435b7e1c39fd5b8b495531d29b65]
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BCE6E86F-892D-455A-B1F6-C156704371AF}|AppName, f6af8584-dcd5-474e-9022-ad749407ca1d-2.exe-buttonutil.exe, , [19814d510a900c2abb2a0797669d629e]
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BE4BD43C-3E27-4E8C-BB78-C82A37888275}|AppName, f6af8584-dcd5-474e-9022-ad749407ca1d-2.exe-buttonutil.exe, , [d3c73d6112880c2aac39811dae557c84]
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E2821BF4-2489-48D2-8941-AAC271565078}|AppName, f6af8584-dcd5-474e-9022-ad749407ca1d-2.exe-codedownloader.exe, , [3e5c1e807921bf777373405e996a28d8]
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1B8C6920-DA29-4505-9D5C-BB7CEB27A976}|AppName, f6af8584-dcd5-474e-9022-ad749407ca1d-2.exe-codedownloader.exe, , [7e1c66385f3bec4aa93dddc10ff412ee]
PUP.Optional.ChinAd, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}|AppPath, C:\IQIYI Video\LStyle\, , [65355a44386274c2b559c70e8c7728d8]
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21D869E7-ACBB-482E-B160-659F34F1ACF4}|AppName, f6af8584-dcd5-474e-9022-ad749407ca1d-2.exe-buttonutil.exe, , [bbdfb5e9bddd9b9bf0f5cbd3cb3804fc]
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2B5BE516-C0A0-4E62-9C21-A863F9E2A9CC}|AppName, f6af8584-dcd5-474e-9022-ad749407ca1d-2.exe-codedownloader.exe, , [e4b69a04cfcbab8b974fa2fc05fe34cc]
PUP.Optional.ChinAd, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}|AppPath, C:\IQIYI Video\LStyle\, , [3862cfcf4b4ffa3cf915864f38cb916f]
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{45AA1744-A05C-4481-8934-D5742CA61FAE}|AppName, f6af8584-dcd5-474e-9022-ad749407ca1d-2.exe-buttonutil.exe, , [f5a54c52316976c028bdcfcf768d7b85]
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5A88C752-8DB8-4F3B-B331-211355B640C7}|AppName, f6af8584-dcd5-474e-9022-ad749407ca1d-2.exe-codedownloader.exe, , [31697b232476ef479b4bbde1748f26da]
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5D513D5E-A9F9-4DF8-A72C-FC2BB29938D3}|AppName, f6af8584-dcd5-474e-9022-ad749407ca1d-2.exe-buttonutil.exe, , [9406e4ba75254aec3baaaef0818229d7]
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{91967E55-7B8A-446A-936F-3423FE3B8995}|AppName, f6af8584-dcd5-474e-9022-ad749407ca1d-2.exe-buttonutil.exe, , [9505207ea8f25cda38ade0be11f26d93]
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A5FE7036-51F2-4CE8-AC9C-3566F4CF7B60}|AppName, f6af8584-dcd5-474e-9022-ad749407ca1d-2.exe-codedownloader.exe, , [34668618f1a9cf67489e0f8f897a946c]
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BCE6E86F-892D-455A-B1F6-C156704371AF}|AppName, f6af8584-dcd5-474e-9022-ad749407ca1d-2.exe-buttonutil.exe, , [2b6f603ec7d3f73fd90c5747eb183dc3]
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BE4BD43C-3E27-4E8C-BB78-C82A37888275}|AppName, f6af8584-dcd5-474e-9022-ad749407ca1d-2.exe-buttonutil.exe, , [fd9da7f74159f83e885d86181de67888]
PUP.Optional.CrossRider, HKU\S-1-5-21-2447335282-1977187808-2655893882-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E2821BF4-2489-48D2-8941-AAC271565078}|AppName, f6af8584-dcd5-474e-9022-ad749407ca1d-2.exe-codedownloader.exe, , [e4b60f8fa3f7a393e105c5d9ca39e818]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 1
PUP.Optional.IQIYI, C:\Windows\Fonts\iqiyi_logo.ttf, , [cecc455972289a9c89a43b6cbe4509f7],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

#14 Příspěvek od **Rudy** » 29 říj 2016 10:30

Smažte všechny nálezy.

freemind.dnb · #15 Příspěvek od **freemind.dnb** » 29 říj 2016 14:52

Zmazané.

Momentálne pri zapnutom prehliadači (nič iné nemám zapnuté) sa to pohybuje na úrovni :
CPU: 35%
RAM: 47%
Pomocou jedného návodu sa mi podarilo vypnúť zopár procesov svchost.exe (hlavne tie ktoré brali najviac RAM).
Teraz ich tam ostalo bežať ešte 12, každý jeden odoberá od 2-25MB z pamäte čo je určite lepšie ako predtým kedy odoberali 2 procesy po 100MB. Inak v správcovi úloh mi stále ukazuje že "Procesy:62" čo sa mne osobne zdá veľmi veľa tak to asi skúsim prečistiť. Taktiež vykonám aj defragmentáciu disku. Ešte by som sa chcel spýtať či je vhodné cez CCleaner spraviť "opravu registrov" nakoľko mi ich po analýze vybehlo veľmi veľa (chýbajúca zdieľaná knižnica, nepoužívaná prípona súboru, chábajúci odkaz TypeLib, cesta k aplikácii, zastaralý kľúč softwaru, neplatné pravidlo firewallu, atď)

VIRY.CZ

100% CPU, Disk - svchost.exe

100% CPU, Disk - svchost.exe

Re: 100% CPU, Disk - svchost.exe

Re: 100% CPU, Disk - svchost.exe

Re: 100% CPU, Disk - svchost.exe

Re: 100% CPU, Disk - svchost.exe

Re: 100% CPU, Disk - svchost.exe

Re: 100% CPU, Disk - svchost.exe

Re: 100% CPU, Disk - svchost.exe

Re: 100% CPU, Disk - svchost.exe

Re: 100% CPU, Disk - svchost.exe

Re: 100% CPU, Disk - svchost.exe

Re: 100% CPU, Disk - svchost.exe

Re: 100% CPU, Disk - svchost.exe

Re: 100% CPU, Disk - svchost.exe

Re: 100% CPU, Disk - svchost.exe