Kontrola - spouštění v sandboxu Vyřešeno

[jaro3]

Poklepej znovu na ikonu OTL by OldTimer, pod Vlastní skenování/opravy (Custom Scans/Fixes) vlož následující text , zeleně zbarvený:

Kód: Vybrat vše

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Neměň nastavení, jen klikni na Prohledat (Run Scan), nech sken dokončit. Až se se objeví textový soubor , tak sem vlož prosím jeho celý obsah.

[Reklama]

[Martab]

OTL logfile created on: 20.1.2016 10:13:28 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lenovo\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18097)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,80 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 48,30% Memory free
7,60 Gb Paging File | 5,00 Gb Available in Paging File | 65,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 64,71 Gb Free Space | 57,94% Space Free | Partition Type: NTFS

Computer Name: LENOVO-X201 | User Name: Lenovo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Lenovo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\34.0.2036.47\opera_crashreporter.exe (Opera Software)
PRC - C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe (QUALCOMM, Inc.)
PRC - C:\Program Files\TPFanControl\TPFanControl.exe (troubadix)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Opera\34.0.2036.47\opera.dll ()
MOD - C:\Program Files (x86)\Opera\34.0.2036.47\libGLESv2.dll ()
MOD - C:\Program Files (x86)\Opera\34.0.2036.47\libEGL.dll ()
MOD - C:\ProgramData\MEGAsync\ShellExtX32.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (TPHKLOAD) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV:64bit: - (CmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (cmdvirth) -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe (COMODO)
SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV:64bit: - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe ()
SRV - (GeekBuddyRSP) -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
SRV - (CLPSLauncher) -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.)
SRV - (QDLService2kLenovo) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe (QUALCOMM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (CFRMD) -- C:\Windows\SysNative\drivers\CFRMD.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (qcfilterlno2k) -- C:\Windows\SysNative\drivers\qcfilterlno2k.sys (QUALCOMM Incorporated)
DRV:64bit: - (qcusbnetlno2k) -- C:\Windows\SysNative\drivers\qcusbnetlno2k.sys (QUALCOMM Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (TVicPort64) -- C:\Windows\SysNative\drivers\TVicPort64.sys (EnTech Taiwan)
DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwsw00.sys (Intel Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (qcusbserlno2k) -- C:\Windows\SysNative\drivers\qcusbserlno2k.sys (QUALCOMM Incorporated)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files\VLC Media Player\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.3.0.5416280\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2016.01.17 10:19:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [TPFanControl] C:\Program Files\TPFanControl\TPFanControl.exe (troubadix)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - Startup: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk = C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutorun = 158
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52934310-A8F0-4C05-8CB8-81CDC6D3F0D4}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD2639F4-1B4C-4126-95AE-4E81A2AD8904}: DhcpNameServer = 192.168.200.4 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2016.01.20 09:30:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2016.01.20 09:28:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lenovo\Desktop\OTL.exe
[2016.01.18 17:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2016.01.18 15:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2016.01.18 10:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2016.01.18 10:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Shared Space
[2016.01.17 18:55:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2016.01.16 11:48:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2016.01.16 10:35:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2016.01.15 18:48:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2016.01.15 15:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2016.01.15 11:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016.01.11 13:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2016.01.11 13:36:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2016.01.20 10:12:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016.01.20 10:12:30 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2016.01.20 09:39:32 | 000,021,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016.01.20 09:39:32 | 000,021,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016.01.20 09:37:13 | 001,702,212 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016.01.20 09:37:13 | 000,721,884 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2016.01.20 09:37:13 | 000,654,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016.01.20 09:37:13 | 000,204,610 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2016.01.20 09:37:13 | 000,122,336 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016.01.20 09:28:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lenovo\Desktop\OTL.exe
[2016.01.18 21:52:49 | 000,001,958 | ---- | M] () -- C:\Windows\SysNative\drivers\fvstore.dat
[2016.01.18 14:19:52 | 000,007,604 | ---- | M] () -- C:\Users\Lenovo\AppData\Local\Resmon.ResmonCfg
[2016.01.17 18:56:46 | 000,008,346 | ---- | M] () -- C:\Users\Lenovo\Desktop\cc_20160117_185643.reg
[2016.01.17 10:19:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2016.01.11 13:36:05 | 000,002,731 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2016.01.18 15:29:28 | 000,001,958 | ---- | C] () -- C:\Windows\SysNative\drivers\fvstore.dat
[2016.01.18 10:04:29 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2016.01.17 18:56:45 | 000,008,346 | ---- | C] () -- C:\Users\Lenovo\Desktop\cc_20160117_185643.reg
[2015.10.31 08:49:16 | 000,001,480 | ---- | C] () -- C:\Users\Lenovo\AppData\Local\Adobe Uložit pro web 12.0 Prefs
[2015.10.28 08:46:10 | 001,065,984 | ---- | C] () -- C:\Users\Lenovo\AppData\Local\file__0.localstorage
[2015.10.09 20:38:57 | 000,007,604 | ---- | C] () -- C:\Users\Lenovo\AppData\Local\Resmon.ResmonCfg
[2015.09.28 07:24:00 | 000,000,082 | ---- | C] () -- C:\Windows\SysWow64\winsevr.dat
[2015.09.25 12:04:06 | 001,714,080 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015.10.14 15:30:42 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015.10.14 15:30:42 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2010.01.26 23:29:28 | 000,028,797 | ---- | M] () MD5=4571E750E4A920D773511F50A2E62A20 -- C:\Program Files\MATLAB\R2015aSP1\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll

< MD5 for: IASTOR.SYS >
[2015.09.25 17:19:30 | 000,569,152 | ---- | M] (Intel Corporation) MD5=CCFA835960E35F30D28A868E0B3B8722 -- C:\Windows\SysNative\drivers\iaStor.sys
[2015.09.25 17:19:30 | 000,569,152 | ---- | M] (Intel Corporation) MD5=CCFA835960E35F30D28A868E0B3B8722 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_737bf5eb85b4c5c6\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2015.09.26 10:02:12 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2015.09.26 10:02:12 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2015.09.26 10:02:12 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2015.09.26 10:02:12 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2015.09.26 10:02:12 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2015.09.26 10:02:12 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2015.09.26 10:02:12 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2015.09.26 10:02:12 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xinput1_3.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xinput1_2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xinput1_1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAudio2_7.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAudio2_6.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAudio2_5.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAudio2_4.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAudio2_3.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAudio2_2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAudio2_1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAudio2_0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAPOFX1_5.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAPOFX1_4.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAPOFX1_3.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAPOFX1_2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAPOFX1_1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XAPOFX1_0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine3_7.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine3_6.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine3_5.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine3_4.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine3_3.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine3_2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine3_1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine3_0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine2_9.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine2_8.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine2_7.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine2_6.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine2_5.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine2_4.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine2_3.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine2_2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine2_10.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine2_1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\xactengine2_0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\X3DAudio1_7.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\X3DAudio1_6.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\X3DAudio1_5.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\X3DAudio1_4.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\X3DAudio1_3.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\X3DAudio1_2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\x3daudio1_1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\x3daudio1_0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WMPhoto.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wmi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wksprtPS.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WISPTIS.EXE:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WindowsCodecs.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wer.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\TsWpfWrp.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\SynTPCOM.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\SynCOM.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\rdpendp_winip.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\rdpcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\prevhost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\nshwfp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mstsc.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\MsRdpWebAccess.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msmpeg2vdec.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msjava.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDYAK.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDTAT.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDRU1.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDRU.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\KBDBASH.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\iologmsg.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\infocardapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\igfxexps32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\igfxdv32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\igfxcmrt32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\igfxcmjit32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\igdumdx32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\igdumd32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\igd10umd32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ig4icd32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\icardres.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\icardagt.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\FWPUCLNT.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\fsutil.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\FlashPlayerApp.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\explorer.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\esent.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\DWrite.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\drvinst.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\devrtl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\devobj.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DX9_43.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DX9_42.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DX9_41.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DX9_40.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DX9_39.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DX9_38.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DX9_37.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_36.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_35.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_34.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_33.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_31.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_30.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_29.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_28.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_27.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_26.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_25.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx9_24.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx11_43.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx11_42.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_43.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_42.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_41.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_40.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_39.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_38.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_37.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_36.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_35.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_34.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_33.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dcsx_43.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dcsx_42.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_43.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_42.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_41.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_40.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_39.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_38.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_37.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_36.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_35.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_34.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_33.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3d10warp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d2d1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\cfgmgr32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\System\TVicPort.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_737bf5eb85b4c5c6\iaStor.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\splwow64.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\PWMBTHLV.EXE:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\explorer.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Users\Lenovo\Desktop\OTL.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE:$CmdTcID
@Alternate Data Stream - 26 bytes -> C:\Users\Lenovo\Desktop\Tahák-na-písemku-2.docx:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Lenovo\Desktop\Tahák-na-písemku.docx:$CmdZnID
@Alternate Data Stream - 26 bytes -> C:\Users\Lenovo\Desktop\Momenty_setrvacnosti.pdf:$CmdZnID

< End of report >

[jaro3]

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

:Files
ipconfig /flushdns /c

:Reg
:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[EMPTYJAVA]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

bez nákazy , viry to nebude , jen resetuji síť..


Stáhni si Process Explorer z některého odkazu:
http://www.studna.cz/process-explorer-p-1406.html
http://www.slunecnice.cz/sw/process-explorer/
V hlavním okně se dá zobrazit sloupec s VIrusTotal a to přes menu: View => Select Columns... v otevřeném okně se přepnout na záložku Process Images a tam zatrhnout volbu Virus Total
Při prvotním zatržení se objeví informativní hláška:
You can enable lookup of VirusTotal results for all files displayed in the process and DLL views by selecting the Check VirusTotal entry in the Options menu or check individual files on-demand using the process and DLL properties dialogs.
Můžete povolit vyhledávání výsledků VirusTotal u všech zobrazených v procesu souborů a zobrazení DLL zaškrtnutím položky VirusTotal v nabídce Možnosti nebo zkontrolovat jednotlivé soubory na vyžádání pomocí procesu a DLL vlastnosti dialogy.
Otestování jednoho procesu:
- klikne se pravým tlačítkem myši na zvolený proces a zvolí se možnost Check VirusTotal. Při prvotním výběru se objeví dialog box se zprávou o potvrzení Terms of Service and Privacy Policy (ToS) a otevře se i v prohlížeči stránka s ToS
You must agree to VirusTotal's terms of service to use VirusTotal features.
When you do, Process Explorer will submit hashes for files listed in the process and DLL view to VirusTotal.com. You can submit a file's contents by using the Submit button on the process and DLL properties dialog boxes.
Musíte souhlasit s VirusTotal podmínkami služby používat funkce VirusTotal. Pokud tak učiníte, Process Explorer předloží hashe soubory uvedené v tomto procesu a DLL cílem VirusTotal.com. Můžete odeslat obsah souboru pomocí tlačítka Odeslat na proces a dialogová okna vlastností DLL.
- po potvrzení se odešle Hash na VT a v předem zobrazeném sloupci se nám zobrazí výsledek ve formě číselného zápisu 0/42. Pokud bude některý soubor detekován, dá se přímo přes tento výsledek proklinout na VT, kde bude zobrazený podrobnější výsledek testu.
Odeslání všech běžících procesů na kontrolu:
- v Menu zvolit Options => VirusTotal.com => Check VIrusTotal.com
Dále se dá ověřit i podepsání souborů ...

[Martab]

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
========== FILES ==========
< ipconfig /flushdns /c >
Konfigurace protokolu IP syst‚mu Windows
MezipamŘś pýekl d nˇ DNS byla ŁspŘçnŘ vypr zdnŘna.
C:\Users\Lenovo\Desktop\cmd.bat deleted successfully.
C:\Users\Lenovo\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lenovo
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4815 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 209 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Lenovo
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Lenovo

User: Public

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01202016_185140

Files\Folders moved on Reboot...
C:\Users\Lenovo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Martab]

A v Process Explorer se mi ten proces nalézt nepovedlo... Ale když dám zkontrolovat vše, tak to napíše u všeho 0/XX

Jestli to pomůže:

[Martab]

Ale pokud jsme to odhadl podle vytížení CPU správně, tak je to toto
https://www.virustotal.com/cs/file/93b2 ... /analysis/

[richchie]

Vlákno nesleduji jen-comodo má vlastní prostředek na sledování a to killswitch a obsahuje ho přímo comodo internet security.

[Orcus]

Ještě jsem narazil na toto:
"The Svchost.exe (netsvcs) high CPU or Memory leak problems, can be caused by a Windows Update, or by a full Event log file or by other programs or services that start many processes during their execution."

Teoreticky tedy ještě evt logy nebo Windows update. Doporučujeme založit téma ve Windows sekci.

MiliNess bude asi vědět nejlíp. - memberlist.php?mode=viewprofile&u=15310

[Martab]

Ok, uvidíme, projel jsem to tím COMODem, poslední hodinu se to neobjevilo, tak uvidím, co to bude dělat, kdyžtak bych napsal, dík moc za rady a pomoc

[jaro3]

Spusť OTL a klikni na Vyčisti.

Viry vylučujeme .

Tady zatím to ukončíme a pokračuj v sekci , kterou doporučil Orcus.

[Martab]

Tak po "Spusť OTL a klikni na Vyčisti." tam ten proces zase naskočil Tak jsme to projel tím killswitch, napsal 1/1 Mallwer odstraněno a zatím je klid, tak uvidíme.

Každopádně dík moc za pomoc

[jaro3]

Nemáš zač!

Dej pak vědět , jestli to tu ukončíme.