o5 havěť Vyřešeno

[vlkosek]

Sophos nic nenašel

[Reklama]

[jaro3]

Nový Combofix.

[vlkosek]

Zemana AntiMalware 2.72.2.101 (instalační verze)

-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2017.2.13
Operating System : Windows 7 64-bit
Processor : 4X Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
BIOS Mode : Legacy
CUID : 1240E55235F11C44461128
Scan Type : Skenování systému
Duration : 24m 52s
Scanned Objects : 118220
Detected Objects : 2
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Vypnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

notblocked.net
Status : Skenováno
Object : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B6ADEE38F0A9C126C53E4FD2B766B6EC096B7F0B\Blob
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelý kořenný certifikát
Cleaning Action : Vymazat
Related Objects :
Záznam registru - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B6ADEE38F0A9C126C53E4FD2B766B6EC096B7F0B\Blob = 5C000000010000000400000000080000190000000100000010000000D1E08C3A6B2B808E237DB80AAE5540DD0F000000010000002000000049E8C7002A4C4D222AD2256B82990CF12DCFCEE6DA182D5A10DE40B21A823E67030000000100000014000000B6ADEE38F0A9C126C53E4FD2B766B6EC096B7F0B14000000010000001400000097EC65FE699AEA90ABBFEBF6AA7578BD3E28CF670400000001000000100000003BF8280BA28DA59F06AAE0267F94CAA920000000010000003B030000308203373082021FA003020102020900A24812693901627C300D06092A864886F70D01010B050030323117301506035504030C0E6E6F74626C6F636B65642E6E657431173015060355040A0C0E6E6F74626C6F636B65642E6E6574301E170D3137303230333133353435365A170D3237303230313133353435365A30323117301506035504030C0E6E6F74626C6F636B65642E6E657431173015060355040A0C0E6E6F74626C6F636B65642E6E657430820122300D06092A864886F70D01010105000382010F003082010A0282010100B7D77E6E576DC58C991C9A5713CCB10153B4983B3DB1C0572D7D1A42569FF33A7D82D1989E504C3B985F825AC6EF18CC594D77C6D238C4AC10D8ECE26A4ACFA673FEEB7622FEE65CD90CB1749BBB05278959CA934CA0706BF849670607DCED036635CC9903E3C5BBC21EAC830DDEF247BEF93AD7C59596F83F58410A905AC8DD065421CFCE9E9F715AA9CF6FDA36EDA905C923617915C42F7FF636E2C5E284E2D2C0CF3F85A12D5498DE8A5B57AC0988BB66E9E365CEA020D865A5F105A36B9972B5305643DEC47680A1A91CD065366082A9FF3B56EAEEB60E11EACF96E8910DA2F76CB6496B06EB5629B49E944E9341681CC77AB8021688DC17168B6926EA5B0203010001A350304E301D0603551D0E0416041497EC65FE699AEA90ABBFEBF6AA7578BD3E28CF67301F0603551D2304183016801497EC65FE699AEA90ABBFEBF6AA7578BD3E28CF67300C0603551D13040530030101FF300D06092A864886F70D01010B050003820101004E02CDC71D859E3394D532996F29F0740ABD086E70B0067FD1AD76D3510307252DD789D5FFB7F05F634C61AED1BE00276F9F97BA26F90E3BC7954B8A04CA5D81DA94613B90C02E1FD1D3F6D3DF968367B0C55E7448BB9ABC9424EF2011F806E32313BE55F3796807AEACBFBF30BA98B38F21AEAA2963E0A0DEE1B03B112AEF36C1146DA128B1AD3B3FC54F10027F7C7B314C38664904ABE44FE9E9F444CE2EA926C28F4B45422DA64B16E74ABAF6CAB581B0E90EC0D5F7EC3C2E8F9A67A34933ECA7B19CA3A875511DF62183C55165D8A5089F65A9F0B8B4AA391246CE4F5429524A9B6FF80B7609107D8A9315A216147506BF7CCD7B755C54FF89054E5DB46C

Removewat 2.2.7.exe
Status : Skenováno
Object : %userprofile%\downloads\sw2016_sp3.0_full-ssq\_solidsquad_\removewat 2.2.7.exe
MD5 : 3F7F300A0F40E1984F885DB9F1C3AFD0
Publisher : -
Size : 3297568
Version : -
Detection : Malware:Win32/Tamaca!Attr
Cleaning Action : Karanténa
Related Objects :
Soubor - %userprofile%\downloads\sw2016_sp3.0_full-ssq\_solidsquad_\removewat 2.2.7.exe


Cleaning Result
-------------------------------------------------------
Cleaned : 2
Reported as safe : 0
Failed : 0

[vlkosek]

ComboFix 17-01-29.01 - Honza 13.02.2017 19:37:43.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8120.6527 [GMT 1:00]
Spuštěný z: c:\users\Honza\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-01-13 do 2017-02-13 )))))))))))))))))))))))))))))))
.
.
2017-02-13 18:45 . 2017-02-13 18:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-02-13 18:32 . 2017-02-13 18:32 -------- d-----w- c:\programdata\SWCUTemp
2017-02-13 15:05 . 2017-02-13 15:05 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2017-02-13 15:05 . 2017-02-13 15:05 203680 ----a-w- c:\windows\system32\drivers\zam64.sys
2017-02-13 15:05 . 2017-02-13 15:05 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2017-02-13 15:04 . 2017-02-13 15:04 -------- d-----w- c:\users\Honza\AppData\Local\Zemana
2017-02-11 12:42 . 2017-02-13 15:07 -------- d-----w- C:\AdwCleaner
2017-02-10 20:19 . 2017-02-13 18:45 -------- d-----w- c:\users\Honza\AppData\Local\Temp
2017-02-10 20:19 . 2017-02-10 20:08 24064 ----a-w- c:\windows\zoek-delete.exe
2017-02-10 20:08 . 2017-02-10 20:18 -------- d-----w- C:\zoek_backup
2017-02-10 18:32 . 2017-02-10 18:25 48528 ----a-w- c:\windows\system32\drivers\aswbuniva.sys
2017-02-10 18:32 . 2017-02-10 18:25 334600 ----a-w- c:\windows\system32\drivers\aswbloga.sys
2017-02-10 18:32 . 2017-02-10 18:25 189768 ----a-w- c:\windows\system32\drivers\aswbidsha.sys
2017-02-10 18:32 . 2017-02-10 18:25 309784 ----a-w- c:\windows\system32\drivers\aswbidsdrivera.sys
2017-02-10 18:30 . 2017-02-10 18:30 398408 ----a-w- c:\windows\system32\aswBoot.exe
2017-02-03 21:29 . 2017-02-03 21:29 -------- d-----w- c:\windows\SysWow64\Wat
2017-02-03 21:29 . 2017-02-03 21:29 -------- d-----w- c:\windows\system32\Wat
2017-02-03 06:36 . 2017-02-03 06:36 -------- d-----w- c:\program files (x86)\Common Files\Skype
2017-01-30 11:24 . 2017-01-30 11:24 -------- d-----w- c:\programdata\Sophos
2017-01-30 11:22 . 2017-01-30 11:22 -------- d-----w- c:\program files (x86)\Sophos
2017-01-29 17:56 . 2017-01-29 17:56 -------- d-----w- c:\program files (x86)\Seznam.cz
2017-01-29 17:56 . 2017-01-29 17:56 -------- d-----w- c:\users\Honza\AppData\Roaming\Seznam.cz
2017-01-28 08:50 . 2017-01-28 08:51 -------- d-----w- c:\program files\Core Temp
2017-01-26 00:01 . 2017-01-26 00:01 139720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2017-01-26 00:01 . 2017-01-26 00:01 8976120 ----a-w- c:\windows\SysWow64\atiumdag.dll
2017-01-26 00:00 . 2017-01-26 00:00 10941336 ----a-w- c:\windows\system32\atiumd64.dll
2017-01-26 00:00 . 2017-01-26 00:00 124288 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2017-01-26 00:00 . 2017-01-26 00:00 151056 ----a-w- c:\windows\system32\atiu9p64.dll
2017-01-26 00:00 . 2017-01-26 00:00 275336 ----a-w- c:\windows\system32\GameManager64.dll
2017-01-26 00:00 . 2017-01-26 00:00 240008 ----a-w- c:\windows\SysWow64\GameManager32.dll
2017-01-26 00:00 . 2017-01-26 00:00 281992 ----a-w- c:\windows\system32\dgtrayicon.exe
2017-01-26 00:00 . 2017-01-26 00:00 20360 ----a-w- c:\windows\system32\detoured.dll
2017-01-26 00:00 . 2017-01-26 00:00 20360 ----a-w- c:\windows\SysWow64\detoured.dll
2017-01-26 00:00 . 2017-01-26 00:00 286600 ----a-w- c:\windows\system32\atitmm64.dll
2017-01-26 00:00 . 2017-01-26 00:00 110472 ----a-w- c:\windows\system32\atimuixx.dll
2017-01-26 00:00 . 2017-01-26 00:00 521608 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2017-01-25 23:58 . 2017-01-25 23:58 59784 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2017-01-25 23:57 . 2017-01-25 23:57 59868552 ----a-w- c:\windows\system32\amdocl64.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-02-13 18:30 . 2016-09-03 18:27 65536 ----a-w- c:\windows\system32\spu_storage.bin
2017-02-13 15:09 . 2015-12-29 09:06 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-02-10 19:37 . 2015-12-29 10:16 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-02-10 18:33 . 2013-01-20 20:07 337080 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2017-02-10 18:30 . 2013-01-20 20:07 162528 ----a-w- c:\windows\system32\drivers\aswStm.sys
2017-02-10 18:30 . 2013-01-20 20:07 74680 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-02-10 18:30 . 2013-01-20 20:07 547904 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-02-10 18:30 . 2013-01-20 20:07 38296 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-02-10 18:30 . 2013-01-20 20:07 126088 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-02-10 18:30 . 2013-01-20 20:07 100640 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-02-10 18:28 . 2013-01-20 20:07 991496 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-02-10 18:28 . 2016-03-24 05:28 32088 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-02-08 23:50 . 2015-01-30 16:45 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2017-02-08 23:50 . 2015-01-26 18:50 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2017-02-08 23:50 . 2015-01-26 18:50 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2017-02-03 21:30 . 2015-09-23 19:12 419840 ----a-w- c:\windows\system32\systemcpl.dll
2017-02-03 21:30 . 2015-09-23 19:12 14848 ----a-w- c:\windows\system32\slwga.dll
2017-02-03 21:30 . 2015-09-23 19:12 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2017-02-03 21:30 . 2016-07-31 13:33 1008640 ----a-w- c:\windows\system32\user32.dll
2017-02-03 21:30 . 2016-07-31 13:33 833024 ----a-w- c:\windows\SysWow64\user32.dll
2017-01-26 00:01 . 2013-06-04 23:12 170072 ----a-w- c:\windows\system32\atiuxp64.dll
2017-01-25 23:59 . 2016-11-15 21:17 203144 ----a-w- c:\windows\system32\atig6txx.dll
2017-01-25 23:59 . 2016-11-15 21:17 122760 ----a-w- c:\windows\system32\atig6pxx.dll
2017-01-25 23:59 . 2013-06-04 21:35 1346952 ----a-w- c:\windows\system32\atiadlxx.dll
2017-01-25 23:58 . 2013-06-04 23:11 13372664 ----a-w- c:\windows\system32\atidxx64.dll
2017-01-25 23:58 . 2013-06-04 23:11 1566264 ----a-w- c:\windows\system32\aticfx64.dll
2017-01-25 23:56 . 2016-11-15 21:15 32071048 ----a-w- c:\windows\system32\atio6axx.dll
2017-01-10 21:33 . 2016-01-03 18:50 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-01-10 21:33 . 2016-01-03 18:50 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-02 11:02 . 2017-01-02 11:02 921280 ----a-w- c:\windows\SysWow64\ucrtbase.dll
2017-01-02 11:02 . 2017-01-02 11:02 992960 ----a-w- c:\windows\system32\ucrtbase.dll
2017-01-02 11:02 . 2017-01-02 11:02 53208 ----a-w- c:\windows\avastSS.scr
2016-12-16 00:33 . 2016-12-16 00:33 273696 ----a-w- c:\windows\SysWow64\vulkan-1-1-0-37-0.dll
2016-12-16 00:33 . 2016-03-30 04:50 273696 ----a-w- c:\windows\SysWow64\vulkan-1.dll
2016-12-16 00:33 . 2016-12-16 00:33 111392 ----a-w- c:\windows\SysWow64\vulkaninfo-1-1-0-37-0.exe
2016-12-16 00:33 . 2016-03-30 04:50 111392 ----a-w- c:\windows\SysWow64\vulkaninfo.exe
2016-12-16 00:33 . 2016-12-16 00:33 266528 ----a-w- c:\windows\system32\vulkan-1-1-0-37-0.dll
2016-12-16 00:33 . 2016-03-30 04:50 266528 ----a-w- c:\windows\system32\vulkan-1.dll
2016-12-16 00:32 . 2016-12-16 00:32 125728 ----a-w- c:\windows\system32\vulkaninfo-1-1-0-37-0.exe
2016-12-16 00:32 . 2016-03-30 04:50 125728 ----a-w- c:\windows\system32\vulkaninfo.exe
2016-11-15 21:16 . 2016-11-15 21:16 267656 ----a-w- c:\windows\system32\hsa-thunk64.dll
2016-11-15 21:16 . 2016-11-15 21:16 233352 ----a-w- c:\windows\SysWow64\hsa-thunk.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2015-11-10 . E42CB2576D5C8456C60988B1C908F41A . 1009152 . . [6.1.7601.23265] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_2bb2ca019d418cef\user32.dll
[7] 2015-11-10 . 06BF84D26A05D400F6B3FB3D3DE0B03A . 1008640 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\user32.dll
[7] 2015-11-10 . 06BF84D26A05D400F6B3FB3D3DE0B03A . 1008640 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_2b252a2884278aa2\user32.dll
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2017-02-03 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2017-02-03 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2015-11-10 . 0A78439765E31510D75C9E2284F3A722 . 833024 . . [6.1.7601.17514] .. c:\windows\erdnt\cache86\user32.dll
[7] 2015-11-10 . 0A78439765E31510D75C9E2284F3A722 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_3579d47ab8884c9d\user32.dll
[7] 2015-11-10 . D0A3A0DBF77EE35CE97E55DE92014E05 . 833024 . . [6.1.7601.23265] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_36077453d1a24eea\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-12-21 9292504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2014-04-03 134616]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-06-27 292848]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-02-10 205512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SOLIDWORKS 2016 Rychlé spuštění.lnk - c:\windows\Installer\{768F3B65-1695-47B7-9002-B11400CB111D}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe [2016-12-1 335872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Origin Web Helper Service;Origin Web Helper Service;c:\program files (x86)\Origin\OriginWebHelperService.exe;c:\program files (x86)\Origin\OriginWebHelperService.exe [x]
R2 RemoteSolverDispatcher;Remote Solver for Flow Simulation 2016;c:\program files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe SOFTWARE\SRAC\COSMOS_FloWorks 2016;c:\program files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe SOFTWARE\SRAC\COSMOS_FloWorks 2016 [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 CoordinatorServiceHost;DTSInterops;c:\program files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe;c:\program files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe [x]
R3 cpuz138;cpuz138;c:\users\Honza\AppData\Local\Temp\cpuz138\cpuz138_x64.sys;c:\users\Honza\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 intelsba;Intel(R) Small Business Advantage;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super Charger\ChargeService.exe;c:\program files (x86)\MSI\Super Charger\ChargeService.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super Charger\NTIOLib_X64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Honza\AppData\Local\Temp\tmp202C.tmp;c:\users\Honza\AppData\Local\Temp\tmp202C.tmp [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WINRING0_1_2_0
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-02-10 18:30 1479992 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-02-10 18:30 1479992 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-07-15 7637208]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2017-02-02 14416624]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\31.0.1650.59\Installer\chrmstp.exe
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{22154f09-719a-4619-bb71-5b3356999fbf} - c:\programdata\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe
AddRemove-{23daf363-3020-4059-b3ae-dc4ad39fed19} - c:\programdata\Package Cache\{23daf363-3020-4059-b3ae-dc4ad39fed19}\VC_redist.x86.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{d370215a-d003-43ae-a3b6-1028af64d5a1} - c:\programdata\Package Cache\{d370215a-d003-43ae-a3b6-1028af64d5a1}\SetupChipset.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Honza\AppData\Local\Temp\tmp202C.tmp"
.
Celkový čas: 2017-02-13 19:48:06
ComboFix-quarantined-files.txt 2017-02-13 18:48
ComboFix2.txt 2017-02-11 09:43
.
Před spuštěním: Volných bajtů: 46 760 206 336
Po spuštění: Volných bajtů: 47 753 424 896
.
- - End Of File - - FAB8F9CAF7CD9B75829949C26B8EEB3E
A36C5E4F47E84449FF07ED3517B43A31

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\users\Honza\AppData\Local\Temp\tmp202C.tmp
c:\users\Honza\AppData\Local\Temp\tmp202C.tmp

Folder::
c:\program files (x86)\Skype\Updater

DirLook::
c:\programdata\SWCUTemp


Driver::
SkypeUpdate
NTIOLib_1_0_C
WinRing0_1_2_0

DDS::
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRing0_1_2_0]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[vlkosek]

ComboFix 17-01-29.01 - Honza 14.02.2017 0:03.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8120.6321 [GMT 1:00]
Spuštěný z: c:\users\Honza\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Honza\Desktop\CFScript.txt
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Honza\AppData\Local\Temp\tmp202C.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NTIOLIB_1_0_C
-------\Legacy_WINRING0_1_2_0
-------\Service_NTIOLib_1_0_C
-------\Service_SkypeUpdate
-------\Service_WinRing0_1_2_0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-01-13 do 2017-02-13 )))))))))))))))))))))))))))))))
.
.
2017-02-13 23:10 . 2017-02-13 23:10 -------- d-----w- C:\$AV_ASW
2017-02-13 23:09 . 2017-02-13 23:09 -------- d-----w- c:\programdata\SWCUTemp
2017-02-13 23:06 . 2017-02-13 23:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-02-13 15:05 . 2017-02-13 15:05 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2017-02-13 15:05 . 2017-02-13 15:05 203680 ----a-w- c:\windows\system32\drivers\zam64.sys
2017-02-13 15:05 . 2017-02-13 15:05 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2017-02-13 15:04 . 2017-02-13 15:04 -------- d-----w- c:\users\Honza\AppData\Local\Zemana
2017-02-11 12:42 . 2017-02-13 15:07 -------- d-----w- C:\AdwCleaner
2017-02-10 20:19 . 2017-02-13 23:10 -------- d-----w- c:\users\Honza\AppData\Local\Temp
2017-02-10 20:19 . 2017-02-10 20:08 24064 ----a-w- c:\windows\zoek-delete.exe
2017-02-10 20:08 . 2017-02-10 20:18 -------- d-----w- C:\zoek_backup
2017-02-10 18:32 . 2017-02-10 18:25 48528 ----a-w- c:\windows\system32\drivers\aswbuniva.sys
2017-02-10 18:32 . 2017-02-10 18:25 334600 ----a-w- c:\windows\system32\drivers\aswbloga.sys
2017-02-10 18:32 . 2017-02-10 18:25 189768 ----a-w- c:\windows\system32\drivers\aswbidsha.sys
2017-02-10 18:32 . 2017-02-10 18:25 309784 ----a-w- c:\windows\system32\drivers\aswbidsdrivera.sys
2017-02-10 18:30 . 2017-02-10 18:30 398408 ----a-w- c:\windows\system32\aswBoot.exe
2017-02-03 21:29 . 2017-02-03 21:29 -------- d-----w- c:\windows\SysWow64\Wat
2017-02-03 21:29 . 2017-02-03 21:29 -------- d-----w- c:\windows\system32\Wat
2017-02-03 06:36 . 2017-02-03 06:36 -------- d-----w- c:\program files (x86)\Common Files\Skype
2017-01-30 11:24 . 2017-01-30 11:24 -------- d-----w- c:\programdata\Sophos
2017-01-30 11:22 . 2017-01-30 11:22 -------- d-----w- c:\program files (x86)\Sophos
2017-01-29 17:56 . 2017-01-29 17:56 -------- d-----w- c:\program files (x86)\Seznam.cz
2017-01-29 17:56 . 2017-01-29 17:56 -------- d-----w- c:\users\Honza\AppData\Roaming\Seznam.cz
2017-01-28 08:50 . 2017-01-28 08:51 -------- d-----w- c:\program files\Core Temp
2017-01-26 00:01 . 2017-01-26 00:01 139720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2017-01-26 00:01 . 2017-01-26 00:01 8976120 ----a-w- c:\windows\SysWow64\atiumdag.dll
2017-01-26 00:00 . 2017-01-26 00:00 10941336 ----a-w- c:\windows\system32\atiumd64.dll
2017-01-26 00:00 . 2017-01-26 00:00 124288 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2017-01-26 00:00 . 2017-01-26 00:00 151056 ----a-w- c:\windows\system32\atiu9p64.dll
2017-01-26 00:00 . 2017-01-26 00:00 275336 ----a-w- c:\windows\system32\GameManager64.dll
2017-01-26 00:00 . 2017-01-26 00:00 240008 ----a-w- c:\windows\SysWow64\GameManager32.dll
2017-01-26 00:00 . 2017-01-26 00:00 281992 ----a-w- c:\windows\system32\dgtrayicon.exe
2017-01-26 00:00 . 2017-01-26 00:00 20360 ----a-w- c:\windows\system32\detoured.dll
2017-01-26 00:00 . 2017-01-26 00:00 20360 ----a-w- c:\windows\SysWow64\detoured.dll
2017-01-26 00:00 . 2017-01-26 00:00 286600 ----a-w- c:\windows\system32\atitmm64.dll
2017-01-26 00:00 . 2017-01-26 00:00 110472 ----a-w- c:\windows\system32\atimuixx.dll
2017-01-26 00:00 . 2017-01-26 00:00 521608 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2017-01-25 23:58 . 2017-01-25 23:58 59784 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2017-01-25 23:57 . 2017-01-25 23:57 59868552 ----a-w- c:\windows\system32\amdocl64.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-02-13 23:07 . 2016-09-03 18:27 65536 ----a-w- c:\windows\system32\spu_storage.bin
2017-02-13 15:09 . 2015-12-29 09:06 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-02-10 19:37 . 2015-12-29 10:16 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-02-10 18:33 . 2013-01-20 20:07 337080 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2017-02-10 18:30 . 2013-01-20 20:07 162528 ----a-w- c:\windows\system32\drivers\aswStm.sys
2017-02-10 18:30 . 2013-01-20 20:07 74680 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-02-10 18:30 . 2013-01-20 20:07 547904 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-02-10 18:30 . 2013-01-20 20:07 38296 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-02-10 18:30 . 2013-01-20 20:07 126088 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-02-10 18:30 . 2013-01-20 20:07 100640 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-02-10 18:28 . 2013-01-20 20:07 991496 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-02-10 18:28 . 2016-03-24 05:28 32088 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-02-08 23:50 . 2015-01-30 16:45 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2017-02-08 23:50 . 2015-01-26 18:50 348360 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2017-02-08 23:50 . 2015-01-26 18:50 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2017-02-03 21:30 . 2015-09-23 19:12 419840 ----a-w- c:\windows\system32\systemcpl.dll
2017-02-03 21:30 . 2015-09-23 19:12 14848 ----a-w- c:\windows\system32\slwga.dll
2017-02-03 21:30 . 2015-09-23 19:12 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2017-02-03 21:30 . 2016-07-31 13:33 1008640 ----a-w- c:\windows\system32\user32.dll
2017-02-03 21:30 . 2016-07-31 13:33 833024 ----a-w- c:\windows\SysWow64\user32.dll
2017-01-26 00:01 . 2013-06-04 23:12 170072 ----a-w- c:\windows\system32\atiuxp64.dll
2017-01-25 23:59 . 2016-11-15 21:17 203144 ----a-w- c:\windows\system32\atig6txx.dll
2017-01-25 23:59 . 2016-11-15 21:17 122760 ----a-w- c:\windows\system32\atig6pxx.dll
2017-01-25 23:59 . 2013-06-04 21:35 1346952 ----a-w- c:\windows\system32\atiadlxx.dll
2017-01-25 23:58 . 2013-06-04 23:11 13372664 ----a-w- c:\windows\system32\atidxx64.dll
2017-01-25 23:58 . 2013-06-04 23:11 1566264 ----a-w- c:\windows\system32\aticfx64.dll
2017-01-25 23:56 . 2016-11-15 21:15 32071048 ----a-w- c:\windows\system32\atio6axx.dll
2017-01-10 21:33 . 2016-01-03 18:50 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-01-10 21:33 . 2016-01-03 18:50 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-02 11:02 . 2017-01-02 11:02 921280 ----a-w- c:\windows\SysWow64\ucrtbase.dll
2017-01-02 11:02 . 2017-01-02 11:02 992960 ----a-w- c:\windows\system32\ucrtbase.dll
2017-01-02 11:02 . 2017-01-02 11:02 53208 ----a-w- c:\windows\avastSS.scr
2016-12-16 00:33 . 2016-12-16 00:33 273696 ----a-w- c:\windows\SysWow64\vulkan-1-1-0-37-0.dll
2016-12-16 00:33 . 2016-03-30 04:50 273696 ----a-w- c:\windows\SysWow64\vulkan-1.dll
2016-12-16 00:33 . 2016-12-16 00:33 111392 ----a-w- c:\windows\SysWow64\vulkaninfo-1-1-0-37-0.exe
2016-12-16 00:33 . 2016-03-30 04:50 111392 ----a-w- c:\windows\SysWow64\vulkaninfo.exe
2016-12-16 00:33 . 2016-12-16 00:33 266528 ----a-w- c:\windows\system32\vulkan-1-1-0-37-0.dll
2016-12-16 00:33 . 2016-03-30 04:50 266528 ----a-w- c:\windows\system32\vulkan-1.dll
2016-12-16 00:32 . 2016-12-16 00:32 125728 ----a-w- c:\windows\system32\vulkaninfo-1-1-0-37-0.exe
2016-12-16 00:32 . 2016-03-30 04:50 125728 ----a-w- c:\windows\system32\vulkaninfo.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\SWCUTemp ----
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2017-02-03 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2017-02-03 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2015-11-10 . 0A78439765E31510D75C9E2284F3A722 . 833024 . . [6.1.7601.17514] .. c:\windows\erdnt\cache86\user32.dll
[7] 2015-11-10 . 0A78439765E31510D75C9E2284F3A722 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_3579d47ab8884c9d\user32.dll
[7] 2015-11-10 . D0A3A0DBF77EE35CE97E55DE92014E05 . 833024 . . [6.1.7601.23265] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_36077453d1a24eea\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-12-21 9292504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2014-04-03 134616]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-02-10 205512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Origin Web Helper Service;Origin Web Helper Service;c:\program files (x86)\Origin\OriginWebHelperService.exe;c:\program files (x86)\Origin\OriginWebHelperService.exe [x]
R3 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 CoordinatorServiceHost;DTSInterops;c:\program files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe;c:\program files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe [x]
R3 cpuz138;cpuz138;c:\users\Honza\AppData\Local\Temp\cpuz138\cpuz138_x64.sys;c:\users\Honza\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 intelsba;Intel(R) Small Business Advantage;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super Charger\ChargeService.exe;c:\program files (x86)\MSI\Super Charger\ChargeService.exe [x]
S2 RemoteSolverDispatcher;Remote Solver for Flow Simulation 2016;c:\program files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe SOFTWARE\SRAC\COSMOS_FloWorks 2016;c:\program files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe SOFTWARE\SRAC\COSMOS_FloWorks 2016 [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - NTIOLIB_1_0_3
*NewlyCreated* - WINRING0_1_2_0
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-02-10 18:30 1479992 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-02-10 18:30 1479992 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-07-15 7637208]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{22154f09-719a-4619-bb71-5b3356999fbf} - c:\programdata\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe
AddRemove-{23daf363-3020-4059-b3ae-dc4ad39fed19} - c:\programdata\Package Cache\{23daf363-3020-4059-b3ae-dc4ad39fed19}\VC_redist.x86.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{d370215a-d003-43ae-a3b6-1028af64d5a1} - c:\programdata\Package Cache\{d370215a-d003-43ae-a3b6-1028af64d5a1}\SetupChipset.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Zemana AntiMalware\ZAM.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2017-02-14 00:16:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2017-02-13 23:16
ComboFix2.txt 2017-02-13 22:59
ComboFix3.txt 2017-02-13 18:48
ComboFix4.txt 2017-02-11 09:43
.
Před spuštěním: Volných bajtů: 47 431 041 024
Po spuštění: Volných bajtů: 47 150 575 616
.
- - End Of File - - 607B38E5979D64C75F3466A73EFFE885
A36C5E4F47E84449FF07ED3517B43A31

[jaro3]

A aswMBR?

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Vlož nový log z HJT + informuj o problémech

[vlkosek]

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-02-14 12:05:24
-----------------------------
12:05:24.432 OS Version: Windows x64 6.1.7601 Service Pack 1
12:05:24.432 Number of processors: 4 586 0x3C03
12:05:24.432 ComputerName: HONZA-PC UserName: Honza
12:05:39.541 Initialize success
12:05:39.556 VM: initialized successfully
12:05:39.556 VM: Intel CPU supported virtualized
12:05:45.462 VM: supported disk I/O ataport.SYS
12:05:53.823 AVAST engine defs: 17021303
12:06:04.774 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:06:04.774 Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476938MB BusType: 11
12:06:04.963 VM: Disk 0 MBR read successfully
12:06:04.963 Disk 0 MBR scan
12:06:04.963 Disk 0 Windows 7 default MBR code
12:06:04.978 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 63
12:06:05.056 Disk 0 Boot: NTFS code=2
12:06:05.119 Disk 0 scanning C:\Windows\system32\drivers
12:06:19.369 Service scanning
12:06:43.806 Modules scanning
12:06:43.806 Disk 0 trace - called modules:
12:06:43.853 ntoskrnl.exe CLASSPNP.SYS disk.sys aswSP.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:06:43.853 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80076bb060]
12:06:43.869 3 aswSP.sys[fffff88003aacafe] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007161060]
12:06:47.001 AVAST engine scan C:\Windows
12:06:51.573 AVAST engine scan C:\Windows\system32
12:10:41.679 AVAST engine scan C:\Windows\system32\drivers
12:11:07.366 AVAST engine scan C:\Users\Honza
12:18:30.420 File: C:\Users\Honza\Desktop\zoek.exe **INFECTED** Win32:Malware-gen
12:22:14.557 AVAST engine scan C:\ProgramData
12:24:41.432 Disk 0 statistics 4876072/0/14 @ 3,20 MB/s
12:24:41.447 Scan finished successfully
13:08:04.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:08:04.882 Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476938MB BusType: 11
13:08:05.204 VM: Disk 0 MBR read successfully
13:08:05.220 Disk 0 MBR scan
13:08:05.220 Disk 0 Windows 7 default MBR code
13:08:05.610 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 63
13:08:05.625 Disk 0 Boot: NTFS code=2
13:08:05.781 Disk 0 scanning C:\Windows\system32\drivers
13:08:20.252 Service scanning
13:08:48.422 Modules scanning
13:08:48.422 Disk 0 trace - called modules:
13:08:48.500 ntoskrnl.exe CLASSPNP.SYS disk.sys aswSP.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:08:48.516 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80076bb060]
13:08:48.516 3 aswSP.sys[fffff88003aacafe] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007161060]
13:09:24.563 AVAST engine scan C:\Windows
13:10:06.517 AVAST engine scan C:\Windows\system32
13:16:32.057 AVAST engine scan C:\Windows\system32\drivers
13:17:49.493 AVAST engine scan C:\Users\Honza
13:25:45.267 File: C:\Users\Honza\Desktop\zoek.exe **INFECTED** Win32:Malware-gen
13:32:03.308 AVAST engine scan C:\ProgramData
13:35:06.588 Disk 0 statistics 9693329/0/28 @ 2,29 MB/s
13:35:06.604 Scan finished successfully
13:39:35.410 Disk 0 MBR has been saved successfully to "C:\Users\Honza\Desktop\MBR.dat"
13:39:35.426 The log file has been saved successfully to "C:\Users\Honza\Desktop\aswMBR.txt"

[vlkosek]

# DelFix v1.013 - Logfile created 14/02/2017 at 14:16:57
# Updated 17/04/2016 by Xplode
# Username : Honza - HONZA-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\Honza\Desktop\adwcleaner_6.043.exe
Deleted : C:\Users\Honza\Desktop\JRT.exe
Deleted : C:\Users\Honza\Desktop\HijackThis.exe
Deleted : C:\Users\Honza\Desktop\MBR.dat
Deleted : C:\Users\Honza\Desktop\RogueKillerX64.exe
Deleted : C:\Users\Honza\Desktop\TFC.exe
Deleted : C:\Users\Honza\Desktop\zoek.exe
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #139 [Windows Update | 02/03/2017 21:29:06]
Deleted : RP #140 [Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 | 02/09/2017 08:17:11]
Deleted : RP #141 [Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 | 02/09/2017 08:40:41]
Deleted : RP #142 [Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 | 02/09/2017 08:41:13]
Deleted : RP #143 [Removed Online.io Application | 02/10/2017 18:10:35]
Deleted : RP #144 [JRT Pre-Junkware Removal | 02/10/2017 19:21:41]
Deleted : RP #145 [zoek.exe restore point | 02/10/2017 20:09:36]
Deleted : RP #146 [ComboFix created restore point | 02/13/2017 18:36:50]

New restore point created !

########## - EOF - ##########

[vlkosek]

zapoměl jsem odinstalovat ten combofix, než jsem rozjel delfix. až ted jsem si toho všiml, je to problém?

žádná okna mě tu už nevyskakují nějakou dobu, tak asi ok, hijack pošlu hned

[vlkosek]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:28:21, on 14.2.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18377)


Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Users\Honza\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" 60
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: DTSInterops (CoordinatorServiceHost) - Dassault Systemes SolidWorks Corporation - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Small Business Advantage (intelsba) - Intel Corporation - C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSI_SuperCharger - MSI - C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Solver for Flow Simulation 2016 (RemoteSolverDispatcher) - Mentor Graphics Corporation - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 7849 bytes

[jaro3]

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.