Tak dnes celý den jsem dělal test paměti, ale myslím, že to nic nenašlo. Nebo možná to neumím dobře interpretovat.
Zde je log z Combofix, který jsem provedl v normálním režimu. Vyhledávání nakažených souborů trvalo asi půl hodiny, celý proces skoro hodinu. Asi je to dost rozhašené. Ale smazalo to jeden soubor a jeden adresář. Restart jsem nedělal, ale pří pokusu o vložení logu na fórum opět modrá obrazovka. Teprve v nouzovém režimu se mi to podařilo:
ComboFix 16-09-28.01 - Dan 01.10.2016 21:33:14.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4007.1633 [GMT 2:00]
Spuštěný z: c:\users\Dan\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dan\AppData\Roaming\.#
c:\users\Dan\Documents\~WRL0003.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-09-01 do 2016-10-01 )))))))))))))))))))))))))))))))
.
.
2016-10-01 20:07 . 2016-10-01 20:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-10-01 20:07 . 2016-10-01 20:07 -------- d-----w- c:\users\Pokus\AppData\Local\temp
2016-10-01 20:07 . 2016-10-01 20:07 -------- d-----w- c:\users\Jana Raková\AppData\Local\temp
2016-10-01 20:07 . 2016-10-01 20:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-10-01 07:50 . 2016-10-01 09:10 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2016-09-29 19:19 . 2016-09-29 19:19 -------- d-----w- c:\program files\WinRAR
2016-09-29 18:47 . 2016-09-08 19:47 391496 ----a-w- c:\windows\system32\aswBoot.exe
2016-09-25 20:16 . 2016-09-25 22:05 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-09-25 20:15 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-09-25 20:15 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-09-25 20:15 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-09-25 20:15 . 2016-09-30 04:42 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-09-18 20:48 . 2016-08-31 22:58 1550848 ------w- c:\windows\system32\urlmon.dll
2016-09-18 20:48 . 2016-09-01 00:24 2894336 ------w- c:\windows\system32\iertutil.dll
2016-09-18 20:48 . 2016-09-01 00:43 2445824 ------w- c:\windows\SysWow64\wininet.dll
2016-09-18 20:47 . 2016-08-31 23:10 2921472 ------w- c:\windows\system32\wininet.dll
2016-09-18 20:36 . 2016-08-16 17:36 1009152 ------w- c:\windows\system32\user32.dll
2016-09-18 20:36 . 2016-08-16 02:48 833024 ------w- c:\windows\SysWow64\user32.dll
2016-09-18 20:36 . 2016-08-06 15:31 877056 ------w- c:\windows\system32\oleaut32.dll
2016-09-18 20:36 . 2016-08-06 15:15 581632 ------w- c:\windows\SysWow64\oleaut32.dll
2016-09-17 10:20 . 2016-09-17 10:20 -------- d-----w- c:\users\Default\AppData\Local\Trusteer
2016-09-09 05:11 . 2016-09-09 05:11 -------- d-----w- c:\users\Dan\AppData\Local\CEF
2016-09-08 19:46 . 2016-09-08 19:46 53208 ----a-w- c:\windows\avastSS.scr
2016-09-02 17:50 . 2016-09-25 19:49 -------- d-----w- c:\users\Jana Raková\AppData\Local\Trusteer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-09-25 20:06 . 2015-11-26 20:40 513632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-09-13 20:37 . 2014-10-06 17:01 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-09-13 20:37 . 2014-10-06 17:01 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-09-13 19:58 . 2015-11-26 20:40 969184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-09-12 18:21 . 2016-08-05 20:25 490792 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2016-09-12 18:21 . 2016-08-05 20:25 236264 ----a-w- c:\windows\system32\drivers\RapportHades64.sys
2016-09-08 19:47 . 2015-11-26 20:40 163416 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-09-08 19:47 . 2015-11-26 20:40 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-09-08 19:47 . 2015-11-26 20:40 292704 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-09-08 19:47 . 2015-11-26 20:40 108816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-09-08 19:47 . 2015-11-26 20:40 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-09-08 19:47 . 2015-11-26 20:40 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-09-08 19:46 . 2016-01-25 22:15 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-09-02 15:30 . 2016-09-18 20:40 345600 ------w- c:\windows\system32\schannel.dll
2016-08-15 16:15 . 2014-09-25 20:16 147640136 -c--a-w- c:\windows\system32\MRT.exe
2016-08-02 14:54 . 2016-08-14 12:55 394440 ----a-w- c:\windows\system32\iedkcs32.dll
2016-08-02 06:54 . 2016-08-14 12:55 25808384 ----a-w- c:\windows\system32\mshtml.dll
2016-08-02 06:47 . 2016-08-14 12:55 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-08-02 06:47 . 2016-08-14 12:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-08-02 06:32 . 2016-08-14 12:55 66560 ----a-w- c:\windows\system32\iesetup.dll
2016-08-02 06:32 . 2016-08-14 12:55 2894336 ----a-w- c:\windows\system32\iertutil(126).dll
2016-08-02 06:31 . 2016-08-14 12:55 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-08-02 06:31 . 2016-08-14 12:55 417792 ----a-w- c:\windows\system32\html.iec
2016-08-02 06:31 . 2016-08-14 12:55 572416 ----a-w- c:\windows\system32\vbscript.dll
2016-08-02 06:31 . 2016-08-14 12:55 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-08-02 06:24 . 2016-08-14 12:55 54784 ----a-w- c:\windows\system32\jsproxy.dll
2016-08-02 06:23 . 2016-08-14 12:55 34304 ----a-w- c:\windows\system32\iernonce.dll
2016-08-02 06:20 . 2016-08-14 12:55 615936 ----a-w- c:\windows\system32\ieui.dll
2016-08-02 06:19 . 2016-08-14 12:55 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-08-02 06:19 . 2016-08-14 12:55 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2016-08-02 06:18 . 2016-08-14 12:55 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2016-08-02 06:18 . 2016-08-14 12:55 817664 ----a-w- c:\windows\system32\jscript.dll
2016-08-02 06:18 . 2016-08-14 12:55 6047744 ----a-w- c:\windows\system32\jscript9.dll
2016-08-02 06:11 . 2016-08-14 12:55 969216 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-08-02 06:08 . 2016-08-14 12:55 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2016-08-02 06:03 . 2016-08-14 12:55 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2016-08-02 06:00 . 2016-08-14 12:55 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-08-02 05:59 . 2016-08-14 12:55 107520 ----a-w- c:\windows\system32\inseng.dll
2016-08-02 05:56 . 2016-08-14 12:55 199680 ----a-w- c:\windows\system32\msrating.dll
2016-08-02 05:55 . 2016-08-14 12:55 92160 ----a-w- c:\windows\system32\mshtmled.dll
2016-08-02 05:53 . 2016-08-14 12:55 315392 ----a-w- c:\windows\system32\dxtrans.dll
2016-08-02 05:51 . 2016-08-14 12:55 497664 ----a-w- c:\windows\SysWow64\vbscript.dll
2016-08-02 05:51 . 2016-08-14 12:55 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2016-08-02 05:51 . 2016-08-14 12:55 152064 ----a-w- c:\windows\system32\occache.dll
2016-08-02 05:51 . 2016-08-14 12:55 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2016-08-02 05:51 . 2016-08-14 12:55 341504 ----a-w- c:\windows\SysWow64\html.iec
2016-08-02 05:50 . 2016-08-14 12:55 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2016-08-02 05:47 . 2016-08-14 12:55 2286592 ----a-w- c:\windows\SysWow64\iertutil(154).dll
2016-08-02 05:41 . 2016-08-14 12:55 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2016-08-02 05:41 . 2016-08-14 12:55 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2016-08-02 05:40 . 2016-08-14 12:55 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-08-02 05:38 . 2016-08-14 12:55 724992 ----a-w- c:\windows\system32\ie4uinit.exe
2016-08-02 05:38 . 2016-08-14 12:55 806400 ----a-w- c:\windows\system32\msfeeds.dll
2016-08-02 05:37 . 2016-08-14 12:55 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-08-02 05:36 . 2016-08-14 12:55 2131456 ----a-w- c:\windows\system32\inetcpl.cpl
2016-08-02 05:29 . 2016-08-14 12:55 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2016-08-02 05:28 . 2016-08-14 12:55 15412224 ----a-w- c:\windows\system32\ieframe.dll
2016-08-02 05:23 . 2016-08-14 12:55 2868224 ----a-w- c:\windows\system32\wininet(148).dll
2016-08-02 05:21 . 2016-08-14 12:55 4608000 ----a-w- c:\windows\SysWow64\jscript9.dll
2016-08-02 05:14 . 2016-08-14 12:55 2055680 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2016-08-02 05:14 . 2016-08-14 12:55 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2016-08-02 05:10 . 2016-08-14 12:55 1550848 ----a-w- c:\windows\system32\urlmon(144).dll
2016-08-02 04:59 . 2016-08-14 12:55 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2016-08-02 04:56 . 2016-08-14 12:55 2393088 ----a-w- c:\windows\SysWow64\wininet(163).dll
2016-08-02 04:53 . 2016-08-14 12:55 1316352 ----a-w- c:\windows\SysWow64\urlmon(161).dll
2016-07-09 22:11 . 2010-06-24 18:33 24800 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2016-07-08 15:37 . 2016-08-14 12:56 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-07-08 15:37 . 2016-08-14 12:56 154856 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-07-08 15:32 . 2016-08-18 20:22 2048 ----a-w- c:\windows\system32\tzres.dll
2016-07-08 15:32 . 2016-08-14 12:56 86528 ----a-w- c:\windows\system32\TSpkg(143).dll
2016-07-08 15:32 . 2016-08-14 12:56 210432 ----a-w- c:\windows\system32\wdigest(146).dll
2016-07-08 15:32 . 2016-08-14 12:56 28672 ----a-w- c:\windows\system32\sspisrv(142).dll
2016-07-08 15:32 . 2016-08-14 12:56 135680 ----a-w- c:\windows\system32\sspicli(141).dll
2016-07-08 15:32 . 2016-08-14 12:56 343552 ----a-w- c:\windows\system32\schannel(137).dll
2016-07-08 15:32 . 2016-08-14 12:56 1212928 ----a-w- c:\windows\system32\rpcrt4(136).dll
2016-07-08 15:32 . 2016-08-14 12:56 28160 ----a-w- c:\windows\system32\secur32(138).dll
2016-07-08 15:32 . 2016-08-14 12:56 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-07-08 15:32 . 2016-08-14 12:56 316416 ----a-w- c:\windows\system32\msv1_0(132).dll
2016-07-08 15:32 . 2016-08-14 12:56 312320 ----a-w- c:\windows\system32\ncrypt(133).dll
2016-07-08 15:32 . 2016-08-14 12:56 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-07-08 15:32 . 2016-08-14 12:56 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-07-08 15:32 . 2016-08-14 12:56 1464320 ----a-w- c:\windows\system32\lsasrv(130).dll
2016-07-08 15:32 . 2016-08-14 12:56 730624 ----a-w- c:\windows\system32\kerberos(127).dll
2016-07-08 15:32 . 2016-08-14 12:56 43520 ----a-w- c:\windows\system32\cryptbase(120).dll
2016-07-08 15:32 . 2016-08-14 12:56 22016 ----a-w- c:\windows\system32\credssp(118).dll
2016-07-08 15:32 . 2016-08-14 12:56 463872 ----a-w- c:\windows\system32\certcli.dll
2016-07-08 15:32 . 2016-08-14 12:56 690688 ----a-w- c:\windows\system32\adtschema.dll
2016-07-08 15:17 . 2016-08-14 12:56 96768 ----a-w- c:\windows\SysWow64\sspicli(160).dll
2016-07-08 15:17 . 2016-08-14 12:56 666112 ----a-w- c:\windows\SysWow64\rpcrt4(159).dll
2016-07-08 15:16 . 2016-08-18 20:22 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2016-07-08 15:16 . 2016-08-14 12:56 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2016-07-08 15:16 . 2016-08-14 12:56 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2016-07-08 15:16 . 2016-08-14 12:56 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-07-08 15:16 . 2016-08-14 12:56 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2016-07-08 15:16 . 2016-08-14 12:56 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-07-08 15:16 . 2016-08-14 12:56 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2016-07-08 15:16 . 2016-08-14 12:56 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2016-07-08 15:16 . 2016-08-14 12:56 260608 ----a-w- c:\windows\SysWow64\msv1_0.dll
2016-07-08 15:16 . 2016-08-14 12:56 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2016-07-08 15:16 . 2016-08-14 12:56 553472 ----a-w- c:\windows\SysWow64\kerberos.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-04 336384]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-02-03 1522536]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-09-12 9107616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-19 1202976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
2;2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms;c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 RapportHades64;RapportHades64;c:\windows\System32\Drivers\RapportHades64.sys;c:\windows\SYSNATIVE\Drivers\RapportHades64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S1 RapportCerberus_1609053;RapportCerberus_1609053;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 ClickToRunSvc;Služba Microsoft Office ClickToRun;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-08-08 20:23 1262408 ----a-w- c:\program files (x86)\Google\Chrome\Application\52.0.2743.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-06 20:37]
.
2016-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-10-22 22:09]
.
2016-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-10-22 22:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-09-24 22:11 2340472 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-09-24 22:11 2340472 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-09-24 22:11 2340472 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-09-08 19:47 1031520 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"TpShocks"="TpShocks.exe" [2011-01-14 380776]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-26 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-26 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-26 418840]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-27 41320]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2010-12-17 281448]
"FAHConsole"="c:\program files\File Association Helper\FAHConsole.exe" [2014-01-28 729272]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default\
FF - prefs.js: browser.startup.homepage -
www.google.com
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020101}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Alias]
@=""
"0"="ActionsPane Schema for Add-Ins"
.
Celkový čas: 2016-10-01 22:23:00
ComboFix-quarantined-files.txt 2016-10-01 20:22
.
Před spuštěním: Volných bajtů: 69 472 018 432
Po spuštění: Volných bajtů: 69 030 105 088
.
- - End Of File - - 8C8646CE0301C2DF0459B2445136A9E9
Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.) 
Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Zkousel jste odinstalovat ten Avast?
Přispějete na provoz fóra?