Kontrola - spouštění v sandboxu Vyřešeno

[Martab]

aswNBR
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-01-17 10:26:43
-----------------------------
10:26:43.116 OS Version: Windows x64 6.1.7601 Service Pack 1
10:26:43.116 Number of processors: 4 586 0x2505
10:26:43.131 ComputerName: LENOVO-X201 UserName: Lenovo
10:26:43.459 Initialize success
10:26:43.474 VM: initialized successfully
10:26:43.474 VM: Intel CPU supported
10:27:56.432 VM: supported disk I/O iaStor.sys
10:28:18.117 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:28:18.117 Disk 0 Vendor: KINGSTON SAFM Size: 114473MB BusType: 3
10:28:18.133 VM: Disk 0 MBR read successfully
10:28:18.133 Disk 0 MBR scan
10:28:18.149 Disk 0 Windows 7 default MBR code
10:28:18.149 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:28:18.149 Disk 0 default boot code
10:28:18.149 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114372 MB offset 206848
10:28:18.180 Disk 0 scanning C:\Windows\system32\drivers
10:28:19.599 Service scanning
10:28:23.156 Modules scanning
10:28:23.655 Disk 0 trace - called modules:
10:28:23.655 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
10:28:23.655 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065d5060]
10:28:23.655 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa8004173e40]
10:28:23.671 5 ACPI.sys[fffff88000f0f7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004172050]
10:28:23.671 Disk 0 statistics 83612/0/18 @ 59,35 MB/s
10:28:23.671 Scan finished successfully
10:29:24.729 Disk 0 MBR has been saved successfully to "C:\Users\Lenovo\Desktop\MBR.dat"
10:29:24.729 The log file has been saved successfully to "C:\Users\Lenovo\Desktop\aswMBR.txt"


A na začátku to ještě vyhodilo ještě toto, dal jsem ano.

A po provedení těchto odstranění/testů mi po chvilce začne 'svchost.exe (netsvcs)' vytěžovat 2 jádra na 50% a sežere si zhruba 20% RAMky... (to předtím nedělalo)

[Reklama]

[Orcus]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

====================================================

Vyčisti systém CCleanerem

====================================================

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

[Martab]

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-01-2015
Ran by Lenovo (administrator) on LENOVO-X201 (17-01-2016 18:57:36)
Running from D:\
Loaded Profiles: Lenovo (Available Profiles: Lenovo)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(troubadix) C:\Program Files\TPFanControl\TPFanControl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Mega Limited) C:\ProgramData\MEGAsync\MEGAsync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPFanControl] => C:\Program Files\TPFanControl\TPFanControl.exe [154624 2015-09-25] (troubadix)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-10-07]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited)
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{52934310-A8F0-4C05-8CB8-81CDC6D3F0D4}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4018893206-1063525311-1145538875-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-4018893206-1063525311-1145538875-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VLC Media Player\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.3.0.5416280\npmathplugin.dll [2015-11-03] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-10-21] (Comodo Security Solutions, Inc.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2015-09-25] (Lenovo.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-10-21] (Comodo Security Solutions, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] ()
R2 QDLService2kLenovo; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [1688384 2015-09-25] (QUALCOMM, Inc.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2015-11-05] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2015-10-21] (Windows (R) Win 7 DDK provider) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 qcfilterlno2k; C:\Windows\System32\DRIVERS\qcfilterlno2k.sys [6400 2015-09-25] (QUALCOMM Incorporated)
R3 qcusbnetlno2k; C:\Windows\System32\DRIVERS\qcusbnetlno2k.sys [444416 2015-09-25] (QUALCOMM Incorporated)
R3 qcusbserlno2k; C:\Windows\System32\DRIVERS\qcusbserlno2k.sys [231040 2011-05-23] (QUALCOMM Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Users\Lenovo\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 cpuz138; \??\C:\Users\Lenovo\AppData\Local\Temp\CPU-ZPortableTemp\cpuz138\cpuz138_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-17 18:57 - 2016-01-17 18:57 - 00000000 ___DC C:\FRST
2016-01-17 18:56 - 2016-01-17 18:56 - 00008346 ____C C:\Users\Lenovo\Desktop\cc_20160117_185643.reg
2016-01-17 10:26 - 2016-01-17 10:24 - 05200384 ____C (AVAST Software) C:\Users\Lenovo\Desktop\aswmbr.exe
2016-01-17 10:26 - 2016-01-15 09:50 - 00388608 ____C (Trend Micro Inc.) C:\Users\Lenovo\Desktop\HijackThis.exe
2016-01-16 11:48 - 2009-04-20 05:56 - 00060416 ____C (NirSoft) C:\Windows\NIRCMD.exe
2016-01-16 11:43 - 2016-01-16 11:43 - 00003290 ____C C:\Windows\System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}
2016-01-16 10:35 - 2016-01-17 18:54 - 00000000 ___DC C:\Windows\erdnt
2016-01-15 15:33 - 2016-01-15 19:27 - 00000000 ___DC C:\ProgramData\RogueKiller
2016-01-15 11:14 - 2016-01-15 11:14 - 00000000 ___DC C:\ProgramData\Malwarebytes
2016-01-11 13:36 - 2016-01-11 13:36 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-17 18:57 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows
2016-01-17 18:56 - 2015-12-15 19:09 - 00000560 ____C C:\Windows\Tasks\MATLAB R2015a Startup Accelerator.job
2016-01-17 18:56 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\inf
2016-01-17 18:55 - 2009-07-14 06:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2016-01-17 18:50 - 2015-10-09 20:38 - 00007604 ____C C:\Users\Lenovo\AppData\Local\Resmon.ResmonCfg
2016-01-17 10:41 - 2009-07-14 05:45 - 00021520 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-17 10:41 - 2009-07-14 05:45 - 00021520 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-17 10:38 - 2011-04-12 09:34 - 00721884 ____C C:\Windows\system32\perfh005.dat
2016-01-17 10:38 - 2011-04-12 09:34 - 00203554 ____C C:\Windows\system32\perfc005.dat
2016-01-17 10:38 - 2009-07-14 06:13 - 01700918 ____C C:\Windows\system32\PerfStringBackup.INI
2016-01-17 10:25 - 2015-09-25 11:31 - 00000000 ___DC C:\Users\Lenovo\AppData\Local\VirtualStore
2016-01-17 10:19 - 2009-07-14 03:34 - 00000215 ____C C:\Windows\system.ini
2016-01-17 10:18 - 2009-07-14 03:34 - 73924608 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-01-17 10:18 - 2009-07-14 03:34 - 44040192 _____ C:\Windows\system32\config\components.bak
2016-01-17 10:18 - 2009-07-14 03:34 - 17825792 _____ C:\Windows\system32\config\SYSTEM.bak
2016-01-17 10:18 - 2009-07-14 03:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2016-01-17 10:18 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2016-01-17 10:18 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2016-01-17 10:17 - 2015-10-12 19:03 - 00000000 __RDC C:\Program Files (x86)\Skype
2016-01-16 21:50 - 2015-09-27 08:02 - 00000958 ____C C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-01-16 11:44 - 2015-09-25 12:35 - 00000000 ___DC C:\Program Files\COMODO
2016-01-16 11:44 - 2015-09-25 12:34 - 00000000 ___DC C:\ProgramData\Comodo
2016-01-16 11:43 - 2015-09-25 12:35 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2016-01-16 10:46 - 2015-09-25 11:30 - 00000000 ___DC C:\Users\Lenovo
2016-01-16 10:45 - 2015-10-06 06:26 - 00000000 ___DC C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2016-01-16 10:45 - 2015-09-25 11:44 - 00000000 __HDC C:\Windows\system32\WLANProfiles
2016-01-16 10:45 - 2015-09-25 11:43 - 00000000 ___DC C:\ProgramData\Package Cache
2016-01-16 10:45 - 2009-07-14 04:20 - 00000000 __HDC C:\Windows\system32\GroupPolicy
2016-01-16 10:45 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\GroupPolicy
2016-01-16 10:45 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\registration
2016-01-15 15:25 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Cursors
2016-01-15 09:24 - 2015-09-25 12:32 - 00003852 ____C C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1443180754
2016-01-15 09:24 - 2015-09-25 12:31 - 00000000 ___DC C:\Program Files (x86)\Opera
2016-01-13 21:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-01-13 20:48 - 2015-09-25 18:17 - 00003886 ____C C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 20:48 - 2015-09-25 18:16 - 00002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-13 14:30 - 2015-09-27 16:12 - 00000000 ___DC C:\Hry
2016-01-12 22:42 - 2015-10-12 19:03 - 00000000 ___DC C:\Users\Lenovo\AppData\Roaming\Skype
2016-01-11 13:36 - 2015-10-12 19:03 - 00002731 ____C C:\Users\Public\Desktop\Skype.lnk
2016-01-11 13:36 - 2015-10-12 19:03 - 00000000 ___DC C:\ProgramData\Skype
2016-01-11 13:33 - 2015-10-26 19:06 - 00000000 ___DC C:\Users\Lenovo\Documents\MATLAB
2016-01-05 12:58 - 2015-09-26 11:10 - 00000000 __RDC C:\Users\Lenovo\Documents\MEGA
2015-12-28 09:42 - 2015-11-29 09:01 - 00000000 ___DC C:\Users\Lenovo\Documents\CodeLite
2015-12-28 09:37 - 2015-11-28 09:28 - 00000000 ___DC C:\Users\Lenovo\AppData\Roaming\codelite
2015-12-28 08:49 - 2015-09-27 13:02 - 00000000 ___DC C:\Users\Lenovo\AppData\Roaming\vlc

==================== Files in the root of some directories =======

2015-10-31 08:49 - 2015-10-31 08:49 - 0001480 ____C () C:\Users\Lenovo\AppData\Local\Adobe Uložit pro web 12.0 Prefs
2015-10-28 08:46 - 2015-10-31 09:16 - 1065984 ____C () C:\Users\Lenovo\AppData\Local\file__0.localstorage
2015-10-09 20:38 - 2016-01-17 18:50 - 0007604 ____C () C:\Users\Lenovo\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-13 21:09

==================== End of FRST.txt ============================

[Martab]

Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-01-2015
Ran by Lenovo (2016-01-17 18:58:00)
Running from D:\
Windows 7 Professional Service Pack 1 (X64) (2015-09-25 10:30:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4018893206-1063525311-1145538875-500 - Administrator - Disabled)
Guest (S-1-5-21-4018893206-1063525311-1145538875-501 - Limited - Disabled)
Lenovo (S-1-5-21-4018893206-1063525311-1145538875-1000 - Administrator - Enabled) => C:\Users\Lenovo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Age of Empires II HD (c) Microsoft Studios version 1 (HKLM-x32\...\QWdlIG9mIEVtcGlyZXMgSUkgSEQgKGMpIE1pY3Jvc29mdCBTdHVkaW9z_is1) (Version: 1 - )
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{a9888f41-68ae-43df-bd7d-d93405a44106}) (Version: 17.13.11 - Intel Corporation)
CodeLite (HKLM-x32\...\CodeLite_is1) (Version: 9.0.0 - Eran Ifrah)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
GeekBuddy (HKLM\...\{7F2FC210-A909-4E0E-AF4E-8E9AF72F4C7F}) (Version: 4.22.150 - Comodo Security Solutions Inc)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.20 - Lenovo)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0013 - Lenovo)
MATLAB R2015aSP1 (HKLM\...\Matlab R2015aSP1) (Version: 8.5.1 - MathWorks)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
Opera Stable 34.0.2036.47 (HKLM-x32\...\Opera 34.0.2036.47) (Version: 34.0.2036.47 - Opera Software)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.67.5 - Lenovo Group Limited)
Qualcomm Gobi 2000 Package for Lenovo (HKLM-x32\...\{666C9123-1AEC-446F-8AA8-28256B1953D4}) (Version: 1.1.250 - QUALCOMM)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
scilab-5.5.2 (64-bit) (HKLM\...\scilab-5.5.2 (64-bit)_is1) (Version: - Scilab Enterprises)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.106 - Skype Technologies S.A.)
TDM-GCC (HKLM-x32\...\TDM-GCC) (Version: 1.1309.0 - TDM)
Texmaker (HKLM-x32\...\Texmaker) (Version: - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage GPS (HKLM-x32\...\{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}) (Version: 2.81 - Lenovo)
TPFanControl v0.62 (HKLM\...\{717F5741-5C2E-4469-BDA0-B5EC2243646F}_is1) (Version: - troubadix)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wolfram Extras 10.3 (5416280) (HKLM\...\A-WIN-Extras 10.3.0 5416280_is1) (Version: 10.3.0 - Wolfram Research, Inc.)
Wolfram Mathematica 10.3 (M-WIN-L 10.3.0 5416318) (HKLM\...\M-WIN-L 10.3.0 5416318_is1) (Version: 10.3.0 - Wolfram Research, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {17DFD97D-9770-4719-9D22-6CAEF00FF8F9} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-11-05] ()
Task: {2153A983-F9D5-4DC2-AA32-29E10BA8DC8E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-01-13] (Adobe Systems Incorporated)
Task: {3F7469D8-5611-41ED-A8E8-B23019FB3AD5} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cis3F60.exe <==== ATTENTION
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5CD5CF79-FAE2-451A-959B-7769E45CFB80} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2015-09-25] (Lenovo Group Limited)
Task: {8E508A18-E758-4A08-9CB8-2B1A99EB17B1} - System32\Tasks\Opera scheduled Autoupdate 1443180754 => C:\Program Files (x86)\Opera\launcher.exe [2016-01-15] (Opera Software)
Task: {90B81971-DB50-42BA-872D-362AB1BE6AC8} - System32\Tasks\MATLAB R2015a Startup Accelerator => C:\Program Files\MATLAB\R2015aSP1\bin\win64\MATLABStartupAccelerator.exe [2015-12-15] ()
Task: {9C6C18A1-9B90-4AFE-B9DC-854BA171E9B9} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {D3628E7A-86F1-43EA-B023-5974298705FC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_228_pepper.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {F8EB1291-F1B9-4116-8F48-4407FC5D899D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-09-25] (Lenovo)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_228_pepper.exe
Task: C:\Windows\Tasks\MATLAB R2015a Startup Accelerator.job => C:\Program Files\MATLAB\R2015aSP1\bin\win64\MATLABStartupAccelerator.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-04 12:04 - 2015-10-06 06:25 - 00032776 ____C () C:\Windows\System32\ssj1mlm.dll
2014-05-01 15:13 - 2014-05-01 15:13 - 00470016 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll
2015-09-25 17:30 - 2015-09-25 17:30 - 00105472 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2013-02-19 12:43 - 2013-02-19 12:43 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-12-16 06:27 - 2015-12-16 06:27 - 00052224 ____C () C:\ProgramData\MEGAsync\cares.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\PWMBTHLV.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\splwow64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system\TVicPort.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ambakdrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ammntdrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\amwrtdrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CX64AQ17.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dcsx_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\difx64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\e1kmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eed_ec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eed_sl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gfxSrvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GfxUI.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hccutils.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hkcmd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ibmpmctl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ibmpmsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IEUDINIT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ig4icd64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igd10umd64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igdumd64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxcmjit64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxcmrt64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxCoIn_v2622.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxdev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IGFXDEVLib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxdo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxexps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxext.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxpers.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxpph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrara.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrchs.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrcht.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrcsy.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrdan.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrdeu.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrell.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrenu.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxresn.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxress.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrfin.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrfra.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrheb.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrhrv.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrhun.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrita.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrjpn.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrkor.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrnld.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrnor.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrplk.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrptb.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrptg.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrrom.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrrus.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrsky.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrslv.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrsve.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrtha.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxrtrk.lrc:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxsrvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxsrvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxTMM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\igfxtray.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iologmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NicCo36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NicInstK.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PROUnstl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PWMCP64V.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpendp_winip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SBuySupplies.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ssj1mci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ssj1mci.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ssj1mlm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SynCOM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SynTPAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SynTPCo14.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tpinspm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UCI64A52.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wdfres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\esent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icardagt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\icardres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ig4icd32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\igd10umd32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\igdumd32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\igdumdx32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\igfxcmjit32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\igfxcmrt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\igfxdv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\igfxexps32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\infocardapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iologmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msjava.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpendp_winip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SynCOM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SynTPCOM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WISPTIS.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\amdsata.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\amdxata.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bthport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\BTHUSB.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\CFRMD.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\CHDRT64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\e1k62x64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fs_rec.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fvevol.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\HECIx64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\iaStor.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\iaStorV.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ibmpmdrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\igdkmd64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\monitor.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvraid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvstor.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\qcfilterlno2k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\qcusbnetlno2k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\smiifx64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\SynTP.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tdtcp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TPPWR64V.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbGD.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TVicPort64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdfLdr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\Users\Lenovo\Desktop\Momenty_setrvacnosti.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Lenovo\Desktop\Tahák-na-písemku-2.docx:$CmdZnID
AlternateDataStreams: C:\Users\Lenovo\Desktop\Tahák-na-písemku.docx:$CmdZnID
AlternateDataStreams: C:\Users\Lenovo\Downloads\140_VYPRM 04.doc:$CmdZnID
AlternateDataStreams: C:\Users\Lenovo\Downloads\4-VNNF.doc:$CmdZnID
AlternateDataStreams: C:\Users\Lenovo\Downloads\BackupperFull.exe:$CmdTcID
AlternateDataStreams: C:\Users\Lenovo\Downloads\BackupperFull.exe:$CmdZnID
AlternateDataStreams: C:\Users\Lenovo\Downloads\dxwebsetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Lenovo\Downloads\dxwebsetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Lenovo\Downloads\English_File_Intermediate_Plus_3e_Tests_www.frenglish.ru.rar:$CmdZnID
AlternateDataStreams: C:\Users\Lenovo\Downloads\KlaDvojnyInt_ResPr.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Lenovo\Downloads\Limita fce.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Lenovo\Downloads\List_of_critical_CO2_vehicles_model_year_2016.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Lenovo\Downloads\Matlab - 3) specialni 2D,3D grafy POLAR, COMPASS, FEATHER a priklady .ppt:$CmdZnID
AlternateDataStreams: C:\Users\Lenovo\Downloads\MATLABzaklady.rtf:$CmdZnID
AlternateDataStreams: C:\Users\Lenovo\Downloads\pisemka.m:$CmdZnID
AlternateDataStreams: C:\Users\Lenovo\Downloads\PlosnyIntegral2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Lenovo\Downloads\tabulky_1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Lenovo\Downloads\X201UserGuide.pdf:$CmdZnID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-01-17 10:19 - 00000027 ___AC C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4018893206-1063525311-1145538875-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Fax => 3
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: EEDSpeedLauncher => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5B552C3A-BECC-4D0F-80BB-F619AFFFF8FB}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{AA373A12-8083-4E5C-8D6E-F3781980EFE7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0F851554-D6D7-47CB-BBA0-AB5E161A105C}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{4B3E2250-E18E-4FA7-9784-8E04AD85436B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe

==================== Restore Points =========================

17-01-2016 18:54:30 ComboFix created restore point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2016 06:55:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2016 10:33:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2016 10:22:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2016 10:19:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2016 10:11:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2016 01:32:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2016 01:22:10 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Windows\system32\wbem\wmiprvse.exe; Popis = ComboFix created restore point; Chyba = 0x8007043c).

Error: (01/16/2016 01:22:10 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007043c, Tuto službu nelze spustit v nouzovém režimu.
.


Operace:
Vytvoření instance serveru VSS

Error: (01/16/2016 01:22:10 PM) (Source: VSS) (EventID: 18) (User: )
Description: Chyba služby Stínová kopie svazku: Server COM s identifikátorem CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} a názvem IVssCoordinatorEx2 nelze spustit v nouzovém režimu.
Službu Stínová kopie svazku nelze spustit v nouzovém režimu. [0x8007043c, Tuto službu nelze spustit v nouzovém režimu.
]


Operace:
Vytvoření instance serveru VSS

Error: (01/16/2016 01:21:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/17/2016 06:55:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom

Error: (01/17/2016 10:33:52 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom

Error: (01/17/2016 10:22:27 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom

Error: (01/17/2016 10:19:07 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom

Error: (01/17/2016 10:18:29 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (01/17/2016 10:18:20 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (01/17/2016 10:17:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba COMODO Chromodo Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/17/2016 10:17:42 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (01/17/2016 10:17:42 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.

Error: (01/17/2016 10:17:42 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\ComboFix\catchme.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.


CodeIntegrity:
===================================
Date: 2016-01-17 10:17:42.301
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-17 10:17:42.285
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-17 10:17:42.254
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-17 10:17:42.223
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-17 10:14:39.827
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-17 10:14:39.796
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-17 10:14:39.765
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-17 10:14:39.734
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-16 11:52:19.748
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-16 11:52:19.717
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 35%
Total physical RAM: 3891.67 MB
Available physical RAM: 2528.8 MB
Total Virtual: 7781.54 MB
Available Virtual: 6398.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:66.47 GB) NTFS
Drive d: (FLASH DISK) (Removable) (Total:0.48 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 111.8 GB) (Disk ID: 75F47FDF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 492 MB) (Disk ID: 0027CE08)
Partition 1: (Not Active) - (Size=492 MB) - (Type=0C)

==================== End of Addition.txt ============================

Kód: Vybrat vše

ComboFix odinstalován, promazáno přes CCC, ale 'svchost.exe (netsvcs)' furt vytěžuje CPU i RAM...

[jaro3]

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4018893206-1063525311-1145538875-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Users\Lenovo\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 cpuz138; \??\C:\Users\Lenovo\AppData\Local\Temp\CPU-ZPortableTemp\cpuz138\cpuz138_x64.sys [X]
Task: {2153A983-F9D5-4DC2-AA32-29E10BA8DC8E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-01-13] (Adobe Systems Incorporated)
Task: {3F7469D8-5611-41ED-A8E8-B23019FB3AD5} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cis3F60.exe <==== ATTENTION

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\ProgramData\MEGAsync\ShellExtX64.dll
C:\ProgramData\MEGAsync\ShellExtX32.dll
C:\ProgramData\MEGAsync\cares.dll
C:\Windows\system32\ammntdrv.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/


Stáhni si Memtest:

Políčko , ve kterém je napsáno:
All unused RAM -ponech , jak je.
-dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.


Ještě zkontrolovat HDD na chyby ,popř. zkusit jeho defragmentaci ..


Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

[Martab]

FRST

Fix result of Farbar Recovery Scan Tool (x64) Version:17-01-2015
Ran by Lenovo (2016-01-18 09:59:50) Run:1
Running from C:\Users\Lenovo\Desktop
Loaded Profiles: Lenovo (Available Profiles: Lenovo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4018893206-1063525311-1145538875-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Users\Lenovo\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 cpuz138; \??\C:\Users\Lenovo\AppData\Local\Temp\CPU-ZPortableTemp\cpuz138\cpuz138_x64.sys [X]
Task: {2153A983-F9D5-4DC2-AA32-29E10BA8DC8E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-01-13] (Adobe Systems Incorporated)
Task: {3F7469D8-5611-41ED-A8E8-B23019FB3AD5} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cis3F60.exe <==== ATTENTION

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-4018893206-1063525311-1145538875-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
catchme => service removed successfully
cpuz136 => service removed successfully
cpuz138 => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2153A983-F9D5-4DC2-AA32-29E10BA8DC8E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2153A983-F9D5-4DC2-AA32-29E10BA8DC8E}" => key removed successfully
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3F7469D8-5611-41ED-A8E8-B23019FB3AD5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F7469D8-5611-41ED-A8E8-B23019FB3AD5}" => key removed successfully
C:\Windows\System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}" => key removed successfully
EmptyTemp: => 251.6 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 09:59:52 ====

[Martab]

https://www.virustotal.com/cs/file/f12b ... 453108806/
https://www.virustotal.com/cs/file/c2b3 ... 453108998/
https://www.virustotal.com/cs/file/d401 ... 453109139/

http://r.virscan.org/report/f24efb93b7b ... 354955a925
http://r.virscan.org/report/94296f25dea ... f021586259
http://r.virscan.org/report/a621499954e ... ad058c00da

Soubor C:\Windows\system32\ammntdrv.sys tam nemám...

[Martab]

Memtest běží, ale počítám, že bude v pohodě, dělal jsme ho nedávno (teda při nabootování z CD) a SSD vidím taky jako OK, ale pro jistotu, kdybych něco přehlídl

CDI log
----------------------------------------------------------------------------
CrystalDiskInfo 6.5.2 (C) 2008-2015 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Professional SP1 [6.1 Build 7601] (x64)
Date : 2016/01/18 10:42:50

-- Controller Map ----------------------------------------------------------
+ Intel(R) 5 Series 6 Port SATA AHCI Controller [ATA]
- KINGSTON SHSS37A120G

-- Disk List ---------------------------------------------------------------
(1) KINGSTON SHSS37A120G : 120,0 GB [0/0/0, pd1]

----------------------------------------------------------------------------
(1) KINGSTON SHSS37A120G
----------------------------------------------------------------------------
Model : KINGSTON SHSS37A120G
Firmware : SAFM00.r
Serial Number : 50026B725A0BC9B4
Disk Size : 120,0 GB (8,4/120,0/120,0/120,0)
Buffer Size : 6076 KB
Queue Depth : 32
# of Sectors : 234441648
Rotation Rate : ---- (SSD)
Interface : Serial ATA
Major Version : ACS-2
Minor Version : ----
Transfer Mode : SATA/300 | SATA/600
Power On Hours : 72 hod.
Power On Count : 127 krát
Temperature : 32 C (89 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ, TRIM
APM Level : 00FEh [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _50 000000000000 Počet chyb čtení
02 100 100 _50 000000000000 Průchodnost disku
03 100 100 _50 000000000000 Čas na roztočení ploten
05 100 100 _50 000000000000 Počet přemapovaných sektorů
07 100 100 _50 000000000000 Počet chybných hledání
08 100 100 _50 000000000000 Čas potřebný na vyhledání
09 100 100 __0 000000000048 Hodin v činnosti
0C 100 100 __0 00000000007F Počet cyklů zapnutí zařízení
A8 100 100 __0 000000000000 Specifický pro výrobce
AA 100 100 _10 000000000100 Specifický pro výrobce
AD 100 100 __0 00000002000D Specifický pro výrobce
AF 100 100 _50 000000000000 Specifický pro výrobce
B7 100 100 100 0000000D0002 Specifický pro výrobce
BB 100 100 __0 000000000000 Specifický pro výrobce
C0 100 100 __0 000000000006 Unsafe Shutdown Count
C2 _68 _61 _30 002700100020 Teplota
C4 100 100 _10 000000000000 Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C7 100 100 _50 000000000000 Specifický pro výrobce
DA 100 100 _50 000000000000 Specifický pro výrobce
E7 100 100 __0 000000000064 Specifický pro výrobce
E9 100 100 __0 00000000011A Specifický pro výrobce
F0 100 100 __0 000000000000 Specifický pro výrobce
F1 100 100 __0 0000000000CE Total Host Writes
F2 100 100 __0 000000000218 Total Host Reads
F4 100 100 __0 000000000002 Specifický pro výrobce
F5 100 100 __0 00000000000D Specifický pro výrobce
F6 100 100 __0 000000015D00 Specifický pro výrobce

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 3530 3032 3642 3732 3541 3042 4339 4234 2020 2020
020: 0000 2F78 0000 5341 464D 3030 2E72 4B49 4E47 5354
030: 4F4E 2053 4853 5333 3741 3132 3047 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0000 0000 0007 3FFF 0010 003F FC10 00FB 0110
060: 4BB0 0DF9 0000 0007 0003 0078 0078 0078 0078 5F20
070: 0000 0000 0000 0000 0000 001F E70E 0004 004C 00CC
080: 03F8 0000 746B 7D09 4063 7469 BC09 4063 407F 0001
090: 0001 00FE FFFE 0000 0000 0000 0000 0000 0000 0000
100: 4BB0 0DF9 0000 0000 0000 0008 4000 0000 0000 0000
110: 0000 0000 0000 0000 0000 0000 0000 0000 0000 4019
120: 4019 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0001
170: 0000 0000 0003 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0BB8 0064 0000
190: 0080 0100 0AEF 0001 0000 0080 0000 0000 0000 0000
200: 0000 0000 9696 9595 9601 9696 0000 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 0001 0000 0000
220: 0000 0000 107F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 FFFF 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 2EA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 0B 00 64 64 00 00 00 00 00 00 00 02 05
010: 00 64 64 00 00 00 00 00 00 00 03 07 00 64 64 00
020: 00 00 00 00 00 00 05 13 00 64 64 00 00 00 00 00
030: 00 00 07 0B 00 64 64 00 00 00 00 00 00 00 08 05
040: 00 64 64 00 00 00 00 00 00 00 09 12 00 64 64 48
050: 00 00 00 00 00 00 0C 12 00 64 64 7F 00 00 00 00
060: 00 00 A8 12 00 64 64 00 00 00 00 00 00 00 AA 03
070: 00 64 64 00 01 00 00 00 00 00 AD 12 00 64 64 0D
080: 00 02 00 00 00 00 AF 13 00 64 64 00 00 00 00 00
090: 00 00 B7 12 00 64 64 02 00 0D 00 00 00 00 BB 12
0A0: 00 64 64 00 00 00 00 00 00 00 C0 12 00 64 64 06
0B0: 00 00 00 00 00 00 C2 23 00 44 3D 20 00 10 00 27
0C0: 00 00 C4 02 00 64 64 00 00 00 00 00 00 00 C5 32
0D0: 00 64 64 00 00 00 00 00 00 00 C7 0B 00 64 64 00
0E0: 00 00 00 00 00 00 DA 0B 00 64 64 00 00 00 00 00
0F0: 00 00 E7 13 00 64 64 64 00 00 00 00 00 00 E9 0B
100: 00 64 64 1A 01 00 00 00 00 00 F0 13 00 64 64 00
110: 00 00 00 00 00 00 F1 12 00 64 64 CE 00 00 00 00
120: 00 00 F2 12 00 64 64 18 02 00 00 00 00 00 F4 02
130: 00 64 64 02 00 00 00 00 00 00 F5 02 00 64 64 0D
140: 00 00 00 00 00 00 F6 12 00 64 64 00 5D 01 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 1E 00 00 5B
170: 03 00 01 00 01 02 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9D

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 32 00 64 64 00 00 00 00 00 00 00 02 32
010: 00 64 64 00 00 00 00 00 00 00 03 32 00 64 64 00
020: 00 00 00 00 00 00 05 32 00 64 64 00 00 00 00 00
030: 00 00 07 32 00 64 64 00 00 00 00 00 00 00 08 32
040: 00 64 64 00 00 00 00 00 00 00 09 00 00 64 64 00
050: 00 00 00 00 00 00 0C 00 00 64 64 00 00 00 00 00
060: 00 00 A8 00 00 64 64 00 00 00 00 00 00 00 AA 0A
070: 00 64 64 00 00 00 00 00 00 00 AD 00 00 64 64 00
080: 00 00 00 00 00 00 AF 32 00 64 64 00 00 00 00 00
090: 00 00 B7 64 00 64 64 00 00 00 00 00 00 00 BB 00
0A0: 00 64 64 00 00 00 00 00 00 00 C0 00 00 64 64 00
0B0: 00 00 00 00 00 00 C2 1E 00 64 64 00 00 00 00 00
0C0: 00 00 C4 0A 00 64 64 00 00 00 00 00 00 00 C5 00
0D0: 00 64 64 00 00 00 00 00 00 00 C7 32 00 64 64 00
0E0: 00 00 00 00 00 00 DA 32 00 64 64 00 00 00 00 00
0F0: 00 00 E7 00 00 64 64 00 00 00 00 00 00 00 E9 00
100: 00 64 64 00 00 00 00 00 00 00 F0 00 00 64 64 00
110: 00 00 00 00 00 00 F1 00 00 64 64 00 00 00 00 00
120: 00 00 F2 00 00 64 64 00 00 00 00 00 00 00 F4 00
130: 00 64 64 00 00 00 00 00 00 00 F5 00 00 64 64 00
140: 00 00 00 00 00 00 F6 00 00 64 64 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3B

[Martab]

Tak MemTest Ok, 0 chyb.

[jaro3]

Stáhni si z některého odkazu SystemLook
SystemLook (32-bit)
http://jpshortstuff.247fixes.com/SystemLook.exe

SystemLook (64-bit)
http://jpshortstuff.247fixes.com/SystemLook_x64.exe

a ulož si ho na plochu.

Poklepej na stažený SystemLook , zkopíruj do hlavního text. okna tento následující text:

Kód: Vybrat vše

:filefind
ammntdrv.sys.*



Klikni na Look ke startu skenu. Když program skončí objeví se v poznámkovém bloku zpráva skenu. Zkopíruj sem celý jeho obsah. Log se také nachází na ploše pod názvem SystemLook.txt.

Stáhni Kaspersky VRT
na svojí plochu.
Spusť program Kaspersky VRT, .Program se nainstaluje.
Potvrď licenci a klikni na „Start“ . Pokud program nabídne aktualizaci , klikni dole na na „Download Now“.
- Klikni na ozubené kolečko v pravém horním rohu. V okně vyber kromě již zatržených , svojí jednotku disku , pokud jich máš víc , můžeš zatrhnout všechny.
- zvol „Automatic Scan“ nahoře vlevo. a stiskni tlačítko „Start Scanning“
- Program začne skenovat zatržené jednotky

Zaškrtnuté :
Hidden startup objects
System Memory
Disk boot sectors
Počítač
Místní disk C

Nezašrkrtnuté:
Dokumenty
My email
Místní disk D
Jednotka DVD-Rom (E)
Jednotka BD-ROM (G)
Disketová jednotka
A jiné , např. Flash disky , které máš připojeny.

- povol programu Virus Removal Tool odstranit všechny nalezené infekce
- jakmile sken skončí ,zvol záložku „Report“ , vpravo nahoře (vedle ozubeného kolečka)
- klikni na „Detected Threads“ a klikni na obrázek diskety („Save“)
- ulož do počítače zprávu a vložit ji sem do příspěvku

[Martab]

SystemLook 30.07.11 by jpshortstuff
Log created at 15:36 on 18/01/2016 by Lenovo
Administrator - Elevation successful

========== filefind ==========

Searching for "ammntdrv.sys.*"
C:\Windows\System32\ammntdrv.sys --a--c- 151480 bytes [06:23 28/09/2015] [06:23 28/09/2015] 46014EDFDC8AF8733E14947448D122C5

-= EOF =-

Kaspersky VRT
Test projel bez nálezu, ale na konci vyhodil hlášku, že nemůže stáhnout databázi, tedy stahuju verzi přímo z jejich stránek (http://support.kaspersky.com/viruses/kvrt2015) a nechám projet

[Martab]

Tak Kaspersky nic nenalezl.