Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

50% vyuzitie ram

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
kudliik
Návštěvník
Návštěvník
Příspěvky: 102
Registrován: 19 črc 2007 13:16

Re: 50% vyuzitie ram

#31 Příspěvek od kudliik »

kde prosim najdem log zo zoek.exe? pc sa restartoval, ale log mi nevyskocil..
tu je log z JRT..

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Professional x64
Ran by T420 (Administrator) on ut 28. 02. 2017 at 11:00:52,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 11

Successfully deleted: C:\Users\Public\thunder network (Folder)
Successfully deleted: C:\Users\T420\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod (Folder)
Successfully deleted: C:\Users\T420\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bigefpfhnfcobdlfbedofhhaibnlghod_0.localstorage (File)
Successfully deleted: C:\Users\T420\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9X95QTN6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\T420\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9XN0UVZ6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\T420\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS9MUX3E (Temporary Internet Files Folder)
Successfully deleted: C:\Users\T420\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTDT5JJ7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9X95QTN6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9XN0UVZ6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS9MUX3E (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTDT5JJ7 (Temporary Internet Files Folder)

Deleted the following from C:\Users\T420\AppData\Roaming\Mozilla\Firefox\Profiles\vbnrj7om.default\prefs.js
user_pref(browser.search.searchengine.uid, HITACHIXHTS727550A9E364_J3300080GD604BGD604BX);



Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ut 28. 02. 2017 at 11:06:39,39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119495
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: 50% vyuzitie ram

#32 Příspěvek od Rudy »

Zkuste zadat "zoek" do vyhledávání. Bude to txt soubor.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
kudliik
Návštěvník
Návštěvník
Příspěvky: 102
Registrován: 19 črc 2007 13:16

Re: 50% vyuzitie ram

#33 Příspěvek od kudliik »

To som skusal hned hladat, ale nenasiel som.. ani v zlozke zoek nevidim nic podobne..
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119495
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: 50% vyuzitie ram

#34 Příspěvek od Rudy »

OK. Nastala nějaká změna po těch skenech?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
kudliik
Návštěvník
Návštěvník
Příspěvky: 102
Registrován: 19 črc 2007 13:16

Re: 50% vyuzitie ram

#35 Příspěvek od kudliik »

dal som ten zoek sken spravit este raz a tu je log.. bez zmeny..


Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by T420 on ut 28. 02. 2017 at 19:13:45,17.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\T420\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2017-02-28-074840.log 12641 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Users\T420\AppData\Local\Lavasoft deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\T420\AppData\Roaming\Profiles\Cojlegrfat.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\T420\AppData\Roaming\Profiles\Cojlegrfat.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\T420\AppData\Roaming\Profiles\Ghtakarqesp.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\T420\AppData\Roaming\Profiles\Ghtakarqesp.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\T420\AppData\Roaming\Profiles\Grorpyshimugh.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\T420\AppData\Roaming\Profiles\Grorpyshimugh.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\T420\AppData\Roaming\Profiles\Sqoing.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\T420\AppData\Roaming\Profiles\Sqoing.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\T420\AppData\Roaming\Mozilla\Firefox\Profiles\vbnrj7om.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\T420\AppData\Roaming\Mozilla\Firefox\Profiles\vbnrj7om.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\T420\AppData\Roaming\Profiles\Cojlegrfat.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\T420\AppData\Roaming\Profiles\Ghtakarqesp.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\T420\AppData\Roaming\Profiles\Grorpyshimugh.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\T420\AppData\Roaming\Profiles\Sqoing.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\T420\AppData\Roaming\Mozilla\Firefox\Profiles\vbnrj7om.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [31. 01. 2017 18:08]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [31. 01. 2017 18:08]

==== Firefox Extensions ======================

ProfilePath: C:\Users\T420\AppData\Roaming\Profiles\Cojlegrfat.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\T420\AppData\Roaming\Profiles\Ghtakarqesp.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\T420\AppData\Roaming\Profiles\Grorpyshimugh.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\T420\AppData\Roaming\Profiles\Sqoing.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\T420\AppData\Roaming\Mozilla\Firefox\Profiles\vbnrj7om.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - No path found[]

Avast SafePrice - T420\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Avast Online Security - T420\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Media Router - T420\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
UC浏览器活动 - T420\AppData\Local\UCBrowser\User Data\Default\Extensions\acbckhilidhkcoenjgmejpgnnmcbhjhi
UC Nexus - T420\AppData\Local\UCBrowser\User Data\Default\Extensions\pogijhnlcfmcppgimcaccdkmbedjkmhi

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"
{59DF3CAC-CF79-4BB9-A114-70E55AC45F25} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTer ... arch_12454"

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\T420\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\T420\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\T420\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\T420\AppData\Local\UCBrowser\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=28 folders=20 35632593 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\T420\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\T420\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ut 28. 02. 2017 at 20:45:32,96 ======================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119495
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: 50% vyuzitie ram

#36 Příspěvek od Rudy »

Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
kudliik
Návštěvník
Návštěvník
Příspěvky: 102
Registrován: 19 črc 2007 13:16

Re: 50% vyuzitie ram

#37 Příspěvek od kudliik »

pri necinnosti 33% minimalne a pri spustenom chrome 45%



ComboFix 17-02-24.01 - T420 . 03. 2017 6:38.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.3979.2368 [GMT 1:00]
Running from: c:\users\T420\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
FW: Avast Antivirus *Disabled* {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2017-02-01 to 2017-03-01 )))))))))))))))))))))))))))))))
.
.
2017-03-01 05:50 . 2017-03-01 05:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-02-28 19:56 . 2017-02-28 19:56 -------- d-----w- c:\programdata\SWCUTemp
2017-02-28 19:41 . 2017-02-28 18:13 24064 ----a-w- c:\windows\zoek-delete.exe
2017-02-28 19:41 . 2017-03-01 05:51 -------- d-----w- c:\users\T420\AppData\Local\Temp
2017-02-28 09:49 . 2017-02-28 09:49 -------- d-----w- C:\$AV_ASW
2017-02-28 03:24 . 2017-02-28 07:31 -------- d-----w- C:\zoek_backup
2017-02-27 19:42 . 2017-02-27 19:42 -------- d-----w- c:\users\T420\AppData\Local\ElevatedDiagnostics
2017-02-27 19:24 . 2015-07-11 13:15 429568 ----a-w- c:\windows\system32\wksprt.exe
2017-02-27 19:24 . 2015-07-16 19:12 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll
2017-02-27 19:24 . 2015-07-16 19:11 7077376 ----a-w- c:\windows\system32\mstscax.dll
2017-02-27 19:24 . 2015-07-16 19:12 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
2017-02-27 19:24 . 2015-07-16 19:12 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
2017-02-27 19:24 . 2015-07-16 19:11 62976 ----a-w- c:\windows\system32\tsgqec.dll
2017-02-27 19:24 . 2015-07-16 19:11 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll
2017-02-27 19:24 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2017-02-27 19:10 . 2017-02-27 19:08 461640 ----a-w- c:\windows\system32\drivers\aswNetSec.sys
2017-02-27 19:09 . 2017-02-27 19:09 398408 ----a-w- c:\windows\system32\aswBoot.exe
2017-02-27 19:08 . 2017-02-27 19:08 29432 ----a-w- c:\windows\system32\drivers\aswNetNd6.sys
2017-02-26 17:40 . 2013-10-02 01:10 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2017-02-26 17:40 . 2013-10-02 04:38 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2017-02-26 17:39 . 2013-10-02 02:11 13824 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2017-02-26 17:39 . 2013-10-02 02:08 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2017-02-26 17:39 . 2013-10-02 02:22 56832 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2017-02-26 17:39 . 2013-10-02 01:48 56832 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2017-02-26 17:39 . 2013-10-02 01:48 18944 ----a-w- c:\windows\system32\wksprtPS.dll
2017-02-26 17:39 . 2013-10-02 00:14 50176 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2017-02-26 17:39 . 2013-10-02 00:14 17920 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2017-02-26 17:39 . 2013-10-01 23:31 1147392 ----a-w- c:\windows\system32\mstsc.exe
2017-02-26 17:39 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\SysWow64\mstsc.exe
2017-02-26 17:33 . 2017-02-26 17:33 -------- d-----w- c:\program files\CONEXANT
2017-02-26 17:31 . 2017-02-26 17:31 -------- d-----w- c:\program files\Microsoft Silverlight
2017-02-26 17:31 . 2017-02-26 17:31 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2017-02-26 17:29 . 2015-08-05 17:56 22528 ----a-w- c:\windows\system32\icaapi.dll
2017-02-26 17:29 . 2015-08-05 17:06 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2017-02-26 17:27 . 2017-02-02 16:32 1285632 ----a-w- c:\windows\system32\aeinv.dll
2017-02-26 17:27 . 2016-12-31 15:36 233984 ----a-w- c:\windows\system32\aepic.dll
2017-02-26 17:27 . 2017-02-02 14:06 650752 ----a-w- c:\windows\system32\generaltel.dll
2017-02-26 17:27 . 2016-12-31 15:36 556544 ----a-w- c:\windows\system32\devinv.dll
2017-02-26 17:27 . 2016-12-31 15:36 1609216 ----a-w- c:\windows\system32\appraiser.dll
2017-02-26 17:27 . 2017-02-02 16:36 84712 ----a-w- c:\windows\system32\CompatTelRunner.exe
2017-02-26 17:27 . 2016-12-31 15:36 335360 ----a-w- c:\windows\system32\invagent.dll
2017-02-26 17:27 . 2016-12-31 15:36 293376 ----a-w- c:\windows\system32\centel.dll
2017-02-26 17:27 . 2016-12-31 15:36 133632 ----a-w- c:\windows\system32\acmigration.dll
2017-02-26 17:25 . 2015-12-16 18:53 7168 ----a-w- c:\windows\system32\KBDAZEL.DLL
2017-02-26 17:25 . 2015-12-16 18:53 7168 ----a-w- c:\windows\system32\KBDAZE.DLL
2017-02-26 17:25 . 2015-12-16 18:53 7168 ----a-w- c:\windows\system32\kbdgeoqw.dll
2017-02-26 17:25 . 2015-12-16 18:48 6656 ----a-w- c:\windows\SysWow64\kbdgeoqw.dll
2017-02-26 17:25 . 2015-12-16 18:48 6656 ----a-w- c:\windows\SysWow64\KBDAZEL.DLL
2017-02-26 15:50 . 2017-02-26 15:51 -------- d-----w- c:\program files\CCleaner
2017-02-26 14:30 . 2017-02-27 19:08 48528 ----a-w- c:\windows\system32\drivers\aswbuniva.sys
2017-02-26 14:30 . 2017-02-27 19:08 334600 ----a-w- c:\windows\system32\drivers\aswbloga.sys
2017-02-26 14:30 . 2017-02-27 19:08 189768 ----a-w- c:\windows\system32\drivers\aswbidsha.sys
2017-02-26 14:30 . 2017-02-27 19:08 309272 ----a-w- c:\windows\system32\drivers\aswbidsdrivera.sys
2017-02-16 09:15 . 2017-02-16 09:15 -------- d-----w- c:\programdata\NCH Software
2017-02-16 09:15 . 2017-02-16 09:24 -------- d-----w- c:\program files (x86)\NCH Software
2017-02-16 09:14 . 2017-02-16 09:24 -------- d-----w- c:\users\T420\AppData\Roaming\NCH Software
2017-02-11 14:37 . 2017-02-11 14:37 -------- d-----w- c:\users\T420\AppData\Local\Native Instruments
2017-02-10 19:40 . 2017-02-10 19:42 -------- d-----w- C:\FRST
2017-02-10 17:14 . 2017-02-10 17:46 -------- d-----w- c:\users\T420\AppData\Local\Ghervertherfirer
2017-02-10 17:13 . 2017-02-10 17:14 -------- d-----w- c:\users\T420\AppData\Local\Cohispkituly
2017-02-10 15:13 . 2017-02-11 14:44 -------- d-----w- c:\program files (x86)\Native Instruments
2017-02-09 12:58 . 2017-02-09 12:58 -------- d-----w- c:\users\T420\AppData\Local\MediaMonkey
2017-02-09 12:57 . 2017-02-26 18:24 -------- d-----w- c:\users\T420\AppData\Roaming\MediaMonkey
2017-02-09 12:57 . 2017-02-09 12:57 -------- d-----w- c:\programdata\MediaMonkey
2017-02-09 12:57 . 2017-02-09 12:57 -------- d-----w- c:\program files (x86)\MediaMonkey
2017-02-09 11:13 . 2017-02-10 15:12 -------- d-----w- c:\program files\Common Files\Native Instruments
2017-02-09 11:13 . 2017-02-09 11:15 -------- d-----w- c:\programdata\Native Instruments
2017-02-06 16:59 . 2017-02-06 16:59 -------- d-----w- c:\users\T420\AppData\Local\Tvsukernel
2017-02-01 14:30 . 2017-02-01 14:30 -------- d-----w- c:\users\T420\AppData\Roaming\FastStone
2017-02-01 14:29 . 2017-02-01 14:29 -------- d-----w- c:\program files (x86)\FastStone Image Viewer
2017-01-31 17:10 . 2017-02-27 19:08 32088 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-01-31 17:09 . 2017-01-31 17:09 -------- d-----w- c:\users\T420\AppData\Roaming\AVAST Software
2017-01-31 17:09 . 2017-01-31 17:09 -------- d-----w- c:\program files (x86)\Common Files\AV
2017-01-31 17:09 . 2017-02-27 19:09 162528 ----a-w- c:\windows\system32\drivers\aswStm.sys
2017-01-31 17:09 . 2017-02-27 19:09 337592 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-01-31 17:09 . 2017-02-26 14:28 337080 ----a-w- c:\windows\system32\drivers\aswvmm.sys.148811943973704
2017-01-31 17:09 . 2017-02-27 19:09 75704 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-01-31 17:09 . 2017-02-27 19:09 547904 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-01-31 17:08 . 2017-02-27 19:09 126600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-01-31 17:08 . 2017-02-27 19:09 38296 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-01-31 17:08 . 2017-02-27 19:09 100640 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-01-31 17:08 . 2017-02-27 19:08 993608 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-01-31 17:08 . 2017-01-31 17:08 53208 ----a-w- c:\windows\avastSS.scr
2017-01-31 17:07 . 2017-01-31 17:10 -------- d-----w- c:\program files\AVAST Software
2017-01-31 17:07 . 2017-02-27 19:10 -------- d-----w- c:\programdata\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-02-25 02:01 . 2016-10-15 09:43 138020592 -c--a-w- c:\windows\system32\MRT.exe
2017-01-05 18:55 . 2017-01-10 21:24 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2017-01-05 18:55 . 2017-01-10 21:24 154856 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2017-01-05 18:52 . 2017-01-10 21:24 210432 ----a-w- c:\windows\system32\wdigest.dll
2017-01-05 18:52 . 2017-01-10 21:24 86528 ----a-w- c:\windows\system32\TSpkg.dll
2017-01-05 18:52 . 2017-01-10 21:24 28672 ----a-w- c:\windows\system32\sspisrv.dll
2017-01-05 18:52 . 2017-01-10 21:24 135680 ----a-w- c:\windows\system32\sspicli.dll
2017-01-05 18:52 . 2017-01-10 21:24 345600 ----a-w- c:\windows\system32\schannel.dll
2017-01-05 18:52 . 2017-01-10 21:24 1212928 ----a-w- c:\windows\system32\rpcrt4.dll
2017-01-05 18:52 . 2017-01-10 21:24 28160 ----a-w- c:\windows\system32\secur32.dll
2017-01-05 18:52 . 2017-01-10 21:24 190464 ----a-w- c:\windows\system32\rpchttp.dll
2017-01-05 18:52 . 2017-01-10 21:24 312320 ----a-w- c:\windows\system32\ncrypt.dll
2017-01-05 18:52 . 2017-01-10 21:24 60416 ----a-w- c:\windows\system32\msobjs.dll
2017-01-05 18:52 . 2017-01-10 21:24 316928 ----a-w- c:\windows\system32\msv1_0.dll
2017-01-05 18:52 . 2017-01-10 21:24 146432 ----a-w- c:\windows\system32\msaudite.dll
2017-01-05 18:52 . 2017-01-10 21:24 730624 ----a-w- c:\windows\system32\kerberos.dll
2017-01-05 18:52 . 2017-01-10 21:24 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2017-01-05 18:52 . 2017-01-10 21:24 43520 ----a-w- c:\windows\system32\cryptbase.dll
2017-01-05 18:52 . 2017-01-10 21:24 22016 ----a-w- c:\windows\system32\credssp.dll
2017-01-05 18:52 . 2017-01-10 21:24 463872 ----a-w- c:\windows\system32\certcli.dll
2017-01-05 18:52 . 2017-01-10 21:24 690688 ----a-w- c:\windows\system32\adtschema.dll
2017-01-05 18:52 . 2017-01-10 21:24 123904 ----a-w- c:\windows\system32\bcrypt.dll
2017-01-05 17:43 . 2017-01-10 21:24 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2017-01-05 17:43 . 2017-01-10 21:24 666112 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2017-01-05 17:43 . 2017-01-10 21:24 82944 ----a-w- c:\windows\SysWow64\bcrypt.dll
2017-01-05 17:43 . 2017-01-10 21:24 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2017-01-05 17:43 . 2017-01-10 21:24 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2017-01-05 17:43 . 2017-01-10 21:24 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2017-01-05 17:43 . 2017-01-10 21:24 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2017-01-05 17:43 . 2017-01-10 21:24 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2017-01-05 17:43 . 2017-01-10 21:24 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2017-01-05 17:43 . 2017-01-10 21:24 261120 ----a-w- c:\windows\SysWow64\msv1_0.dll
2017-01-05 17:43 . 2017-01-10 21:24 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2017-01-05 17:43 . 2017-01-10 21:24 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2017-01-05 17:43 . 2017-01-10 21:24 553472 ----a-w- c:\windows\SysWow64\kerberos.dll
2017-01-05 17:43 . 2017-01-10 21:24 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2017-01-05 17:43 . 2017-01-10 21:24 342528 ----a-w- c:\windows\SysWow64\certcli.dll
2017-01-05 17:42 . 2017-01-10 21:24 690688 ----a-w- c:\windows\SysWow64\adtschema.dll
2017-01-05 17:32 . 2017-01-10 21:24 64000 ----a-w- c:\windows\system32\auditpol.exe
2017-01-05 17:25 . 2017-01-10 21:24 159744 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2017-01-05 17:24 . 2017-01-10 21:24 291328 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2017-01-05 17:24 . 2017-01-10 21:24 129536 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2017-01-05 17:24 . 2017-01-10 21:24 30720 ----a-w- c:\windows\system32\lsass.exe
2017-01-05 17:23 . 2017-01-10 21:24 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2017-01-05 17:19 . 2017-01-10 21:24 36352 ----a-w- c:\windows\SysWow64\cryptbase.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-11-15 14:23 1743664 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-11-15 14:23 1743664 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-11-15 14:23 1743664 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2017-02-08 9363672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\program files (x86)\ThinkPad\Utilities\PWMTR64V.DLL" [2016-04-14 6422696]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-07-02 113656]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-02-27 205512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LPlatSvc;Lenovo Platform Service;c:\windows\system32\LPlatSvc.exe;c:\windows\SYSNATIVE\LPlatSvc.exe [x]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiaga.sys;c:\windows\SYSNATIVE\drivers\bxdiaga.sys [x]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x64.sys;c:\windows\SYSNATIVE\drivers\Xeno7x64.sys [x]
R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys;c:\windows\SYSNATIVE\drivers\bxfcoe.sys [x]
R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys;c:\windows\SYSNATIVE\drivers\bxois.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
R3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\System32\Drivers\EtronSTOR.sys;c:\windows\SYSNATIVE\Drivers\EtronSTOR.sys [x]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys;c:\windows\SYSNATIVE\Drivers\qd262x64.sys [x]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
R3 LSC.Services.SystemService;Lenovo Solution Center System Service;c:\program files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswNetSec;aswNetSec;c:\windows\system32\drivers\aswNetSec.sys;c:\windows\SYSNATIVE\drivers\aswNetSec.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;Avast Firewall Service;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:\program files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe;c:\program files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 TVicPort64;TVicPort64; [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 aswNetNd6;Avast Firewall NDIS6 Helper;c:\windows\system32\DRIVERS\aswNetNd6.sys;c:\windows\SYSNATIVE\DRIVERS\aswNetNd6.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys;c:\windows\SYSNATIVE\Drivers\LenovoRd.sys [x]
S3 Power Manager DBC Service;Power Manager Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ESProtectionDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-11-15 14:26 2351920 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-11-15 14:26 2351920 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-11-15 14:26 2351920 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-02-27 19:09 1481016 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-02-27 19:09 1481016 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFanControl"="c:\program files\TPFanControl\TPFanControl.exe" [2013-02-02 156672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2016-03-01 183216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2016-03-01 411056]
"Persistence"="c:\windows\system32\igfxpers.exe" [2016-03-01 453544]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~2\Office15\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~2\MICROS~2\Office15\ONBttnIE.dll/105
Trusted Zone: localhost
TCP: DhcpNameServer = 192.168.100.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-MBAMService
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellExecuteHooks-{7FF42358-ECD1-11E6-946D-64006A5CFC23} - (no file)
AddRemove-{013CCA52-DA56-4133-AC2B-1988A9568C30} - c:\programdata\{4682E4CB-7209-4099-8AA1-580ABCCCE731}\Audio 4 DJ Driver Setup PC.exe
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{42DEBD12-9D09-4B77-B434-2EF604E45D3D}\Controller Editor Setup PC.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{90D8CE90-3E6B-4034-A281-BC9F19B60A5B}\Service Center Setup PC.exe
AddRemove-{1FF959F4-8993-4c52-A397-0CB982C91954} - c:\programdata\{4D0E48A9-ECF9-4029-9600-9F629A79750C}\Traktor Kontrol S8 Driver Setup PC.exe
AddRemove-{23A66953-369C-4d22-A189-C6E403D4A19F} - c:\programdata\{033B4844-E9C3-45D2-88D9-34DDF3F91100}\Audio 2 DJ Driver Setup PC.exe
AddRemove-{24873332-B98B-4235-ABBA-CCDEACC62BB9} - c:\programdata\{4FB3245C-1B65-4959-A8DA-A365D75D0AF4}\Traktor Audio 6 Driver Setup PC.exe
AddRemove-{28F19F09-F228-49cb-8B90-F97DA7180DD4} - c:\programdata\{B7C85E99-2AC6-455D-B4D1-752A56403757}\Traktor Kontrol S4 Driver Setup PC.exe
AddRemove-{3054FEFA-4748-4cf0-8C3C-8DB887DE379F} - c:\programdata\{DB2B4DA2-022F-4A27-A450-A6EB6677CA43}\Traktor Audio 2 Driver Setup PC.exe
AddRemove-{305CA7E5-C739-48e2-B247-584C0E1B717C} - c:\programdata\{001400D9-8BC8-4B5C-892D-B224C94ECAF0}\Traktor Audio 10 Driver Setup PC.exe
AddRemove-{3D8003CE-E3CD-49b7-A59E-9C21546AF95E} - c:\programdata\{9F570B21-E27A-40BE-A508-292899A7D042}\Traktor Kontrol S2 Driver Setup PC.exe
AddRemove-{47047AA6-C62D-4334-B9CB-84E0630269EC} - c:\programdata\{571BB2D7-5EB2-4D33-9E0D-0D95E2CB9AE0}\Traktor Kontrol S2 MK2 Driver Setup PC.exe
AddRemove-{470BB39A-7231-4077-AD3D-86067AD04604} - c:\programdata\{D2030082-F62A-402A-9456-8009276FD896}\Audio 8 DJ Driver Setup PC.exe
AddRemove-{612601db-4776-4127-bab5-d84b8644e530} - c:\programdata\{018F1C44-00D1-417B-B251-92A5634F74AE}\Traktor Kontrol X1 Driver Setup PC.exe
AddRemove-{7ADD3C28-6348-4940-8C10-9ED751F1A543} - c:\programdata\{219191E6-6846-4329-889D-7956C487D9A6}\Traktor Kontrol F1 Driver Setup PC.exe
AddRemove-{7B8BA774-C154-4DEE-A92D-D0E7236BB152} - c:\programdata\{1A60280D-28AA-4D0E-9E05-8E115B994BEF}\Traktor Audio 2 MK2 Driver Setup PC.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{938FA945-D818-48A1-BE66-6921B0D649CF} - c:\programdata\{EBAC69E7-D48F-4CC3-BD51-4AA55B9E55DC}\Traktor Kontrol Z2 Driver Setup PC.exe
AddRemove-{A8EC0CC0-AD8D-4244-B080-424EDF7A7634} - c:\programdata\{53DC627C-2EC2-49E2-8DA7-F6013C8DAF5C}\Traktor 2 Setup PC.exe
AddRemove-{B861B550-23FD-4E56-9D7F-4E81AFE2B639} - c:\programdata\{8D4C602D-E844-4297-BB00-303F1AFBDCBE}\Traktor Kontrol D2 Driver Setup PC.exe
AddRemove-{C39B8892-BB8B-4B0C-AFA6-7B6EE897B286} - c:\programdata\{5BEDCDDD-6193-41E1-8C9B-C688715F85CD}\Traktor Kontrol S4 MK2 Driver Setup PC.exe
AddRemove-{C757F7B0-A56E-4D3D-B8D4-9516E932CAF7} - c:\programdata\{E08B3CF8-17F6-42A9-822C-B111A3E743A6}\Traktor Kontrol S5 Driver Setup PC.exe
AddRemove-{CD79F608-0EEC-4e8b-A8A3-98A9CB723702} - c:\programdata\{526CA30B-D871-406E-A018-ABE05E66D65B}\Traktor Kontrol Z1 Driver Setup PC.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{D18B6F23-0B79-448C-9739-29A03843D660} - c:\programdata\{9B09061B-0A4F-42DA-9987-7D3F452DCB09}\Traktor Kontrol X1 MK2 Driver Setup PC.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-03-01 06:57:02
ComboFix-quarantined-files.txt 2017-03-01 05:57
.
Pre-Run: 378 770 669 568 bytes free
Post-Run: 378 134 421 504 bytes free
.
- - End Of File - - B40B39F6510FF85383B41ED858521426
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119495
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: 50% vyuzitie ram

#38 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

File::
c:\programdata\SWCUTemp

ClearJavaCache::

Reboot:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu. Dejte nový log ComboFix.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
kudliik
Návštěvník
Návštěvník
Příspěvky: 102
Registrován: 19 črc 2007 13:16

Re: 50% vyuzitie ram

#39 Příspěvek od kudliik »

pri necinnosti 29%


ComboFix 17-02-24.01 - T420 . 03. 2017 0:51.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.3979.2570 [GMT 1:00]
Running from: c:\users\T420\Desktop\ComboFix.exe
Command switches used :: c:\users\T420\Desktop\CFScript.txt
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
FW: Avast Antivirus *Disabled* {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\SWCUTemp"
.
.
((((((((((((((((((((((((( Files Created from 2017-02-02 to 2017-03-02 )))))))))))))))))))))))))))))))
.
.
2017-02-28 19:41 . 2017-02-28 18:13 24064 ----a-w- c:\windows\zoek-delete.exe
2017-02-28 19:41 . 2017-03-02 00:04 -------- d-----w- c:\users\T420\AppData\Local\Temp
2017-02-28 09:49 . 2017-02-28 09:49 -------- d-----w- C:\$AV_ASW
2017-02-28 03:24 . 2017-02-28 07:31 -------- d-----w- C:\zoek_backup
2017-02-27 19:42 . 2017-02-27 19:42 -------- d-----w- c:\users\T420\AppData\Local\ElevatedDiagnostics
2017-02-27 19:24 . 2015-07-11 13:15 429568 ----a-w- c:\windows\system32\wksprt.exe
2017-02-27 19:24 . 2015-07-16 19:12 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll
2017-02-27 19:24 . 2015-07-16 19:11 7077376 ----a-w- c:\windows\system32\mstscax.dll
2017-02-27 19:24 . 2015-07-16 19:12 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
2017-02-27 19:24 . 2015-07-16 19:12 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
2017-02-27 19:24 . 2015-07-16 19:11 62976 ----a-w- c:\windows\system32\tsgqec.dll
2017-02-27 19:24 . 2015-07-16 19:11 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll
2017-02-27 19:24 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2017-02-27 19:10 . 2017-02-27 19:08 461640 ----a-w- c:\windows\system32\drivers\aswNetSec.sys
2017-02-27 19:09 . 2017-02-27 19:09 398408 ----a-w- c:\windows\system32\aswBoot.exe
2017-02-27 19:08 . 2017-02-27 19:08 29432 ----a-w- c:\windows\system32\drivers\aswNetNd6.sys
2017-02-26 17:40 . 2013-10-02 01:10 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2017-02-26 17:40 . 2013-10-02 04:38 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2017-02-26 17:39 . 2013-10-02 02:11 13824 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2017-02-26 17:39 . 2013-10-02 02:08 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2017-02-26 17:39 . 2013-10-02 02:22 56832 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2017-02-26 17:39 . 2013-10-02 01:48 56832 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2017-02-26 17:39 . 2013-10-02 01:48 18944 ----a-w- c:\windows\system32\wksprtPS.dll
2017-02-26 17:39 . 2013-10-02 00:14 50176 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2017-02-26 17:39 . 2013-10-02 00:14 17920 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2017-02-26 17:39 . 2013-10-01 23:31 1147392 ----a-w- c:\windows\system32\mstsc.exe
2017-02-26 17:39 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\SysWow64\mstsc.exe
2017-02-26 17:33 . 2017-02-26 17:33 -------- d-----w- c:\program files\CONEXANT
2017-02-26 17:31 . 2017-02-26 17:31 -------- d-----w- c:\program files\Microsoft Silverlight
2017-02-26 17:31 . 2017-02-26 17:31 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2017-02-26 17:29 . 2015-08-05 17:56 22528 ----a-w- c:\windows\system32\icaapi.dll
2017-02-26 17:29 . 2015-08-05 17:06 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2017-02-26 17:27 . 2017-02-02 16:32 1285632 ----a-w- c:\windows\system32\aeinv.dll
2017-02-26 17:27 . 2016-12-31 15:36 233984 ----a-w- c:\windows\system32\aepic.dll
2017-02-26 17:27 . 2017-02-02 14:06 650752 ----a-w- c:\windows\system32\generaltel.dll
2017-02-26 17:27 . 2016-12-31 15:36 556544 ----a-w- c:\windows\system32\devinv.dll
2017-02-26 17:27 . 2016-12-31 15:36 1609216 ----a-w- c:\windows\system32\appraiser.dll
2017-02-26 17:27 . 2017-02-02 16:36 84712 ----a-w- c:\windows\system32\CompatTelRunner.exe
2017-02-26 17:27 . 2016-12-31 15:36 335360 ----a-w- c:\windows\system32\invagent.dll
2017-02-26 17:27 . 2016-12-31 15:36 293376 ----a-w- c:\windows\system32\centel.dll
2017-02-26 17:27 . 2016-12-31 15:36 133632 ----a-w- c:\windows\system32\acmigration.dll
2017-02-26 17:25 . 2015-12-16 18:53 7168 ----a-w- c:\windows\system32\KBDAZEL.DLL
2017-02-26 17:25 . 2015-12-16 18:53 7168 ----a-w- c:\windows\system32\KBDAZE.DLL
2017-02-26 17:25 . 2015-12-16 18:53 7168 ----a-w- c:\windows\system32\kbdgeoqw.dll
2017-02-26 17:25 . 2015-12-16 18:48 6656 ----a-w- c:\windows\SysWow64\kbdgeoqw.dll
2017-02-26 17:25 . 2015-12-16 18:48 6656 ----a-w- c:\windows\SysWow64\KBDAZEL.DLL
2017-02-26 15:50 . 2017-02-26 15:51 -------- d-----w- c:\program files\CCleaner
2017-02-26 14:30 . 2017-02-27 19:08 48528 ----a-w- c:\windows\system32\drivers\aswbuniva.sys
2017-02-26 14:30 . 2017-02-27 19:08 334600 ----a-w- c:\windows\system32\drivers\aswbloga.sys
2017-02-26 14:30 . 2017-02-27 19:08 189768 ----a-w- c:\windows\system32\drivers\aswbidsha.sys
2017-02-26 14:30 . 2017-02-27 19:08 309272 ----a-w- c:\windows\system32\drivers\aswbidsdrivera.sys
2017-02-16 09:15 . 2017-02-16 09:15 -------- d-----w- c:\programdata\NCH Software
2017-02-16 09:15 . 2017-02-16 09:24 -------- d-----w- c:\program files (x86)\NCH Software
2017-02-16 09:14 . 2017-02-16 09:24 -------- d-----w- c:\users\T420\AppData\Roaming\NCH Software
2017-02-11 14:37 . 2017-02-11 14:37 -------- d-----w- c:\users\T420\AppData\Local\Native Instruments
2017-02-10 19:40 . 2017-02-10 19:42 -------- d-----w- C:\FRST
2017-02-10 17:14 . 2017-02-10 17:46 -------- d-----w- c:\users\T420\AppData\Local\Ghervertherfirer
2017-02-10 17:13 . 2017-02-10 17:14 -------- d-----w- c:\users\T420\AppData\Local\Cohispkituly
2017-02-10 15:13 . 2017-02-11 14:44 -------- d-----w- c:\program files (x86)\Native Instruments
2017-02-09 12:58 . 2017-02-09 12:58 -------- d-----w- c:\users\T420\AppData\Local\MediaMonkey
2017-02-09 12:57 . 2017-02-26 18:24 -------- d-----w- c:\users\T420\AppData\Roaming\MediaMonkey
2017-02-09 12:57 . 2017-02-09 12:57 -------- d-----w- c:\programdata\MediaMonkey
2017-02-09 12:57 . 2017-02-09 12:57 -------- d-----w- c:\program files (x86)\MediaMonkey
2017-02-09 11:13 . 2017-02-10 15:12 -------- d-----w- c:\program files\Common Files\Native Instruments
2017-02-09 11:13 . 2017-02-09 11:15 -------- d-----w- c:\programdata\Native Instruments
2017-02-06 16:59 . 2017-02-06 16:59 -------- d-----w- c:\users\T420\AppData\Local\Tvsukernel
2017-02-01 14:30 . 2017-02-01 14:30 -------- d-----w- c:\users\T420\AppData\Roaming\FastStone
2017-02-01 14:29 . 2017-02-01 14:29 -------- d-----w- c:\program files (x86)\FastStone Image Viewer
2017-01-31 17:10 . 2017-02-27 19:08 32088 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-01-31 17:09 . 2017-01-31 17:09 -------- d-----w- c:\users\T420\AppData\Roaming\AVAST Software
2017-01-31 17:09 . 2017-01-31 17:09 -------- d-----w- c:\program files (x86)\Common Files\AV
2017-01-31 17:09 . 2017-02-27 19:09 162528 ----a-w- c:\windows\system32\drivers\aswStm.sys
2017-01-31 17:09 . 2017-02-27 19:09 337592 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-01-31 17:09 . 2017-02-26 14:28 337080 ----a-w- c:\windows\system32\drivers\aswvmm.sys.148811943973704
2017-01-31 17:09 . 2017-02-27 19:09 75704 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-01-31 17:09 . 2017-02-27 19:09 547904 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-01-31 17:08 . 2017-02-27 19:09 126600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-01-31 17:08 . 2017-02-27 19:09 38296 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-01-31 17:08 . 2017-02-27 19:09 100640 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-01-31 17:08 . 2017-02-27 19:08 993608 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-01-31 17:08 . 2017-01-31 17:08 53208 ----a-w- c:\windows\avastSS.scr
2017-01-31 17:07 . 2017-01-31 17:10 -------- d-----w- c:\program files\AVAST Software
2017-01-31 17:07 . 2017-02-27 19:10 -------- d-----w- c:\programdata\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-02-25 02:01 . 2016-10-15 09:43 138020592 -c--a-w- c:\windows\system32\MRT.exe
2017-01-05 18:55 . 2017-01-10 21:24 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2017-01-05 18:55 . 2017-01-10 21:24 154856 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2017-01-05 18:52 . 2017-01-10 21:24 210432 ----a-w- c:\windows\system32\wdigest.dll
2017-01-05 18:52 . 2017-01-10 21:24 86528 ----a-w- c:\windows\system32\TSpkg.dll
2017-01-05 18:52 . 2017-01-10 21:24 28672 ----a-w- c:\windows\system32\sspisrv.dll
2017-01-05 18:52 . 2017-01-10 21:24 135680 ----a-w- c:\windows\system32\sspicli.dll
2017-01-05 18:52 . 2017-01-10 21:24 345600 ----a-w- c:\windows\system32\schannel.dll
2017-01-05 18:52 . 2017-01-10 21:24 1212928 ----a-w- c:\windows\system32\rpcrt4.dll
2017-01-05 18:52 . 2017-01-10 21:24 28160 ----a-w- c:\windows\system32\secur32.dll
2017-01-05 18:52 . 2017-01-10 21:24 190464 ----a-w- c:\windows\system32\rpchttp.dll
2017-01-05 18:52 . 2017-01-10 21:24 312320 ----a-w- c:\windows\system32\ncrypt.dll
2017-01-05 18:52 . 2017-01-10 21:24 60416 ----a-w- c:\windows\system32\msobjs.dll
2017-01-05 18:52 . 2017-01-10 21:24 316928 ----a-w- c:\windows\system32\msv1_0.dll
2017-01-05 18:52 . 2017-01-10 21:24 146432 ----a-w- c:\windows\system32\msaudite.dll
2017-01-05 18:52 . 2017-01-10 21:24 730624 ----a-w- c:\windows\system32\kerberos.dll
2017-01-05 18:52 . 2017-01-10 21:24 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2017-01-05 18:52 . 2017-01-10 21:24 43520 ----a-w- c:\windows\system32\cryptbase.dll
2017-01-05 18:52 . 2017-01-10 21:24 22016 ----a-w- c:\windows\system32\credssp.dll
2017-01-05 18:52 . 2017-01-10 21:24 463872 ----a-w- c:\windows\system32\certcli.dll
2017-01-05 18:52 . 2017-01-10 21:24 690688 ----a-w- c:\windows\system32\adtschema.dll
2017-01-05 18:52 . 2017-01-10 21:24 123904 ----a-w- c:\windows\system32\bcrypt.dll
2017-01-05 17:43 . 2017-01-10 21:24 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2017-01-05 17:43 . 2017-01-10 21:24 666112 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2017-01-05 17:43 . 2017-01-10 21:24 82944 ----a-w- c:\windows\SysWow64\bcrypt.dll
2017-01-05 17:43 . 2017-01-10 21:24 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2017-01-05 17:43 . 2017-01-10 21:24 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2017-01-05 17:43 . 2017-01-10 21:24 254464 ----a-w- c:\windows\SysWow64\schannel.dll
2017-01-05 17:43 . 2017-01-10 21:24 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2017-01-05 17:43 . 2017-01-10 21:24 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2017-01-05 17:43 . 2017-01-10 21:24 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2017-01-05 17:43 . 2017-01-10 21:24 261120 ----a-w- c:\windows\SysWow64\msv1_0.dll
2017-01-05 17:43 . 2017-01-10 21:24 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2017-01-05 17:43 . 2017-01-10 21:24 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2017-01-05 17:43 . 2017-01-10 21:24 553472 ----a-w- c:\windows\SysWow64\kerberos.dll
2017-01-05 17:43 . 2017-01-10 21:24 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2017-01-05 17:43 . 2017-01-10 21:24 342528 ----a-w- c:\windows\SysWow64\certcli.dll
2017-01-05 17:42 . 2017-01-10 21:24 690688 ----a-w- c:\windows\SysWow64\adtschema.dll
2017-01-05 17:32 . 2017-01-10 21:24 64000 ----a-w- c:\windows\system32\auditpol.exe
2017-01-05 17:25 . 2017-01-10 21:24 159744 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2017-01-05 17:24 . 2017-01-10 21:24 291328 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2017-01-05 17:24 . 2017-01-10 21:24 129536 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2017-01-05 17:24 . 2017-01-10 21:24 30720 ----a-w- c:\windows\system32\lsass.exe
2017-01-05 17:23 . 2017-01-10 21:24 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2017-01-05 17:19 . 2017-01-10 21:24 36352 ----a-w- c:\windows\SysWow64\cryptbase.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-11-15 14:23 1743664 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-11-15 14:23 1743664 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-11-15 14:23 1743664 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2017-02-08 9363672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\program files (x86)\ThinkPad\Utilities\PWMTR64V.DLL" [2016-04-14 6422696]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-07-02 113656]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-02-27 205512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LPlatSvc;Lenovo Platform Service;c:\windows\system32\LPlatSvc.exe;c:\windows\SYSNATIVE\LPlatSvc.exe [x]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiaga.sys;c:\windows\SYSNATIVE\drivers\bxdiaga.sys [x]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x64.sys;c:\windows\SYSNATIVE\drivers\Xeno7x64.sys [x]
R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys;c:\windows\SYSNATIVE\drivers\bxfcoe.sys [x]
R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys;c:\windows\SYSNATIVE\drivers\bxois.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
R3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\System32\Drivers\EtronSTOR.sys;c:\windows\SYSNATIVE\Drivers\EtronSTOR.sys [x]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys;c:\windows\SYSNATIVE\Drivers\qd262x64.sys [x]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
R3 LSC.Services.SystemService;Lenovo Solution Center System Service;c:\program files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe;c:\program files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 Power Manager DBC Service;Power Manager Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswNetSec;aswNetSec;c:\windows\system32\drivers\aswNetSec.sys;c:\windows\SYSNATIVE\drivers\aswNetSec.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;Avast Firewall Service;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe;c:\program files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe;c:\program files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 TVicPort64;TVicPort64; [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 aswNetNd6;Avast Firewall NDIS6 Helper;c:\windows\system32\DRIVERS\aswNetNd6.sys;c:\windows\SYSNATIVE\DRIVERS\aswNetNd6.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys;c:\windows\SYSNATIVE\Drivers\LenovoRd.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-11-15 14:26 2351920 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-11-15 14:26 2351920 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-11-15 14:26 2351920 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-02-27 19:09 1481016 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-02-27 19:09 1481016 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFanControl"="c:\program files\TPFanControl\TPFanControl.exe" [2013-02-02 156672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2016-03-01 183216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2016-03-01 411056]
"Persistence"="c:\windows\system32\igfxpers.exe" [2016-03-01 453544]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~2\Office15\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~2\MICROS~2\Office15\ONBttnIE.dll/105
Trusted Zone: localhost
TCP: DhcpNameServer = 192.168.43.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{7FF42358-ECD1-11E6-946D-64006A5CFC23} - (no file)
AddRemove-{013CCA52-DA56-4133-AC2B-1988A9568C30} - c:\programdata\{4682E4CB-7209-4099-8AA1-580ABCCCE731}\Audio 4 DJ Driver Setup PC.exe
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{42DEBD12-9D09-4B77-B434-2EF604E45D3D}\Controller Editor Setup PC.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{90D8CE90-3E6B-4034-A281-BC9F19B60A5B}\Service Center Setup PC.exe
AddRemove-{1FF959F4-8993-4c52-A397-0CB982C91954} - c:\programdata\{4D0E48A9-ECF9-4029-9600-9F629A79750C}\Traktor Kontrol S8 Driver Setup PC.exe
AddRemove-{23A66953-369C-4d22-A189-C6E403D4A19F} - c:\programdata\{033B4844-E9C3-45D2-88D9-34DDF3F91100}\Audio 2 DJ Driver Setup PC.exe
AddRemove-{24873332-B98B-4235-ABBA-CCDEACC62BB9} - c:\programdata\{4FB3245C-1B65-4959-A8DA-A365D75D0AF4}\Traktor Audio 6 Driver Setup PC.exe
AddRemove-{28F19F09-F228-49cb-8B90-F97DA7180DD4} - c:\programdata\{B7C85E99-2AC6-455D-B4D1-752A56403757}\Traktor Kontrol S4 Driver Setup PC.exe
AddRemove-{3054FEFA-4748-4cf0-8C3C-8DB887DE379F} - c:\programdata\{DB2B4DA2-022F-4A27-A450-A6EB6677CA43}\Traktor Audio 2 Driver Setup PC.exe
AddRemove-{305CA7E5-C739-48e2-B247-584C0E1B717C} - c:\programdata\{001400D9-8BC8-4B5C-892D-B224C94ECAF0}\Traktor Audio 10 Driver Setup PC.exe
AddRemove-{3D8003CE-E3CD-49b7-A59E-9C21546AF95E} - c:\programdata\{9F570B21-E27A-40BE-A508-292899A7D042}\Traktor Kontrol S2 Driver Setup PC.exe
AddRemove-{47047AA6-C62D-4334-B9CB-84E0630269EC} - c:\programdata\{571BB2D7-5EB2-4D33-9E0D-0D95E2CB9AE0}\Traktor Kontrol S2 MK2 Driver Setup PC.exe
AddRemove-{470BB39A-7231-4077-AD3D-86067AD04604} - c:\programdata\{D2030082-F62A-402A-9456-8009276FD896}\Audio 8 DJ Driver Setup PC.exe
AddRemove-{612601db-4776-4127-bab5-d84b8644e530} - c:\programdata\{018F1C44-00D1-417B-B251-92A5634F74AE}\Traktor Kontrol X1 Driver Setup PC.exe
AddRemove-{7ADD3C28-6348-4940-8C10-9ED751F1A543} - c:\programdata\{219191E6-6846-4329-889D-7956C487D9A6}\Traktor Kontrol F1 Driver Setup PC.exe
AddRemove-{7B8BA774-C154-4DEE-A92D-D0E7236BB152} - c:\programdata\{1A60280D-28AA-4D0E-9E05-8E115B994BEF}\Traktor Audio 2 MK2 Driver Setup PC.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{938FA945-D818-48A1-BE66-6921B0D649CF} - c:\programdata\{EBAC69E7-D48F-4CC3-BD51-4AA55B9E55DC}\Traktor Kontrol Z2 Driver Setup PC.exe
AddRemove-{A8EC0CC0-AD8D-4244-B080-424EDF7A7634} - c:\programdata\{53DC627C-2EC2-49E2-8DA7-F6013C8DAF5C}\Traktor 2 Setup PC.exe
AddRemove-{B861B550-23FD-4E56-9D7F-4E81AFE2B639} - c:\programdata\{8D4C602D-E844-4297-BB00-303F1AFBDCBE}\Traktor Kontrol D2 Driver Setup PC.exe
AddRemove-{C39B8892-BB8B-4B0C-AFA6-7B6EE897B286} - c:\programdata\{5BEDCDDD-6193-41E1-8C9B-C688715F85CD}\Traktor Kontrol S4 MK2 Driver Setup PC.exe
AddRemove-{C757F7B0-A56E-4D3D-B8D4-9516E932CAF7} - c:\programdata\{E08B3CF8-17F6-42A9-822C-B111A3E743A6}\Traktor Kontrol S5 Driver Setup PC.exe
AddRemove-{CD79F608-0EEC-4e8b-A8A3-98A9CB723702} - c:\programdata\{526CA30B-D871-406E-A018-ABE05E66D65B}\Traktor Kontrol Z1 Driver Setup PC.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{D18B6F23-0B79-448C-9739-29A03843D660} - c:\programdata\{9B09061B-0A4F-42DA-9987-7D3F452DCB09}\Traktor Kontrol X1 MK2 Driver Setup PC.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\progra~1\Lenovo\Zoom\TPSCREX.EXE
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files\Lenovo\Lenovo Solution Center\LSCNotify.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2017-03-02 01:12:39 - machine was rebooted
ComboFix-quarantined-files.txt 2017-03-02 00:12
ComboFix2.txt 2017-03-01 05:57
.
Pre-Run: 377 931 292 672 bytes free
Post-Run: 377 659 445 248 bytes free
.
- - End Of File - - 0E26E2E712B579E3342E9D7C06155750
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119495
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: 50% vyuzitie ram

#40 Příspěvek od Rudy »

Na méně to asi nestáhneme. Váš PC je po stránce zbytečností a malware zcela čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
kudliik
Návštěvník
Návštěvník
Příspěvky: 102
Registrován: 19 črc 2007 13:16

Re: 50% vyuzitie ram

#41 Příspěvek od kudliik »

Dakujem pekne sa Vas cas a ochotu :thumbsup:
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119495
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: 50% vyuzitie ram

#42 Příspěvek od Rudy »

Nemáte zač! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“