havěť Vyřešeno

[vlkosek]

ComboFix 17-01-29.01 - Honza 30.01.2017 14:24:42.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8120.6520 [GMT 1:00]
Spuštěný z: c:\users\Honza\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-12-28 do 2017-01-30 )))))))))))))))))))))))))))))))
.
.
2017-01-30 13:32 . 2017-01-30 13:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-01-30 11:24 . 2017-01-30 11:24 -------- d-----w- c:\programdata\Sophos
2017-01-30 11:22 . 2017-01-30 11:22 -------- d-----w- c:\program files (x86)\Sophos
2017-01-30 11:11 . 2017-01-30 13:32 -------- d-----w- c:\users\Honza\AppData\Local\Temp
2017-01-30 11:11 . 2017-01-30 10:59 24064 ----a-w- c:\windows\zoek-delete.exe
2017-01-30 10:59 . 2017-01-30 11:10 -------- d-----w- C:\zoek_backup
2017-01-29 18:46 . 2017-01-29 21:56 -------- d-----w- C:\AdwCleaner
2017-01-29 18:11 . 2017-01-29 18:11 -------- d-----w- c:\users\Default\AppData\Local\AdvinstAnalytics
2017-01-29 17:57 . 2017-01-29 20:50 -------- d-----w- c:\users\Honza\AppData\Local\Apnlworks
2017-01-29 17:57 . 2017-01-29 18:02 -------- d-----w- c:\users\Honza\AppData\Local\AXXworks
2017-01-29 17:57 . 2017-01-29 18:40 -------- d--h--w- c:\programdata\8716n60b29k8462
2017-01-29 17:56 . 2017-01-29 17:56 -------- d-----w- c:\program files (x86)\Seznam.cz
2017-01-29 17:56 . 2017-01-29 17:56 -------- d-----w- c:\users\Honza\AppData\Roaming\Seznam.cz
2017-01-29 17:55 . 2017-01-29 17:55 -------- d-----w- c:\programdata\{e01-03-93-414a8-a11e8-2be1-27365}
2017-01-29 17:55 . 2017-01-30 13:06 -------- d-----w- c:\program files (x86)\Removewat 2.2.7
2017-01-28 08:50 . 2017-01-28 08:51 -------- d-----w- c:\program files\Core Temp
2017-01-03 07:57 . 2017-01-02 11:02 391496 ----a-w- c:\windows\system32\aswBoot.exe
2017-01-02 11:02 . 2017-01-02 11:02 921280 ----a-w- c:\windows\SysWow64\ucrtbase.dll
2017-01-02 11:02 . 2017-01-02 11:02 992960 ----a-w- c:\windows\system32\ucrtbase.dll
2017-01-02 11:02 . 2017-01-02 11:02 53208 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-30 13:12 . 2016-09-03 18:27 65536 ----a-w- c:\windows\system32\spu_storage.bin
2017-01-30 10:19 . 2015-12-29 10:16 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-01-29 23:03 . 2015-01-30 16:45 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2017-01-29 23:03 . 2015-01-26 18:50 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2017-01-29 23:03 . 2015-01-26 18:50 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2017-01-29 22:18 . 2015-12-29 09:06 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-01-10 21:33 . 2016-01-03 18:50 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-01-10 21:33 . 2016-01-03 18:50 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-02 11:03 . 2013-01-20 20:07 293352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-01-02 11:03 . 2013-01-20 20:07 513632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-01-02 11:03 . 2013-01-20 20:07 969184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-01-02 11:02 . 2013-01-20 20:07 163416 ----a-w- c:\windows\system32\drivers\aswStm.sys
2017-01-02 11:02 . 2013-01-20 20:07 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-01-02 11:02 . 2013-01-20 20:07 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-01-02 11:02 . 2013-01-20 20:07 108816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-01-02 11:02 . 2013-01-20 20:07 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-01-02 11:01 . 2016-03-24 05:28 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-11-15 21:21 . 2015-11-18 08:19 9981352 ----a-w- c:\windows\SysWow64\atiumdva.dll
2016-11-15 21:21 . 2016-07-18 22:20 10977392 ----a-w- c:\windows\system32\atiumd6a.dll
2016-11-15 21:20 . 2016-11-15 21:20 109856 ----a-w- c:\windows\system32\atimpc64.dll
2016-11-15 21:20 . 2016-11-15 21:20 109856 ----a-w- c:\windows\system32\amdpcom64.dll
2016-11-15 21:20 . 2016-11-15 21:20 92328 ----a-w- c:\windows\SysWow64\atimpc32.dll
2016-11-15 21:20 . 2016-11-15 21:20 92328 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2016-11-15 21:20 . 2016-11-15 21:20 139720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2016-11-15 21:20 . 2013-06-04 23:12 170072 ----a-w- c:\windows\system32\atiuxp64.dll
2016-11-15 21:20 . 2015-11-18 08:19 7213248 ----a-w- c:\windows\SysWow64\atiumdag.dll
2016-11-15 21:20 . 2016-07-18 22:20 8847888 ----a-w- c:\windows\system32\atiumd64.dll
2016-11-15 21:20 . 2015-11-18 08:20 123776 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2016-11-15 21:20 . 2016-11-15 21:20 141280 ----a-w- c:\windows\system32\amdhcp64.dll
2016-11-15 21:20 . 2016-07-18 22:21 151056 ----a-w- c:\windows\system32\atiu9p64.dll
2016-11-15 21:20 . 2016-11-15 21:20 125288 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2016-11-15 21:19 . 2016-11-15 21:19 145400 ----a-w- c:\windows\system32\amdave64.dll
2016-11-15 21:19 . 2016-11-15 21:19 124776 ----a-w- c:\windows\SysWow64\amdave32.dll
2016-11-15 21:18 . 2016-11-15 21:18 275336 ----a-w- c:\windows\system32\GameManager64.dll
2016-11-15 21:18 . 2016-11-15 21:18 240008 ----a-w- c:\windows\SysWow64\GameManager32.dll
2016-11-15 21:18 . 2016-11-15 21:18 281992 ----a-w- c:\windows\system32\dgtrayicon.exe
2016-11-15 21:18 . 2016-11-15 21:18 20360 ----a-w- c:\windows\system32\detoured.dll
2016-11-15 21:18 . 2016-11-15 21:18 20360 ----a-w- c:\windows\SysWow64\detoured.dll
2016-11-15 21:18 . 2013-06-04 23:11 10965056 ----a-w- c:\windows\system32\atidxx64.dll
2016-11-15 21:18 . 2016-11-15 21:18 286600 ----a-w- c:\windows\system32\atitmm64.dll
2016-11-15 21:18 . 2016-11-15 21:18 136584 ----a-w- c:\windows\system32\atisamu64.dll
2016-11-15 21:18 . 2016-11-15 21:18 9114104 ----a-w- c:\windows\SysWow64\atidxx32.dll
2016-11-15 21:18 . 2016-11-15 21:18 117640 ----a-w- c:\windows\SysWow64\atisamu32.dll
2016-11-15 21:18 . 2016-11-15 21:18 59784 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2016-11-15 21:18 . 2016-11-15 21:18 110472 ----a-w- c:\windows\system32\atimuixx.dll
2016-11-15 21:18 . 2016-11-15 21:18 2481032 ----a-w- c:\windows\system32\amfrt64.dll
2016-11-15 21:18 . 2016-11-15 21:18 520072 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2016-11-15 21:17 . 2016-11-15 21:17 2163592 ----a-w- c:\windows\SysWow64\amfrt32.dll
2016-11-15 21:17 . 2013-06-04 23:11 1561632 ----a-w- c:\windows\system32\aticfx64.dll
2016-11-15 21:17 . 2016-11-15 21:17 107400 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2016-11-15 21:17 . 2016-11-15 21:17 107400 ----a-w- c:\windows\system32\atiglpxx.dll
2016-11-15 21:17 . 2015-06-23 02:08 1281448 ----a-w- c:\windows\SysWow64\aticfx32.dll
2016-11-15 21:17 . 2016-11-15 21:17 175496 ----a-w- c:\windows\SysWow64\atigktxx.dll
2016-11-15 21:17 . 2016-11-15 21:17 9926536 ----a-w- c:\windows\system32\amdvlk64.dll
2016-11-15 21:17 . 2016-11-15 21:17 201608 ----a-w- c:\windows\system32\atig6txx.dll
2016-11-15 21:17 . 2016-11-15 21:17 122760 ----a-w- c:\windows\system32\atig6pxx.dll
2016-11-15 21:17 . 2016-11-15 21:17 289160 ----a-w- c:\windows\system32\atiesrxx.exe
2016-11-15 21:17 . 2016-11-15 21:17 8065928 ----a-w- c:\windows\SysWow64\amdvlk32.dll
2016-11-15 21:17 . 2016-11-15 21:17 525704 ----a-w- c:\windows\system32\atieclxx.exe
2016-11-15 21:17 . 2016-11-15 21:17 230280 ----a-w- c:\windows\system32\atieah64.exe
2016-11-15 21:17 . 2016-11-15 21:17 208264 ----a-w- c:\windows\SysWow64\atieah32.exe
2016-11-15 21:17 . 2016-11-15 21:17 458632 ----a-w- c:\windows\system32\atidemgy.dll
2016-11-15 21:17 . 2016-11-15 21:17 155016 ----a-w- c:\windows\system32\amduve64.dll
2016-11-15 21:17 . 2016-11-15 21:17 134536 ----a-w- c:\windows\SysWow64\amduve32.dll
2016-11-15 21:17 . 2016-11-15 21:17 78728 ----a-w- c:\windows\system32\aticalrt64.dll
2016-11-15 21:17 . 2016-11-15 21:17 68488 ----a-w- c:\windows\SysWow64\aticalrt.dll
2016-11-15 21:17 . 2016-11-15 21:17 129416 ----a-w- c:\windows\system32\mantleaxl64.dll
2016-11-15 21:17 . 2016-11-15 21:17 66952 ----a-w- c:\windows\system32\amdmmcl6.dll
2016-11-15 21:17 . 2016-11-15 21:17 108936 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2016-11-15 21:17 . 2016-11-15 21:17 54664 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2016-11-15 21:17 . 2016-11-15 21:17 160136 ----a-w- c:\windows\system32\mantle64.dll
2016-11-15 21:17 . 2016-11-15 21:17 82824 ----a-w- c:\windows\system32\amdmcl64.dll
2016-11-15 21:17 . 2016-11-15 21:17 15728008 ----a-w- c:\windows\system32\aticaldd64.dll
2016-11-15 21:17 . 2016-11-15 21:17 135048 ----a-w- c:\windows\SysWow64\mantle32.dll
2016-11-15 21:17 . 2016-11-15 21:17 66440 ----a-w- c:\windows\SysWow64\amdmcl32.dll
2016-11-15 21:17 . 2016-11-15 21:17 349064 ----a-w- c:\windows\system32\ATIODE.exe
2016-11-15 21:17 . 2016-11-15 21:17 67464 ----a-w- c:\windows\system32\ATIODCLI.exe
2016-11-15 21:17 . 2016-11-15 21:17 14318984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2016-11-15 21:17 . 2016-11-15 21:17 72072 ----a-w- c:\windows\system32\aticalcl64.dll
2016-11-15 21:17 . 2016-11-15 21:17 65416 ----a-w- c:\windows\SysWow64\aticalcl.dll
2016-11-15 21:17 . 2016-11-15 21:17 402312 ----a-w- c:\windows\system32\atiapfxx.exe
2016-11-15 21:16 . 2016-11-15 21:16 998280 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2016-11-15 21:16 . 2016-11-15 21:16 998280 ----a-w- c:\windows\SysWow64\atiadlxx.dll
2016-11-15 21:16 . 2013-06-04 21:35 1333128 ----a-w- c:\windows\system32\atiadlxx.dll
2016-11-15 21:16 . 2016-11-15 21:16 267656 ----a-w- c:\windows\system32\hsa-thunk64.dll
2016-11-15 21:16 . 2016-11-15 21:16 269192 ----a-w- c:\windows\system32\clinfo.exe
2016-11-15 21:16 . 2016-11-15 21:16 233352 ----a-w- c:\windows\SysWow64\hsa-thunk.dll
2016-11-15 21:16 . 2016-11-15 21:16 112520 ----a-w- c:\windows\system32\OpenCL.dll
2016-11-15 21:16 . 2016-11-15 21:16 103304 ----a-w- c:\windows\SysWow64\OpenCL.dll
2016-11-15 21:16 . 2016-11-15 21:16 9311624 ----a-w- c:\windows\system32\amdmantle64.dll
2016-11-15 21:16 . 2016-11-15 21:16 48824712 ----a-w- c:\windows\system32\amdocl64.dll
2016-11-15 21:16 . 2016-11-15 21:16 7363976 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2016-11-15 21:16 . 2016-11-15 21:16 845192 ----a-w- c:\windows\system32\amdlvr64.dll
2016-11-15 21:16 . 2016-11-15 21:16 679304 ----a-w- c:\windows\SysWow64\amdlvr32.dll
2016-11-15 21:16 . 2016-11-15 21:16 27489672 ----a-w- c:\windows\system32\amdocl12cl64.dll
2016-11-15 21:16 . 2016-11-15 21:16 248200 ----a-w- c:\windows\system32\amdgfxinfo64.dll
2016-11-15 21:16 . 2016-11-15 21:16 221064 ----a-w- c:\windows\SysWow64\amdgfxinfo32.dll
2016-11-15 21:16 . 2016-11-15 21:16 305544 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2016-11-15 21:16 . 2016-11-15 21:16 21640584 ----a-w- c:\windows\SysWow64\amdocl12cl.dll
2016-11-15 21:16 . 2016-09-16 19:40 892296 ----a-w- c:\windows\system32\coinst_16.40.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-12-08 8590760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2014-04-03 134616]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-06-27 292848]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2017-01-02 9080768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SOLIDWORKS 2016 Rychlé spuštění.lnk - c:\windows\Installer\{768F3B65-1695-47B7-9002-B11400CB111D}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe [2016-12-1 335872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Origin Web Helper Service;Origin Web Helper Service;c:\program files (x86)\Origin\OriginWebHelperService.exe;c:\program files (x86)\Origin\OriginWebHelperService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 CoordinatorServiceHost;DTSInterops;c:\program files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe;c:\program files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe [x]
R3 cpuz138;cpuz138;c:\users\Honza\AppData\Local\Temp\cpuz138\cpuz138_x64.sys;c:\users\Honza\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 intelsba;Intel(R) Small Business Advantage;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super Charger\ChargeService.exe;c:\program files (x86)\MSI\Super Charger\ChargeService.exe [x]
S2 RemoteSolverDispatcher;Remote Solver for Flow Simulation 2016;c:\program files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe SOFTWARE\SRAC\COSMOS_FloWorks 2016;c:\program files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe SOFTWARE\SRAC\COSMOS_FloWorks 2016 [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super Charger\NTIOLib_X64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Honza\AppData\Local\Temp\tmpC16A.tmp;c:\users\Honza\AppData\Local\Temp\tmpC16A.tmp [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - NTIOLIB_1_0_3
*NewlyCreated* - WINRING0_1_2_0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-20 19:40 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.59\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2017-01-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-03 21:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-01-02 11:02 1031520 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-07-15 7637208]
"StartCN"="c:\program files\AMD\CNext\CNext\RadeonSettings.exe" [2016-11-15 8029576]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{22154f09-719a-4619-bb71-5b3356999fbf} - c:\programdata\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{d370215a-d003-43ae-a3b6-1028af64d5a1} - c:\programdata\Package Cache\{d370215a-d003-43ae-a3b6-1028af64d5a1}\SetupChipset.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Honza\AppData\Local\Temp\tmpC16A.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2017-01-30 14:34:11
ComboFix-quarantined-files.txt 2017-01-30 13:34
.
Před spuštěním: Volných bajtů: 53 462 757 376
Po spuštění: Volných bajtů: 53 054 558 208
.
- - End Of File - - F50196E9285E6510D2FA63AC7157E38F
A36C5E4F47E84449FF07ED3517B43A31

[Reklama]

[jaro3]

c:\users\Honza\AppData\Local\Apnlworks
c:\users\Honza\AppData\Local\AXXworks
c:\programdata\8716n60b29k8462

znáš ty složky? Co v nich je?


c:\program files (x86)\Removewat 2.2.7 tohle bys měl smazat..

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\Installer\{768F3B65-1695-47B7-9002-B11400CB111D}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

[vlkosek]

-nevím, smazal bych to.
-zbytek zkusím provést
díky

[vlkosek]

ty složky se můžou asi vymzat. o ničem nevim že bych tam ukladal
C:\program files (x86)\Removewat 2.2.7 jsem smazal
zbytek pořeším
díky

[vlkosek]

http://r.virscan.org/report/73efca494d9 ... b02d503633

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\Adobe Flash Player Updater.job

Folder::
c:\program files (x86)\Skype\Updater
c:\users\Honza\AppData\Local\Apnlworks
c:\users\Honza\AppData\Local\AXXworks
c:\programdata\8716n60b29k8462

Driver::
SkypeUpdate

DDS::
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = *.local

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\users\Honza\AppData\Local\Temp\tmpC16A.tmp

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

[vlkosek]

mrknu na to. zatím to cajk, nikde už nic nevyskakuje

[jerabina]

Jakmile budete mít požadované logy a výsledek testu z VirusTotalu pro daný soubor, tak to sem prosím vložte.

[vlkosek]

ComboFix 17-01-29.01 - Honza 31.01.2017 13:10:44.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8120.6667 [GMT 1:00]
Spuštěný z: c:\users\Honza\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Honza\Desktop\CFScript.txt
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\programdata\8716n60b29k8462
c:\programdata\8716n60b29k8462\169.tmp
c:\users\Honza\AppData\Local\Apnlworks
c:\users\Honza\AppData\Local\Apnlworks\MSMCuda.txt
c:\users\Honza\AppData\Local\AXXworks
c:\users\Honza\AppData\Local\AXXworks\{EAF5E857-706A-5C71-4356-BE29D26709E7}
c:\windows\Tasks\Adobe Flash Player Updater.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-12-28 do 2017-01-31 )))))))))))))))))))))))))))))))
.
.
2017-01-30 11:24 . 2017-01-30 11:24 -------- d-----w- c:\programdata\Sophos
2017-01-30 11:22 . 2017-01-30 11:22 -------- d-----w- c:\program files (x86)\Sophos
2017-01-30 11:11 . 2017-01-31 12:20 -------- d-----w- c:\users\Honza\AppData\Local\Temp
2017-01-30 11:11 . 2017-01-30 10:59 24064 ----a-w- c:\windows\zoek-delete.exe
2017-01-30 10:59 . 2017-01-30 11:10 -------- d-----w- C:\zoek_backup
2017-01-29 18:46 . 2017-01-29 21:56 -------- d-----w- C:\AdwCleaner
2017-01-29 18:11 . 2017-01-29 18:11 -------- d-----w- c:\users\Default\AppData\Local\AdvinstAnalytics
2017-01-29 17:56 . 2017-01-29 17:56 -------- d-----w- c:\program files (x86)\Seznam.cz
2017-01-29 17:56 . 2017-01-29 17:56 -------- d-----w- c:\users\Honza\AppData\Roaming\Seznam.cz
2017-01-29 17:55 . 2017-01-29 17:55 -------- d-----w- c:\programdata\{e01-03-93-414a8-a11e8-2be1-27365}
2017-01-28 08:50 . 2017-01-28 08:51 -------- d-----w- c:\program files\Core Temp
2017-01-03 07:57 . 2017-01-02 11:02 391496 ----a-w- c:\windows\system32\aswBoot.exe
2017-01-02 11:02 . 2017-01-02 11:02 921280 ----a-w- c:\windows\SysWow64\ucrtbase.dll
2017-01-02 11:02 . 2017-01-02 11:02 992960 ----a-w- c:\windows\system32\ucrtbase.dll
2017-01-02 11:02 . 2017-01-02 11:02 53208 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-31 12:17 . 2016-09-03 18:27 65536 ----a-w- c:\windows\system32\spu_storage.bin
2017-01-30 21:32 . 2015-01-30 16:45 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2017-01-30 21:32 . 2015-01-26 18:50 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2017-01-30 21:31 . 2015-01-26 18:50 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2017-01-30 19:26 . 2015-12-29 09:06 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-01-30 10:19 . 2015-12-29 10:16 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-01-10 21:33 . 2016-01-03 18:50 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-01-10 21:33 . 2016-01-03 18:50 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-02 11:03 . 2013-01-20 20:07 293352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-01-02 11:03 . 2013-01-20 20:07 513632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-01-02 11:03 . 2013-01-20 20:07 969184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-01-02 11:02 . 2013-01-20 20:07 163416 ----a-w- c:\windows\system32\drivers\aswStm.sys
2017-01-02 11:02 . 2013-01-20 20:07 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-01-02 11:02 . 2013-01-20 20:07 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-01-02 11:02 . 2013-01-20 20:07 108816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-01-02 11:02 . 2013-01-20 20:07 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-01-02 11:01 . 2016-03-24 05:28 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-11-15 21:21 . 2015-11-18 08:19 9981352 ----a-w- c:\windows\SysWow64\atiumdva.dll
2016-11-15 21:21 . 2016-07-18 22:20 10977392 ----a-w- c:\windows\system32\atiumd6a.dll
2016-11-15 21:20 . 2016-11-15 21:20 109856 ----a-w- c:\windows\system32\atimpc64.dll
2016-11-15 21:20 . 2016-11-15 21:20 109856 ----a-w- c:\windows\system32\amdpcom64.dll
2016-11-15 21:20 . 2016-11-15 21:20 92328 ----a-w- c:\windows\SysWow64\atimpc32.dll
2016-11-15 21:20 . 2016-11-15 21:20 92328 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2016-11-15 21:20 . 2016-11-15 21:20 139720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2016-11-15 21:20 . 2013-06-04 23:12 170072 ----a-w- c:\windows\system32\atiuxp64.dll
2016-11-15 21:20 . 2015-11-18 08:19 7213248 ----a-w- c:\windows\SysWow64\atiumdag.dll
2016-11-15 21:20 . 2016-07-18 22:20 8847888 ----a-w- c:\windows\system32\atiumd64.dll
2016-11-15 21:20 . 2015-11-18 08:20 123776 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2016-11-15 21:20 . 2016-11-15 21:20 141280 ----a-w- c:\windows\system32\amdhcp64.dll
2016-11-15 21:20 . 2016-07-18 22:21 151056 ----a-w- c:\windows\system32\atiu9p64.dll
2016-11-15 21:20 . 2016-11-15 21:20 125288 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2016-11-15 21:19 . 2016-11-15 21:19 145400 ----a-w- c:\windows\system32\amdave64.dll
2016-11-15 21:19 . 2016-11-15 21:19 124776 ----a-w- c:\windows\SysWow64\amdave32.dll
2016-11-15 21:18 . 2016-11-15 21:18 275336 ----a-w- c:\windows\system32\GameManager64.dll
2016-11-15 21:18 . 2016-11-15 21:18 240008 ----a-w- c:\windows\SysWow64\GameManager32.dll
2016-11-15 21:18 . 2016-11-15 21:18 281992 ----a-w- c:\windows\system32\dgtrayicon.exe
2016-11-15 21:18 . 2016-11-15 21:18 20360 ----a-w- c:\windows\system32\detoured.dll
2016-11-15 21:18 . 2016-11-15 21:18 20360 ----a-w- c:\windows\SysWow64\detoured.dll
2016-11-15 21:18 . 2013-06-04 23:11 10965056 ----a-w- c:\windows\system32\atidxx64.dll
2016-11-15 21:18 . 2016-11-15 21:18 286600 ----a-w- c:\windows\system32\atitmm64.dll
2016-11-15 21:18 . 2016-11-15 21:18 136584 ----a-w- c:\windows\system32\atisamu64.dll
2016-11-15 21:18 . 2016-11-15 21:18 9114104 ----a-w- c:\windows\SysWow64\atidxx32.dll
2016-11-15 21:18 . 2016-11-15 21:18 117640 ----a-w- c:\windows\SysWow64\atisamu32.dll
2016-11-15 21:18 . 2016-11-15 21:18 59784 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2016-11-15 21:18 . 2016-11-15 21:18 110472 ----a-w- c:\windows\system32\atimuixx.dll
2016-11-15 21:18 . 2016-11-15 21:18 2481032 ----a-w- c:\windows\system32\amfrt64.dll
2016-11-15 21:18 . 2016-11-15 21:18 520072 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2016-11-15 21:17 . 2016-11-15 21:17 2163592 ----a-w- c:\windows\SysWow64\amfrt32.dll
2016-11-15 21:17 . 2013-06-04 23:11 1561632 ----a-w- c:\windows\system32\aticfx64.dll
2016-11-15 21:17 . 2016-11-15 21:17 107400 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2016-11-15 21:17 . 2016-11-15 21:17 107400 ----a-w- c:\windows\system32\atiglpxx.dll
2016-11-15 21:17 . 2015-06-23 02:08 1281448 ----a-w- c:\windows\SysWow64\aticfx32.dll
2016-11-15 21:17 . 2016-11-15 21:17 175496 ----a-w- c:\windows\SysWow64\atigktxx.dll
2016-11-15 21:17 . 2016-11-15 21:17 9926536 ----a-w- c:\windows\system32\amdvlk64.dll
2016-11-15 21:17 . 2016-11-15 21:17 201608 ----a-w- c:\windows\system32\atig6txx.dll
2016-11-15 21:17 . 2016-11-15 21:17 122760 ----a-w- c:\windows\system32\atig6pxx.dll
2016-11-15 21:17 . 2016-11-15 21:17 289160 ----a-w- c:\windows\system32\atiesrxx.exe
2016-11-15 21:17 . 2016-11-15 21:17 8065928 ----a-w- c:\windows\SysWow64\amdvlk32.dll
2016-11-15 21:17 . 2016-11-15 21:17 525704 ----a-w- c:\windows\system32\atieclxx.exe
2016-11-15 21:17 . 2016-11-15 21:17 230280 ----a-w- c:\windows\system32\atieah64.exe
2016-11-15 21:17 . 2016-11-15 21:17 208264 ----a-w- c:\windows\SysWow64\atieah32.exe
2016-11-15 21:17 . 2016-11-15 21:17 458632 ----a-w- c:\windows\system32\atidemgy.dll
2016-11-15 21:17 . 2016-11-15 21:17 155016 ----a-w- c:\windows\system32\amduve64.dll
2016-11-15 21:17 . 2016-11-15 21:17 134536 ----a-w- c:\windows\SysWow64\amduve32.dll
2016-11-15 21:17 . 2016-11-15 21:17 78728 ----a-w- c:\windows\system32\aticalrt64.dll
2016-11-15 21:17 . 2016-11-15 21:17 68488 ----a-w- c:\windows\SysWow64\aticalrt.dll
2016-11-15 21:17 . 2016-11-15 21:17 129416 ----a-w- c:\windows\system32\mantleaxl64.dll
2016-11-15 21:17 . 2016-11-15 21:17 66952 ----a-w- c:\windows\system32\amdmmcl6.dll
2016-11-15 21:17 . 2016-11-15 21:17 108936 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2016-11-15 21:17 . 2016-11-15 21:17 54664 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2016-11-15 21:17 . 2016-11-15 21:17 160136 ----a-w- c:\windows\system32\mantle64.dll
2016-11-15 21:17 . 2016-11-15 21:17 82824 ----a-w- c:\windows\system32\amdmcl64.dll
2016-11-15 21:17 . 2016-11-15 21:17 15728008 ----a-w- c:\windows\system32\aticaldd64.dll
2016-11-15 21:17 . 2016-11-15 21:17 135048 ----a-w- c:\windows\SysWow64\mantle32.dll
2016-11-15 21:17 . 2016-11-15 21:17 66440 ----a-w- c:\windows\SysWow64\amdmcl32.dll
2016-11-15 21:17 . 2016-11-15 21:17 349064 ----a-w- c:\windows\system32\ATIODE.exe
2016-11-15 21:17 . 2016-11-15 21:17 67464 ----a-w- c:\windows\system32\ATIODCLI.exe
2016-11-15 21:17 . 2016-11-15 21:17 14318984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2016-11-15 21:17 . 2016-11-15 21:17 72072 ----a-w- c:\windows\system32\aticalcl64.dll
2016-11-15 21:17 . 2016-11-15 21:17 65416 ----a-w- c:\windows\SysWow64\aticalcl.dll
2016-11-15 21:17 . 2016-11-15 21:17 402312 ----a-w- c:\windows\system32\atiapfxx.exe
2016-11-15 21:16 . 2016-11-15 21:16 998280 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2016-11-15 21:16 . 2016-11-15 21:16 998280 ----a-w- c:\windows\SysWow64\atiadlxx.dll
2016-11-15 21:16 . 2013-06-04 21:35 1333128 ----a-w- c:\windows\system32\atiadlxx.dll
2016-11-15 21:16 . 2016-11-15 21:16 267656 ----a-w- c:\windows\system32\hsa-thunk64.dll
2016-11-15 21:16 . 2016-11-15 21:16 269192 ----a-w- c:\windows\system32\clinfo.exe
2016-11-15 21:16 . 2016-11-15 21:16 233352 ----a-w- c:\windows\SysWow64\hsa-thunk.dll
2016-11-15 21:16 . 2016-11-15 21:16 112520 ----a-w- c:\windows\system32\OpenCL.dll
2016-11-15 21:16 . 2016-11-15 21:16 103304 ----a-w- c:\windows\SysWow64\OpenCL.dll
2016-11-15 21:16 . 2016-11-15 21:16 9311624 ----a-w- c:\windows\system32\amdmantle64.dll
2016-11-15 21:16 . 2016-11-15 21:16 48824712 ----a-w- c:\windows\system32\amdocl64.dll
2016-11-15 21:16 . 2016-11-15 21:16 7363976 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2016-11-15 21:16 . 2016-11-15 21:16 845192 ----a-w- c:\windows\system32\amdlvr64.dll
2016-11-15 21:16 . 2016-11-15 21:16 679304 ----a-w- c:\windows\SysWow64\amdlvr32.dll
2016-11-15 21:16 . 2016-11-15 21:16 27489672 ----a-w- c:\windows\system32\amdocl12cl64.dll
2016-11-15 21:16 . 2016-11-15 21:16 248200 ----a-w- c:\windows\system32\amdgfxinfo64.dll
2016-11-15 21:16 . 2016-11-15 21:16 221064 ----a-w- c:\windows\SysWow64\amdgfxinfo32.dll
2016-11-15 21:16 . 2016-11-15 21:16 305544 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2016-11-15 21:16 . 2016-11-15 21:16 21640584 ----a-w- c:\windows\SysWow64\amdocl12cl.dll
2016-11-15 21:16 . 2016-09-16 19:40 892296 ----a-w- c:\windows\system32\coinst_16.40.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-12-08 8590760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2014-04-03 134616]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-06-27 292848]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2017-01-02 9080768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SOLIDWORKS 2016 Rychlé spuštění.lnk - c:\windows\Installer\{768F3B65-1695-47B7-9002-B11400CB111D}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe [2016-12-1 335872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Origin Web Helper Service;Origin Web Helper Service;c:\program files (x86)\Origin\OriginWebHelperService.exe;c:\program files (x86)\Origin\OriginWebHelperService.exe [x]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 CoordinatorServiceHost;DTSInterops;c:\program files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe;c:\program files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe [x]
R3 cpuz138;cpuz138;c:\users\Honza\AppData\Local\Temp\cpuz138\cpuz138_x64.sys;c:\users\Honza\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 intelsba;Intel(R) Small Business Advantage;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super Charger\ChargeService.exe;c:\program files (x86)\MSI\Super Charger\ChargeService.exe [x]
S2 RemoteSolverDispatcher;Remote Solver for Flow Simulation 2016;c:\program files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe SOFTWARE\SRAC\COSMOS_FloWorks 2016;c:\program files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe SOFTWARE\SRAC\COSMOS_FloWorks 2016 [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super Charger\NTIOLib_X64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Honza\AppData\Local\Temp\tmpB0B8.tmp;c:\users\Honza\AppData\Local\Temp\tmpB0B8.tmp [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WINRING0_1_2_0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-20 19:40 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.59\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-01-02 11:02 1031520 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-07-15 7637208]
"StartCN"="c:\program files\AMD\CNext\CNext\RadeonSettings.exe" [2016-11-15 8029576]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{22154f09-719a-4619-bb71-5b3356999fbf} - c:\programdata\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{d370215a-d003-43ae-a3b6-1028af64d5a1} - c:\programdata\Package Cache\{d370215a-d003-43ae-a3b6-1028af64d5a1}\SetupChipset.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Honza\AppData\Local\Temp\tmpB0B8.tmp"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2017-01-31 13:24:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2017-01-31 12:24
ComboFix2.txt 2017-01-30 13:34
.
Před spuštěním: Volných bajtů: 52 598 943 744
Po spuštění: Volných bajtů: 52 036 575 232
.
- - End Of File - - 305032AE73E4FAB6154546814563A23E
A36C5E4F47E84449FF07ED3517B43A31

[vlkosek]

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-01-31 13:28:31
-----------------------------
13:28:31.975 OS Version: Windows x64 6.1.7601 Service Pack 1
13:28:31.975 Number of processors: 4 586 0x3C03
13:28:31.975 ComputerName: HONZA-PC UserName: Honza
13:29:23.888 Initialze error C000010E - driver not loaded
13:29:32.187 AVAST engine defs: 17013102
13:29:42.888 Service scanning
13:30:18.878 Modules scanning
13:30:18.878 Disk 0 trace - called modules:
13:30:18.878
13:30:54.773 AVAST engine scan C:\Windows
13:31:33.446 AVAST engine scan C:\Windows\system32
13:36:23.045 AVAST engine scan C:\Windows\system32\drivers
13:37:18.113 AVAST engine scan C:\Users\Honza
13:44:11.670 File: C:\Users\Honza\Desktop\zoek.exe **INFECTED** Win32:Malware-gen
13:46:33.973 File: C:\Users\Honza\Downloads\Twelve_Monkeys_1995_720p_BluRay_H264_AAC-RARBGTwelve_Monkeys_1995_720p_BluRay_H264_AAC-RARBG__1dqg9fs.exe **INFECTED** Win32:Dropper-gen [Drp]
13:48:49.366 AVAST engine scan C:\ProgramData
13:51:19.079 Scan finished successfully
13:52:21.900 The log file has been saved successfully to "C:\Users\Honza\Desktop\aswMBR.txt"

[vlkosek]

tmpC16A.tmp tam není v uvedené složce
ten exe soubor 12 monkeys sem nechal avastem přesunout do truhly

myslíš že se můžu přihlašovat k int.bankovnictví, nebo mám počkat?

[jaro3]

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
udělal si to?

ještě se podívej , co je v této složce.
c:\programdata\{e01-03-93-414a8-a11e8-2be1-27365}