Prosím o kontrolu logu Vyřešeno

[Robertekk23]

Dobrý den, stal se mi takový problém nainstaloval jsem jeden program a pak začala spoušt instalovalo se mraky dalsích programů a od té doby to hází systémovou chybu myslím teda, přesněji teda dwm.exe has stopped working. Tak jsem začal pátrat, nejsem co se týče PC moc zběhlí, když tak prosím se mnou o trpělivost. zatím jsem tedy stáhl HJT a přikládám log. Omlouvám se jestli jsem založil nové téma. S pozdravem Robert


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:56:05, on 11.10.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)


Boot mode: Normal

Running processes:
C:\Users\robert\AppData\Local\Temp\Windows Defender.exe
C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\cmd.exe
C:\AppCache\x86\svchost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\robert\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [9b3a03845420e059122a308c2112a472] "C:\Users\robert\AppData\Local\Temp\Windows Defender.exe" ..
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [9b3a03845420e059122a308c2112a472] "C:\Users\robert\AppData\Local\Temp\Windows Defender.exe" ..
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [World of Tanks] "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
O4 - HKCU\..\Run: [PC Remote Server] C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe /silent
O4 - HKCU\..\Run: [tsiVideo] C:\Windows\SysWOW64\rundll32.exe C:\Users\robert\AppData\Local\Temp\mdi064.dll,fwnewsdf
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: 9b3a03845420e059122a308c2112a472.exe
O4 - Startup: svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASGT - Unknown owner - C:\Windows\SysWOW64\ASGT.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HPSewil Service - Unknown owner - C:\Users\robert\AppData\Roaming\HPSewil\HPSewilSrv2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6991 bytes

[Reklama]

[jerabina]

Ahoj, vítej na fóru PC-HELP!

Není třeba se omlouvat, že zakládáš nové téma, od toho tu jsme.
Každopádně tvůj počítač je již na první pohled hodně zavšivený, tak se na to podíváme

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[Robertekk23]

tady posílám ty logy :)


Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 12.10.2016
Čas skenování: 10:35
Protokol:
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.10.12.04
Databáze rootkitů: v2016.09.26.02
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: robert

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 296987
Uplynulý čas: 6 min, 43 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 2
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71\dwm.exe, 2784, , [81d3890fbedce94df3ddaf1351b20ef2]
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\HPSewilSrv2.exe, 2044, , [3c18b6e22179c17518fb2d9f25dffe02]

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 9
PUP.Optional.HPDefender.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HPSewil Service, , [3c18b6e22179c17518fb2d9f25dffe02],
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7A0112EC-8F49-41D0-A20F-346B29457E1B}, , [66eec0d856440c2a62fda7481be816ea],
PUP.Optional.MyBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B06539EC-39F4-4152-8241-33324577E8A5}, , [b69e4b4d8f0b7db9ac17e50a25de4cb4],
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F3AC75A1-DFED-4191-AE1F-BC87B6C5323A}, , [1e36b1e77822d462832c2dcaed163dc3],
PUP.Optional.MyBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\IBUpd2, , [b79d494feeacdf578b09d5103ac97789],
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\LaunchPreSignup, , [0450dfb95c3e7eb8ede82d7fb94a0df3],
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SMW_P, , [c39197010496bf77bdf3a750c340649c],
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WarThunder0, , [e56fe0b8debc44f2872ff4e233cf8779],
PUP.Optional.InstallCore, HKU\S-1-5-21-2490939331-84199007-853305311-1000\SOFTWARE\ICSW1.22, , [e86cd3c515859f974eba1592828157a9],

Hodnoty registru: 4
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7A0112EC-8F49-41D0-A20F-346B29457E1B}|Path, \LaunchPreSignup, , [66eec0d856440c2a62fda7481be816ea]
PUP.Optional.MyBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B06539EC-39F4-4152-8241-33324577E8A5}|Path, \IBUpd2, , [b69e4b4d8f0b7db9ac17e50a25de4cb4]
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F3AC75A1-DFED-4191-AE1F-BC87B6C5323A}|Path, \SMW_P, , [1e36b1e77822d462832c2dcaed163dc3]
PUP.Optional.HPDefender.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HPSewil Service|ImagePath, C:\Users\robert\AppData\Roaming\HPSewil\HPSewilSrv2.exe, , [fb59e1b72377290d2de5bb11b25204fc]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 5
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71, , [81d3890fbedce94df3ddaf1351b20ef2],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil, , [3c18b6e22179c17518fb2d9f25dffe02],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\Resources, , [3c18b6e22179c17518fb2d9f25dffe02],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\Resources\Icons, , [3c18b6e22179c17518fb2d9f25dffe02],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\Resources\Icons\Browsers, , [3c18b6e22179c17518fb2d9f25dffe02],

Soubory: 22
PUP.Optional.MyPCBackup, C:\Windows\System32\Tasks\LaunchPreSignup, , [3c187c1c3961b1854e858e1e1de6d927],
PUP.Optional.FakeIELaunch, C:\Users\robert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk, , [c2927820cdcdd26432b9af121de69070],
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71\dwm.exe, , [81d3890fbedce94df3ddaf1351b20ef2],
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71\libcurl-4.dl1, , [81d3890fbedce94df3ddaf1351b20ef2],
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71\libiconv-2.dl1, , [81d3890fbedce94df3ddaf1351b20ef2],
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71\libidn-11.dl1, , [81d3890fbedce94df3ddaf1351b20ef2],
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71\libintl-8.dl1, , [81d3890fbedce94df3ddaf1351b20ef2],
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71\libwinpthread-1.dl1, , [81d3890fbedce94df3ddaf1351b20ef2],
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71\msupdate.7z, , [81d3890fbedce94df3ddaf1351b20ef2],
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71\msvcrt.dll, , [81d3890fbedce94df3ddaf1351b20ef2],
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71\proxy.conf, , [81d3890fbedce94df3ddaf1351b20ef2],
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71\zlib1.dl1, , [81d3890fbedce94df3ddaf1351b20ef2],
PUP.Optional.MyBrowser, C:\Windows\System32\Tasks\IBUpd2, , [89cbb1e73f5b6ec83f53e20361a24bb5],
PUP.Optional.Goobzo, C:\Windows\System32\Tasks\SMW_P, , [2b29b4e4e5b5e94d8c21e017689b8d73],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\HPSewilSrv2.exe, , [3c18b6e22179c17518fb2d9f25dffe02],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\SewilStarter2.exe, , [3c18b6e22179c17518fb2d9f25dffe02],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\Resources\Icons\Browsers\amigo.ico, , [3c18b6e22179c17518fb2d9f25dffe02],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\Resources\Icons\Browsers\chrome.ico, , [3c18b6e22179c17518fb2d9f25dffe02],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\Resources\Icons\Browsers\firefox.ico, , [3c18b6e22179c17518fb2d9f25dffe02],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\Resources\Icons\Browsers\ie.ico, , [3c18b6e22179c17518fb2d9f25dffe02],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\Resources\Icons\Browsers\opera.ico, , [3c18b6e22179c17518fb2d9f25dffe02],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\Resources\Icons\Browsers\yandex.ico, , [3c18b6e22179c17518fb2d9f25dffe02],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)





***** [ Services ] *****

Service Found: HPSewil Service


***** [ Folders ] *****

Folder Found: C:\Users\robert\AppData\Roaming\HPSewil


***** [ Files ] *****

File Found: C:\Users\robert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk
File Found: C:\Windows\SysNative\bi3.exe


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

Task Found: LaunchPreSignup
Task Found: IBUpd2
Task Found: SMW_P


***** [ Registry ] *****

Key Found: HKCU\Software\9b3a03845420e059122a308c2112a472
Key Found: HKLM\SOFTWARE\Classes\Interface\{BF8946CD-EEBE-436B-8282-B19A021C9EFE}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{38DD0B4A-E4E0-4A57-99EE-DCCB185B4728}
Value Found: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Key Found: HKU\S-1-5-21-2490939331-84199007-853305311-1000\Software\ICSW1.22
Key Found: HKCU\Software\ICSW1.22
Key Found: HKLM\SOFTWARE\HPSewil
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HPSewil
Key Found: [x64] HKCU\Software\ICSW1.22
Key Found: HKU\S-1-5-21-2490939331-84199007-853305311-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6500EE46-56E2-4056-A363-65BF0D849DE0}
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6500EE46-56E2-4056-A363-65BF0D849DE0}
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6500EE46-56E2-4056-A363-65BF0D849DE0}
Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Value Found: HKU\S-1-5-21-2490939331-84199007-853305311-1000\Software\Microsoft\Windows\CurrentVersion\Run [tsiVideo]
Value Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [tsiVideo]
Value Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [tsiVideo]


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [2584 Bytes] - [12/10/2016 10:29:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2657 Bytes] ##########

[Orcus]

- Spusť znovu MbAM a dej Skenovat nyní
- Po proběhnutí programu, se ti objeví hláška, tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

====================================================

- Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
- Klikni na „ Smazat“
- Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- Počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[Robertekk23]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 12.10.2016
Čas skenování: 19:23
Protokol: log.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.10.12.07
Databáze rootkitů: v2016.09.26.02
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: robert

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 297266
Uplynulý čas: 7 min, 5 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 2
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71\dwm.exe, 3364, Smazat při restartu, [cf885246693171c56d62279b51b239c7]
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\HPSewilSrv2.exe, 2044, Smazat při restartu, [74e36a2e8713cf679c71d5f730d430d0]

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 9
PUP.Optional.HPDefender.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HPSewil Service, Do karantény, [74e36a2e8713cf679c71d5f730d430d0],
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7A0112EC-8F49-41D0-A20F-346B29457E1B}, Smazat při restartu, [83d42f695b3fd5611347648b9a6945bb],
PUP.Optional.MyBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B06539EC-39F4-4152-8241-33324577E8A5}, Smazat při restartu, [1f38c3d512883bfb9c22d51a689bad53],
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F3AC75A1-DFED-4191-AE1F-BC87B6C5323A}, Smazat při restartu, [5106bddba5f5a09672389a5d8b78b54b],
PUP.Optional.MyBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\IBUpd2, Smazat při restartu, [174099ff7f1b3afccec1d510b152ce32],
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\LaunchPreSignup, Smazat při restartu, [1a3d0f89f4a6c3734d87f9b32fd49b65],
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SMW_P, Smazat při restartu, [56014a4e019976c0ddce7f787390a060],
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WarThunder0, Smazat při restartu, [fa5db1e7b2e8c670cde8459135cdee12],
PUP.Optional.InstallCore, HKU\S-1-5-21-2490939331-84199007-853305311-1000\SOFTWARE\ICSW1.22, Do karantény, [7fd888108e0c9a9c71968f18cb38f30d],

Hodnoty registru: 4
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7A0112EC-8F49-41D0-A20F-346B29457E1B}|Path, \LaunchPreSignup, Smazat při restartu, [83d42f695b3fd5611347648b9a6945bb]
PUP.Optional.MyBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B06539EC-39F4-4152-8241-33324577E8A5}|Path, \IBUpd2, Smazat při restartu, [1f38c3d512883bfb9c22d51a689bad53]
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F3AC75A1-DFED-4191-AE1F-BC87B6C5323A}|Path, \SMW_P, Smazat při restartu, [5106bddba5f5a09672389a5d8b78b54b]
PUP.Optional.HPDefender.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HPSewil Service|ImagePath, C:\Users\robert\AppData\Roaming\HPSewil\HPSewilSrv2.exe, Do karantény, [35226830f0aaf343db319b3137cd8f71]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 5
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71, Smazat při restartu, [cf885246693171c56d62279b51b239c7],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil, Smazat při restartu, [74e36a2e8713cf679c71d5f730d430d0],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\Resources, Do karantény, [74e36a2e8713cf679c71d5f730d430d0],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\Resources\Icons, Do karantény, [74e36a2e8713cf679c71d5f730d430d0],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\Resources\Icons\Browsers, Do karantény, [74e36a2e8713cf679c71d5f730d430d0],

Soubory: 22
PUP.Optional.MyPCBackup, C:\Windows\System32\Tasks\LaunchPreSignup, Do karantény, [93c46a2ef6a4ca6c2fa3e4c810f350b0],
PUP.Optional.FakeIELaunch, C:\Users\robert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk, Do karantény, [50079701f0aaf73f24c6c1000af97d83],
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71\dwm.exe, Smazat při restartu, [cf885246693171c56d62279b51b239c7],
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71\libcurl-4.dl1, Smazat při restartu, [cf885246693171c56d62279b51b239c7],
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71\libiconv-2.dl1, Smazat při restartu, [cf885246693171c56d62279b51b239c7],
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71\libidn-11.dl1, Smazat při restartu, [cf885246693171c56d62279b51b239c7],
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71\libintl-8.dl1, Smazat při restartu, [cf885246693171c56d62279b51b239c7],
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71\libwinpthread-1.dl1, Smazat při restartu, [cf885246693171c56d62279b51b239c7],
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71\msupdate.7z, Do karantény, [cf885246693171c56d62279b51b239c7],
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71\msvcrt.dll, Do karantény, [cf885246693171c56d62279b51b239c7],
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71\proxy.conf, Do karantény, [cf885246693171c56d62279b51b239c7],
Trojan.FakeAlert, C:\Users\robert\AppData\Local\Temp\msupdate71\zlib1.dl1, Smazat při restartu, [cf885246693171c56d62279b51b239c7],
PUP.Optional.MyBrowser, C:\Windows\System32\Tasks\IBUpd2, Do karantény, [d087eaaefc9ea29414794c999f642ad6],
PUP.Optional.Goobzo, C:\Windows\System32\Tasks\SMW_P, Do karantény, [63f484148416cb6b41677780ac579769],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\HPSewilSrv2.exe, Smazat při restartu, [74e36a2e8713cf679c71d5f730d430d0],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\SewilStarter2.exe, Smazat při restartu, [74e36a2e8713cf679c71d5f730d430d0],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\Resources\Icons\Browsers\amigo.ico, Do karantény, [74e36a2e8713cf679c71d5f730d430d0],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\Resources\Icons\Browsers\chrome.ico, Do karantény, [74e36a2e8713cf679c71d5f730d430d0],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\Resources\Icons\Browsers\firefox.ico, Do karantény, [74e36a2e8713cf679c71d5f730d430d0],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\Resources\Icons\Browsers\ie.ico, Do karantény, [74e36a2e8713cf679c71d5f730d430d0],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\Resources\Icons\Browsers\opera.ico, Do karantény, [74e36a2e8713cf679c71d5f730d430d0],
PUP.Optional.HPDefender.Generic, C:\Users\robert\AppData\Roaming\HPSewil\Resources\Icons\Browsers\yandex.ico, Do karantény, [74e36a2e8713cf679c71d5f730d430d0],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Ultimate x64
Ran by robert (Administrator) on st 12.10.2016 at 20:01:27,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DAI81NLE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DAI81NLE (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 12.10.2016 at 20:03:33,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



# AdwCleaner v6.021 - Logfile created 12/10/2016 at 19:43:26
# Updated on 06/10/2016 by ToolsLib
# Database : 2016-10-11.1 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : robert - ROBERT-PC
# Running from : C:\Users\robert\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****

[-] File deleted: C:\Windows\SysNative\bi3.exe


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKCU\Software\9b3a03845420e059122a308c2112a472
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BF8946CD-EEBE-436B-8282-B19A021C9EFE}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{38DD0B4A-E4E0-4A57-99EE-DCCB185B4728}
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
[-] Key deleted: HKLM\SOFTWARE\HPSewil
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HPSewil
[-] Key deleted: HKU\S-1-5-21-2490939331-84199007-853305311-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6500EE46-56E2-4056-A363-65BF0D849DE0}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6500EE46-56E2-4056-A363-65BF0D849DE0}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6500EE46-56E2-4056-A363-65BF0D849DE0}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Value deleted: HKU\S-1-5-21-2490939331-84199007-853305311-1000\Software\Microsoft\Windows\CurrentVersion\Run [tsiVideo]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [tsiVideo]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [tsiVideo]


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2182 Bytes] - [12/10/2016 19:43:26]
C:\AdwCleaner\AdwCleaner[S0].txt - [2752 Bytes] - [12/10/2016 10:29:24]
C:\AdwCleaner\AdwCleaner[S1].txt - [2469 Bytes] - [12/10/2016 19:43:03]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2401 Bytes] ##########

[Robertekk23]

poslední program rouge killer mi nejde spustit

[jerabina]

Dobře, RogueKiller přeskočíme a vrátíme se k němu v dalším kroku.

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[Robertekk23]

ComboFix 16-09-28.01 - robert 13.10.2016 14:13:39.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1033.18.4094.3105 [GMT 2:00]
Spuštěný z: c:\users\robert\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-09-13 do 2016-10-13 )))))))))))))))))))))))))))))))
.
.
2016-10-13 12:07 . 2016-10-13 11:54 24064 ----a-w- c:\windows\zoek-delete.exe
2016-10-13 11:54 . 2016-10-13 12:05 -------- d-----w- C:\zoek_backup
2016-10-12 17:54 . 2016-10-12 17:54 -------- d-----w- c:\users\robert\.oracle_jre_usage
2016-10-12 08:33 . 2016-10-12 17:38 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-10-12 08:33 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-10-12 08:33 . 2016-10-12 08:33 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-10-12 08:33 . 2016-10-12 08:33 -------- d-----w- c:\programdata\Malwarebytes
2016-10-12 08:33 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-10-12 08:33 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-10-12 08:27 . 2016-10-12 17:43 -------- d-----w- C:\AdwCleaner
2016-10-11 04:54 . 2016-10-11 04:54 -------- d-----w- c:\program files\Common Files\AV
2016-10-11 04:54 . 2016-10-11 04:54 -------- d-----w- c:\program files (x86)\Common Files\AV
2016-10-11 02:39 . 2016-10-11 03:41 290304 ----a-w- c:\windows\SysWow64\subinacl.exe
2016-10-10 22:29 . 2016-10-10 22:29 -------- d-----w- c:\windows\SysWow64\config\systemprofile\.oracle_jre_usage
2016-10-10 22:27 . 2016-10-10 22:27 921280 ----a-w- c:\windows\SysWow64\ucrtbase.dll
2016-10-10 22:27 . 2016-10-10 22:27 992960 ----a-w- c:\windows\system32\ucrtbase.dll
2016-10-10 22:23 . 2016-10-12 17:58 -------- d-----w- c:\programdata\AVAST Software
2016-10-10 22:23 . 2016-10-10 22:23 -------- d-----w- c:\programdata\BOINC
2016-09-23 20:21 . 2016-09-23 20:21 -------- d-----w- c:\users\robert\AppData\Roaming\PC Remote
2016-09-23 20:21 . 2016-09-23 20:21 -------- d-----w- c:\program files (x86)\PC Remote
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-09-12 03:25 . 2016-09-12 03:25 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F622629-AB80-4B5E-A51E-D297338615DC}\offreg.2468.dll
2016-09-04 01:52 . 2016-09-03 02:31 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-08-20 07:52 . 2016-08-20 07:52 47672 ----a-w- c:\windows\system32\drivers\dtliteusbbus.sys
2016-08-20 07:52 . 2016-08-20 07:51 30264 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys
2016-08-17 12:29 . 2016-08-17 12:29 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F622629-AB80-4B5E-A51E-D297338615DC}\offreg.2268.dll
2016-07-28 03:44 . 2016-07-28 03:44 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F622629-AB80-4B5E-A51E-D297338615DC}\offreg.1244.dll
2016-07-17 10:38 . 2016-07-17 10:38 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F622629-AB80-4B5E-A51E-D297338615DC}\offreg.3400.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2016-07-29 4299968]
"World of Tanks"="c:\games\World_of_Tanks\WargamingGameUpdater.exe" [2016-09-26 3134728]
"PC Remote Server"="c:\program files (x86)\PC Remote\PC Remote\PCRemote.exe" [2014-10-12 1190648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-08-04 767176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-06-22 598552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 NVFLASH;NVFLASH;c:\windows\system32\drivers\nvflash.sys;c:\windows\SYSNATIVE\drivers\nvflash.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8187B;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187B.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan620.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-09-29 22:32 1266792 ----a-w- c:\program files (x86)\Google\Chrome\Application\53.0.2785.143\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20 13:36]
.
2016-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-05-20 13:36]
.
.
--------- X64 Entries -----------
.
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\Steam.exe
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{22154f09-719a-4619-bb71-5b3356999fbf} - c:\programdata\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1 - c:\program files (x86)\BRS\unins000.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2016-10-13 14:18:10
ComboFix-quarantined-files.txt 2016-10-13 12:18
.
Před spuštěním: 139 614 031 872 bytes free
Po spuštění: 139 109 433 344 bytes free
.
- - End Of File - - 4F6AB7ED74A800484F6AA31144440B35
A36C5E4F47E84449FF07ED3517B43A31




Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by robert on źt 13.10.2016 at 13:54:49,33.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\robert\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

13.10.2016 13:56:41 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\Electronic Arts deleted successfully
C:\Users\robert\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\GroupPolicy\Adm deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted

==== Chromium Look ======================


Chrome Media Router - robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adserver.adtech.de_0.localstorage deleted successfully
C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adserver.adtech.de_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

==== Reset Google Chrome ======================

C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\robert\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=31 folders=33 28573300 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\robert\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\robert\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on źt 13.10.2016 at 14:08:17,65 ======================

[Robertekk23]

nevěděl jsem jak vypnout ten avast tak jsem ho odinstaloval tak snad to nevadí a jinak problémy žádné nebyli

[Orcus]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený červeně:

ClearJavaCache::
KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files (x86)\Google\Update



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.




- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

====================================================

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[Robertekk23]

ComboFix 16-09-28.01 - robert 14.10.2016 11:52:31.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1033.18.4094.3079 [GMT 2:00]
Spuštěný z: c:\users\robert\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\robert\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.31.5\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.31.5\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.31.5\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.31.5\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.31.5\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.31.5\GoogleUpdateWebPlugin.exe
c:\program files (x86)\Google\Update\1.3.31.5\goopdate.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.31.5\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.31.5\psmachine.dll
c:\program files (x86)\Google\Update\1.3.31.5\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.31.5\psuser.dll
c:\program files (x86)\Google\Update\1.3.31.5\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.31.5\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\53.0.2785.143\53.0.2785.143_53.0.2785.116_chrome_updater.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-09-14 do 2016-10-14 )))))))))))))))))))))))))))))))
.
.
2016-10-14 09:57 . 2013-07-02 14:29 24824 ----a-w- c:\windows\system32\drivers\IOMap64.sys
2016-10-13 12:07 . 2016-10-13 11:54 24064 ----a-w- c:\windows\zoek-delete.exe
2016-10-13 11:54 . 2016-10-13 12:05 -------- d-----w- C:\zoek_backup
2016-10-12 17:54 . 2016-10-12 17:54 -------- d-----w- c:\users\robert\.oracle_jre_usage
2016-10-12 08:33 . 2016-10-12 17:38 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-10-12 08:33 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-10-12 08:33 . 2016-10-12 08:33 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-10-12 08:33 . 2016-10-12 08:33 -------- d-----w- c:\programdata\Malwarebytes
2016-10-12 08:33 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-10-12 08:33 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-10-12 08:27 . 2016-10-12 17:43 -------- d-----w- C:\AdwCleaner
2016-10-11 04:54 . 2016-10-11 04:54 -------- d-----w- c:\program files\Common Files\AV
2016-10-11 04:54 . 2016-10-11 04:54 -------- d-----w- c:\program files (x86)\Common Files\AV
2016-10-11 02:39 . 2016-10-11 03:41 290304 ----a-w- c:\windows\SysWow64\subinacl.exe
2016-10-10 22:29 . 2016-10-10 22:29 -------- d-----w- c:\windows\SysWow64\config\systemprofile\.oracle_jre_usage
2016-10-10 22:27 . 2016-10-10 22:27 921280 ----a-w- c:\windows\SysWow64\ucrtbase.dll
2016-10-10 22:27 . 2016-10-10 22:27 992960 ----a-w- c:\windows\system32\ucrtbase.dll
2016-10-10 22:23 . 2016-10-12 17:58 -------- d-----w- c:\programdata\AVAST Software
2016-10-10 22:23 . 2016-10-10 22:23 -------- d-----w- c:\programdata\BOINC
2016-09-23 20:21 . 2016-09-23 20:21 -------- d-----w- c:\users\robert\AppData\Roaming\PC Remote
2016-09-23 20:21 . 2016-09-23 20:21 -------- d-----w- c:\program files (x86)\PC Remote
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-09-12 03:25 . 2016-09-12 03:25 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F622629-AB80-4B5E-A51E-D297338615DC}\offreg.2468.dll
2016-09-04 01:52 . 2016-09-03 02:31 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-08-20 07:52 . 2016-08-20 07:52 47672 ----a-w- c:\windows\system32\drivers\dtliteusbbus.sys
2016-08-20 07:52 . 2016-08-20 07:51 30264 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys
2016-08-17 12:29 . 2016-08-17 12:29 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F622629-AB80-4B5E-A51E-D297338615DC}\offreg.2268.dll
2016-07-28 03:44 . 2016-07-28 03:44 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F622629-AB80-4B5E-A51E-D297338615DC}\offreg.1244.dll
2016-07-17 10:38 . 2016-07-17 10:38 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F622629-AB80-4B5E-A51E-D297338615DC}\offreg.3400.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2016-07-29 4299968]
"World of Tanks"="c:\games\World_of_Tanks\WargamingGameUpdater.exe" [2016-09-26 3134728]
"PC Remote Server"="c:\program files (x86)\PC Remote\PC Remote\PCRemote.exe" [2014-10-12 1190648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-08-04 767176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-06-22 598552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 NVFLASH;NVFLASH;c:\windows\system32\drivers\nvflash.sys;c:\windows\SYSNATIVE\drivers\nvflash.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8187B;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187B.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan620.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-09-29 22:32 1266792 ----a-w- c:\program files (x86)\Google\Chrome\Application\53.0.2785.143\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{22154f09-719a-4619-bb71-5b3356999fbf} - c:\programdata\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1 - c:\program files (x86)\BRS\unins000.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2016-10-14 11:59:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-10-14 09:59
ComboFix2.txt 2016-10-13 12:18
.
Před spuštěním: 144 750 579 712 bytes free
Po spuštění: 144 281 686 016 bytes free
.
- - End Of File - - 14C59802389EA6E78FDC70CD2CF30B9C
A36C5E4F47E84449FF07ED3517B43A31




aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-10-14 12:02:45
-----------------------------
12:02:45.655 OS Version: Windows x64 6.1.7601 Service Pack 1
12:02:45.655 Number of processors: 2 586 0x170A
12:02:45.655 ComputerName: ROBERT-PC UserName: robert
12:02:46.357 Initialize success
12:02:46.404 VM: initialized successfully
12:02:46.404 VM: Intel CPU virtualization not supported
12:02:58.771 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
12:02:58.771 Disk 0 Vendor: ST3320820AS 3.AHG Size: 305245MB BusType: 3
12:02:58.864 Disk 0 MBR read successfully
12:02:58.880 Disk 0 MBR scan
12:02:58.880 Disk 0 Windows 7 default MBR code
12:02:58.880 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:02:58.880 Disk 0 Boot: NTFS code=2
12:02:58.896 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
12:02:58.911 Disk 0 scanning C:\Windows\system32\drivers
12:03:04.668 Service scanning
12:03:16.648 Modules scanning
12:03:16.648 Disk 0 trace - called modules:
12:03:17.163 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
12:03:17.163 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004616740]
12:03:17.163 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80041ce520]
12:03:17.163 5 ACPI.sys[fffff88000f6a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80041ca680]
12:03:17.163 Disk 0 statistics 89607/0/0 @ 8,37 MB/s
12:03:17.179 Scan finished successfully
12:03:30.454 Disk 0 MBR has been saved successfully to "C:\Users\robert\Desktop\MBR.dat"
12:03:30.454 The log file has been saved successfully to "C:\Users\robert\Desktop\aswMBR.txt"

[jerabina]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Co problémy? + nový log z HJT