Virustotal: C:\Program Files\Microtask\Microtask.exe
VirusTotal: C:\ProgramData\ethrfvdggbvd.exe
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\...\Run: [electron.app.Microtask] => C:\Program Files\Microtask\Microtask.exe
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [No File]
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [No File]
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll [No File]
2018-09-11 18:34 - 2018-09-11 18:42 - 000000000 ____D C:\Program Files (x86)\Sheep
2018-09-11 18:34 - 2018-09-11 18:41 - 000000000 ____D C:\Users\admin\AppData\Roaming\Windows RTL Handler
2018-09-11 18:34 - 2018-09-11 18:34 - 000000000 ____D C:\Users\admin\AppData\Local\AdvinstAnalytics
2018-09-11 18:33 - 2018-09-11 19:24 - 000000000 ____D C:\Windows\SysWOW64\jkuaqtmc
2018-09-11 18:33 - 2018-09-11 18:35 - 000000000 ____D C:\Users\admin\AppData\Local\SharePal
2018-09-11 18:33 - 2018-09-11 18:35 - 000000000 ____D C:\Users\admin\AppData\Local\IIIQF
2018-09-11 18:33 - 2018-09-11 18:33 - 000000116 _____ C:\ProgramData\ythdg.exe
2018-09-11 18:29 - 2018-09-11 18:29 - 000000205 _____ C:\ProgramData\ethrfvdggbvd.exe
2018-09-11 18:29 - 2018-09-11 18:29 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microtask
2018-09-11 18:29 - 2018-09-11 18:29 - 000000000 ____D C:\Users\admin\AppData\Roaming\Cache
2018-09-11 18:29 - 2018-09-11 18:29 - 000000000 ____D C:\Users\admin\AppData\Local\Turbo.net
2018-09-11 18:27 - 2018-09-11 18:35 - 000000000 ____D C:\Program Files\Microtask
2018-08-27 13:38 - 2018-08-27 13:39 - 000000000 ____D C:\Users\admin\Downloads\Adobe Acrobat Pro DC 2018.009.20050 + Pre-Cracked - [CrackzSoft]
2018-09-11 18:29 - 2018-09-11 18:29 - 000000205 _____ () C:\ProgramData\ethrfvdggbvd.exe
2018-09-11 18:33 - 2018-09-11 18:33 - 000000116 _____ () C:\ProgramData\ythdg.exe
2018-07-31 02:02 - 2018-07-31 02:02 - 000008720 _____ () C:\Users\admin\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
2018-08-03 11:19 - 2018-08-03 11:19 - 000031096 _____ (Tencent) C:\Users\admin\AppData\Local\Temp\qqsafeud.exe
2018-08-01 19:09 - 2018-08-01 19:09 - 003720312 _____ (Qustodio Technologies) C:\Users\admin\AppData\Local\Temp\qseac.dll
2015-11-10 20:30 - 2015-11-10 20:30 - 000030208 _____ () C:\Users\admin\AppData\Local\Temp\R2RTOOL.dll
ContextMenuHandlers5: [Run] -> {2559A1F3−21D7−11D4−BDAF−00C04F60B9F0} =>  -> No File
ContextMenuHandlers5: [Search] -> {2559A1F0−21D7−11D4−BDAF−00C04F60B9F0} =>  -> No File
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [163]
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D [376]
HKU\S-1-5-21-3425645261-2527552339-4145300971-1000\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: