google chrome

vlkosek · Příspěvekod **vlkosek** » 15 lis 2017 21:39

Zemana AntiMalware 2.74.2.150 (instalační verze)

-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2017.11.15
Operating System : Windows 7 64-bit
Processor : 4X Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
BIOS Mode : Legacy
CUID : 1240E55235F11C44461128
Scan Type : Skenování systému
Duration : 20m 31s
Scanned Objects : 124666
Detected Objects : 1
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Vypnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Handy Tab
Status : Skenováno
Object : %localappdata%\google\chrome\user data\default\extensions\clgckgfbhciacomhlchmgdnplmdiadbj
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.ChromeExt!Gr
Cleaning Action : Opravit
Related Objects :
Rozšíření prohlížeče - Handy Tab

Cleaning Result
-------------------------------------------------------
Cleaned : 1
Reported as safe : 0
Failed : 0

Reklama

Příspěvekod **jaro3** » 15 lis 2017 21:58

Ještě to další.

vlkosek · Příspěvekod **vlkosek** » 15 lis 2017 22:06

jasný, hážu to sem, jak to dycky jeden program odskenuje.

ted sem dělal ten kombofix. vypnul sem firewall a avast a když sem kombo spustil, tak to psalo, že jede avast, at to vypnu. tak sem to znova zkontroloval, byl vyplej. ale jel malwersbite nebo jak se to jmenuje a ten vypnout nešel. ale psalo to o avastu. no tak sem jel dál...
log here:

vlkosek · Příspěvekod **vlkosek** » 15 lis 2017 22:07

ComboFix 17-11-14.01 - Honza 15.11.2017 21:43:22.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8120.5874 [GMT 1:00]
Spuštěný z: c:\users\Honza\Desktop\ComboFix.exe
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\windows\security\logs\scecomp.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-10-15 do 2017-11-15 )))))))))))))))))))))))))))))))
.
.
2017-11-15 20:48 . 2017-11-15 20:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-11-15 20:08 . 2017-11-15 20:08 -------- d-----w- c:\programdata\SWCUTemp
2017-11-15 19:59 . 2017-11-15 19:46 24064 ----a-w- c:\windows\zoek-delete.exe
2017-11-15 19:59 . 2017-11-15 20:48 -------- d-----w- c:\users\Honza\AppData\Local\Temp
2017-11-15 19:45 . 2017-11-15 19:56 -------- d-----w- C:\zoek_backup
2017-11-09 16:40 . 2017-11-09 16:40 -------- d-----w- c:\users\Honza\AppData\Local\AMD
2017-11-09 15:18 . 2017-11-09 15:18 192952 ----a-w- c:\windows\system32\drivers\MbamChameleon.sys
2017-11-09 15:18 . 2017-11-15 20:03 84256 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-11-09 15:18 . 2017-11-15 20:03 252232 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2017-11-09 15:18 . 2017-11-15 20:03 45504 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-11-09 15:14 . 2017-11-15 20:03 110016 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-11-09 15:13 . 2017-11-09 15:18 77440 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-11-09 15:13 . 2017-11-09 15:13 -------- d-----w- c:\program files\Malwarebytes
2017-11-09 15:13 . 2017-11-09 15:13 -------- d-----w- c:\programdata\MB2Migration
2017-11-09 15:07 . 2017-11-12 16:41 -------- d-----w- C:\AdwCleaner
2017-10-31 18:49 . 2017-10-31 18:49 -------- d-----w- c:\users\Honza\AppData\Local\Apps
2017-10-31 18:49 . 2017-10-31 18:49 -------- d-----w- c:\users\Honza\AppData\Local\Deployment
2017-10-28 09:28 . 2017-10-28 09:28 -------- d-----w- c:\program files\Common Files\ATI Technologies
2017-10-28 09:19 . 2017-10-28 09:19 -------- d-----w- c:\users\Honza\AppData\Local\RadeonInstaller
2017-10-27 02:43 . 2017-10-27 02:43 195888 ----a-w- c:\windows\system32\atiuxp64.dll
2017-10-27 02:43 . 2017-10-27 02:43 161344 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2017-10-27 02:43 . 2017-10-27 02:43 9412328 ----a-w- c:\windows\SysWow64\atiumdag.dll
2017-10-27 02:43 . 2017-10-27 02:43 11579464 ----a-w- c:\windows\system32\atiumd64.dll
2017-10-27 02:43 . 2017-10-27 02:43 172680 ----a-w- c:\windows\system32\atiu9p64.dll
2017-10-27 02:43 . 2017-10-27 02:43 143352 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2017-10-27 02:41 . 2017-10-27 02:41 15728520 ----a-w- c:\windows\system32\aticaldd64.dll
2017-10-27 02:40 . 2017-10-27 02:40 25039752 ----a-w- c:\windows\SysWow64\amdocl12cl.dll
2017-10-27 02:40 . 2017-10-27 02:40 2915208 ----a-w- c:\windows\system32\amfrt64.dll
2017-10-27 02:40 . 2017-10-27 02:40 2533256 ----a-w- c:\windows\SysWow64\amfrt32.dll
2017-10-27 02:40 . 2017-10-27 02:40 13527944 ----a-w- c:\windows\system32\amdvlk64.dll
2017-10-27 02:40 . 2017-10-27 02:40 48012168 ----a-w- c:\windows\SysWow64\amdocl.dll
2017-10-27 02:40 . 2017-10-27 02:40 11090824 ----a-w- c:\windows\SysWow64\amdvlk32.dll
2017-10-27 02:40 . 2017-10-27 02:40 157064 ----a-w- c:\windows\system32\amduve64.dll
2017-10-27 02:40 . 2017-10-27 02:40 135048 ----a-w- c:\windows\SysWow64\amduve32.dll
2017-10-27 02:40 . 2017-10-27 02:40 28928392 ----a-w- c:\windows\SysWow64\atioglxx.dll
2017-10-27 02:40 . 2017-10-27 02:40 139144 ----a-w- c:\windows\system32\amdmmcl6.dll
2017-10-27 02:40 . 2017-10-27 02:40 117128 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2017-10-27 02:40 . 2017-10-27 02:40 543624 ----a-w- c:\windows\system32\amdmcl64.dll
2017-10-27 02:40 . 2017-10-27 02:40 373640 ----a-w- c:\windows\SysWow64\amdmcl32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-11-15 20:01 . 2016-09-03 18:27 65536 ----a-w- c:\windows\system32\spu_storage.bin
2017-11-14 20:52 . 2016-01-03 18:50 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-11-14 20:52 . 2016-01-03 18:50 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-11-13 17:24 . 2015-12-29 10:16 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-10-27 02:42 . 2016-11-15 21:17 223112 ----a-w- c:\windows\system32\atig6txx.dll
2017-10-27 02:42 . 2016-11-15 21:17 144776 ----a-w- c:\windows\system32\atig6pxx.dll
2017-10-27 02:41 . 2013-06-04 21:35 1454984 ----a-w- c:\windows\system32\atiadlxx.dll
2017-10-27 02:40 . 2016-11-15 21:15 35220360 ----a-w- c:\windows\system32\atio6axx.dll
2017-09-13 23:20 . 2017-09-13 23:20 798008 ----a-w- c:\windows\SysWow64\vulkan-1-1-0-61-0.dll
2017-09-13 23:20 . 2016-03-30 04:50 798008 ----a-w- c:\windows\SysWow64\vulkan-1.dll
2017-09-13 23:20 . 2017-09-13 23:20 490296 ----a-w- c:\windows\SysWow64\vulkaninfo-1-1-0-61-0.exe
2017-09-13 23:20 . 2016-03-30 04:50 490296 ----a-w- c:\windows\SysWow64\vulkaninfo.exe
2017-09-13 23:19 . 2017-09-13 23:19 927544 ----a-w- c:\windows\system32\vulkan-1-1-0-61-0.dll
2017-09-13 23:19 . 2016-03-30 04:50 927544 ----a-w- c:\windows\system32\vulkan-1.dll
2017-09-13 23:19 . 2017-09-13 23:19 591160 ----a-w- c:\windows\system32\vulkaninfo-1-1-0-61-0.exe
2017-09-13 23:19 . 2016-03-30 04:50 591160 ----a-w- c:\windows\system32\vulkaninfo.exe
2017-09-01 23:15 . 2017-09-01 23:15 96256 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2017-09-01 23:13 . 2017-09-01 23:13 103424 ----a-w- c:\windows\system32\DelayAPO.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2015-11-10 . E42CB2576D5C8456C60988B1C908F41A . 1009152 . . [6.1.7601.23265] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_2bb2ca019d418cef\user32.dll
[7] 2015-11-10 . 06BF84D26A05D400F6B3FB3D3DE0B03A . 1008640 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\user32.dll
[7] 2015-11-10 . 06BF84D26A05D400F6B3FB3D3DE0B03A . 1008640 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_2b252a2884278aa2\user32.dll
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2017-02-03 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2017-02-03 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2015-11-10 . 0A78439765E31510D75C9E2284F3A722 . 833024 . . [6.1.7601.17514] .. c:\windows\erdnt\cache86\user32.dll
[7] 2015-11-10 . 0A78439765E31510D75C9E2284F3A722 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_3579d47ab8884c9d\user32.dll
[7] 2015-11-10 . D0A3A0DBF77EE35CE97E55DE92014E05 . 833024 . . [6.1.7601.23265] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_36077453d1a24eea\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-12-21 9292504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2014-04-03 134616]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-03-07 205512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Origin Web Helper Service;Origin Web Helper Service;c:\program files (x86)\Origin\OriginWebHelperService.exe;c:\program files (x86)\Origin\OriginWebHelperService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 CoordinatorServiceHost;DTSInterops;c:\program files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe;c:\program files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe [x]
R3 cpuz138;cpuz138;c:\users\Honza\AppData\Local\Temp\cpuz138\cpuz138_x64.sys;c:\users\Honza\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 intelsba;Intel(R) Small Business Advantage;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae64.sys;c:\windows\SYSNATIVE\drivers\mbae64.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super Charger\ChargeService.exe;c:\program files (x86)\MSI\Super Charger\ChargeService.exe [x]
S2 RemoteSolverDispatcher;Remote Solver for Flow Simulation 2016;c:\program files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe SOFTWARE\SRAC\COSMOS_FloWorks 2016;c:\program files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe SOFTWARE\SRAC\COSMOS_FloWorks 2016 [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMFarflt;MBAMFarflt;c:\windows\system32\DRIVERS\farflt.sys;c:\windows\SYSNATIVE\DRIVERS\farflt.sys [x]
S3 MBAMProtection;MBAMProtection;c:\windows\system32\DRIVERS\mbam.sys;c:\windows\SYSNATIVE\DRIVERS\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x]
S3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\DRIVERS\mwac.sys;c:\windows\SYSNATIVE\DRIVERS\mwac.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super Charger\NTIOLib_X64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Honza\AppData\Local\Temp\tmpD5C5.tmp;c:\users\Honza\AppData\Local\Temp\tmpD5C5.tmp [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMPROTECTION
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBPROTECTION
*NewlyCreated* - NTIOLIB_1_0_3
*NewlyCreated* - WINRING0_1_2_0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2017-04-05 00:38 323664 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-03-07 14:05 1481016 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-03-07 14:05 1481016 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-07-15 7637208]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2017-08-09 15775888]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{22154f09-719a-4619-bb71-5b3356999fbf} - c:\programdata\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe
AddRemove-{23daf363-3020-4059-b3ae-dc4ad39fed19} - c:\programdata\Package Cache\{23daf363-3020-4059-b3ae-dc4ad39fed19}\VC_redist.x86.exe
AddRemove-{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4} - c:\programdata\Package Cache\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\VC_redist.x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{d370215a-d003-43ae-a3b6-1028af64d5a1} - c:\programdata\Package Cache\{d370215a-d003-43ae-a3b6-1028af64d5a1}\SetupChipset.exe
AddRemove-{e2803110-78b3-4664-a479-3611a381656a} - c:\programdata\Package Cache\{e2803110-78b3-4664-a479-3611a381656a}\VC_redist.x86.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Honza\AppData\Local\Temp\tmpD5C5.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2017-11-15 21:50:07
ComboFix-quarantined-files.txt 2017-11-15 20:50
.
Před spuštěním: Volných bajtů: 44 492 595 200
Po spuštění: Volných bajtů: 44 440 117 248
.
- - End Of File - - 6A7F771C62FE17BB406891703085C67E
A36C5E4F47E84449FF07ED3517B43A31

vlkosek · Příspěvekod **vlkosek** » 15 lis 2017 22:13

nechápu, jak se člověku namontuje do pc ta po..ná seznam lištička. moje to má na notasu taky. dycky jí to odinstaluju a za nějakej čas to tam má zase...
tady to vídím, že to ten zoek někde našel:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce deleted successfully

rozumím tomu jak koza petrželi, ale když vidím seznamlištička, tak mi vstávají vlasy hrůzou na hlavě, kde se ten sajrajt zase vzal...
díky pomoc. asi bych si koupím vaše tričko. už je to po několikáté co jste mi pomohli čistit pc

Příspěvekod **jaro3** » 15 lis 2017 22:56

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\users\Honza\AppData\Local\Temp\tmpD5C5.tmp

Folder::
c:\program files (x86)\Skype\Updater

Driver::
SkypeUpdate
WinRing0_1_2_0

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRing0_1_2_0]

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

vlkosek · Příspěvekod **vlkosek** » 16 lis 2017 17:02

ComboFix 17-11-14.01 - Honza 16.11.2017 16:30:47.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8120.6549 [GMT 1:00]
Spuštěný z: c:\users\Honza\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Honza\Desktop\CFScript.txt
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Honza\AppData\Local\Temp\tmpD5C5.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINRING0_1_2_0
-------\Service_SkypeUpdate
-------\Service_WinRing0_1_2_0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-10-16 do 2017-11-16 )))))))))))))))))))))))))))))))
.
.
2017-11-16 15:35 . 2017-11-16 15:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2017-11-16 15:35 . 2017-11-16 15:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-11-15 19:59 . 2017-11-15 19:46 24064 ----a-w- c:\windows\zoek-delete.exe
2017-11-15 19:59 . 2017-11-16 15:55 -------- d-----w- c:\users\Honza\AppData\Local\Temp
2017-11-15 19:45 . 2017-11-15 19:56 -------- d-----w- C:\zoek_backup
2017-11-09 16:40 . 2017-11-09 16:40 -------- d-----w- c:\users\Honza\AppData\Local\AMD
2017-11-09 15:13 . 2017-11-09 15:13 -------- d-----w- c:\programdata\MB2Migration
2017-11-09 15:07 . 2017-11-12 16:41 -------- d-----w- C:\AdwCleaner
2017-10-31 18:49 . 2017-10-31 18:49 -------- d-----w- c:\users\Honza\AppData\Local\Apps
2017-10-31 18:49 . 2017-10-31 18:49 -------- d-----w- c:\users\Honza\AppData\Local\Deployment
2017-10-28 09:28 . 2017-10-28 09:28 -------- d-----w- c:\program files\Common Files\ATI Technologies
2017-10-28 09:19 . 2017-10-28 09:19 -------- d-----w- c:\users\Honza\AppData\Local\RadeonInstaller
2017-10-27 02:43 . 2017-10-27 02:43 195888 ----a-w- c:\windows\system32\atiuxp64.dll
2017-10-27 02:43 . 2017-10-27 02:43 161344 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2017-10-27 02:43 . 2017-10-27 02:43 9412328 ----a-w- c:\windows\SysWow64\atiumdag.dll
2017-10-27 02:43 . 2017-10-27 02:43 11579464 ----a-w- c:\windows\system32\atiumd64.dll
2017-10-27 02:43 . 2017-10-27 02:43 172680 ----a-w- c:\windows\system32\atiu9p64.dll
2017-10-27 02:43 . 2017-10-27 02:43 143352 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2017-10-27 02:41 . 2017-10-27 02:41 15728520 ----a-w- c:\windows\system32\aticaldd64.dll
2017-10-27 02:40 . 2017-10-27 02:40 25039752 ----a-w- c:\windows\SysWow64\amdocl12cl.dll
2017-10-27 02:40 . 2017-10-27 02:40 2915208 ----a-w- c:\windows\system32\amfrt64.dll
2017-10-27 02:40 . 2017-10-27 02:40 2533256 ----a-w- c:\windows\SysWow64\amfrt32.dll
2017-10-27 02:40 . 2017-10-27 02:40 13527944 ----a-w- c:\windows\system32\amdvlk64.dll
2017-10-27 02:40 . 2017-10-27 02:40 48012168 ----a-w- c:\windows\SysWow64\amdocl.dll
2017-10-27 02:40 . 2017-10-27 02:40 11090824 ----a-w- c:\windows\SysWow64\amdvlk32.dll
2017-10-27 02:40 . 2017-10-27 02:40 157064 ----a-w- c:\windows\system32\amduve64.dll
2017-10-27 02:40 . 2017-10-27 02:40 135048 ----a-w- c:\windows\SysWow64\amduve32.dll
2017-10-27 02:40 . 2017-10-27 02:40 28928392 ----a-w- c:\windows\SysWow64\atioglxx.dll
2017-10-27 02:40 . 2017-10-27 02:40 139144 ----a-w- c:\windows\system32\amdmmcl6.dll
2017-10-27 02:40 . 2017-10-27 02:40 117128 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2017-10-27 02:40 . 2017-10-27 02:40 543624 ----a-w- c:\windows\system32\amdmcl64.dll
2017-10-27 02:40 . 2017-10-27 02:40 373640 ----a-w- c:\windows\SysWow64\amdmcl32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-11-16 15:53 . 2016-09-03 18:27 65536 ----a-w- c:\windows\system32\spu_storage.bin
2017-11-14 20:52 . 2016-01-03 18:50 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-11-14 20:52 . 2016-01-03 18:50 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-11-13 17:24 . 2015-12-29 10:16 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-10-27 02:42 . 2016-11-15 21:17 223112 ----a-w- c:\windows\system32\atig6txx.dll
2017-10-27 02:42 . 2016-11-15 21:17 144776 ----a-w- c:\windows\system32\atig6pxx.dll
2017-10-27 02:41 . 2013-06-04 21:35 1454984 ----a-w- c:\windows\system32\atiadlxx.dll
2017-10-27 02:40 . 2016-11-15 21:15 35220360 ----a-w- c:\windows\system32\atio6axx.dll
2017-09-13 23:20 . 2017-09-13 23:20 798008 ----a-w- c:\windows\SysWow64\vulkan-1-1-0-61-0.dll
2017-09-13 23:20 . 2016-03-30 04:50 798008 ----a-w- c:\windows\SysWow64\vulkan-1.dll
2017-09-13 23:20 . 2017-09-13 23:20 490296 ----a-w- c:\windows\SysWow64\vulkaninfo-1-1-0-61-0.exe
2017-09-13 23:20 . 2016-03-30 04:50 490296 ----a-w- c:\windows\SysWow64\vulkaninfo.exe
2017-09-13 23:19 . 2017-09-13 23:19 927544 ----a-w- c:\windows\system32\vulkan-1-1-0-61-0.dll
2017-09-13 23:19 . 2016-03-30 04:50 927544 ----a-w- c:\windows\system32\vulkan-1.dll
2017-09-13 23:19 . 2017-09-13 23:19 591160 ----a-w- c:\windows\system32\vulkaninfo-1-1-0-61-0.exe
2017-09-13 23:19 . 2016-03-30 04:50 591160 ----a-w- c:\windows\system32\vulkaninfo.exe
2017-09-01 23:15 . 2017-09-01 23:15 96256 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2017-09-01 23:13 . 2017-09-01 23:13 103424 ----a-w- c:\windows\system32\DelayAPO.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2017-02-03 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2017-02-03 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2015-11-10 . 0A78439765E31510D75C9E2284F3A722 . 833024 . . [6.1.7601.17514] .. c:\windows\erdnt\cache86\user32.dll
[7] 2015-11-10 . 0A78439765E31510D75C9E2284F3A722 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_3579d47ab8884c9d\user32.dll
[7] 2015-11-10 . D0A3A0DBF77EE35CE97E55DE92014E05 . 833024 . . [6.1.7601.23265] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_36077453d1a24eea\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-12-21 9292504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2014-04-03 134616]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-03-07 205512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Origin Web Helper Service;Origin Web Helper Service;c:\program files (x86)\Origin\OriginWebHelperService.exe;c:\program files (x86)\Origin\OriginWebHelperService.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 CoordinatorServiceHost;DTSInterops;c:\program files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe;c:\program files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe [x]
R3 cpuz138;cpuz138;c:\users\Honza\AppData\Local\Temp\cpuz138\cpuz138_x64.sys;c:\users\Honza\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 intelsba;Intel(R) Small Business Advantage;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super Charger\ChargeService.exe;c:\program files (x86)\MSI\Super Charger\ChargeService.exe [x]
S2 RemoteSolverDispatcher;Remote Solver for Flow Simulation 2016;c:\program files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe SOFTWARE\SRAC\COSMOS_FloWorks 2016;c:\program files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe SOFTWARE\SRAC\COSMOS_FloWorks 2016 [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WINRING0_1_2_0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2017-04-05 00:38 323664 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-03-07 14:05 1481016 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-03-07 14:05 1481016 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-07-15 7637208]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-MBAMService
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{22154f09-719a-4619-bb71-5b3356999fbf} - c:\programdata\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe
AddRemove-{23daf363-3020-4059-b3ae-dc4ad39fed19} - c:\programdata\Package Cache\{23daf363-3020-4059-b3ae-dc4ad39fed19}\VC_redist.x86.exe
AddRemove-{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4} - c:\programdata\Package Cache\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\VC_redist.x64.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{d370215a-d003-43ae-a3b6-1028af64d5a1} - c:\programdata\Package Cache\{d370215a-d003-43ae-a3b6-1028af64d5a1}\SetupChipset.exe
AddRemove-{e2803110-78b3-4664-a479-3611a381656a} - c:\programdata\Package Cache\{e2803110-78b3-4664-a479-3611a381656a}\VC_redist.x86.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2017-11-16 17:01:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2017-11-16 16:01
ComboFix2.txt 2017-11-15 20:50
.
Před spuštěním: Volných bajtů: 44 811 116 544
Po spuštění: Volných bajtů: 44 536 012 800
.
- - End Of File - - 03DC7CDE7EE0BE048BFC9DF1DA3D9BC1
A36C5E4F47E84449FF07ED3517B43A31

vlkosek · Příspěvekod **vlkosek** » 16 lis 2017 17:05

hodilo to na konci nějaký chybový hlášky: unable to create backup of current registry file C:/windows/system32/config/system!

dal sem pokračovat

Erorr restoring c:/windows/erdnt/subs/system
to
C:/windows/system32/config/system!
continue with next file?
RegReplace key:5-přístup byl odepřen

vlkosek · Příspěvekod **vlkosek** » 16 lis 2017 17:51

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-11-16 17:22:33
-----------------------------
17:22:33.654 OS Version: Windows x64 6.1.7601 Service Pack 1
17:22:33.654 Number of processors: 4 586 0x3C03
17:22:33.654 ComputerName: HONZA-PC UserName: Honza
17:23:10.797 Initialize success
17:23:10.813 VM: initialized successfully
17:23:10.813 VM: Intel CPU supported virtualized
17:23:17.349 VM: supported disk I/O ataport.SYS
17:23:25.493 AVAST engine defs: 17111604
17:24:17.332 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:24:17.332 Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476938MB BusType: 11
17:24:17.800 VM: Disk 0 MBR read successfully
17:24:17.800 Disk 0 MBR scan
17:24:17.800 Disk 0 Windows 7 default MBR code
17:24:17.800 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 63
17:24:17.831 Disk 0 Boot: NTFS code=2
17:24:17.893 Disk 0 scanning C:\Windows\system32\drivers
17:24:41.293 Service scanning
17:25:08.515 Modules scanning
17:25:08.515 Disk 0 trace - called modules:
17:25:08.531 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:25:08.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800765c060]
17:25:08.531 3 CLASSPNP.SYS[fffff8800196e43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800715c1f0]
17:25:45.830 AVAST engine scan C:\Windows
17:26:54.283 AVAST engine scan C:\Windows\system32
17:32:58.903 AVAST engine scan C:\Windows\system32\drivers
17:33:49.977 AVAST engine scan C:\Users\Honza
17:41:41.270 File: C:\Users\Honza\Downloads\hot-fuzz-torrent--kat.exe **INFECTED** Win32:Malware-gen
17:45:17.330 AVAST engine scan C:\ProgramData
17:47:45.187 Disk 0 statistics 4823048/0/14 @ 2,18 MB/s
17:47:45.187 Scan finished successfully
17:49:12.563 Disk 0 MBR has been saved successfully to "C:\Users\Honza\Desktop\MBR.dat"
17:49:12.563 The log file has been saved successfully to "C:\Users\Honza\Desktop\aswMBR.txt"

vlkosek · Příspěvekod **vlkosek** » 16 lis 2017 17:52

hot-fuzz-torrent--kat.exe
sem smazal

Příspěvekod **jaro3** » 16 lis 2017 18:43

Ok , a zálohu Ti třo neudělá , to dělalo jen u xp.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Další odkazy:
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

Vlož nový log z HJT + informuj o problémech.

vlkosek · Příspěvekod **vlkosek** » 16 lis 2017 19:58

# DelFix v1.013 - Logfile created 16/11/2017 at 19:54:45
# Updated 17/04/2016 by Xplode
# Username : Honza - HONZA-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\zoek-results.log
Deleted : C:\zoek.rar
Deleted : C:\Users\Honza\Desktop\AdwCleaner.exe
Deleted : C:\Users\Honza\Desktop\aswmbr.exe
Deleted : C:\Users\Honza\Desktop\aswMBR.txt
Deleted : C:\Users\Honza\Desktop\combofix.txt
Deleted : C:\Users\Honza\Desktop\JRT.exe
Deleted : C:\Users\Honza\Desktop\JRT.txt
Deleted : C:\Users\Honza\Desktop\HijackThis.exe
Deleted : C:\Users\Honza\Desktop\hijackthis.log
Deleted : C:\Users\Honza\Desktop\MBR.dat
Deleted : C:\Users\Honza\Desktop\RogueKiller_portable64.exe
Deleted : C:\Users\Honza\Desktop\zoek.exe
Deleted : C:\Users\Honza\Downloads\TFC.exe
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #179 [ComboFix created restore point | 11/16/2017 18:46:09]

New restore point created !

########## - EOF - ##########

google chrome Vyřešeno

Re: google chrome

Re: google chrome

Re: google chrome

Re: google chrome

Re: google chrome

Re: google chrome

Re: google chrome

Re: google chrome

Re: google chrome

Re: google chrome

Re: google chrome

Re: google chrome

Kdo je online