Zdravím a předem děkuju za vaši pomoc.
Mám v ruce notebook, který byl napaden virem Win32/Filecoder.TeslaCrypt. Pustil jsem na něm ESET online scanner a tim jsem to několikrát po sobě pročistil. Našlo to přes 10 tisíc zavirovaných fajlu. Při posledním kole to už nenašlo nic, ale pořád se něco snaží pustit nějake procesy, tak co minutu mě to žádá o povolení puštění procesu. Mimoto po restartu se v exploreru a v prohlížeči obrázků otevře několik tomuto viru podobných logů. Vzpada to, že ESET mi od toho úplně nepomohl, tak bych chtěl poprosit vše rady, co dál. Níže prikládám log z RSITu. Diky!
Logfile of random's system information tool 1.10 (written by random/random)
Run by Acer at 2016-05-04 20:29:29
Microsoft Windows 8.1 s aplikací Bing
System drive C: has 409 GB (89%) free of 459 GB
Total RAM: 1931 MB (39% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:29:38, on 4. 5. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Acer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
O4 - Startup: !RecoveR!-mifzl++.HTML
O4 - Startup: !RecoveR!-mifzl++.PNG
O4 - Startup: -!RecOveR!-agnll++.Htm
O4 - Startup: -!RecOveR!-agnll++.Png
O4 - Startup: -!RecOveR!-ainmp++.Htm
O4 - Startup: -!RecOveR!-ainmp++.Png
O4 - Startup: -!RecOveR!-artqv++.Htm
O4 - Startup: -!RecOveR!-artqv++.Png
O4 - Startup: -!RecOveR!-hctab++.Htm
O4 - Startup: -!RecOveR!-hctab++.Png
O4 - Startup: -!RecOveR!-hfbdq++.Htm
O4 - Startup: -!RecOveR!-hfbdq++.Png
O4 - Startup: -!RecOveR!-hgyxy++.Htm
O4 - Startup: -!RecOveR!-hgyxy++.Png
O4 - Startup: -!RecOveR!-igrle++.Htm
O4 - Startup: -!RecOveR!-igrle++.Png
O4 - Startup: -!RecOveR!-kibli++.Htm
O4 - Startup: -!RecOveR!-kibli++.Png
O4 - Startup: -!RecOveR!-lmfvb++.Htm
O4 - Startup: -!RecOveR!-lmfvb++.Png
O4 - Startup: -!RecOveR!-momps++.Htm
O4 - Startup: -!RecOveR!-momps++.Png
O4 - Startup: -!RecOveR!-nxrlw++.Htm
O4 - Startup: -!RecOveR!-nxrlw++.Png
O4 - Startup: -!RecOveR!-suxho++.Htm
O4 - Startup: -!RecOveR!-suxho++.Png
O4 - Startup: -!RecOveR!-ustac++.Htm
O4 - Startup: -!RecOveR!-ustac++.Png
O4 - Startup: -!RecOveR!-uxjfa++.Htm
O4 - Startup: -!RecOveR!-uxjfa++.Png
O4 - Startup: -!RecOveR!-vamql++.Htm
O4 - Startup: -!RecOveR!-vamql++.Png
O4 - Startup: -!RecOveR!-walig++.Htm
O4 - Startup: -!RecOveR!-walig++.Png
O4 - Global Startup: !RecoveR!-mifzl++.HTML
O4 - Global Startup: !RecoveR!-mifzl++.PNG
O4 - Global Startup: -!RecOveR!-lmfvb++.Htm
O4 - Global Startup: -!RecOveR!-lmfvb++.Png
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Quick Access Service (QASvc) - Acer Incorporate - C:\Program Files\Acer\Acer Quick Access\QASvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: Quick Access RadioMgr Service (RMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: User Experience Improvement Program (UEIPSvc) - acer - C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11890 bytes
======Listing Processes======
wininit.exe
winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
taskhostex.exe
C:\WINDOWS\Explorer.EXE
"c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe"
taskeng.exe {994CC71A-EAB4-47E3-9C83-EE15C41F707F}
"C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe"
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\WINDOWS\System32\svchost.exe -k utcsvc
dashost.exe {ca745019-371a-4ee6-99a9593ee46e8079}
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
"C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe"
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe"
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Acer\Acer Quick Access\QASvc.exe"
igfxEM.exe
igfxHK.exe
igfxTray.exe
"C:\Program Files\Acer\Acer Quick Access\QAEvent.exe"
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer11_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer11_Logfile.log
"C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe"
"C:\Program Files\Acer\Acer Launch Manager\LMTray.exe"
"C:\Program Files\Acer\Acer Quick Access\RMSvc.exe"
"C:\Program Files\Acer\Acer Quick Access\QAMsg.exe"
"C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe" -hide
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
taskhost.exe $(Arg0)
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2684 CREDAT:3544526 /prefetch:2
C:\WINDOWS\system32\conhost.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8888 CREDAT:267521 /prefetch:2
"c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe" --IPCport 5939
"C:\WINDOWS\System32\Taskmgr.exe" /2
"C:\Program Files\CCleaner\CCleaner.exe" /uac
C:\WINDOWS\System32\svchost.exe -k swprv
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe50_ Global\UsGthrCtrlFltPipeMssGthrPipe50 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 540 564 576 65536 572
"C:\Users\Acer\Downloads\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-04-22 157384]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-17 460384]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-22 1538864]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-17 172640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-21 13672304]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [2014-02-26 134784]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-04-15 8698584]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-03-01 50676864]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09 596528]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14 1085656]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [2014-02-26 134784]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
!RecoveR!-mifzl++.HTML
!RecoveR!-mifzl++.PNG
-!RecOveR!-lmfvb++.Htm
-!RecOveR!-lmfvb++.Png
C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
!RecoveR!-mifzl++.HTML
!RecoveR!-mifzl++.PNG
-!RecOveR!-agnll++.Htm
-!RecOveR!-agnll++.Png
-!RecOveR!-ainmp++.Htm
-!RecOveR!-ainmp++.Png
-!RecOveR!-artqv++.Htm
-!RecOveR!-artqv++.Png
-!RecOveR!-hctab++.Htm
-!RecOveR!-hctab++.Png
-!RecOveR!-hfbdq++.Htm
-!RecOveR!-hfbdq++.Png
-!RecOveR!-hgyxy++.Htm
-!RecOveR!-hgyxy++.Png
-!RecOveR!-igrle++.Htm
-!RecOveR!-igrle++.Png
-!RecOveR!-kibli++.Htm
-!RecOveR!-kibli++.Png
-!RecOveR!-lmfvb++.Htm
-!RecOveR!-lmfvb++.Png
-!RecOveR!-momps++.Htm
-!RecOveR!-momps++.Png
-!RecOveR!-nxrlw++.Htm
-!RecOveR!-nxrlw++.Png
-!RecOveR!-suxho++.Htm
-!RecOveR!-suxho++.Png
-!RecOveR!-ustac++.Htm
-!RecOveR!-ustac++.Png
-!RecOveR!-uxjfa++.Htm
-!RecOveR!-uxjfa++.Png
-!RecOveR!-vamql++.Htm
-!RecOveR!-vamql++.Png
-!RecOveR!-walig++.Htm
-!RecOveR!-walig++.Png
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLinkedConnections"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-05-04 20:29:30 ----D---- C:\Program Files\trend micro
2016-05-04 20:29:29 ----D---- C:\rsit
2016-05-04 20:15:17 ----A---- C:\ProgramData\853B4E35F67E.dat
2016-05-01 23:27:26 ----D---- C:\Program Files (x86)\ESET
2016-05-01 23:26:05 ----D---- C:\Users\Acer\AppData\Roaming\GHISLER
2016-05-01 23:26:05 ----D---- C:\totalcmd
2016-04-17 16:04:56 ----D---- C:\Program Files\Common Files\DESIGNER
2016-04-17 15:33:12 ----D---- C:\ProgramData\Microsoft OneDrive
2016-04-17 15:23:16 ----D---- C:\Program Files\Microsoft Office
2016-04-17 15:23:14 ----D---- C:\Program Files\Microsoft Office 15
======List of files/folders modified in the last 1 month======
2016-05-04 20:29:38 ----D---- C:\WINDOWS\Prefetch
2016-05-04 20:29:30 ----RD---- C:\Program Files
2016-05-04 20:25:24 ----D---- C:\Users\Acer\AppData\Roaming\Skype
2016-05-04 20:19:04 ----D---- C:\Program Files (x86)\TeamViewer
2016-05-04 20:18:59 ----D---- C:\WINDOWS\SoftwareDistribution
2016-05-04 20:18:59 ----D---- C:\WINDOWS\Inf
2016-05-04 20:18:59 ----D---- C:\Windows
2016-05-04 20:18:58 ----D---- C:\WINDOWS\Temp
2016-05-04 20:15:17 ----HD---- C:\ProgramData
2016-05-04 20:02:02 ----D---- C:\WINDOWS\system32\sru
2016-05-04 19:04:15 ----RD---- C:\WINDOWS\System32
2016-05-04 19:04:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-04 13:55:30 ----D---- C:\WINDOWS\LiveKernelReports
2016-05-04 13:54:16 ----D---- C:\WINDOWS\AppReadiness
2016-05-04 13:54:15 ----HD---- C:\Program Files\WindowsApps
2016-05-04 10:12:18 ----D---- C:\WINDOWS\Microsoft.NET
2016-05-04 02:17:24 ----D---- C:\WINDOWS\WinStore
2016-05-04 02:17:23 ----D---- C:\WINDOWS\Web
2016-05-04 02:17:22 ----D---- C:\WINDOWS\Vss
2016-05-04 02:17:15 ----D---- C:\WINDOWS\vpnplugins
2016-05-04 02:17:15 ----D---- C:\WINDOWS\twain_32
2016-05-04 02:17:15 ----D---- C:\WINDOWS\tracing
2016-05-04 02:17:14 ----D---- C:\WINDOWS\Tasks
2016-05-04 02:17:14 ----D---- C:\WINDOWS\TAPI
2016-05-04 02:17:12 ----D---- C:\WINDOWS\SYSWOW64\zh-TW
2016-05-04 02:17:10 ----D---- C:\WINDOWS\SYSWOW64\zh-HK
2016-05-04 02:17:08 ----D---- C:\WINDOWS\SYSWOW64\zh-CN
2016-05-04 02:17:08 ----D---- C:\WINDOWS\SYSWOW64\XPSViewer
2016-05-04 02:17:07 ----D---- C:\WINDOWS\SYSWOW64\winrm
2016-05-04 02:16:52 ----D---- C:\WINDOWS\SYSWOW64\WindowsPowerShell
2016-05-04 02:16:52 ----D---- C:\WINDOWS\SYSWOW64\wdi
2016-05-04 02:16:51 ----D---- C:\WINDOWS\SYSWOW64\WCN
2016-05-04 02:16:49 ----D---- C:\WINDOWS\SYSWOW64\wbem
2016-05-04 02:16:47 ----D---- C:\WINDOWS\SYSWOW64\uk-UA
2016-05-04 02:16:45 ----D---- C:\WINDOWS\SYSWOW64\tr-TR
2016-05-04 02:16:44 ----D---- C:\WINDOWS\SYSWOW64\th-TH
2016-05-04 02:16:42 ----D---- C:\WINDOWS\SYSWOW64\Tasks
2016-05-04 02:16:41 ----D---- C:\WINDOWS\SYSWOW64\sysprep
2016-05-04 02:16:40 ----D---- C:\WINDOWS\SYSWOW64\sv-SE
2016-05-04 02:16:39 ----D---- C:\WINDOWS\SYSWOW64\sru
2016-05-04 02:16:38 ----D---- C:\WINDOWS\SYSWOW64\sr-Latn-RS
2016-05-04 02:16:37 ----D---- C:\WINDOWS\SYSWOW64\sr-Latn-CS
2016-05-04 02:16:37 ----D---- C:\WINDOWS\SYSWOW64\sppui
2016-05-04 02:16:36 ----D---- C:\WINDOWS\SYSWOW64\spp
2016-05-04 02:16:36 ----D---- C:\WINDOWS\SYSWOW64\Speech
2016-05-04 02:16:35 ----D---- C:\WINDOWS\SYSWOW64\SMI
2016-05-04 02:16:34 ----D---- C:\WINDOWS\SYSWOW64\slmgr
2016-05-04 02:16:32 ----D---- C:\WINDOWS\SYSWOW64\sl-SI
2016-05-04 02:16:30 ----D---- C:\WINDOWS\SYSWOW64\sk-SK
2016-05-04 02:16:30 ----D---- C:\WINDOWS\SYSWOW64\setup
2016-05-04 02:16:30 ----D---- C:\WINDOWS\SYSWOW64\sda
2016-05-04 02:16:28 ----D---- C:\WINDOWS\SYSWOW64\ru-RU
2016-05-04 02:16:28 ----D---- C:\WINDOWS\SYSWOW64\RTCOM
2016-05-04 02:16:26 ----D---- C:\WINDOWS\SYSWOW64\ro-RO
2016-05-04 02:16:26 ----D---- C:\WINDOWS\SYSWOW64\restore
2016-05-04 02:16:26 ----D---- C:\WINDOWS\SYSWOW64\Recovery
2016-05-04 02:16:25 ----D---- C:\WINDOWS\SYSWOW64\ras
2016-05-04 02:16:24 ----D---- C:\WINDOWS\SYSWOW64\pt-PT
2016-05-04 02:16:22 ----D---- C:\WINDOWS\SYSWOW64\pt-BR
2016-05-04 02:16:21 ----D---- C:\WINDOWS\SYSWOW64\Printing_Admin_Scripts
2016-05-04 02:16:20 ----D---- C:\WINDOWS\SYSWOW64\pl-PL
2016-05-04 02:16:19 ----D---- C:\WINDOWS\SYSWOW64\oobe
2016-05-04 02:16:19 ----D---- C:\WINDOWS\SYSWOW64\OEM
2016-05-04 02:16:17 ----D---- C:\WINDOWS\SYSWOW64\nl-NL
2016-05-04 02:16:16 ----D---- C:\WINDOWS\SYSWOW64\networklist
2016-05-04 02:16:16 ----D---- C:\WINDOWS\SYSWOW64\NDF
2016-05-04 02:16:14 ----D---- C:\WINDOWS\SYSWOW64\nb-NO
2016-05-04 02:16:13 ----D---- C:\WINDOWS\SYSWOW64\MUI
2016-05-04 02:16:13 ----D---- C:\WINDOWS\SYSWOW64\MsDtc
2016-05-04 02:16:13 ----D---- C:\WINDOWS\SYSWOW64\MSDRM
2016-05-04 02:16:12 ----D---- C:\WINDOWS\SYSWOW64\ms-my
2016-05-04 02:16:12 ----D---- C:\WINDOWS\SYSWOW64\migwiz
2016-05-04 02:16:11 ----D---- C:\WINDOWS\SYSWOW64\migration
2016-05-04 02:16:11 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2016-05-04 02:16:10 ----D---- C:\WINDOWS\SYSWOW64\lv-LV
2016-05-04 02:16:08 ----D---- C:\WINDOWS\SYSWOW64\lt-LT
2016-05-04 02:16:07 ----D---- C:\WINDOWS\SYSWOW64\LogFiles
2016-05-04 02:16:06 ----D---- C:\WINDOWS\SYSWOW64\Licenses
2016-05-04 02:16:04 ----D---- C:\WINDOWS\SYSWOW64\ko-KR
2016-05-04 02:16:02 ----D---- C:\WINDOWS\SYSWOW64\ja-JP
2016-05-04 02:16:01 ----D---- C:\WINDOWS\SYSWOW64\it-IT
2016-05-04 02:16:00 ----D---- C:\WINDOWS\SYSWOW64\Ipmi
2016-05-04 02:15:51 ----D---- C:\WINDOWS\SYSWOW64\InstallShield
2016-05-04 02:15:50 ----D---- C:\WINDOWS\SYSWOW64\InputMethod
2016-05-04 02:15:50 ----D---- C:\WINDOWS\SYSWOW64\inetsrv
2016-05-04 02:15:47 ----D---- C:\WINDOWS\SYSWOW64\IME
2016-05-04 02:15:45 ----D---- C:\WINDOWS\SYSWOW64\hu-HU
2016-05-04 02:15:43 ----D---- C:\WINDOWS\SYSWOW64\hr-HR
2016-05-04 02:15:41 ----D---- C:\WINDOWS\SYSWOW64\he-IL
2016-05-04 02:15:41 ----D---- C:\WINDOWS\SYSWOW64\GroupPolicyUsers
2016-05-04 02:15:41 ----D---- C:\WINDOWS\SYSWOW64\GroupPolicy
2016-05-04 02:15:40 ----D---- C:\WINDOWS\SYSWOW64\gl-es
2016-05-04 02:15:40 ----D---- C:\WINDOWS\SYSWOW64\FxsTmp
2016-05-04 02:15:38 ----D---- C:\WINDOWS\SYSWOW64\fr-FR
2016-05-04 02:15:36 ----D---- C:\WINDOWS\SYSWOW64\fi-FI
2016-05-04 02:15:35 ----D---- C:\WINDOWS\SYSWOW64\eu-es
2016-05-04 02:15:34 ----D---- C:\WINDOWS\SYSWOW64\et-EE
2016-05-04 02:15:32 ----D---- C:\WINDOWS\SYSWOW64\es-ES
2016-05-04 02:15:31 ----D---- C:\WINDOWS\SYSWOW64\en-US
2016-05-04 02:15:30 ----D---- C:\WINDOWS\SYSWOW64\en-GB
2016-05-04 02:15:29 ----D---- C:\WINDOWS\SYSWOW64\en
2016-05-04 02:15:28 ----D---- C:\WINDOWS\SYSWOW64\el-GR
2016-05-04 02:15:27 ----D---- C:\WINDOWS\SYSWOW64\drivers\UMDF
2016-05-04 02:15:27 ----D---- C:\WINDOWS\SYSWOW64\drivers\en-US
2016-05-04 02:15:27 ----D---- C:\WINDOWS\SYSWOW64\drivers\cs-CZ
2016-05-04 02:15:27 ----D---- C:\WINDOWS\SYSWOW64\drivers
2016-05-04 02:15:27 ----D---- C:\WINDOWS\SYSWOW64\downlevel
2016-05-04 02:15:26 ----D---- C:\WINDOWS\SYSWOW64\Dism
2016-05-04 02:15:24 ----D---- C:\WINDOWS\SYSWOW64\de-DE
2016-05-04 02:15:23 ----D---- C:\WINDOWS\SYSWOW64\da-DK
2016-05-04 02:15:21 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2016-05-04 02:15:21 ----D---- C:\WINDOWS\SYSWOW64\cs
2016-05-04 02:15:15 ----D---- C:\WINDOWS\SYSWOW64\config
2016-05-04 02:15:15 ----D---- C:\WINDOWS\SYSWOW64\Com
2016-05-04 02:15:14 ----D---- C:\WINDOWS\SYSWOW64\catroot
2016-05-04 02:15:13 ----D---- C:\WINDOWS\SYSWOW64\ca-es-valencia
2016-05-04 02:15:13 ----D---- C:\WINDOWS\SYSWOW64\ca-es
2016-05-04 02:15:11 ----D---- C:\WINDOWS\SYSWOW64\bg-BG
2016-05-04 02:15:10 ----D---- C:\WINDOWS\SYSWOW64\ar-SA
2016-05-04 02:15:10 ----D---- C:\WINDOWS\SYSWOW64\AppLocker
2016-05-04 02:15:10 ----D---- C:\WINDOWS\SYSWOW64\0409
2016-05-04 02:15:09 ----D---- C:\WINDOWS\SysWOW64
2016-05-04 02:15:02 ----D---- C:\WINDOWS\system32\LogFiles
2016-05-04 02:12:57 ----D---- C:\WINDOWS\system32\catroot
2016-05-04 02:12:57 ----D---- C:\WINDOWS\System
2016-05-04 02:12:56 ----D---- C:\WINDOWS\Speech
2016-05-04 02:12:52 ----D---- C:\WINDOWS\SKB
2016-05-04 02:12:52 ----D---- C:\WINDOWS\ShellNew
2016-05-04 02:12:52 ----D---- C:\WINDOWS\Setup
2016-05-04 02:12:27 ----D---- C:\WINDOWS\ServiceProfiles
2016-05-04 02:12:26 ----D---- C:\WINDOWS\schemas
2016-05-04 02:12:26 ----D---- C:\WINDOWS\SchCache
2016-05-04 02:12:26 ----D---- C:\WINDOWS\security
2016-05-04 02:12:24 ----D---- C:\WINDOWS\Resources
2016-05-04 02:12:23 ----D---- C:\WINDOWS\Registration
2016-05-04 02:12:22 ----D---- C:\WINDOWS\PolicyDefinitions
2016-05-04 02:12:21 ----D---- C:\WINDOWS\PLA
2016-05-04 02:12:20 ----D---- C:\WINDOWS\Performance
2016-05-04 02:12:19 ----RD---- C:\WINDOWS\Offline Web Pages
2016-05-04 02:12:19 ----D---- C:\WINDOWS\Panther
2016-05-04 02:12:18 ----D---- C:\WINDOWS\oem
2016-05-04 02:12:18 ----D---- C:\WINDOWS\NAPP_Dism_Log
2016-05-04 02:12:17 ----D---- C:\WINDOWS\Minidump
2016-05-04 02:12:17 ----D---- C:\WINDOWS\Migration
2016-05-04 02:08:33 ----D---- C:\WINDOWS\MediaViewer
2016-05-04 02:08:30 ----RSD---- C:\WINDOWS\Media
2016-05-04 02:08:27 ----D---- C:\WINDOWS\Logs
2016-05-04 02:08:26 ----D---- C:\WINDOWS\L2Schemas
2016-05-04 02:08:17 ----SHD---- C:\WINDOWS\Installer
2016-05-04 02:08:16 ----D---- C:\WINDOWS\InputMethod
2016-05-04 02:07:46 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2016-05-04 02:07:43 ----D---- C:\WINDOWS\IME
2016-05-04 02:07:29 ----D---- C:\WINDOWS\Help
2016-05-04 02:07:28 ----D---- C:\WINDOWS\Globalization
2016-05-04 02:07:27 ----RSD---- C:\WINDOWS\Fonts
2016-05-04 02:07:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2016-05-04 02:07:22 ----HD---- C:\WINDOWS\ELAMBKUP
2016-05-04 02:07:22 ----D---- C:\WINDOWS\FileManager
2016-05-04 02:07:22 ----D---- C:\WINDOWS\en-US
2016-05-04 02:07:21 ----RD---- C:\WINDOWS\DesktopTileResources
2016-05-04 02:07:21 ----D---- C:\WINDOWS\DigitalLocker
2016-05-04 02:07:20 ----D---- C:\WINDOWS\debug
2016-05-04 02:07:20 ----D---- C:\WINDOWS\Cursors
2016-05-04 02:07:20 ----D---- C:\WINDOWS\cs-CZ
2016-05-04 02:07:19 ----D---- C:\WINDOWS\CbsTemp
2016-05-04 02:07:16 ----D---- C:\WINDOWS\Camera
2016-05-04 02:07:04 ----D---- C:\WINDOWS\Branding
2016-05-04 02:02:53 ----RSD---- C:\WINDOWS\assembly
2016-05-04 02:02:48 ----D---- C:\WINDOWS\apppatch
2016-05-04 02:02:47 ----D---- C:\WINDOWS\AppCompat
2016-05-04 02:02:39 ----D---- C:\WINDOWS\ADFS
2016-05-04 02:02:39 ----D---- C:\WINDOWS\addins
2016-05-04 02:01:57 ----D---- C:\Users\Acer\AppData\Roaming\Wondershare
2016-05-04 02:01:57 ----D---- C:\Users\Acer\AppData\Roaming\WildTangent
2016-05-04 02:01:57 ----D---- C:\Users\Acer\AppData\Roaming\TeamViewer
2016-05-04 02:01:56 ----D---- C:\Users\Acer\AppData\Roaming\Sun
2016-05-04 02:01:43 ----D---- C:\Users\Acer\AppData\Roaming\PC Suite
2016-05-04 02:01:42 ----D---- C:\Users\Acer\AppData\Roaming\Nokia Suite
2016-05-04 02:01:30 ----D---- C:\Users\Acer\AppData\Roaming\Nokia
2016-05-04 02:01:03 ----SD---- C:\Users\Acer\AppData\Roaming\Microsoft
2016-05-04 02:01:01 ----D---- C:\Users\Acer\AppData\Roaming\Macromedia
2016-05-04 02:01:01 ----D---- C:\Users\Acer\AppData\Roaming\Identities
2016-05-04 02:00:59 ----D---- C:\Users\Acer\AppData\Roaming\CyberLink
2016-05-04 02:00:58 ----D---- C:\Users\Acer\AppData\Roaming\Atheros
2016-05-04 02:00:54 ----D---- C:\Users\Acer\AppData\Roaming\Adobe
2016-05-04 01:46:07 ----SHD---- C:\Recovery
2016-05-04 01:46:07 ----D---- C:\ProgramData\{EB5F5A55-037A-4E47-806B-2C8AA9374701}
2016-05-04 01:46:06 ----D---- C:\ProgramData\Wondershare
2016-05-04 01:46:06 ----D---- C:\ProgramData\WildTangent
2016-05-04 01:46:05 ----D---- C:\ProgramData\Temp
2016-05-04 01:46:05 ----D---- C:\ProgramData\Sun
2016-05-04 01:46:04 ----D---- C:\ProgramData\Skype
2016-05-04 01:46:04 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2016-05-04 01:46:03 ----D---- C:\ProgramData\Qualcomm Atheros
2016-05-04 01:46:03 ----D---- C:\ProgramData\PC Suite
2016-05-04 01:46:02 ----D---- C:\ProgramData\Oracle
2016-05-04 01:46:01 ----D---- C:\ProgramData\OEM
2016-05-04 01:45:56 ----D---- C:\ProgramData\NokiaInstallerCache
2016-05-04 01:45:53 ----D---- C:\ProgramData\Nokia
2016-05-04 01:44:09 ----SD---- C:\ProgramData\Microsoft
2016-05-04 01:44:09 ----D---- C:\ProgramData\McAfee
2016-05-04 01:44:08 ----D---- C:\ProgramData\Intel
2016-05-04 01:44:08 ----D---- C:\ProgramData\install_clap
2016-05-04 01:44:01 ----D---- C:\ProgramData\CyberLink
2016-05-04 01:44:01 ----D---- C:\ProgramData\CLSK
2016-05-04 01:44:00 ----D---- C:\ProgramData\Atheros
2016-05-04 01:43:46 ----D---- C:\ProgramData\Adobe
2016-05-04 01:43:42 ----D---- C:\ProgramData\Acer
2016-05-04 01:43:41 ----SHD---- C:\Program Files\Windows Sidebar
2016-05-04 01:43:41 ----D---- C:\Program Files\WindowsPowerShell
2016-05-04 01:43:41 ----D---- C:\Program Files\Windows Portable Devices
2016-05-04 01:43:40 ----D---- C:\Program Files\Windows Photo Viewer
2016-05-04 01:43:39 ----D---- C:\Program Files\Windows NT
2016-05-04 01:43:38 ----D---- C:\Program Files\Windows Multimedia Platform
2016-05-04 01:43:37 ----D---- C:\Program Files\Windows Media Player
2016-05-04 01:43:36 ----D---- C:\Program Files\Windows Mail
2016-05-04 01:43:36 ----D---- C:\Program Files\Windows Journal
2016-05-04 01:43:35 ----HD---- C:\Program Files\Uninstall Information
2016-05-04 01:43:33 ----D---- C:\Program Files\Reference Assemblies
2016-05-04 01:43:33 ----D---- C:\Program Files\Realtek
2016-05-04 01:43:32 ----D---- C:\Program Files\MSBuild
2016-05-04 01:41:43 ----D---- C:\Program Files\Internet Explorer
2016-05-04 01:41:37 ----D---- C:\Program Files\Intel
2016-05-04 01:41:37 ----D---- C:\Program Files\DIFX
2016-05-04 01:41:35 ----D---- C:\Program Files\Common Files\System
2016-05-04 01:41:35 ----D---- C:\Program Files\Common Files\Services
2016-05-04 01:41:35 ----D---- C:\Program Files\Common Files\QCA_Bluetooth
2016-05-04 01:41:22 ----D---- C:\Program Files\Common Files\microsoft shared
2016-05-04 01:41:21 ----D---- C:\Program Files\Common Files
2016-05-04 01:41:21 ----D---- C:\Program Files\CCleaner
2016-05-04 01:41:21 ----D---- C:\Program Files\Booking.COM
2016-05-04 01:41:13 ----D---- C:\Program Files\Acer
2016-05-04 01:41:13 ----D---- C:\PerfLogs
2016-05-04 01:40:17 ----HD---- C:\OEM
2016-05-04 01:40:16 ----HD---- C:\Intel
2016-05-04 01:40:16 ----D---- C:\AcerCloud
2016-05-04 01:38:35 ----HD---- C:\$WINDOWS.~BT
2016-05-01 23:27:26 ----D---- C:\Program Files (x86)
2016-05-01 23:23:56 ----RD---- C:\Users
2016-04-30 09:04:23 ----D---- C:\WINDOWS\ModemLogs
2016-04-28 23:08:01 ----A---- C:\WINDOWS\PTP.txt
2016-04-24 18:09:50 ----SHD---- C:\System Volume Information
2016-04-23 10:43:25 ----D---- C:\WINDOWS\system32\Tasks
2016-04-17 15:32:09 ----D---- C:\Program Files (x86)\Microsoft.NET
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 BTATH_BUS;@oem16.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\WINDOWS\System32\drivers\btath_bus.sys [2014-02-26 35016]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\WINDOWS\system32\DRIVERS\vwififlt.sys [2013-08-22 71680]
R3 athr;@oem15.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\system32\DRIVERS\athwbx.sys [2014-02-14 3888640]
R3 BtFilter;BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [2014-02-26 598216]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2014-10-29 81920]
R3 iaioi2c;@oem2.inf,%Driver_Service.Desc%;I2C Controller Service; C:\WINDOWS\System32\drivers\iaioi2ce.sys [2013-11-11 67584]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2014-03-07 3729920]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2014-03-25 3903320]
R3 IntcDAud;@oem8.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2014-03-07 450520]
R3 iwdbus;@oem11.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2014-03-01 27032]
R3 LMDriver;@oem20.inf,%LMDriver.SVCDESC%;Launch Manager Wireless Driver; C:\WINDOWS\System32\drivers\LMDriver.sys [2013-07-17 21360]
R3 RadioShim;@oem20.inf,%RadioShim.SVCDESC%;Shim for HID-KMDF Interface layer; C:\WINDOWS\System32\drivers\RadioShim.sys [2013-07-17 14680]
R3 RTL8168;@oem12.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [2013-12-18 839896]
R3 SynRMIHID;@oem14.inf,%SynRMIHID.SVCDESC%;Synaptics HID Service; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [2014-02-19 42224]
R3 TXEIx64;@oem13.inf,%TEE_SvcDesc%;Intel(R) Trusted Execution Engine Interface ; C:\WINDOWS\System32\drivers\TXEIx64.sys [2014-01-15 88592]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2014-06-21 212736]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\WINDOWS\system32\DRIVERS\vwifimp.sys [2013-08-22 36864]
S1 MpKsle78c5e0d;MpKsle78c5e0d; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C08C38EE-DA72-4A19-99E8-173558D88AD8}\MpKsle78c5e0d.sys []
S3 AthBTPort;@oem19.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\WINDOWS\system32\DRIVERS\btath_flt.sys [2014-02-26 89800]
S3 BCM43XX;@netbc64.inf,%BCM43XX_Service_DispName%;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [2013-07-01 8536752]
S3 BTATH_A2DP;@oem18.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\WINDOWS\system32\drivers\btath_a2dp.sys [2014-02-26 355528]
S3 btath_avdt;@oem18.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\WINDOWS\system32\drivers\btath_avdt.sys [2014-02-26 118984]
S3 BTATH_HCRP;@oem21.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\WINDOWS\System32\drivers\btath_hcrp.sys [2014-02-26 179432]
S3 BTATH_LWFLT;@oem23.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [2014-02-26 77464]
S3 BTATH_RCP;@oem25.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\WINDOWS\System32\drivers\btath_rcp.sys [2014-02-26 137928]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2014-10-29 53248]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [2014-03-18 226304]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2015-07-10 118272]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2015-05-11 1201664]
S3 dg_ssudbus;@oem36.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 GPIO;@oem1.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\WINDOWS\System32\drivers\iaiogpioe.sys [2013-11-11 31232]
S3 intaud_WaveExtensible;@oem10.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2014-03-01 38296]
S3 nmwcd;@oem27.inf,%MFG% %SVC%;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmbx64.sys [2013-01-23 19968]
S3 nmwcdc;@oem32.inf,%MFG% %SVC%;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbox64.sys [2013-01-23 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2015-01-30 167424]
S3 RSUSBVSTOR;@oem7.inf,%RSUSBVSTOR.SvcDesc%;RtsUVStor.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RtsUVStor.sys [2013-11-01 330456]
S3 ssudmdm;@oem37.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltx64.sys [2013-01-23 9216]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2014-10-29 44544]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2013-08-22 33280]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltjx64.sys [2013-01-23 9216]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-14 82128]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [2014-02-26 319104]
R2 CCDMonitorService;CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2014-01-17 2797312]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2016-04-22 2911472]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2014-03-18 282096]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-02 733696]
R2 LMSvc;Launch Manager Service; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [2014-03-17 459496]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2012-04-24 254512]
R2 TeamViewer;TeamViewer 11; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-03-02 6942480]
R3 ePowerSvc;ePower Service; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2014-03-21 2573544]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2014-03-18 43696]
R3 QASvc;Quick Access Service; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [2014-03-22 457960]
R3 RMSvc;Quick Access RadioMgr Service; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [2014-03-22 449768]
R3 UEIPSvc;User Experience Improvement Program; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [2014-01-25 222952]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-24 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-01-29 327296]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2014-03-18 279024]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-24 144200]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-02 822232]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2016-04-20 242736]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Dočistění po viru TeslaCrypt
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Dočistění po viru TeslaCrypt
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Dočistění po viru TeslaCrypt
Přikládám log z AdwCleaneru, děkuji:
# AdwCleaner v5.115 - Log soubor vytvořen 05/05/2016 o 00:26:09
# Aktualizováno 01/05/2016 by Xplode
# Databáze : 2016-05-04.2 [Server]
# Operační systém : Windows 8.1 Connected (X64)
# Jméno uživatele : Acer - ES1-511
# Spuštěno z : C:\Users\Acer\Desktop\adwcleaner_5.115.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum
***** [ Služby ] *****
***** [ Složky ] *****
[-] Složka smazáno : C:\Program Files (x86)\globalUpdate
[-] Složka smazáno : C:\Program Files (x86)\Fresh Outlook
[-] Složka smazáno : C:\Users\Acer\AppData\Local\globalUpdate
[-] Složka smazáno : C:\Users\Acer\AppData\Local\VirtualStore\Program Files\Booking.com
[-] Složka smazáno : C:\Program Files\Booking.com
***** [ Soubory ] *****
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úkoly ] *****
***** [ Registr ] *****
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
[-] Klávesa smazáno : HKCU\Software\Classes\pokki
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[-] Klávesa smazáno : HKCU\Software\GlobalUpdate
[-] Klávesa smazáno : HKCU\Software\AppDataLow\Software\Crossrider
[-] Klávesa smazáno : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Klávesa smazáno : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Klávesa smazáno : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Klávesa smazáno : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Klávesa smazáno : HKU\S-1-5-21-1635132571-3260942216-536630270-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
***** [ Webové prohlížeče ] *****
*************************
:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [2431 bytes] - [05/05/2016 00:26:09]
C:\AdwCleaner\AdwCleaner[S1].txt - [2983 bytes] - [05/05/2016 00:22:28]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2577 bytes] ##########
# AdwCleaner v5.115 - Log soubor vytvořen 05/05/2016 o 00:26:09
# Aktualizováno 01/05/2016 by Xplode
# Databáze : 2016-05-04.2 [Server]
# Operační systém : Windows 8.1 Connected (X64)
# Jméno uživatele : Acer - ES1-511
# Spuštěno z : C:\Users\Acer\Desktop\adwcleaner_5.115.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum
***** [ Služby ] *****
***** [ Složky ] *****
[-] Složka smazáno : C:\Program Files (x86)\globalUpdate
[-] Složka smazáno : C:\Program Files (x86)\Fresh Outlook
[-] Složka smazáno : C:\Users\Acer\AppData\Local\globalUpdate
[-] Složka smazáno : C:\Users\Acer\AppData\Local\VirtualStore\Program Files\Booking.com
[-] Složka smazáno : C:\Program Files\Booking.com
***** [ Soubory ] *****
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úkoly ] *****
***** [ Registr ] *****
[-] Klávesa smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
[-] Klávesa smazáno : HKCU\Software\Classes\pokki
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[-] Klávesa smazáno : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[-] Klávesa smazáno : HKCU\Software\GlobalUpdate
[-] Klávesa smazáno : HKCU\Software\AppDataLow\Software\Crossrider
[-] Klávesa smazáno : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Klávesa smazáno : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Klávesa smazáno : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Klávesa smazáno : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Klávesa smazáno : HKU\S-1-5-21-1635132571-3260942216-536630270-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
***** [ Webové prohlížeče ] *****
*************************
:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [2431 bytes] - [05/05/2016 00:26:09]
C:\AdwCleaner\AdwCleaner[S1].txt - [2983 bytes] - [05/05/2016 00:22:28]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2577 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Dočistění po viru TeslaCrypt
Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Dočistění po viru TeslaCrypt
Přikládám nový log z RSITu:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Acer at 2016-05-10 22:03:27
Microsoft Windows 8.1 s aplikací Bing
System drive C: has 407 GB (89%) free of 459 GB
Total RAM: 1931 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:03:32, on 10. 5. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\trend micro\Acer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
O4 - Startup: !RecoveR!-mifzl++.HTML
O4 - Startup: !RecoveR!-mifzl++.PNG
O4 - Startup: -!RecOveR!-agnll++.Htm
O4 - Startup: -!RecOveR!-agnll++.Png
O4 - Startup: -!RecOveR!-ainmp++.Htm
O4 - Startup: -!RecOveR!-ainmp++.Png
O4 - Startup: -!RecOveR!-artqv++.Htm
O4 - Startup: -!RecOveR!-artqv++.Png
O4 - Startup: -!RecOveR!-hctab++.Htm
O4 - Startup: -!RecOveR!-hctab++.Png
O4 - Startup: -!RecOveR!-hfbdq++.Htm
O4 - Startup: -!RecOveR!-hfbdq++.Png
O4 - Startup: -!RecOveR!-hgyxy++.Htm
O4 - Startup: -!RecOveR!-hgyxy++.Png
O4 - Startup: -!RecOveR!-igrle++.Htm
O4 - Startup: -!RecOveR!-igrle++.Png
O4 - Startup: -!RecOveR!-kibli++.Htm
O4 - Startup: -!RecOveR!-kibli++.Png
O4 - Startup: -!RecOveR!-lmfvb++.Htm
O4 - Startup: -!RecOveR!-lmfvb++.Png
O4 - Startup: -!RecOveR!-momps++.Htm
O4 - Startup: -!RecOveR!-momps++.Png
O4 - Startup: -!RecOveR!-nxrlw++.Htm
O4 - Startup: -!RecOveR!-nxrlw++.Png
O4 - Startup: -!RecOveR!-suxho++.Htm
O4 - Startup: -!RecOveR!-suxho++.Png
O4 - Startup: -!RecOveR!-ustac++.Htm
O4 - Startup: -!RecOveR!-ustac++.Png
O4 - Startup: -!RecOveR!-uxjfa++.Htm
O4 - Startup: -!RecOveR!-uxjfa++.Png
O4 - Startup: -!RecOveR!-vamql++.Htm
O4 - Startup: -!RecOveR!-vamql++.Png
O4 - Startup: -!RecOveR!-walig++.Htm
O4 - Startup: -!RecOveR!-walig++.Png
O4 - Global Startup: !RecoveR!-mifzl++.HTML
O4 - Global Startup: !RecoveR!-mifzl++.PNG
O4 - Global Startup: -!RecOveR!-lmfvb++.Htm
O4 - Global Startup: -!RecOveR!-lmfvb++.Png
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Quick Access Service (QASvc) - Acer Incorporate - C:\Program Files\Acer\Acer Quick Access\QASvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: Quick Access RadioMgr Service (RMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: User Experience Improvement Program (UEIPSvc) - acer - C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11781 bytes
======Listing Processes======
wininit.exe
winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
taskhostex.exe
"c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
taskeng.exe {90FC73F2-1FE3-4025-AB24-371C4CD31591}
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
"C:\Program Files\Microsoft Office\root\Office16\msoia.exe" scan
C:\WINDOWS\System32\svchost.exe -k utcsvc
dashost.exe {0f64b231-a6ae-4b84-972a4c8cb7e1c1d0}
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
"C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe"
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
"C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe"
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Acer\Acer Quick Access\QASvc.exe"
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Acer\Acer Quick Access\QAEvent.exe"
igfxEM.exe
igfxHK.exe
igfxTray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe" --IPCport 5939
"C:\Program Files\Acer\Acer Launch Manager\LMTray.exe"
"C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe"
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer11_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer11_Logfile.log
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Acer\Acer Power Management\ePowerTray.exe"
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe"
"C:\Windows\system32\igfxext.exe" -Embedding
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe"
"C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Acer\Acer Quick Access\RMSvc.exe"
"C:\Program Files\Acer\Acer Quick Access\QAMsg.exe"
"C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe" -hide
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\totalcmd\TOTALCMD64.EXE"
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe"
"C:\Users\Acer\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-04-29 157384]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-05 462400]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-29 1538864]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-05 173120]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-21 13672304]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [2014-02-26 134784]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-04-15 8698584]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-04-08 51662464]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14 1085656]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-04-01 596504]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [2014-02-26 134784]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
!RecoveR!-mifzl++.HTML
!RecoveR!-mifzl++.PNG
-!RecOveR!-lmfvb++.Htm
-!RecOveR!-lmfvb++.Png
C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
!RecoveR!-mifzl++.HTML
!RecoveR!-mifzl++.PNG
-!RecOveR!-agnll++.Htm
-!RecOveR!-agnll++.Png
-!RecOveR!-ainmp++.Htm
-!RecOveR!-ainmp++.Png
-!RecOveR!-artqv++.Htm
-!RecOveR!-artqv++.Png
-!RecOveR!-hctab++.Htm
-!RecOveR!-hctab++.Png
-!RecOveR!-hfbdq++.Htm
-!RecOveR!-hfbdq++.Png
-!RecOveR!-hgyxy++.Htm
-!RecOveR!-hgyxy++.Png
-!RecOveR!-igrle++.Htm
-!RecOveR!-igrle++.Png
-!RecOveR!-kibli++.Htm
-!RecOveR!-kibli++.Png
-!RecOveR!-lmfvb++.Htm
-!RecOveR!-lmfvb++.Png
-!RecOveR!-momps++.Htm
-!RecOveR!-momps++.Png
-!RecOveR!-nxrlw++.Htm
-!RecOveR!-nxrlw++.Png
-!RecOveR!-suxho++.Htm
-!RecOveR!-suxho++.Png
-!RecOveR!-ustac++.Htm
-!RecOveR!-ustac++.Png
-!RecOveR!-uxjfa++.Htm
-!RecOveR!-uxjfa++.Png
-!RecOveR!-vamql++.Htm
-!RecOveR!-vamql++.Png
-!RecOveR!-walig++.Htm
-!RecOveR!-walig++.Png
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLinkedConnections"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-05-05 00:22:12 ----D---- C:\AdwCleaner
2016-05-04 20:29:30 ----D---- C:\Program Files\trend micro
2016-05-04 20:29:29 ----D---- C:\rsit
2016-05-04 20:15:17 ----A---- C:\ProgramData\853B4E35F67E.dat
2016-05-01 23:27:26 ----D---- C:\Program Files (x86)\ESET
2016-05-01 23:26:05 ----D---- C:\Users\Acer\AppData\Roaming\GHISLER
2016-05-01 23:26:05 ----D---- C:\totalcmd
2016-04-17 16:04:56 ----D---- C:\Program Files\Common Files\DESIGNER
2016-04-17 15:33:12 ----D---- C:\ProgramData\Microsoft OneDrive
2016-04-17 15:23:16 ----D---- C:\Program Files\Microsoft Office
2016-04-17 15:23:14 ----D---- C:\Program Files\Microsoft Office 15
======List of files/folders modified in the last 1 month======
2016-05-10 22:03:32 ----D---- C:\WINDOWS\Prefetch
2016-05-10 22:01:01 ----D---- C:\WINDOWS\Temp
2016-05-10 22:00:05 ----D---- C:\WINDOWS\system32\sru
2016-05-10 21:24:32 ----D---- C:\WINDOWS\Microsoft.NET
2016-05-10 21:23:51 ----D---- C:\WINDOWS\Inf
2016-05-10 18:09:41 ----RD---- C:\WINDOWS\System32
2016-05-10 18:09:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-10 16:50:19 ----D---- C:\Program Files (x86)\TeamViewer
2016-05-10 16:50:18 ----D---- C:\WINDOWS\system32\Tasks
2016-05-10 16:22:35 ----D---- C:\WINDOWS\system32\config
2016-05-09 03:22:41 ----D---- C:\Users\Acer\AppData\Roaming\Skype
2016-05-05 18:48:27 ----SHD---- C:\WINDOWS\Installer
2016-05-05 18:48:13 ----RD---- C:\Program Files (x86)\Skype
2016-05-05 18:48:08 ----D---- C:\ProgramData\Skype
2016-05-05 01:02:20 ----SHD---- C:\System Volume Information
2016-05-05 01:00:25 ----D---- C:\Windows
2016-05-05 00:59:51 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2016-05-05 00:43:33 ----D---- C:\ProgramData\Oracle
2016-05-05 00:43:13 ----D---- C:\Program Files (x86)\Java
2016-05-05 00:43:11 ----D---- C:\WINDOWS\SysWOW64
2016-05-05 00:43:02 ----D---- C:\Program Files (x86)\Common Files
2016-05-05 00:42:24 ----A---- C:\WINDOWS\SYSWOW64\WindowsAccessBridge-32.dll
2016-05-05 00:26:10 ----D---- C:\Program Files (x86)
2016-05-04 20:36:18 ----D---- C:\WINDOWS\SoftwareDistribution
2016-05-04 20:32:38 ----SD---- C:\Users\Acer\AppData\Roaming\Microsoft
2016-05-04 20:29:30 ----RD---- C:\Program Files
2016-05-04 20:15:17 ----HD---- C:\ProgramData
2016-05-04 13:55:30 ----D---- C:\WINDOWS\LiveKernelReports
2016-05-04 13:54:16 ----D---- C:\WINDOWS\AppReadiness
2016-05-04 13:54:15 ----HD---- C:\Program Files\WindowsApps
2016-05-04 02:17:24 ----D---- C:\WINDOWS\WinStore
2016-05-04 02:17:23 ----D---- C:\WINDOWS\Web
2016-05-04 02:17:22 ----D---- C:\WINDOWS\Vss
2016-05-04 02:17:15 ----D---- C:\WINDOWS\vpnplugins
2016-05-04 02:17:15 ----D---- C:\WINDOWS\twain_32
2016-05-04 02:17:15 ----D---- C:\WINDOWS\tracing
2016-05-04 02:17:14 ----D---- C:\WINDOWS\Tasks
2016-05-04 02:17:14 ----D---- C:\WINDOWS\TAPI
2016-05-04 02:17:12 ----D---- C:\WINDOWS\SYSWOW64\zh-TW
2016-05-04 02:17:10 ----D---- C:\WINDOWS\SYSWOW64\zh-HK
2016-05-04 02:17:08 ----D---- C:\WINDOWS\SYSWOW64\zh-CN
2016-05-04 02:17:08 ----D---- C:\WINDOWS\SYSWOW64\XPSViewer
2016-05-04 02:17:07 ----D---- C:\WINDOWS\SYSWOW64\winrm
2016-05-04 02:16:52 ----D---- C:\WINDOWS\SYSWOW64\WindowsPowerShell
2016-05-04 02:16:52 ----D---- C:\WINDOWS\SYSWOW64\wdi
2016-05-04 02:16:51 ----D---- C:\WINDOWS\SYSWOW64\WCN
2016-05-04 02:16:49 ----D---- C:\WINDOWS\SYSWOW64\wbem
2016-05-04 02:16:47 ----D---- C:\WINDOWS\SYSWOW64\uk-UA
2016-05-04 02:16:45 ----D---- C:\WINDOWS\SYSWOW64\tr-TR
2016-05-04 02:16:44 ----D---- C:\WINDOWS\SYSWOW64\th-TH
2016-05-04 02:16:42 ----D---- C:\WINDOWS\SYSWOW64\Tasks
2016-05-04 02:16:41 ----D---- C:\WINDOWS\SYSWOW64\sysprep
2016-05-04 02:16:40 ----D---- C:\WINDOWS\SYSWOW64\sv-SE
2016-05-04 02:16:39 ----D---- C:\WINDOWS\SYSWOW64\sru
2016-05-04 02:16:38 ----D---- C:\WINDOWS\SYSWOW64\sr-Latn-RS
2016-05-04 02:16:37 ----D---- C:\WINDOWS\SYSWOW64\sr-Latn-CS
2016-05-04 02:16:37 ----D---- C:\WINDOWS\SYSWOW64\sppui
2016-05-04 02:16:36 ----D---- C:\WINDOWS\SYSWOW64\spp
2016-05-04 02:16:36 ----D---- C:\WINDOWS\SYSWOW64\Speech
2016-05-04 02:16:35 ----D---- C:\WINDOWS\SYSWOW64\SMI
2016-05-04 02:16:34 ----D---- C:\WINDOWS\SYSWOW64\slmgr
2016-05-04 02:16:32 ----D---- C:\WINDOWS\SYSWOW64\sl-SI
2016-05-04 02:16:30 ----D---- C:\WINDOWS\SYSWOW64\sk-SK
2016-05-04 02:16:30 ----D---- C:\WINDOWS\SYSWOW64\setup
2016-05-04 02:16:30 ----D---- C:\WINDOWS\SYSWOW64\sda
2016-05-04 02:16:28 ----D---- C:\WINDOWS\SYSWOW64\ru-RU
2016-05-04 02:16:28 ----D---- C:\WINDOWS\SYSWOW64\RTCOM
2016-05-04 02:16:26 ----D---- C:\WINDOWS\SYSWOW64\ro-RO
2016-05-04 02:16:26 ----D---- C:\WINDOWS\SYSWOW64\restore
2016-05-04 02:16:26 ----D---- C:\WINDOWS\SYSWOW64\Recovery
2016-05-04 02:16:25 ----D---- C:\WINDOWS\SYSWOW64\ras
2016-05-04 02:16:24 ----D---- C:\WINDOWS\SYSWOW64\pt-PT
2016-05-04 02:16:22 ----D---- C:\WINDOWS\SYSWOW64\pt-BR
2016-05-04 02:16:21 ----D---- C:\WINDOWS\SYSWOW64\Printing_Admin_Scripts
2016-05-04 02:16:20 ----D---- C:\WINDOWS\SYSWOW64\pl-PL
2016-05-04 02:16:19 ----D---- C:\WINDOWS\SYSWOW64\oobe
2016-05-04 02:16:19 ----D---- C:\WINDOWS\SYSWOW64\OEM
2016-05-04 02:16:17 ----D---- C:\WINDOWS\SYSWOW64\nl-NL
2016-05-04 02:16:16 ----D---- C:\WINDOWS\SYSWOW64\networklist
2016-05-04 02:16:16 ----D---- C:\WINDOWS\SYSWOW64\NDF
2016-05-04 02:16:14 ----D---- C:\WINDOWS\SYSWOW64\nb-NO
2016-05-04 02:16:13 ----D---- C:\WINDOWS\SYSWOW64\MUI
2016-05-04 02:16:13 ----D---- C:\WINDOWS\SYSWOW64\MsDtc
2016-05-04 02:16:13 ----D---- C:\WINDOWS\SYSWOW64\MSDRM
2016-05-04 02:16:12 ----D---- C:\WINDOWS\SYSWOW64\ms-my
2016-05-04 02:16:12 ----D---- C:\WINDOWS\SYSWOW64\migwiz
2016-05-04 02:16:11 ----D---- C:\WINDOWS\SYSWOW64\migration
2016-05-04 02:16:11 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2016-05-04 02:16:10 ----D---- C:\WINDOWS\SYSWOW64\lv-LV
2016-05-04 02:16:08 ----D---- C:\WINDOWS\SYSWOW64\lt-LT
2016-05-04 02:16:07 ----D---- C:\WINDOWS\SYSWOW64\LogFiles
2016-05-04 02:16:06 ----D---- C:\WINDOWS\SYSWOW64\Licenses
2016-05-04 02:16:04 ----D---- C:\WINDOWS\SYSWOW64\ko-KR
2016-05-04 02:16:02 ----D---- C:\WINDOWS\SYSWOW64\ja-JP
2016-05-04 02:16:01 ----D---- C:\WINDOWS\SYSWOW64\it-IT
2016-05-04 02:16:00 ----D---- C:\WINDOWS\SYSWOW64\Ipmi
2016-05-04 02:15:51 ----D---- C:\WINDOWS\SYSWOW64\InstallShield
2016-05-04 02:15:50 ----D---- C:\WINDOWS\SYSWOW64\InputMethod
2016-05-04 02:15:50 ----D---- C:\WINDOWS\SYSWOW64\inetsrv
2016-05-04 02:15:47 ----D---- C:\WINDOWS\SYSWOW64\IME
2016-05-04 02:15:45 ----D---- C:\WINDOWS\SYSWOW64\hu-HU
2016-05-04 02:15:43 ----D---- C:\WINDOWS\SYSWOW64\hr-HR
2016-05-04 02:15:41 ----D---- C:\WINDOWS\SYSWOW64\he-IL
2016-05-04 02:15:41 ----D---- C:\WINDOWS\SYSWOW64\GroupPolicyUsers
2016-05-04 02:15:41 ----D---- C:\WINDOWS\SYSWOW64\GroupPolicy
2016-05-04 02:15:40 ----D---- C:\WINDOWS\SYSWOW64\gl-es
2016-05-04 02:15:40 ----D---- C:\WINDOWS\SYSWOW64\FxsTmp
2016-05-04 02:15:38 ----D---- C:\WINDOWS\SYSWOW64\fr-FR
2016-05-04 02:15:36 ----D---- C:\WINDOWS\SYSWOW64\fi-FI
2016-05-04 02:15:35 ----D---- C:\WINDOWS\SYSWOW64\eu-es
2016-05-04 02:15:34 ----D---- C:\WINDOWS\SYSWOW64\et-EE
2016-05-04 02:15:32 ----D---- C:\WINDOWS\SYSWOW64\es-ES
2016-05-04 02:15:31 ----D---- C:\WINDOWS\SYSWOW64\en-US
2016-05-04 02:15:30 ----D---- C:\WINDOWS\SYSWOW64\en-GB
2016-05-04 02:15:29 ----D---- C:\WINDOWS\SYSWOW64\en
2016-05-04 02:15:28 ----D---- C:\WINDOWS\SYSWOW64\el-GR
2016-05-04 02:15:27 ----D---- C:\WINDOWS\SYSWOW64\drivers\UMDF
2016-05-04 02:15:27 ----D---- C:\WINDOWS\SYSWOW64\drivers\en-US
2016-05-04 02:15:27 ----D---- C:\WINDOWS\SYSWOW64\drivers\cs-CZ
2016-05-04 02:15:27 ----D---- C:\WINDOWS\SYSWOW64\drivers
2016-05-04 02:15:27 ----D---- C:\WINDOWS\SYSWOW64\downlevel
2016-05-04 02:15:26 ----D---- C:\WINDOWS\SYSWOW64\Dism
2016-05-04 02:15:24 ----D---- C:\WINDOWS\SYSWOW64\de-DE
2016-05-04 02:15:23 ----D---- C:\WINDOWS\SYSWOW64\da-DK
2016-05-04 02:15:21 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2016-05-04 02:15:21 ----D---- C:\WINDOWS\SYSWOW64\cs
2016-05-04 02:15:15 ----D---- C:\WINDOWS\SYSWOW64\config
2016-05-04 02:15:15 ----D---- C:\WINDOWS\SYSWOW64\Com
2016-05-04 02:15:14 ----D---- C:\WINDOWS\SYSWOW64\catroot
2016-05-04 02:15:13 ----D---- C:\WINDOWS\SYSWOW64\ca-es-valencia
2016-05-04 02:15:13 ----D---- C:\WINDOWS\SYSWOW64\ca-es
2016-05-04 02:15:11 ----D---- C:\WINDOWS\SYSWOW64\bg-BG
2016-05-04 02:15:10 ----D---- C:\WINDOWS\SYSWOW64\ar-SA
2016-05-04 02:15:10 ----D---- C:\WINDOWS\SYSWOW64\AppLocker
2016-05-04 02:15:10 ----D---- C:\WINDOWS\SYSWOW64\0409
2016-05-04 02:15:02 ----D---- C:\WINDOWS\system32\LogFiles
2016-05-04 02:12:57 ----D---- C:\WINDOWS\system32\catroot
2016-05-04 02:12:57 ----D---- C:\WINDOWS\System
2016-05-04 02:12:56 ----D---- C:\WINDOWS\Speech
2016-05-04 02:12:52 ----D---- C:\WINDOWS\SKB
2016-05-04 02:12:52 ----D---- C:\WINDOWS\ShellNew
2016-05-04 02:12:52 ----D---- C:\WINDOWS\Setup
2016-05-04 02:12:27 ----D---- C:\WINDOWS\ServiceProfiles
2016-05-04 02:12:26 ----D---- C:\WINDOWS\schemas
2016-05-04 02:12:26 ----D---- C:\WINDOWS\SchCache
2016-05-04 02:12:26 ----D---- C:\WINDOWS\security
2016-05-04 02:12:24 ----D---- C:\WINDOWS\Resources
2016-05-04 02:12:23 ----D---- C:\WINDOWS\Registration
2016-05-04 02:12:22 ----D---- C:\WINDOWS\PolicyDefinitions
2016-05-04 02:12:21 ----D---- C:\WINDOWS\PLA
2016-05-04 02:12:20 ----D---- C:\WINDOWS\Performance
2016-05-04 02:12:19 ----RD---- C:\WINDOWS\Offline Web Pages
2016-05-04 02:12:19 ----D---- C:\WINDOWS\Panther
2016-05-04 02:12:18 ----D---- C:\WINDOWS\oem
2016-05-04 02:12:18 ----D---- C:\WINDOWS\NAPP_Dism_Log
2016-05-04 02:12:17 ----D---- C:\WINDOWS\Minidump
2016-05-04 02:12:17 ----D---- C:\WINDOWS\Migration
2016-05-04 02:08:33 ----D---- C:\WINDOWS\MediaViewer
2016-05-04 02:08:30 ----RSD---- C:\WINDOWS\Media
2016-05-04 02:08:27 ----D---- C:\WINDOWS\Logs
2016-05-04 02:08:26 ----D---- C:\WINDOWS\L2Schemas
2016-05-04 02:08:16 ----D---- C:\WINDOWS\InputMethod
2016-05-04 02:07:46 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2016-05-04 02:07:43 ----D---- C:\WINDOWS\IME
2016-05-04 02:07:29 ----D---- C:\WINDOWS\Help
2016-05-04 02:07:28 ----D---- C:\WINDOWS\Globalization
2016-05-04 02:07:27 ----RSD---- C:\WINDOWS\Fonts
2016-05-04 02:07:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2016-05-04 02:07:22 ----HD---- C:\WINDOWS\ELAMBKUP
2016-05-04 02:07:22 ----D---- C:\WINDOWS\FileManager
2016-05-04 02:07:22 ----D---- C:\WINDOWS\en-US
2016-05-04 02:07:21 ----RD---- C:\WINDOWS\DesktopTileResources
2016-05-04 02:07:21 ----D---- C:\WINDOWS\DigitalLocker
2016-05-04 02:07:20 ----D---- C:\WINDOWS\debug
2016-05-04 02:07:20 ----D---- C:\WINDOWS\Cursors
2016-05-04 02:07:20 ----D---- C:\WINDOWS\cs-CZ
2016-05-04 02:07:19 ----D---- C:\WINDOWS\CbsTemp
2016-05-04 02:07:16 ----D---- C:\WINDOWS\Camera
2016-05-04 02:07:04 ----D---- C:\WINDOWS\Branding
2016-05-04 02:02:53 ----RSD---- C:\WINDOWS\assembly
2016-05-04 02:02:48 ----D---- C:\WINDOWS\apppatch
2016-05-04 02:02:47 ----D---- C:\WINDOWS\AppCompat
2016-05-04 02:02:39 ----D---- C:\WINDOWS\ADFS
2016-05-04 02:02:39 ----D---- C:\WINDOWS\addins
2016-05-04 02:01:57 ----D---- C:\Users\Acer\AppData\Roaming\Wondershare
2016-05-04 02:01:57 ----D---- C:\Users\Acer\AppData\Roaming\WildTangent
2016-05-04 02:01:57 ----D---- C:\Users\Acer\AppData\Roaming\TeamViewer
2016-05-04 02:01:56 ----D---- C:\Users\Acer\AppData\Roaming\Sun
2016-05-04 02:01:43 ----D---- C:\Users\Acer\AppData\Roaming\PC Suite
2016-05-04 02:01:42 ----D---- C:\Users\Acer\AppData\Roaming\Nokia Suite
2016-05-04 02:01:30 ----D---- C:\Users\Acer\AppData\Roaming\Nokia
2016-05-04 02:01:01 ----D---- C:\Users\Acer\AppData\Roaming\Macromedia
2016-05-04 02:01:01 ----D---- C:\Users\Acer\AppData\Roaming\Identities
2016-05-04 02:00:59 ----D---- C:\Users\Acer\AppData\Roaming\CyberLink
2016-05-04 02:00:58 ----D---- C:\Users\Acer\AppData\Roaming\Atheros
2016-05-04 02:00:54 ----D---- C:\Users\Acer\AppData\Roaming\Adobe
2016-05-04 01:46:07 ----SHD---- C:\Recovery
2016-05-04 01:46:07 ----D---- C:\ProgramData\{EB5F5A55-037A-4E47-806B-2C8AA9374701}
2016-05-04 01:46:06 ----D---- C:\ProgramData\Wondershare
2016-05-04 01:46:06 ----D---- C:\ProgramData\WildTangent
2016-05-04 01:46:05 ----D---- C:\ProgramData\Temp
2016-05-04 01:46:05 ----D---- C:\ProgramData\Sun
2016-05-04 01:46:03 ----D---- C:\ProgramData\Qualcomm Atheros
2016-05-04 01:46:03 ----D---- C:\ProgramData\PC Suite
2016-05-04 01:46:01 ----D---- C:\ProgramData\OEM
2016-05-04 01:45:56 ----D---- C:\ProgramData\NokiaInstallerCache
2016-05-04 01:45:53 ----D---- C:\ProgramData\Nokia
2016-05-04 01:44:09 ----SD---- C:\ProgramData\Microsoft
2016-05-04 01:44:09 ----D---- C:\ProgramData\McAfee
2016-05-04 01:44:08 ----D---- C:\ProgramData\Intel
2016-05-04 01:44:08 ----D---- C:\ProgramData\install_clap
2016-05-04 01:44:01 ----D---- C:\ProgramData\CyberLink
2016-05-04 01:44:01 ----D---- C:\ProgramData\CLSK
2016-05-04 01:44:00 ----D---- C:\ProgramData\Atheros
2016-05-04 01:43:46 ----D---- C:\ProgramData\Adobe
2016-05-04 01:43:42 ----D---- C:\ProgramData\Acer
2016-05-04 01:43:41 ----SHD---- C:\Program Files\Windows Sidebar
2016-05-04 01:43:41 ----D---- C:\Program Files\WindowsPowerShell
2016-05-04 01:43:41 ----D---- C:\Program Files\Windows Portable Devices
2016-05-04 01:43:40 ----D---- C:\Program Files\Windows Photo Viewer
2016-05-04 01:43:39 ----D---- C:\Program Files\Windows NT
2016-05-04 01:43:38 ----D---- C:\Program Files\Windows Multimedia Platform
2016-05-04 01:43:37 ----D---- C:\Program Files\Windows Media Player
2016-05-04 01:43:36 ----D---- C:\Program Files\Windows Mail
2016-05-04 01:43:36 ----D---- C:\Program Files\Windows Journal
2016-05-04 01:43:35 ----HD---- C:\Program Files\Uninstall Information
2016-05-04 01:43:33 ----D---- C:\Program Files\Reference Assemblies
2016-05-04 01:43:33 ----D---- C:\Program Files\Realtek
2016-05-04 01:43:32 ----D---- C:\Program Files\MSBuild
2016-05-04 01:41:43 ----D---- C:\Program Files\Internet Explorer
2016-05-04 01:41:37 ----D---- C:\Program Files\Intel
2016-05-04 01:41:37 ----D---- C:\Program Files\DIFX
2016-05-04 01:41:35 ----D---- C:\Program Files\Common Files\System
2016-05-04 01:41:35 ----D---- C:\Program Files\Common Files\Services
2016-05-04 01:41:35 ----D---- C:\Program Files\Common Files\QCA_Bluetooth
2016-05-04 01:41:22 ----D---- C:\Program Files\Common Files\microsoft shared
2016-05-04 01:41:21 ----D---- C:\Program Files\Common Files
2016-05-04 01:41:21 ----D---- C:\Program Files\CCleaner
2016-05-04 01:41:13 ----D---- C:\Program Files\Acer
2016-05-04 01:41:13 ----D---- C:\PerfLogs
2016-05-04 01:40:17 ----HD---- C:\OEM
2016-05-04 01:40:16 ----HD---- C:\Intel
2016-05-04 01:40:16 ----D---- C:\AcerCloud
2016-05-04 01:38:35 ----HD---- C:\$WINDOWS.~BT
2016-05-01 23:23:56 ----RD---- C:\Users
2016-04-30 09:04:23 ----D---- C:\WINDOWS\ModemLogs
2016-04-28 23:08:01 ----A---- C:\WINDOWS\PTP.txt
2016-04-17 15:32:09 ----D---- C:\Program Files (x86)\Microsoft.NET
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 BTATH_BUS;@oem16.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\WINDOWS\System32\drivers\btath_bus.sys [2014-02-26 35016]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\WINDOWS\system32\DRIVERS\vwififlt.sys [2013-08-22 71680]
R3 athr;@oem15.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\system32\DRIVERS\athwbx.sys [2014-02-14 3888640]
R3 BtFilter;BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [2014-02-26 598216]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2014-10-29 81920]
R3 iaioi2c;@oem2.inf,%Driver_Service.Desc%;I2C Controller Service; C:\WINDOWS\System32\drivers\iaioi2ce.sys [2013-11-11 67584]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2014-03-07 3729920]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2014-03-25 3903320]
R3 IntcDAud;@oem8.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2014-03-07 450520]
R3 iwdbus;@oem11.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2014-03-01 27032]
R3 LMDriver;@oem20.inf,%LMDriver.SVCDESC%;Launch Manager Wireless Driver; C:\WINDOWS\System32\drivers\LMDriver.sys [2013-07-17 21360]
R3 RadioShim;@oem20.inf,%RadioShim.SVCDESC%;Shim for HID-KMDF Interface layer; C:\WINDOWS\System32\drivers\RadioShim.sys [2013-07-17 14680]
R3 RTL8168;@oem12.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [2013-12-18 839896]
R3 SynRMIHID;@oem14.inf,%SynRMIHID.SVCDESC%;Synaptics HID Service; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [2014-02-19 42224]
R3 TXEIx64;@oem13.inf,%TEE_SvcDesc%;Intel(R) Trusted Execution Engine Interface ; C:\WINDOWS\System32\drivers\TXEIx64.sys [2014-01-15 88592]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2014-06-21 212736]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\WINDOWS\system32\DRIVERS\vwifimp.sys [2013-08-22 36864]
S1 MpKsle78c5e0d;MpKsle78c5e0d; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C08C38EE-DA72-4A19-99E8-173558D88AD8}\MpKsle78c5e0d.sys []
S3 AthBTPort;@oem19.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\WINDOWS\system32\DRIVERS\btath_flt.sys [2014-02-26 89800]
S3 BCM43XX;@netbc64.inf,%BCM43XX_Service_DispName%;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [2013-07-01 8536752]
S3 BTATH_A2DP;@oem18.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\WINDOWS\system32\drivers\btath_a2dp.sys [2014-02-26 355528]
S3 btath_avdt;@oem18.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\WINDOWS\system32\drivers\btath_avdt.sys [2014-02-26 118984]
S3 BTATH_HCRP;@oem21.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\WINDOWS\System32\drivers\btath_hcrp.sys [2014-02-26 179432]
S3 BTATH_LWFLT;@oem23.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [2014-02-26 77464]
S3 BTATH_RCP;@oem25.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\WINDOWS\System32\drivers\btath_rcp.sys [2014-02-26 137928]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2014-10-29 53248]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [2014-03-18 226304]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2015-07-10 118272]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2015-05-11 1201664]
S3 dg_ssudbus;@oem36.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 GPIO;@oem1.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\WINDOWS\System32\drivers\iaiogpioe.sys [2013-11-11 31232]
S3 intaud_WaveExtensible;@oem10.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2014-03-01 38296]
S3 nmwcd;@oem27.inf,%MFG% %SVC%;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmbx64.sys [2013-01-23 19968]
S3 nmwcdc;@oem32.inf,%MFG% %SVC%;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbox64.sys [2013-01-23 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2015-01-30 167424]
S3 RSUSBVSTOR;@oem7.inf,%RSUSBVSTOR.SvcDesc%;RtsUVStor.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RtsUVStor.sys [2013-11-01 330456]
S3 ssudmdm;@oem37.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltx64.sys [2013-01-23 9216]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2014-10-29 44544]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2013-08-22 33280]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltjx64.sys [2013-01-23 9216]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-14 82128]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [2014-02-26 319104]
R2 CCDMonitorService;CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2014-01-17 2797312]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2016-04-29 2911464]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2014-03-18 282096]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-02 733696]
R2 LMSvc;Launch Manager Service; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [2014-03-17 459496]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2012-04-24 254512]
R2 TeamViewer;TeamViewer 11; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-05-02 7031056]
R3 ePowerSvc;ePower Service; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2014-03-21 2573544]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2014-03-18 43696]
R3 QASvc;Quick Access Service; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [2014-03-22 457960]
R3 RMSvc;Quick Access RadioMgr Service; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [2014-03-22 449768]
R3 UEIPSvc;User Experience Improvement Program; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [2014-01-25 222952]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-24 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-03-23 327808]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2014-03-18 279024]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-24 144200]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-02 822232]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2016-04-28 242736]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
-----------------EOF-----------------
Logfile of random's system information tool 1.10 (written by random/random)
Run by Acer at 2016-05-10 22:03:27
Microsoft Windows 8.1 s aplikací Bing
System drive C: has 407 GB (89%) free of 459 GB
Total RAM: 1931 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:03:32, on 10. 5. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\trend micro\Acer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
O4 - Startup: !RecoveR!-mifzl++.HTML
O4 - Startup: !RecoveR!-mifzl++.PNG
O4 - Startup: -!RecOveR!-agnll++.Htm
O4 - Startup: -!RecOveR!-agnll++.Png
O4 - Startup: -!RecOveR!-ainmp++.Htm
O4 - Startup: -!RecOveR!-ainmp++.Png
O4 - Startup: -!RecOveR!-artqv++.Htm
O4 - Startup: -!RecOveR!-artqv++.Png
O4 - Startup: -!RecOveR!-hctab++.Htm
O4 - Startup: -!RecOveR!-hctab++.Png
O4 - Startup: -!RecOveR!-hfbdq++.Htm
O4 - Startup: -!RecOveR!-hfbdq++.Png
O4 - Startup: -!RecOveR!-hgyxy++.Htm
O4 - Startup: -!RecOveR!-hgyxy++.Png
O4 - Startup: -!RecOveR!-igrle++.Htm
O4 - Startup: -!RecOveR!-igrle++.Png
O4 - Startup: -!RecOveR!-kibli++.Htm
O4 - Startup: -!RecOveR!-kibli++.Png
O4 - Startup: -!RecOveR!-lmfvb++.Htm
O4 - Startup: -!RecOveR!-lmfvb++.Png
O4 - Startup: -!RecOveR!-momps++.Htm
O4 - Startup: -!RecOveR!-momps++.Png
O4 - Startup: -!RecOveR!-nxrlw++.Htm
O4 - Startup: -!RecOveR!-nxrlw++.Png
O4 - Startup: -!RecOveR!-suxho++.Htm
O4 - Startup: -!RecOveR!-suxho++.Png
O4 - Startup: -!RecOveR!-ustac++.Htm
O4 - Startup: -!RecOveR!-ustac++.Png
O4 - Startup: -!RecOveR!-uxjfa++.Htm
O4 - Startup: -!RecOveR!-uxjfa++.Png
O4 - Startup: -!RecOveR!-vamql++.Htm
O4 - Startup: -!RecOveR!-vamql++.Png
O4 - Startup: -!RecOveR!-walig++.Htm
O4 - Startup: -!RecOveR!-walig++.Png
O4 - Global Startup: !RecoveR!-mifzl++.HTML
O4 - Global Startup: !RecoveR!-mifzl++.PNG
O4 - Global Startup: -!RecOveR!-lmfvb++.Htm
O4 - Global Startup: -!RecOveR!-lmfvb++.Png
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Quick Access Service (QASvc) - Acer Incorporate - C:\Program Files\Acer\Acer Quick Access\QASvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: Quick Access RadioMgr Service (RMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: User Experience Improvement Program (UEIPSvc) - acer - C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11781 bytes
======Listing Processes======
wininit.exe
winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
taskhostex.exe
"c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
taskeng.exe {90FC73F2-1FE3-4025-AB24-371C4CD31591}
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
"C:\Program Files\Microsoft Office\root\Office16\msoia.exe" scan
C:\WINDOWS\System32\svchost.exe -k utcsvc
dashost.exe {0f64b231-a6ae-4b84-972a4c8cb7e1c1d0}
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
"C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe"
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
"C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe"
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Acer\Acer Quick Access\QASvc.exe"
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Acer\Acer Quick Access\QAEvent.exe"
igfxEM.exe
igfxHK.exe
igfxTray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"c:\program files (x86)\teamviewer\TeamViewer_Desktop.exe" --IPCport 5939
"C:\Program Files\Acer\Acer Launch Manager\LMTray.exe"
"C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe"
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer11_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer11_Logfile.log
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Acer\Acer Power Management\ePowerTray.exe"
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe"
"C:\Windows\system32\igfxext.exe" -Embedding
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe"
"C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Acer\Acer Quick Access\RMSvc.exe"
"C:\Program Files\Acer\Acer Quick Access\QAMsg.exe"
"C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe" -hide
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\totalcmd\TOTALCMD64.EXE"
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe"
"C:\Users\Acer\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-04-29 157384]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-05 462400]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-29 1538864]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-05 173120]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-21 13672304]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [2014-02-26 134784]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-04-15 8698584]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-04-08 51662464]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14 1085656]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-04-01 596504]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [2014-02-26 134784]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
!RecoveR!-mifzl++.HTML
!RecoveR!-mifzl++.PNG
-!RecOveR!-lmfvb++.Htm
-!RecOveR!-lmfvb++.Png
C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
!RecoveR!-mifzl++.HTML
!RecoveR!-mifzl++.PNG
-!RecOveR!-agnll++.Htm
-!RecOveR!-agnll++.Png
-!RecOveR!-ainmp++.Htm
-!RecOveR!-ainmp++.Png
-!RecOveR!-artqv++.Htm
-!RecOveR!-artqv++.Png
-!RecOveR!-hctab++.Htm
-!RecOveR!-hctab++.Png
-!RecOveR!-hfbdq++.Htm
-!RecOveR!-hfbdq++.Png
-!RecOveR!-hgyxy++.Htm
-!RecOveR!-hgyxy++.Png
-!RecOveR!-igrle++.Htm
-!RecOveR!-igrle++.Png
-!RecOveR!-kibli++.Htm
-!RecOveR!-kibli++.Png
-!RecOveR!-lmfvb++.Htm
-!RecOveR!-lmfvb++.Png
-!RecOveR!-momps++.Htm
-!RecOveR!-momps++.Png
-!RecOveR!-nxrlw++.Htm
-!RecOveR!-nxrlw++.Png
-!RecOveR!-suxho++.Htm
-!RecOveR!-suxho++.Png
-!RecOveR!-ustac++.Htm
-!RecOveR!-ustac++.Png
-!RecOveR!-uxjfa++.Htm
-!RecOveR!-uxjfa++.Png
-!RecOveR!-vamql++.Htm
-!RecOveR!-vamql++.Png
-!RecOveR!-walig++.Htm
-!RecOveR!-walig++.Png
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLinkedConnections"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-05-05 00:22:12 ----D---- C:\AdwCleaner
2016-05-04 20:29:30 ----D---- C:\Program Files\trend micro
2016-05-04 20:29:29 ----D---- C:\rsit
2016-05-04 20:15:17 ----A---- C:\ProgramData\853B4E35F67E.dat
2016-05-01 23:27:26 ----D---- C:\Program Files (x86)\ESET
2016-05-01 23:26:05 ----D---- C:\Users\Acer\AppData\Roaming\GHISLER
2016-05-01 23:26:05 ----D---- C:\totalcmd
2016-04-17 16:04:56 ----D---- C:\Program Files\Common Files\DESIGNER
2016-04-17 15:33:12 ----D---- C:\ProgramData\Microsoft OneDrive
2016-04-17 15:23:16 ----D---- C:\Program Files\Microsoft Office
2016-04-17 15:23:14 ----D---- C:\Program Files\Microsoft Office 15
======List of files/folders modified in the last 1 month======
2016-05-10 22:03:32 ----D---- C:\WINDOWS\Prefetch
2016-05-10 22:01:01 ----D---- C:\WINDOWS\Temp
2016-05-10 22:00:05 ----D---- C:\WINDOWS\system32\sru
2016-05-10 21:24:32 ----D---- C:\WINDOWS\Microsoft.NET
2016-05-10 21:23:51 ----D---- C:\WINDOWS\Inf
2016-05-10 18:09:41 ----RD---- C:\WINDOWS\System32
2016-05-10 18:09:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-10 16:50:19 ----D---- C:\Program Files (x86)\TeamViewer
2016-05-10 16:50:18 ----D---- C:\WINDOWS\system32\Tasks
2016-05-10 16:22:35 ----D---- C:\WINDOWS\system32\config
2016-05-09 03:22:41 ----D---- C:\Users\Acer\AppData\Roaming\Skype
2016-05-05 18:48:27 ----SHD---- C:\WINDOWS\Installer
2016-05-05 18:48:13 ----RD---- C:\Program Files (x86)\Skype
2016-05-05 18:48:08 ----D---- C:\ProgramData\Skype
2016-05-05 01:02:20 ----SHD---- C:\System Volume Information
2016-05-05 01:00:25 ----D---- C:\Windows
2016-05-05 00:59:51 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2016-05-05 00:43:33 ----D---- C:\ProgramData\Oracle
2016-05-05 00:43:13 ----D---- C:\Program Files (x86)\Java
2016-05-05 00:43:11 ----D---- C:\WINDOWS\SysWOW64
2016-05-05 00:43:02 ----D---- C:\Program Files (x86)\Common Files
2016-05-05 00:42:24 ----A---- C:\WINDOWS\SYSWOW64\WindowsAccessBridge-32.dll
2016-05-05 00:26:10 ----D---- C:\Program Files (x86)
2016-05-04 20:36:18 ----D---- C:\WINDOWS\SoftwareDistribution
2016-05-04 20:32:38 ----SD---- C:\Users\Acer\AppData\Roaming\Microsoft
2016-05-04 20:29:30 ----RD---- C:\Program Files
2016-05-04 20:15:17 ----HD---- C:\ProgramData
2016-05-04 13:55:30 ----D---- C:\WINDOWS\LiveKernelReports
2016-05-04 13:54:16 ----D---- C:\WINDOWS\AppReadiness
2016-05-04 13:54:15 ----HD---- C:\Program Files\WindowsApps
2016-05-04 02:17:24 ----D---- C:\WINDOWS\WinStore
2016-05-04 02:17:23 ----D---- C:\WINDOWS\Web
2016-05-04 02:17:22 ----D---- C:\WINDOWS\Vss
2016-05-04 02:17:15 ----D---- C:\WINDOWS\vpnplugins
2016-05-04 02:17:15 ----D---- C:\WINDOWS\twain_32
2016-05-04 02:17:15 ----D---- C:\WINDOWS\tracing
2016-05-04 02:17:14 ----D---- C:\WINDOWS\Tasks
2016-05-04 02:17:14 ----D---- C:\WINDOWS\TAPI
2016-05-04 02:17:12 ----D---- C:\WINDOWS\SYSWOW64\zh-TW
2016-05-04 02:17:10 ----D---- C:\WINDOWS\SYSWOW64\zh-HK
2016-05-04 02:17:08 ----D---- C:\WINDOWS\SYSWOW64\zh-CN
2016-05-04 02:17:08 ----D---- C:\WINDOWS\SYSWOW64\XPSViewer
2016-05-04 02:17:07 ----D---- C:\WINDOWS\SYSWOW64\winrm
2016-05-04 02:16:52 ----D---- C:\WINDOWS\SYSWOW64\WindowsPowerShell
2016-05-04 02:16:52 ----D---- C:\WINDOWS\SYSWOW64\wdi
2016-05-04 02:16:51 ----D---- C:\WINDOWS\SYSWOW64\WCN
2016-05-04 02:16:49 ----D---- C:\WINDOWS\SYSWOW64\wbem
2016-05-04 02:16:47 ----D---- C:\WINDOWS\SYSWOW64\uk-UA
2016-05-04 02:16:45 ----D---- C:\WINDOWS\SYSWOW64\tr-TR
2016-05-04 02:16:44 ----D---- C:\WINDOWS\SYSWOW64\th-TH
2016-05-04 02:16:42 ----D---- C:\WINDOWS\SYSWOW64\Tasks
2016-05-04 02:16:41 ----D---- C:\WINDOWS\SYSWOW64\sysprep
2016-05-04 02:16:40 ----D---- C:\WINDOWS\SYSWOW64\sv-SE
2016-05-04 02:16:39 ----D---- C:\WINDOWS\SYSWOW64\sru
2016-05-04 02:16:38 ----D---- C:\WINDOWS\SYSWOW64\sr-Latn-RS
2016-05-04 02:16:37 ----D---- C:\WINDOWS\SYSWOW64\sr-Latn-CS
2016-05-04 02:16:37 ----D---- C:\WINDOWS\SYSWOW64\sppui
2016-05-04 02:16:36 ----D---- C:\WINDOWS\SYSWOW64\spp
2016-05-04 02:16:36 ----D---- C:\WINDOWS\SYSWOW64\Speech
2016-05-04 02:16:35 ----D---- C:\WINDOWS\SYSWOW64\SMI
2016-05-04 02:16:34 ----D---- C:\WINDOWS\SYSWOW64\slmgr
2016-05-04 02:16:32 ----D---- C:\WINDOWS\SYSWOW64\sl-SI
2016-05-04 02:16:30 ----D---- C:\WINDOWS\SYSWOW64\sk-SK
2016-05-04 02:16:30 ----D---- C:\WINDOWS\SYSWOW64\setup
2016-05-04 02:16:30 ----D---- C:\WINDOWS\SYSWOW64\sda
2016-05-04 02:16:28 ----D---- C:\WINDOWS\SYSWOW64\ru-RU
2016-05-04 02:16:28 ----D---- C:\WINDOWS\SYSWOW64\RTCOM
2016-05-04 02:16:26 ----D---- C:\WINDOWS\SYSWOW64\ro-RO
2016-05-04 02:16:26 ----D---- C:\WINDOWS\SYSWOW64\restore
2016-05-04 02:16:26 ----D---- C:\WINDOWS\SYSWOW64\Recovery
2016-05-04 02:16:25 ----D---- C:\WINDOWS\SYSWOW64\ras
2016-05-04 02:16:24 ----D---- C:\WINDOWS\SYSWOW64\pt-PT
2016-05-04 02:16:22 ----D---- C:\WINDOWS\SYSWOW64\pt-BR
2016-05-04 02:16:21 ----D---- C:\WINDOWS\SYSWOW64\Printing_Admin_Scripts
2016-05-04 02:16:20 ----D---- C:\WINDOWS\SYSWOW64\pl-PL
2016-05-04 02:16:19 ----D---- C:\WINDOWS\SYSWOW64\oobe
2016-05-04 02:16:19 ----D---- C:\WINDOWS\SYSWOW64\OEM
2016-05-04 02:16:17 ----D---- C:\WINDOWS\SYSWOW64\nl-NL
2016-05-04 02:16:16 ----D---- C:\WINDOWS\SYSWOW64\networklist
2016-05-04 02:16:16 ----D---- C:\WINDOWS\SYSWOW64\NDF
2016-05-04 02:16:14 ----D---- C:\WINDOWS\SYSWOW64\nb-NO
2016-05-04 02:16:13 ----D---- C:\WINDOWS\SYSWOW64\MUI
2016-05-04 02:16:13 ----D---- C:\WINDOWS\SYSWOW64\MsDtc
2016-05-04 02:16:13 ----D---- C:\WINDOWS\SYSWOW64\MSDRM
2016-05-04 02:16:12 ----D---- C:\WINDOWS\SYSWOW64\ms-my
2016-05-04 02:16:12 ----D---- C:\WINDOWS\SYSWOW64\migwiz
2016-05-04 02:16:11 ----D---- C:\WINDOWS\SYSWOW64\migration
2016-05-04 02:16:11 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2016-05-04 02:16:10 ----D---- C:\WINDOWS\SYSWOW64\lv-LV
2016-05-04 02:16:08 ----D---- C:\WINDOWS\SYSWOW64\lt-LT
2016-05-04 02:16:07 ----D---- C:\WINDOWS\SYSWOW64\LogFiles
2016-05-04 02:16:06 ----D---- C:\WINDOWS\SYSWOW64\Licenses
2016-05-04 02:16:04 ----D---- C:\WINDOWS\SYSWOW64\ko-KR
2016-05-04 02:16:02 ----D---- C:\WINDOWS\SYSWOW64\ja-JP
2016-05-04 02:16:01 ----D---- C:\WINDOWS\SYSWOW64\it-IT
2016-05-04 02:16:00 ----D---- C:\WINDOWS\SYSWOW64\Ipmi
2016-05-04 02:15:51 ----D---- C:\WINDOWS\SYSWOW64\InstallShield
2016-05-04 02:15:50 ----D---- C:\WINDOWS\SYSWOW64\InputMethod
2016-05-04 02:15:50 ----D---- C:\WINDOWS\SYSWOW64\inetsrv
2016-05-04 02:15:47 ----D---- C:\WINDOWS\SYSWOW64\IME
2016-05-04 02:15:45 ----D---- C:\WINDOWS\SYSWOW64\hu-HU
2016-05-04 02:15:43 ----D---- C:\WINDOWS\SYSWOW64\hr-HR
2016-05-04 02:15:41 ----D---- C:\WINDOWS\SYSWOW64\he-IL
2016-05-04 02:15:41 ----D---- C:\WINDOWS\SYSWOW64\GroupPolicyUsers
2016-05-04 02:15:41 ----D---- C:\WINDOWS\SYSWOW64\GroupPolicy
2016-05-04 02:15:40 ----D---- C:\WINDOWS\SYSWOW64\gl-es
2016-05-04 02:15:40 ----D---- C:\WINDOWS\SYSWOW64\FxsTmp
2016-05-04 02:15:38 ----D---- C:\WINDOWS\SYSWOW64\fr-FR
2016-05-04 02:15:36 ----D---- C:\WINDOWS\SYSWOW64\fi-FI
2016-05-04 02:15:35 ----D---- C:\WINDOWS\SYSWOW64\eu-es
2016-05-04 02:15:34 ----D---- C:\WINDOWS\SYSWOW64\et-EE
2016-05-04 02:15:32 ----D---- C:\WINDOWS\SYSWOW64\es-ES
2016-05-04 02:15:31 ----D---- C:\WINDOWS\SYSWOW64\en-US
2016-05-04 02:15:30 ----D---- C:\WINDOWS\SYSWOW64\en-GB
2016-05-04 02:15:29 ----D---- C:\WINDOWS\SYSWOW64\en
2016-05-04 02:15:28 ----D---- C:\WINDOWS\SYSWOW64\el-GR
2016-05-04 02:15:27 ----D---- C:\WINDOWS\SYSWOW64\drivers\UMDF
2016-05-04 02:15:27 ----D---- C:\WINDOWS\SYSWOW64\drivers\en-US
2016-05-04 02:15:27 ----D---- C:\WINDOWS\SYSWOW64\drivers\cs-CZ
2016-05-04 02:15:27 ----D---- C:\WINDOWS\SYSWOW64\drivers
2016-05-04 02:15:27 ----D---- C:\WINDOWS\SYSWOW64\downlevel
2016-05-04 02:15:26 ----D---- C:\WINDOWS\SYSWOW64\Dism
2016-05-04 02:15:24 ----D---- C:\WINDOWS\SYSWOW64\de-DE
2016-05-04 02:15:23 ----D---- C:\WINDOWS\SYSWOW64\da-DK
2016-05-04 02:15:21 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2016-05-04 02:15:21 ----D---- C:\WINDOWS\SYSWOW64\cs
2016-05-04 02:15:15 ----D---- C:\WINDOWS\SYSWOW64\config
2016-05-04 02:15:15 ----D---- C:\WINDOWS\SYSWOW64\Com
2016-05-04 02:15:14 ----D---- C:\WINDOWS\SYSWOW64\catroot
2016-05-04 02:15:13 ----D---- C:\WINDOWS\SYSWOW64\ca-es-valencia
2016-05-04 02:15:13 ----D---- C:\WINDOWS\SYSWOW64\ca-es
2016-05-04 02:15:11 ----D---- C:\WINDOWS\SYSWOW64\bg-BG
2016-05-04 02:15:10 ----D---- C:\WINDOWS\SYSWOW64\ar-SA
2016-05-04 02:15:10 ----D---- C:\WINDOWS\SYSWOW64\AppLocker
2016-05-04 02:15:10 ----D---- C:\WINDOWS\SYSWOW64\0409
2016-05-04 02:15:02 ----D---- C:\WINDOWS\system32\LogFiles
2016-05-04 02:12:57 ----D---- C:\WINDOWS\system32\catroot
2016-05-04 02:12:57 ----D---- C:\WINDOWS\System
2016-05-04 02:12:56 ----D---- C:\WINDOWS\Speech
2016-05-04 02:12:52 ----D---- C:\WINDOWS\SKB
2016-05-04 02:12:52 ----D---- C:\WINDOWS\ShellNew
2016-05-04 02:12:52 ----D---- C:\WINDOWS\Setup
2016-05-04 02:12:27 ----D---- C:\WINDOWS\ServiceProfiles
2016-05-04 02:12:26 ----D---- C:\WINDOWS\schemas
2016-05-04 02:12:26 ----D---- C:\WINDOWS\SchCache
2016-05-04 02:12:26 ----D---- C:\WINDOWS\security
2016-05-04 02:12:24 ----D---- C:\WINDOWS\Resources
2016-05-04 02:12:23 ----D---- C:\WINDOWS\Registration
2016-05-04 02:12:22 ----D---- C:\WINDOWS\PolicyDefinitions
2016-05-04 02:12:21 ----D---- C:\WINDOWS\PLA
2016-05-04 02:12:20 ----D---- C:\WINDOWS\Performance
2016-05-04 02:12:19 ----RD---- C:\WINDOWS\Offline Web Pages
2016-05-04 02:12:19 ----D---- C:\WINDOWS\Panther
2016-05-04 02:12:18 ----D---- C:\WINDOWS\oem
2016-05-04 02:12:18 ----D---- C:\WINDOWS\NAPP_Dism_Log
2016-05-04 02:12:17 ----D---- C:\WINDOWS\Minidump
2016-05-04 02:12:17 ----D---- C:\WINDOWS\Migration
2016-05-04 02:08:33 ----D---- C:\WINDOWS\MediaViewer
2016-05-04 02:08:30 ----RSD---- C:\WINDOWS\Media
2016-05-04 02:08:27 ----D---- C:\WINDOWS\Logs
2016-05-04 02:08:26 ----D---- C:\WINDOWS\L2Schemas
2016-05-04 02:08:16 ----D---- C:\WINDOWS\InputMethod
2016-05-04 02:07:46 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2016-05-04 02:07:43 ----D---- C:\WINDOWS\IME
2016-05-04 02:07:29 ----D---- C:\WINDOWS\Help
2016-05-04 02:07:28 ----D---- C:\WINDOWS\Globalization
2016-05-04 02:07:27 ----RSD---- C:\WINDOWS\Fonts
2016-05-04 02:07:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2016-05-04 02:07:22 ----HD---- C:\WINDOWS\ELAMBKUP
2016-05-04 02:07:22 ----D---- C:\WINDOWS\FileManager
2016-05-04 02:07:22 ----D---- C:\WINDOWS\en-US
2016-05-04 02:07:21 ----RD---- C:\WINDOWS\DesktopTileResources
2016-05-04 02:07:21 ----D---- C:\WINDOWS\DigitalLocker
2016-05-04 02:07:20 ----D---- C:\WINDOWS\debug
2016-05-04 02:07:20 ----D---- C:\WINDOWS\Cursors
2016-05-04 02:07:20 ----D---- C:\WINDOWS\cs-CZ
2016-05-04 02:07:19 ----D---- C:\WINDOWS\CbsTemp
2016-05-04 02:07:16 ----D---- C:\WINDOWS\Camera
2016-05-04 02:07:04 ----D---- C:\WINDOWS\Branding
2016-05-04 02:02:53 ----RSD---- C:\WINDOWS\assembly
2016-05-04 02:02:48 ----D---- C:\WINDOWS\apppatch
2016-05-04 02:02:47 ----D---- C:\WINDOWS\AppCompat
2016-05-04 02:02:39 ----D---- C:\WINDOWS\ADFS
2016-05-04 02:02:39 ----D---- C:\WINDOWS\addins
2016-05-04 02:01:57 ----D---- C:\Users\Acer\AppData\Roaming\Wondershare
2016-05-04 02:01:57 ----D---- C:\Users\Acer\AppData\Roaming\WildTangent
2016-05-04 02:01:57 ----D---- C:\Users\Acer\AppData\Roaming\TeamViewer
2016-05-04 02:01:56 ----D---- C:\Users\Acer\AppData\Roaming\Sun
2016-05-04 02:01:43 ----D---- C:\Users\Acer\AppData\Roaming\PC Suite
2016-05-04 02:01:42 ----D---- C:\Users\Acer\AppData\Roaming\Nokia Suite
2016-05-04 02:01:30 ----D---- C:\Users\Acer\AppData\Roaming\Nokia
2016-05-04 02:01:01 ----D---- C:\Users\Acer\AppData\Roaming\Macromedia
2016-05-04 02:01:01 ----D---- C:\Users\Acer\AppData\Roaming\Identities
2016-05-04 02:00:59 ----D---- C:\Users\Acer\AppData\Roaming\CyberLink
2016-05-04 02:00:58 ----D---- C:\Users\Acer\AppData\Roaming\Atheros
2016-05-04 02:00:54 ----D---- C:\Users\Acer\AppData\Roaming\Adobe
2016-05-04 01:46:07 ----SHD---- C:\Recovery
2016-05-04 01:46:07 ----D---- C:\ProgramData\{EB5F5A55-037A-4E47-806B-2C8AA9374701}
2016-05-04 01:46:06 ----D---- C:\ProgramData\Wondershare
2016-05-04 01:46:06 ----D---- C:\ProgramData\WildTangent
2016-05-04 01:46:05 ----D---- C:\ProgramData\Temp
2016-05-04 01:46:05 ----D---- C:\ProgramData\Sun
2016-05-04 01:46:03 ----D---- C:\ProgramData\Qualcomm Atheros
2016-05-04 01:46:03 ----D---- C:\ProgramData\PC Suite
2016-05-04 01:46:01 ----D---- C:\ProgramData\OEM
2016-05-04 01:45:56 ----D---- C:\ProgramData\NokiaInstallerCache
2016-05-04 01:45:53 ----D---- C:\ProgramData\Nokia
2016-05-04 01:44:09 ----SD---- C:\ProgramData\Microsoft
2016-05-04 01:44:09 ----D---- C:\ProgramData\McAfee
2016-05-04 01:44:08 ----D---- C:\ProgramData\Intel
2016-05-04 01:44:08 ----D---- C:\ProgramData\install_clap
2016-05-04 01:44:01 ----D---- C:\ProgramData\CyberLink
2016-05-04 01:44:01 ----D---- C:\ProgramData\CLSK
2016-05-04 01:44:00 ----D---- C:\ProgramData\Atheros
2016-05-04 01:43:46 ----D---- C:\ProgramData\Adobe
2016-05-04 01:43:42 ----D---- C:\ProgramData\Acer
2016-05-04 01:43:41 ----SHD---- C:\Program Files\Windows Sidebar
2016-05-04 01:43:41 ----D---- C:\Program Files\WindowsPowerShell
2016-05-04 01:43:41 ----D---- C:\Program Files\Windows Portable Devices
2016-05-04 01:43:40 ----D---- C:\Program Files\Windows Photo Viewer
2016-05-04 01:43:39 ----D---- C:\Program Files\Windows NT
2016-05-04 01:43:38 ----D---- C:\Program Files\Windows Multimedia Platform
2016-05-04 01:43:37 ----D---- C:\Program Files\Windows Media Player
2016-05-04 01:43:36 ----D---- C:\Program Files\Windows Mail
2016-05-04 01:43:36 ----D---- C:\Program Files\Windows Journal
2016-05-04 01:43:35 ----HD---- C:\Program Files\Uninstall Information
2016-05-04 01:43:33 ----D---- C:\Program Files\Reference Assemblies
2016-05-04 01:43:33 ----D---- C:\Program Files\Realtek
2016-05-04 01:43:32 ----D---- C:\Program Files\MSBuild
2016-05-04 01:41:43 ----D---- C:\Program Files\Internet Explorer
2016-05-04 01:41:37 ----D---- C:\Program Files\Intel
2016-05-04 01:41:37 ----D---- C:\Program Files\DIFX
2016-05-04 01:41:35 ----D---- C:\Program Files\Common Files\System
2016-05-04 01:41:35 ----D---- C:\Program Files\Common Files\Services
2016-05-04 01:41:35 ----D---- C:\Program Files\Common Files\QCA_Bluetooth
2016-05-04 01:41:22 ----D---- C:\Program Files\Common Files\microsoft shared
2016-05-04 01:41:21 ----D---- C:\Program Files\Common Files
2016-05-04 01:41:21 ----D---- C:\Program Files\CCleaner
2016-05-04 01:41:13 ----D---- C:\Program Files\Acer
2016-05-04 01:41:13 ----D---- C:\PerfLogs
2016-05-04 01:40:17 ----HD---- C:\OEM
2016-05-04 01:40:16 ----HD---- C:\Intel
2016-05-04 01:40:16 ----D---- C:\AcerCloud
2016-05-04 01:38:35 ----HD---- C:\$WINDOWS.~BT
2016-05-01 23:23:56 ----RD---- C:\Users
2016-04-30 09:04:23 ----D---- C:\WINDOWS\ModemLogs
2016-04-28 23:08:01 ----A---- C:\WINDOWS\PTP.txt
2016-04-17 15:32:09 ----D---- C:\Program Files (x86)\Microsoft.NET
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 BTATH_BUS;@oem16.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\WINDOWS\System32\drivers\btath_bus.sys [2014-02-26 35016]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\WINDOWS\system32\DRIVERS\vwififlt.sys [2013-08-22 71680]
R3 athr;@oem15.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\system32\DRIVERS\athwbx.sys [2014-02-14 3888640]
R3 BtFilter;BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [2014-02-26 598216]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2014-10-29 81920]
R3 iaioi2c;@oem2.inf,%Driver_Service.Desc%;I2C Controller Service; C:\WINDOWS\System32\drivers\iaioi2ce.sys [2013-11-11 67584]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2014-03-07 3729920]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2014-03-25 3903320]
R3 IntcDAud;@oem8.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2014-03-07 450520]
R3 iwdbus;@oem11.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2014-03-01 27032]
R3 LMDriver;@oem20.inf,%LMDriver.SVCDESC%;Launch Manager Wireless Driver; C:\WINDOWS\System32\drivers\LMDriver.sys [2013-07-17 21360]
R3 RadioShim;@oem20.inf,%RadioShim.SVCDESC%;Shim for HID-KMDF Interface layer; C:\WINDOWS\System32\drivers\RadioShim.sys [2013-07-17 14680]
R3 RTL8168;@oem12.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [2013-12-18 839896]
R3 SynRMIHID;@oem14.inf,%SynRMIHID.SVCDESC%;Synaptics HID Service; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [2014-02-19 42224]
R3 TXEIx64;@oem13.inf,%TEE_SvcDesc%;Intel(R) Trusted Execution Engine Interface ; C:\WINDOWS\System32\drivers\TXEIx64.sys [2014-01-15 88592]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2014-06-21 212736]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\WINDOWS\system32\DRIVERS\vwifimp.sys [2013-08-22 36864]
S1 MpKsle78c5e0d;MpKsle78c5e0d; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C08C38EE-DA72-4A19-99E8-173558D88AD8}\MpKsle78c5e0d.sys []
S3 AthBTPort;@oem19.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\WINDOWS\system32\DRIVERS\btath_flt.sys [2014-02-26 89800]
S3 BCM43XX;@netbc64.inf,%BCM43XX_Service_DispName%;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [2013-07-01 8536752]
S3 BTATH_A2DP;@oem18.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\WINDOWS\system32\drivers\btath_a2dp.sys [2014-02-26 355528]
S3 btath_avdt;@oem18.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\WINDOWS\system32\drivers\btath_avdt.sys [2014-02-26 118984]
S3 BTATH_HCRP;@oem21.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\WINDOWS\System32\drivers\btath_hcrp.sys [2014-02-26 179432]
S3 BTATH_LWFLT;@oem23.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [2014-02-26 77464]
S3 BTATH_RCP;@oem25.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\WINDOWS\System32\drivers\btath_rcp.sys [2014-02-26 137928]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2014-10-29 53248]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [2014-03-18 226304]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2015-07-10 118272]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2015-05-11 1201664]
S3 dg_ssudbus;@oem36.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 GPIO;@oem1.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\WINDOWS\System32\drivers\iaiogpioe.sys [2013-11-11 31232]
S3 intaud_WaveExtensible;@oem10.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2014-03-01 38296]
S3 nmwcd;@oem27.inf,%MFG% %SVC%;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmbx64.sys [2013-01-23 19968]
S3 nmwcdc;@oem32.inf,%MFG% %SVC%;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbox64.sys [2013-01-23 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2015-01-30 167424]
S3 RSUSBVSTOR;@oem7.inf,%RSUSBVSTOR.SvcDesc%;RtsUVStor.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RtsUVStor.sys [2013-11-01 330456]
S3 ssudmdm;@oem37.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltx64.sys [2013-01-23 9216]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2014-10-29 44544]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2013-08-22 33280]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltjx64.sys [2013-01-23 9216]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-14 82128]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [2014-02-26 319104]
R2 CCDMonitorService;CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2014-01-17 2797312]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2016-04-29 2911464]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2014-03-18 282096]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-02 733696]
R2 LMSvc;Launch Manager Service; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [2014-03-17 459496]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2012-04-24 254512]
R2 TeamViewer;TeamViewer 11; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-05-02 7031056]
R3 ePowerSvc;ePower Service; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2014-03-21 2573544]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2014-03-18 43696]
R3 QASvc;Quick Access Service; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [2014-03-22 457960]
R3 RMSvc;Quick Access RadioMgr Service; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [2014-03-22 449768]
R3 UEIPSvc;User Experience Improvement Program; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [2014-01-25 222952]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-24 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-03-23 327808]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2014-03-18 279024]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-24 144200]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-02 822232]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2016-04-28 242736]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Dočistění po viru TeslaCrypt
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.:files
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\!RecoveR!*
C:\ProgramData\853B4E35F67E.dat
:reg
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?