Zemana AntiMalware 2.72.2.101 (inštalačná verzia)
-------------------------------------------------------
Scan Result : Dokončené
Scan Date : 2017/2/15
Operating System : Windows 7 64-bit
Processor : 4X Intel(R) Core(TM)2 Quad CPU Q8400 @ 2.66GHz
BIOS Mode : Legacy
CUID : 124C7CE60FE06ADEE37F80
Scan Type : Kontrola systému
Duration : 22m 16s
Scanned Objects : 159087
Detected Objects : 8
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Zapnuté
Detect All Extensions : Vypnuté
Scan Documents : Vypnuté
Domain Info : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
ClockworkMod
Status : Skontrolované
Object : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8E9FBA4F0A0974EF5DA6939F17D49F682C78E76E\Blob
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podozrivá koreňová certifikačná autorita
Cleaning Action : Vymazať
Related Objects :
Záznam registra - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8E9FBA4F0A0974EF5DA6939F17D49F682C78E76E\Blob = 1900000001000000100000004321E029B1DFB58332B4E12D3684B1BA0F00000001000000140000004197EEB33C029DA9C95DF96F3E79C000823926060300000001000000140000008E9FBA4F0A0974EF5DA6939F17D49F682C78E76E14000000010000001400000043A30E1537E622AF0B33246E665F1ABA53273694200000000100000000030000308202FC308201E8A003020102021045FFC961E0ED6DBC4F552B7D1451104A300906052B0E03021D05003017311530130603550403130C436C6F636B776F726B4D6F64301E170D3133303430373233313334345A170D3339313233313233353935395A3017311530130603550403130C436C6F636B776F726B4D6F6430820122300D06092A864886F70D01010105000382010F003082010A0282010100DA79369D868709997C40830E263A887C28CD8E64E569B7BA0FEF133AB825E80633BFF9B8A8439518ABAC49C394061A0A82E3A314FAABDEDB0ACF45DA482B18A1F303BB2434A0886B1F44F50B3CE96E4AFB7E90B0A6F2EB2241D4004AAB7B89BA94240E190753B5509E0EEF626B5BDF75BAEC8B2ED66B5D66144057CEBD98C1635D186B9B9A4E216813D90C7561CEB1B21C9863515587B7A1D0494294C96C8F096CB92772D26CE1F44E86953E47CE641FF67C0C83B818030583F7AC560D8E6FBDDCD98CC8B03F535D0515F157551E09C1AEDD794AD8E9D45649437BE48A88F7B3225C92A95E9C0D54BA57F3C6D7F9EAC1AECF624718912FA6B8DC7CCAD13415270203010001A34C304A30480603551D010441303F8010A7571CAADAC4F456624305DC75A92FEEA1193017311530130603550403130C436C6F636B776F726B4D6F64821045FFC961E0ED6DBC4F552B7D1451104A300906052B0E03021D05000382010100003CDC97A66A3D5B012A163EF57499E469595BBAA1CA37A7B27EFFE614889E76F586DAB0DD60E2D3C1C6B2E1583C4614747D696E75C82B7051FFE3DE80486A59E643329B9C751E429B27CAD025FC1BE66F1ED5910AAA79C70293196B9E13FE8D2239A3672737400DCC67B8D9510D594C9041FCC27A41BE8F08A1F49B922FCD4E3E2049B7D5C378DB362498F0E9B2A370E384D764259DB230F09F7F8A77D0A71EF07CEF836F7EB69A69ECA2DFE1ACD8AA4D50D31FDAE05FC8C7A8684BE4790B98F2A12DD26A06F2A4929031EEA3FD9E6A13363B8C7DCF36797034B20EECB7F4F8795CA6081C29BD6632F1D964D5FF48FA54FAC117CF16F0785ABE5DB375880538
DigiCert Assured ID Code Signing CA-1
Status : Skontrolované
Object : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\53E425C3FB93B9C0A0B3CD501BA2782EC65515EC\Blob
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podozrivá koreňová certifikačná autorita
Cleaning Action : Vymazať
Related Objects :
Záznam registra - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\53E425C3FB93B9C0A0B3CD501BA2782EC65515EC\Blob = 190000000100000010000000B010A99BD54043BD8275CE1E643A129A0F000000010000001400000027938B39783737966FB836D703BC71E57A58752203000000010000001400000053E425C3FB93B9C0A0B3CD501BA2782EC65515EC140000000100000014000000D9412EFE98B8E1CE87E6D9330185410B8FE7A72F200000000100000087060000308206833082056BA00302010202100FA086E6DCEFEB28E3A2B11C6E4F69A5300D06092A864886F70D0101050500306F310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D312E302C060355040313254469676943657274204173737572656420494420436F6465205369676E696E672043412D31301E170D3133303430343030303030305A170D3136303430373132303030305A304F310B30090603550406130244453110300E0603550407130748616D6275726731163014060355040A130D426967706F696E7420476D6248311630140603550403130D426967706F696E7420476D624830820122300D06092A864886F70D01010105000382010F003082010A0282010100A4141AA9757ACC20DE2714C66160B541F726281322F78AC2321A5FAA67EC51918D4BC240907CA8685774E50DBCCA5FA93039EC0E5E3F07AC607FAF86C38C3821BD8394DB550368724AAD7F935BB9FE73B3CA2F88F5A0BBEFB3124380ACB9C925FC3E7846FA355F512D86188FA77127D8B127EE9792F8AA826D3AA852440DAF0AD99DFD4B8F08D2063AA3CD060905494967405E9BBB26711D7DB983CC8EC69DC3D275C28037E8C714BA9F4C3ABD8C6F25038C1212D51E0445EDD47129FF1743BDB3174E16CB56A1FB72849CBFA40E69CD0AA7B98FAF713F6FD8E1FABB288791FA0C0271C43755C398BBF338B82B691CF2F0C289EAFB25EB8364A8567676C1756F0203010001A382033930820335301F0603551D230418301680147B68CE29AAC017BE497AE1E53FD6A7F7458F3532301D0603551D0E04160414D9412EFE98B8E1CE87E6D9330185410B8FE7A72F300E0603551D0F0101FF04040302078030130603551D25040C300A06082B0601050507030330730603551D1F046C306A3033A031A02F862D687474703A2F2F63726C332E64696769636572742E636F6D2F617373757265642D63732D32303131612E63726C3033A031A02F862D687474703A2F2F63726C342E64696769636572742E636F6D2F617373757265642D63732D32303131612E63726C308201C40603551D20048201BB308201B7308201B306096086480186FD6C0301308201A4303A06082B06010505070201162E687474703A2F2F7777772E64696769636572742E636F6D2F73736C2D6370732D7265706F7369746F72792E68746D3082016406082B06010505070202308201561E8201520041006E007900200075007300650020006F00660020007400680069007300200043006500720074006900660069006300610074006500200063006F006E0073007400690074007500740065007300200061006300630065007000740061006E006300650020006F00660020007400680065002000440069006700690043006500720074002000430050002F00430050005300200061006E00640020007400680065002000520065006C00790069006E0067002000500061007200740079002000410067007200650065006D0065006E00740020007700680069006300680020006C0069006D006900740020006C0069006100620069006C00690074007900200061006E0064002000610072006500200069006E0063006F00720070006F00720061007400650064002000680065007200650069006E0020006200790020007200650066006500720065006E00630065002E30818206082B0601050507010104763074302406082B060105050730018618687474703A2F2F6F6373702E64696769636572742E636F6D304C06082B060105050730028640687474703A2F2F636163657274732E64696769636572742E636F6D2F4469676943657274417373757265644944436F64655369676E696E6743412D312E637274300C0603551D130101FF04023000300D06092A864886F70D01010505000382010100357CDEA0FCEFE289C515A7DD6E35ECD5E6388FC113A8A15B95EF30418BAC8CE543E3E5A6B953EA2C930557AA4391174C14DB53C0D35F14F4066D334FB3660D254608523463B66096538A1898BAE2592CA439A7BABD6E5595120672854EDF6AA38A0B64E337747D49D8817A697CE075C2E3BF6031DDA25F4F83D7CF0FC01925FE6AD81030041D9CAEDEF9FD24923D0F1598A1E212DBC7EFFA4CF9DBCE5C2586B3D81BA33136F8E1FCA08F4E141700A9113D802B1936185739F5ED88DD19BFB09AB986534A06E7D099428EDC62F64D757428C5E0BF923ED6487B29頻ࡈ鷳ŋŒퟜࡈðGlobalSign CodeSigning CA - G2
Status : Skontrolované
Object : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\2EE8D6982CEDAA5666E9B5F55535A36E3A3932A2\Blob
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podozrivá koreňová certifikačná autorita
Cleaning Action : Vymazať
Related Objects :
Záznam registra - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\2EE8D6982CEDAA5666E9B5F55535A36E3A3932A2\Blob = 190000000100000010000000C84538EE0D3FBA9AFB3B1CAE2067EA9E0F00000001000000140000009EF9494BA4967B969E1061163DD655AAC1F8EFF60300000001000000140000002EE8D6982CEDAA5666E9B5F55535A36E3A3932A2140000000100000014000000937F80F06D9A1B5779B9BA11A27914D06E52C3922000000001000000C0040000308204BC308203A4A00302010202121121356405609AB95F8DDB13164B82F96DE5300D06092A864886F70D01010505003051310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D7361312730250603550403131E476C6F62616C5369676E20436F64655369676E696E67204341202D204732301E170D3132303532393137353230325A170D3135303533303137353230325A308188310B300906035504061302425A310F300D0603550408130642656C697A65311430120603550407130B42656C697A65206369747931163014060355040A130D4469736320536F6674204C7464311630140603550403130D4469736320536F6674204C74643122302006092A864886F70D010901161366696E707240646973632D736F66742E636F6D30820122300D06092A864886F70D01010105000382010F003082010A0282010100BE8F3BCF9AE445DBC426AEA6FAAFA55A2BC9970F33D6B07C0DC723F7AA5723B6089A2913FDC3C0E86A9E9683DB416ECAF4A108D110BA5B6F462DEF825E810AFA540DFA11D524B99297C37F36429A891A0B612A4E7A2742673AF6F76F72C9C1467A3861254C27CD45A65D413743E57FDE2D2D43A23FA3DDA9F1FD4B1CC6F1E069CDBDFCAC1FFC71D7DF74F87E3CC9BAB7473916302F439546634B47DAFF625FD92BFC6A435ED4B7C063C19F8066357BDD1A919FDE5DF5D04B54D1FC3973A4ACB2891076388B2A3D8D2CD452577CE860A1EFD6E5D5A906CCB0D65AB9AF9EF9A3F5B9A43A315DF56D55CA534190B250787351CA6F045200175D0DF3F82F9F6CD0DD0203010001A382015430820150300E0603551D0F0101FF040403020780304C0603551D2004453043304106092B06010401A03201323034303206082B06010505070201162668747470733A2F2F7777772E676C6F62616C7369676E2E636F6D2F7265706F7369746F72792F30090603551D130402300030130603551D25040C300A06082B06010505070303303E0603551D1F043730353033A031A02F862D687474703A2F2F63726C2E676C6F62616C7369676E2E636F6D2F67732F6773636F64657369676E67322E63726C305006082B0601050507010104443042304006082B060105050730028634687474703A2F2F7365637572652E676C6F62616C7369676E2E636F6D2F6361636572742F6773636F64657369676E67322E637274301D0603551D0E04160414937F80F06D9A1B5779B9BA11A27914D06E52C392301F0603551D23041830168014086ED8B69C8ABFED3ED7C3745DCC801FA82F507A300D06092A864886F70D0101050500038201010039D923CA8BACB7A13AEB2C1114A92E27353871F58AC1DD9D0B7E930F795C7D86CB2BE9FD0F30FD0449D3029A0E6B1350432D29B012CA85A627C8A92F239D380084BCFA456629BDC20243553F4E3AD43EB714F580793C6B955319FC0CE47326F9E6B0EA1610EFDCA100895F23D2527779A6A13B22BD54A7B4A0C57A655768ACE3ACD87B91EAC4B42B1057BA017865B7E027B919175607DF73CFD1AEF66E296181A5B28B54A329910C80619D0329D3B46E98D62574E37E10135DC4A26F3F7FE256F09F93839B6692E04233B7626CDA00773A214C474F645AFF7DBAB6343A4CBE9FACDE015D89B19945698475315D04F6A17BF0D2F5A41916E629DC91C87F7E3692
Firefox Search
Status : Skontrolované
Object : Ask Search - http://search.ask.com
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podozrivé nastavenie prehliadača
Cleaning Action : Opraviť
Related Objects :
Nastavenie prehliadača - Firefox Search
Firefox Search
Status : Skontrolované
Object : Ask Search - http://ss.websearch.ask.com
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podozrivé nastavenie prehliadača
Cleaning Action : Opraviť
Related Objects :
Nastavenie prehliadača - Firefox Search
Ellinia.exe
Status : Skontrolované
Object : %userprofile%\desktop\ellinia.exe
MD5 : C6EF4A14C91F237E966DE210F03E20D3
Publisher : -
Size : 2643456
Version : 1.1.5999.321
Detection : Malware:Win32/Tamaca!Atat
Cleaning Action : Karanténa
Related Objects :
Súbor - %userprofile%\desktop\ellinia.exe
PlayBlackDesert.exe
Status : Skontrolované
Object : %userprofile%\downloads\playblackdesert.exe
MD5 : C12558CD1B2662AE1E683D38F67689EC
Publisher : Syncopate LLC
Size : 478768
Version : 1.0.1084.0
Detection : Adware:Win32/Quarand!Rtrr
Cleaning Action : Karanténa
Related Objects :
Súbor - %userprofile%\downloads\playblackdesert.exe
AutoKMS.exe
Status : Skontrolované
Object : %systemroot%\autokms\autokms.exe
MD5 : 6852A0AC61131F03B516E627FAC86D1A
Publisher : -
Size : 6191616
Version : 2.6.2.0
Detection : PUA:Win32/HackTool.Gen
Cleaning Action : Karanténa
Related Objects :
Súbor - %systemroot%\autokms\autokms.exe
Naplánovaná úloha - C:\Windows\System32\Tasks\AutoKMS
Cleaning Result
-------------------------------------------------------
Cleaned : 8
Reported as safe : 0
Failed : 0
Prosím o kontrolu logu Vyřešeno
Re: Prosím o kontrolu logu
Combofix je už nejakú dobu zaseknutá na hláške "Preparing Log report. Do not run any programs until Combofix has finished"..
Po hodine som to vzdal. Dočítal som sa na nete, že sa to občas stáva, každopádne som našiel log v C:\Combofix\Combofix.txt
Dúfam, že som urobil dobre..
________________________________________________
ComboFix 17-01-29.01 - Miro . 02. 2017 20:02:17.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.8190.5986 [GMT 1:00]
Running from: C:\Users\Miro\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: ESET Personální firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\ProgramData\ntuser.pol
C:\Users\Miro\AppData\Localtransition_5485ed04d401a80230d1577f054c3c18.ini
C:\Windows\security\Database\tmp.edb
((((((((((((((((((((((((( Files Created from 2017-01-15 to 2017-02-15 )))))))))))))))))))))))))))))))
2017-02-15 19:20:45 . 2017-02-15 19:20:45 -------- d-----w- C:\Users\Default\AppData\Local\temp
2017-02-15 18:31:08 . 2017-02-15 18:31:08 203680 ----a-w- C:\Windows\system32\drivers\zam64.sys
2017-02-15 18:31:02 . 2017-02-15 18:31:02 203680 ----a-w- C:\Windows\system32\drivers\zamguard64.sys
2017-02-15 18:30:54 . 2017-02-15 18:31:14 -------- d-----w- C:\Program Files (x86)\Zemana AntiMalware
2017-02-15 18:30:21 . 2017-02-15 18:30:21 -------- d-----w- C:\Users\Miro\AppData\Local\Zemana
2017-02-15 18:28:08 . 2017-02-15 18:28:08 -------- d-----w- C:\ProgramData\ProductData
2017-02-15 18:24:29 . 2017-02-15 17:40:54 24064 ----a-w- C:\Windows\zoek-delete.exe
2017-02-15 18:24:28 . 2017-02-15 19:20:45 -------- d-----w- C:\Users\Miro\AppData\Local\Temp
2017-02-15 17:40:55 . 2017-02-15 18:19:25 -------- d-----w- C:\zoek_backup
2017-02-13 08:28:53 . 2017-02-15 15:01:04 28272 ----a-w- C:\Windows\system32\drivers\TrueSight.sys
2017-02-13 08:28:30 . 2017-02-15 17:38:45 -------- d-----w- C:\ProgramData\RogueKiller
2017-02-11 10:43:08 . 2017-02-15 15:00:03 176584 ----a-w- C:\Windows\system32\drivers\MBAMChameleon.sys
2017-02-11 10:42:58 . 2017-02-15 18:26:33 110536 ----a-w- C:\Windows\system32\drivers\farflt.sys
2017-02-11 10:42:57 . 2017-02-15 18:26:32 81696 ----a-w- C:\Windows\system32\drivers\mwac.sys
2017-02-11 10:42:53 . 2017-02-15 18:26:32 43968 ----a-w- C:\Windows\system32\drivers\mbam.sys
2017-02-11 10:42:49 . 2017-02-15 18:26:31 251848 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2017-02-11 10:42:36 . 2017-01-20 06:47:44 77416 ----a-w- C:\Windows\system32\drivers\mbae64.sys
2017-02-11 10:42:25 . 2017-02-11 10:42:25 -------- d-----w- C:\Program Files\Malwarebytes
2017-02-11 10:23:20 . 2017-02-11 10:23:20 -------- d-----w- C:\Users\Miro\AppData\Local\Adobe
2017-02-10 17:40:01 . 2017-02-10 17:40:01 -------- d-----w- C:\ProgramData\Sophos
2017-02-10 17:36:26 . 2017-02-10 17:36:26 -------- d-----w- C:\Program Files (x86)\Sophos
2017-02-10 17:05:55 . 2017-02-10 17:05:55 -------- d-----w- C:\Program Files (x86)\Common Files\IObit
2017-02-10 17:04:47 . 2017-02-10 17:04:47 -------- d-----w- C:\Program Files (x86)\IObit
2017-02-10 17:04:36 . 2017-02-10 17:36:13 -------- d-----w- C:\Users\Miro\AppData\Roaming\IObit
2017-02-10 17:04:36 . 2017-02-10 17:05:56 -------- d-----w- C:\ProgramData\IObit
2017-02-04 14:21:44 . 2017-01-20 18:41:08 1755072 ----a-w- C:\Windows\system32\nvspbridge64.dll
2017-02-04 14:21:42 . 2017-01-20 18:41:07 1317312 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2017-02-04 14:21:42 . 2017-01-20 18:41:07 120256 ----a-w- C:\Windows\system32\NvRtmpStreamer64.dll
2017-02-04 14:21:41 . 2017-01-20 18:41:09 1872320 ----a-w- C:\Windows\system32\nvspcap64.dll
2017-02-04 14:21:41 . 2017-01-20 18:41:08 1464768 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2017-02-04 14:20:45 . 2017-01-20 14:07:48 1951 ----a-w- C:\Windows\NvContainerRecovery.bat
2017-02-04 14:20:45 . 2017-01-20 13:36:21 1951 ----a-w- C:\Windows\NvTelemetryContainerRecovery.bat
2017-02-04 14:20:01 . 2017-01-20 18:41:02 57792 ----a-w- C:\Windows\system32\drivers\nvvhci.sys
2017-01-28 16:59:32 . 2017-01-28 16:59:32 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2017-01-25 03:01:31 . 2017-02-11 03:50:30 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DCCDDE1A-FE76-45EF-98E5-60A6DA0BE532}\offreg.dll
2017-01-24 09:04:17 . 2017-01-24 09:05:30 -------- d-----w- C:\Users\Miro\AppData\Local\Viber
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2017-02-15 09:28:38 . 2015-05-08 11:19:32 119296 ----a-w- C:\Windows\SysWow64\zlib.dll
2017-02-14 15:06:19 . 2014-12-30 12:57:34 802904 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2017-02-14 15:06:19 . 2014-12-30 12:57:34 144472 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-20 18:41:02 . 2016-10-14 14:08:54 46016 ----a-w- C:\Windows\system32\drivers\nvvad64v.sys
2017-01-20 18:41:01 . 2016-10-14 14:08:53 156608 ----a-w- C:\Windows\system32\nvaudcap64v.dll
2017-01-20 18:41:01 . 2016-10-14 14:08:53 124352 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2016-12-03 00:31:22 . 2015-03-31 22:43:41 678560 ----a-w- C:\Windows\SysWow64\%InstallDir%speclean.new
2015-03-26 11:48:46 . 2015-03-26 11:48:46 2174976 ----a-w- C:\Program Files (x86)\Common Files\atimpenc.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:15:20 463360 ----a-w- C:\Users\Miro\AppData\Local\MEGAsync\ShellExtX32.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:15:20 463360 ----a-w- C:\Users\Miro\AppData\Local\MEGAsync\ShellExtX32.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:15:20 463360 ----a-w- C:\Users\Miro\AppData\Local\MEGAsync\ShellExtX32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" [2012-08-17 10:44:19 3345408]
"uTorrent"="C:\Users\Miro\AppData\Roaming\uTorrent\uTorrent.exe" [2017-02-04 12:15:53 2143936]
"Akamai NetSession Interface"="C:\Users\Miro\AppData\Local\Akamai\netsession_win.exe" [2015-09-10 18:05:30 4691384]
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe" [2016-09-28 17:24:00 8944344]
"Dropbox Update"="C:\Users\Miro\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2016-11-04 22:36:15 143144]
"Viber"="C:\Users\Miro\AppData\Local\Viber\Viber.exe" [2017-01-16 16:00:48 43999824]
"f.lux"="C:\Users\Miro\AppData\Local\FluxSoftware\Flux\flux.exe" [2016-12-06 00:25:46 1024240]
Po hodine som to vzdal. Dočítal som sa na nete, že sa to občas stáva, každopádne som našiel log v C:\Combofix\Combofix.txt
Dúfam, že som urobil dobre..
________________________________________________
ComboFix 17-01-29.01 - Miro . 02. 2017 20:02:17.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.8190.5986 [GMT 1:00]
Running from: C:\Users\Miro\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: ESET Personální firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\ProgramData\ntuser.pol
C:\Users\Miro\AppData\Localtransition_5485ed04d401a80230d1577f054c3c18.ini
C:\Windows\security\Database\tmp.edb
((((((((((((((((((((((((( Files Created from 2017-01-15 to 2017-02-15 )))))))))))))))))))))))))))))))
2017-02-15 19:20:45 . 2017-02-15 19:20:45 -------- d-----w- C:\Users\Default\AppData\Local\temp
2017-02-15 18:31:08 . 2017-02-15 18:31:08 203680 ----a-w- C:\Windows\system32\drivers\zam64.sys
2017-02-15 18:31:02 . 2017-02-15 18:31:02 203680 ----a-w- C:\Windows\system32\drivers\zamguard64.sys
2017-02-15 18:30:54 . 2017-02-15 18:31:14 -------- d-----w- C:\Program Files (x86)\Zemana AntiMalware
2017-02-15 18:30:21 . 2017-02-15 18:30:21 -------- d-----w- C:\Users\Miro\AppData\Local\Zemana
2017-02-15 18:28:08 . 2017-02-15 18:28:08 -------- d-----w- C:\ProgramData\ProductData
2017-02-15 18:24:29 . 2017-02-15 17:40:54 24064 ----a-w- C:\Windows\zoek-delete.exe
2017-02-15 18:24:28 . 2017-02-15 19:20:45 -------- d-----w- C:\Users\Miro\AppData\Local\Temp
2017-02-15 17:40:55 . 2017-02-15 18:19:25 -------- d-----w- C:\zoek_backup
2017-02-13 08:28:53 . 2017-02-15 15:01:04 28272 ----a-w- C:\Windows\system32\drivers\TrueSight.sys
2017-02-13 08:28:30 . 2017-02-15 17:38:45 -------- d-----w- C:\ProgramData\RogueKiller
2017-02-11 10:43:08 . 2017-02-15 15:00:03 176584 ----a-w- C:\Windows\system32\drivers\MBAMChameleon.sys
2017-02-11 10:42:58 . 2017-02-15 18:26:33 110536 ----a-w- C:\Windows\system32\drivers\farflt.sys
2017-02-11 10:42:57 . 2017-02-15 18:26:32 81696 ----a-w- C:\Windows\system32\drivers\mwac.sys
2017-02-11 10:42:53 . 2017-02-15 18:26:32 43968 ----a-w- C:\Windows\system32\drivers\mbam.sys
2017-02-11 10:42:49 . 2017-02-15 18:26:31 251848 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2017-02-11 10:42:36 . 2017-01-20 06:47:44 77416 ----a-w- C:\Windows\system32\drivers\mbae64.sys
2017-02-11 10:42:25 . 2017-02-11 10:42:25 -------- d-----w- C:\Program Files\Malwarebytes
2017-02-11 10:23:20 . 2017-02-11 10:23:20 -------- d-----w- C:\Users\Miro\AppData\Local\Adobe
2017-02-10 17:40:01 . 2017-02-10 17:40:01 -------- d-----w- C:\ProgramData\Sophos
2017-02-10 17:36:26 . 2017-02-10 17:36:26 -------- d-----w- C:\Program Files (x86)\Sophos
2017-02-10 17:05:55 . 2017-02-10 17:05:55 -------- d-----w- C:\Program Files (x86)\Common Files\IObit
2017-02-10 17:04:47 . 2017-02-10 17:04:47 -------- d-----w- C:\Program Files (x86)\IObit
2017-02-10 17:04:36 . 2017-02-10 17:36:13 -------- d-----w- C:\Users\Miro\AppData\Roaming\IObit
2017-02-10 17:04:36 . 2017-02-10 17:05:56 -------- d-----w- C:\ProgramData\IObit
2017-02-04 14:21:44 . 2017-01-20 18:41:08 1755072 ----a-w- C:\Windows\system32\nvspbridge64.dll
2017-02-04 14:21:42 . 2017-01-20 18:41:07 1317312 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2017-02-04 14:21:42 . 2017-01-20 18:41:07 120256 ----a-w- C:\Windows\system32\NvRtmpStreamer64.dll
2017-02-04 14:21:41 . 2017-01-20 18:41:09 1872320 ----a-w- C:\Windows\system32\nvspcap64.dll
2017-02-04 14:21:41 . 2017-01-20 18:41:08 1464768 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2017-02-04 14:20:45 . 2017-01-20 14:07:48 1951 ----a-w- C:\Windows\NvContainerRecovery.bat
2017-02-04 14:20:45 . 2017-01-20 13:36:21 1951 ----a-w- C:\Windows\NvTelemetryContainerRecovery.bat
2017-02-04 14:20:01 . 2017-01-20 18:41:02 57792 ----a-w- C:\Windows\system32\drivers\nvvhci.sys
2017-01-28 16:59:32 . 2017-01-28 16:59:32 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2017-01-25 03:01:31 . 2017-02-11 03:50:30 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DCCDDE1A-FE76-45EF-98E5-60A6DA0BE532}\offreg.dll
2017-01-24 09:04:17 . 2017-01-24 09:05:30 -------- d-----w- C:\Users\Miro\AppData\Local\Viber
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2017-02-15 09:28:38 . 2015-05-08 11:19:32 119296 ----a-w- C:\Windows\SysWow64\zlib.dll
2017-02-14 15:06:19 . 2014-12-30 12:57:34 802904 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2017-02-14 15:06:19 . 2014-12-30 12:57:34 144472 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-20 18:41:02 . 2016-10-14 14:08:54 46016 ----a-w- C:\Windows\system32\drivers\nvvad64v.sys
2017-01-20 18:41:01 . 2016-10-14 14:08:53 156608 ----a-w- C:\Windows\system32\nvaudcap64v.dll
2017-01-20 18:41:01 . 2016-10-14 14:08:53 124352 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2016-12-03 00:31:22 . 2015-03-31 22:43:41 678560 ----a-w- C:\Windows\SysWow64\%InstallDir%speclean.new
2015-03-26 11:48:46 . 2015-03-26 11:48:46 2174976 ----a-w- C:\Program Files (x86)\Common Files\atimpenc.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45:16 236872 ----a-w- C:\Users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:15:20 463360 ----a-w- C:\Users\Miro\AppData\Local\MEGAsync\ShellExtX32.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:15:20 463360 ----a-w- C:\Users\Miro\AppData\Local\MEGAsync\ShellExtX32.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:15:20 463360 ----a-w- C:\Users\Miro\AppData\Local\MEGAsync\ShellExtX32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" [2012-08-17 10:44:19 3345408]
"uTorrent"="C:\Users\Miro\AppData\Roaming\uTorrent\uTorrent.exe" [2017-02-04 12:15:53 2143936]
"Akamai NetSession Interface"="C:\Users\Miro\AppData\Local\Akamai\netsession_win.exe" [2015-09-10 18:05:30 4691384]
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe" [2016-09-28 17:24:00 8944344]
"Dropbox Update"="C:\Users\Miro\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2016-11-04 22:36:15 143144]
"Viber"="C:\Users\Miro\AppData\Local\Viber\Viber.exe" [2017-01-16 16:00:48 43999824]
"f.lux"="C:\Users\Miro\AppData\Local\FluxSoftware\Flux\flux.exe" [2016-12-06 00:25:46 1024240]
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43060
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
trvale u něj vypni rez. ochranu.
Pak nový log z Combofixu , log není celý , je třeba vyčkat dlouhou dobu na vypracování logu.
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
trvale u něj vypni rez. ochranu.
Pak nový log z Combofixu , log není celý , je třeba vyčkat dlouhou dobu na vypracování logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
ComboFix 17-01-29.01 - Miro . 02. 2017 3:00.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.8190.6170 [GMT 1:00]
Running from: c:\users\Miro\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\ntuser.pol
c:\users\Miro\AppData\Localtransition_5485ed04d401a80230d1577f054c3c18.ini
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2017-01-16 to 2017-02-16 )))))))))))))))))))))))))))))))
.
.
2017-02-16 02:17 . 2017-02-16 02:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-02-15 18:31 . 2017-02-15 18:31 203680 ----a-w- c:\windows\system32\drivers\zam64.sys
2017-02-15 18:31 . 2017-02-15 18:31 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2017-02-15 18:30 . 2017-02-15 18:31 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2017-02-15 18:30 . 2017-02-15 18:30 -------- d-----w- c:\users\Miro\AppData\Local\Zemana
2017-02-15 18:28 . 2017-02-15 18:28 -------- d-----w- c:\programdata\ProductData
2017-02-15 18:24 . 2017-02-15 17:40 24064 ----a-w- c:\windows\zoek-delete.exe
2017-02-15 18:24 . 2017-02-16 02:17 -------- d-----w- c:\users\Miro\AppData\Local\Temp
2017-02-15 17:40 . 2017-02-15 18:19 -------- d-----w- C:\zoek_backup
2017-02-13 08:28 . 2017-02-15 15:01 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-02-13 08:28 . 2017-02-15 17:38 -------- d-----w- c:\programdata\RogueKiller
2017-02-11 10:43 . 2017-02-15 19:58 176584 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-02-11 10:42 . 2017-02-16 00:28 110536 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-02-11 10:42 . 2017-02-16 01:35 81696 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-02-11 10:42 . 2017-02-16 00:28 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-02-11 10:42 . 2017-02-16 00:28 251848 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-02-11 10:42 . 2017-01-20 06:47 77416 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-02-11 10:42 . 2017-02-11 10:42 -------- d-----w- c:\program files\Malwarebytes
2017-02-11 10:23 . 2017-02-11 10:23 -------- d-----w- c:\users\Miro\AppData\Local\Adobe
2017-02-10 17:40 . 2017-02-10 17:40 -------- d-----w- c:\programdata\Sophos
2017-02-10 17:36 . 2017-02-10 17:36 -------- d-----w- c:\program files (x86)\Sophos
2017-02-10 17:05 . 2017-02-10 17:05 -------- d-----w- c:\program files (x86)\Common Files\IObit
2017-02-10 17:04 . 2017-02-10 17:04 -------- d-----w- c:\program files (x86)\IObit
2017-02-10 17:04 . 2017-02-10 17:36 -------- d-----w- c:\users\Miro\AppData\Roaming\IObit
2017-02-10 17:04 . 2017-02-10 17:05 -------- d-----w- c:\programdata\IObit
2017-02-04 14:21 . 2017-01-20 18:41 1755072 ----a-w- c:\windows\system32\nvspbridge64.dll
2017-02-04 14:21 . 2017-01-20 18:41 1317312 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2017-02-04 14:21 . 2017-01-20 18:41 120256 ----a-w- c:\windows\system32\NvRtmpStreamer64.dll
2017-02-04 14:21 . 2017-01-20 18:41 1872320 ----a-w- c:\windows\system32\nvspcap64.dll
2017-02-04 14:21 . 2017-01-20 18:41 1464768 ----a-w- c:\windows\SysWow64\nvspcap.dll
2017-02-04 14:20 . 2017-01-20 14:07 1951 ----a-w- c:\windows\NvContainerRecovery.bat
2017-02-04 14:20 . 2017-01-20 13:36 1951 ----a-w- c:\windows\NvTelemetryContainerRecovery.bat
2017-02-04 14:20 . 2017-01-20 18:41 57792 ----a-w- c:\windows\system32\drivers\nvvhci.sys
2017-01-28 16:59 . 2017-01-28 16:59 -------- d-----w- c:\programdata\Blizzard Entertainment
2017-01-25 03:01 . 2017-02-11 03:50 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCCDDE1A-FE76-45EF-98E5-60A6DA0BE532}\offreg.dll
2017-01-24 09:04 . 2017-01-24 09:05 -------- d-----w- c:\users\Miro\AppData\Local\Viber
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-02-16 00:27 . 2015-05-08 11:19 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2017-02-14 15:06 . 2014-12-30 12:57 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-02-14 15:06 . 2014-12-30 12:57 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-20 18:41 . 2016-10-14 14:08 46016 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2017-01-20 18:41 . 2016-10-14 14:08 156608 ----a-w- c:\windows\system32\nvaudcap64v.dll
2017-01-20 18:41 . 2016-10-14 14:08 124352 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2016-12-03 00:31 . 2015-03-31 22:43 678560 ----a-w- c:\windows\SysWow64\%InstallDir%speclean.new
2015-03-26 11:48 . 2015-03-26 11:48 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:15 463360 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:15 463360 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:15 463360 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" [2012-08-17 3345408]
"uTorrent"="c:\users\Miro\AppData\Roaming\uTorrent\uTorrent.exe" [2017-02-04 2143936]
"Akamai NetSession Interface"="c:\users\Miro\AppData\Local\Akamai\netsession_win.exe" [2015-09-10 4691384]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-09-28 8944344]
"Dropbox Update"="c:\users\Miro\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2016-11-04 143144]
"Viber"="c:\users\Miro\AppData\Local\Viber\Viber.exe" [2017-01-16 43999824]
"f.lux"="c:\users\Miro\AppData\Local\FluxSoftware\Flux\flux.exe" [2016-12-06 1024240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PC Auto Shutdown"="c:\program files (x86)\PC Auto Shutdown\AutoShutdown.exe" [2014-10-22 1442472]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"VICTORY Gaming Keyboard"="c:\program files (x86)\Gaming Keyboard\Monitor.exe" [2013-04-09 270336]
.
c:\users\Miro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Miro\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2017-2-8 26220296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"KiesTrayAgent"=c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IObitUnSvr;IObit Uninstaller Service;c:\program files (x86)\IObit\IObit Uninstaller\IUService.exe;c:\program files (x86)\IObit\IObit Uninstaller\IUService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WsAppService;Wondershare Application Framework Service;c:\program files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe;c:\program files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 ESRV_SVC_WILLAMETTE;Energy Server Service WILLAMETTE;c:\program files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
R3 JabraDFU;Jabra Bluecore DFU driver;c:\windows\system32\Drivers\JabraBcDfuX64.sys;c:\windows\SYSNATIVE\Drivers\JabraBcDfuX64.sys [x]
R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 semav6msr64;semav6msr64;c:\windows\system32\drivers\semav6msr64.sys;c:\windows\SYSNATIVE\drivers\semav6msr64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USER_ESRV_SVC_WILLAMETTE;User Energy Server Service WILLAMETTE;c:\program files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe;c:\program files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R3 X6va029;X6va029;c:\windows\SysWOW64\Drivers\X6va029;c:\windows\SysWOW64\Drivers\X6va029 [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 SamsungMonitorFirmware;SamsungMonitorFirmware;c:\windows\system32\drivers\MFWCtwl.sys;c:\windows\SYSNATIVE\drivers\MFWCtwl.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S1 XQHDrv;BigNox Service;c:\windows\system32\DRIVERS\XQHDrv.sys;c:\windows\SYSNATIVE\DRIVERS\XQHDrv.sys [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
S2 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x]
S2 PCAutoShutdown_Service;PCAutoShutdown_Service;c:\program files (x86)\PC Auto Shutdown\ShutdownService.exe;c:\program files (x86)\PC Auto Shutdown\ShutdownService.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [x]
S2 SystemUsageReportSvc_WILLAMETTE;Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE;c:\program files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe;c:\program files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 nvvhci;NVVHCI Enumerator Service;c:\windows\system32\DRIVERS\nvvhci.sys;c:\windows\SYSNATIVE\DRIVERS\nvvhci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ESProtectionDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-02-06 23:01 1368920 ----a-w- c:\program files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-12-23 18:10 323152 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2017-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-30 15:06]
.
2017-02-15 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1224381604-4208406337-2997017474-1001Core1d23af3a9a59993.job
- c:\users\Miro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 22:36]
.
2017-02-16 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1224381604-4208406337-2997017474-1001UA.job
- c:\users\Miro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 22:36]
.
2017-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-11 19:36]
.
2017-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d15d3a1f1fb817.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-11 19:36]
.
2017-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-11 19:36]
.
2017-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d15d3a1fb25d4d.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-11 19:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2016-05-23 20:49 2478880 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:13 470016 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:13 470016 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:13 470016 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-10-01 5595336]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2017-01-20 1872320]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2017-02-02 14416624]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Miro\AppData\Roaming\Mozilla\Firefox\Profiles\eprl3kmx.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-PAexec
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{2e085fd2-a3e4-4b39-8e10-6b8d35f55244} - c:\programdata\Package Cache\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}\VC_redist.x86.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.50 - c:\program files (x86)\Mio\MioMore Desktop 7.50\Uninstall.exe
AddRemove-{aa1dec3b-dc4b-4db0-8c18-9157457eff1f} - c:\programdata\Package Cache\{aa1dec3b-dc4b-4db0-8c18-9157457eff1f}\Intel Driver Update Utility Installer.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{d9e103e6-c2af-47a7-92d6-3287b0f68a88} - c:\programdata\Package Cache\{d9e103e6-c2af-47a7-92d6-3287b0f68a88}\JabraDirect3.1Setup.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
AddRemove-DG0-Planetside 2 Live Test - d:\hry\Planetside 2 TEST\Uninstaller.exe
AddRemove-SOE-PlanetSide 2 Test - d:\hry\Planetside 2 TEST\Uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va029]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va029"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-02-16 03:51:36
ComboFix-quarantined-files.txt 2017-02-16 02:51
.
Pre-Run: 23 924 473 856 bytes free
Post-Run: 23 852 232 704 bytes free
.
- - End Of File - - FEBAF9365B5E8D01B0B891AD16EA95A4
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.8190.6170 [GMT 1:00]
Running from: c:\users\Miro\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\ntuser.pol
c:\users\Miro\AppData\Localtransition_5485ed04d401a80230d1577f054c3c18.ini
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2017-01-16 to 2017-02-16 )))))))))))))))))))))))))))))))
.
.
2017-02-16 02:17 . 2017-02-16 02:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-02-15 18:31 . 2017-02-15 18:31 203680 ----a-w- c:\windows\system32\drivers\zam64.sys
2017-02-15 18:31 . 2017-02-15 18:31 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2017-02-15 18:30 . 2017-02-15 18:31 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2017-02-15 18:30 . 2017-02-15 18:30 -------- d-----w- c:\users\Miro\AppData\Local\Zemana
2017-02-15 18:28 . 2017-02-15 18:28 -------- d-----w- c:\programdata\ProductData
2017-02-15 18:24 . 2017-02-15 17:40 24064 ----a-w- c:\windows\zoek-delete.exe
2017-02-15 18:24 . 2017-02-16 02:17 -------- d-----w- c:\users\Miro\AppData\Local\Temp
2017-02-15 17:40 . 2017-02-15 18:19 -------- d-----w- C:\zoek_backup
2017-02-13 08:28 . 2017-02-15 15:01 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-02-13 08:28 . 2017-02-15 17:38 -------- d-----w- c:\programdata\RogueKiller
2017-02-11 10:43 . 2017-02-15 19:58 176584 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-02-11 10:42 . 2017-02-16 00:28 110536 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-02-11 10:42 . 2017-02-16 01:35 81696 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-02-11 10:42 . 2017-02-16 00:28 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-02-11 10:42 . 2017-02-16 00:28 251848 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-02-11 10:42 . 2017-01-20 06:47 77416 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-02-11 10:42 . 2017-02-11 10:42 -------- d-----w- c:\program files\Malwarebytes
2017-02-11 10:23 . 2017-02-11 10:23 -------- d-----w- c:\users\Miro\AppData\Local\Adobe
2017-02-10 17:40 . 2017-02-10 17:40 -------- d-----w- c:\programdata\Sophos
2017-02-10 17:36 . 2017-02-10 17:36 -------- d-----w- c:\program files (x86)\Sophos
2017-02-10 17:05 . 2017-02-10 17:05 -------- d-----w- c:\program files (x86)\Common Files\IObit
2017-02-10 17:04 . 2017-02-10 17:04 -------- d-----w- c:\program files (x86)\IObit
2017-02-10 17:04 . 2017-02-10 17:36 -------- d-----w- c:\users\Miro\AppData\Roaming\IObit
2017-02-10 17:04 . 2017-02-10 17:05 -------- d-----w- c:\programdata\IObit
2017-02-04 14:21 . 2017-01-20 18:41 1755072 ----a-w- c:\windows\system32\nvspbridge64.dll
2017-02-04 14:21 . 2017-01-20 18:41 1317312 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2017-02-04 14:21 . 2017-01-20 18:41 120256 ----a-w- c:\windows\system32\NvRtmpStreamer64.dll
2017-02-04 14:21 . 2017-01-20 18:41 1872320 ----a-w- c:\windows\system32\nvspcap64.dll
2017-02-04 14:21 . 2017-01-20 18:41 1464768 ----a-w- c:\windows\SysWow64\nvspcap.dll
2017-02-04 14:20 . 2017-01-20 14:07 1951 ----a-w- c:\windows\NvContainerRecovery.bat
2017-02-04 14:20 . 2017-01-20 13:36 1951 ----a-w- c:\windows\NvTelemetryContainerRecovery.bat
2017-02-04 14:20 . 2017-01-20 18:41 57792 ----a-w- c:\windows\system32\drivers\nvvhci.sys
2017-01-28 16:59 . 2017-01-28 16:59 -------- d-----w- c:\programdata\Blizzard Entertainment
2017-01-25 03:01 . 2017-02-11 03:50 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCCDDE1A-FE76-45EF-98E5-60A6DA0BE532}\offreg.dll
2017-01-24 09:04 . 2017-01-24 09:05 -------- d-----w- c:\users\Miro\AppData\Local\Viber
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-02-16 00:27 . 2015-05-08 11:19 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2017-02-14 15:06 . 2014-12-30 12:57 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-02-14 15:06 . 2014-12-30 12:57 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-20 18:41 . 2016-10-14 14:08 46016 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2017-01-20 18:41 . 2016-10-14 14:08 156608 ----a-w- c:\windows\system32\nvaudcap64v.dll
2017-01-20 18:41 . 2016-10-14 14:08 124352 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2016-12-03 00:31 . 2015-03-31 22:43 678560 ----a-w- c:\windows\SysWow64\%InstallDir%speclean.new
2015-03-26 11:48 . 2015-03-26 11:48 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:15 463360 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:15 463360 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:15 463360 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" [2012-08-17 3345408]
"uTorrent"="c:\users\Miro\AppData\Roaming\uTorrent\uTorrent.exe" [2017-02-04 2143936]
"Akamai NetSession Interface"="c:\users\Miro\AppData\Local\Akamai\netsession_win.exe" [2015-09-10 4691384]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-09-28 8944344]
"Dropbox Update"="c:\users\Miro\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2016-11-04 143144]
"Viber"="c:\users\Miro\AppData\Local\Viber\Viber.exe" [2017-01-16 43999824]
"f.lux"="c:\users\Miro\AppData\Local\FluxSoftware\Flux\flux.exe" [2016-12-06 1024240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PC Auto Shutdown"="c:\program files (x86)\PC Auto Shutdown\AutoShutdown.exe" [2014-10-22 1442472]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"VICTORY Gaming Keyboard"="c:\program files (x86)\Gaming Keyboard\Monitor.exe" [2013-04-09 270336]
.
c:\users\Miro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Miro\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2017-2-8 26220296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"KiesTrayAgent"=c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IObitUnSvr;IObit Uninstaller Service;c:\program files (x86)\IObit\IObit Uninstaller\IUService.exe;c:\program files (x86)\IObit\IObit Uninstaller\IUService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WsAppService;Wondershare Application Framework Service;c:\program files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe;c:\program files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 ESRV_SVC_WILLAMETTE;Energy Server Service WILLAMETTE;c:\program files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
R3 JabraDFU;Jabra Bluecore DFU driver;c:\windows\system32\Drivers\JabraBcDfuX64.sys;c:\windows\SYSNATIVE\Drivers\JabraBcDfuX64.sys [x]
R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 semav6msr64;semav6msr64;c:\windows\system32\drivers\semav6msr64.sys;c:\windows\SYSNATIVE\drivers\semav6msr64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USER_ESRV_SVC_WILLAMETTE;User Energy Server Service WILLAMETTE;c:\program files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe;c:\program files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R3 X6va029;X6va029;c:\windows\SysWOW64\Drivers\X6va029;c:\windows\SysWOW64\Drivers\X6va029 [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 SamsungMonitorFirmware;SamsungMonitorFirmware;c:\windows\system32\drivers\MFWCtwl.sys;c:\windows\SYSNATIVE\drivers\MFWCtwl.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S1 XQHDrv;BigNox Service;c:\windows\system32\DRIVERS\XQHDrv.sys;c:\windows\SYSNATIVE\DRIVERS\XQHDrv.sys [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
S2 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x]
S2 PCAutoShutdown_Service;PCAutoShutdown_Service;c:\program files (x86)\PC Auto Shutdown\ShutdownService.exe;c:\program files (x86)\PC Auto Shutdown\ShutdownService.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [x]
S2 SystemUsageReportSvc_WILLAMETTE;Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE;c:\program files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe;c:\program files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 nvvhci;NVVHCI Enumerator Service;c:\windows\system32\DRIVERS\nvvhci.sys;c:\windows\SYSNATIVE\DRIVERS\nvvhci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ESProtectionDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-02-06 23:01 1368920 ----a-w- c:\program files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-12-23 18:10 323152 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2017-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-30 15:06]
.
2017-02-15 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1224381604-4208406337-2997017474-1001Core1d23af3a9a59993.job
- c:\users\Miro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 22:36]
.
2017-02-16 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1224381604-4208406337-2997017474-1001UA.job
- c:\users\Miro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 22:36]
.
2017-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-11 19:36]
.
2017-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d15d3a1f1fb817.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-11 19:36]
.
2017-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-11 19:36]
.
2017-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d15d3a1fb25d4d.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-11 19:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2016-05-23 20:49 2478880 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:13 470016 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:13 470016 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:13 470016 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-10-01 5595336]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2017-01-20 1872320]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2017-02-02 14416624]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Miro\AppData\Roaming\Mozilla\Firefox\Profiles\eprl3kmx.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-PAexec
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{2e085fd2-a3e4-4b39-8e10-6b8d35f55244} - c:\programdata\Package Cache\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}\VC_redist.x86.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.50 - c:\program files (x86)\Mio\MioMore Desktop 7.50\Uninstall.exe
AddRemove-{aa1dec3b-dc4b-4db0-8c18-9157457eff1f} - c:\programdata\Package Cache\{aa1dec3b-dc4b-4db0-8c18-9157457eff1f}\Intel Driver Update Utility Installer.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{d9e103e6-c2af-47a7-92d6-3287b0f68a88} - c:\programdata\Package Cache\{d9e103e6-c2af-47a7-92d6-3287b0f68a88}\JabraDirect3.1Setup.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
AddRemove-DG0-Planetside 2 Live Test - d:\hry\Planetside 2 TEST\Uninstaller.exe
AddRemove-SOE-PlanetSide 2 Test - d:\hry\Planetside 2 TEST\Uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va029]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va029"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-02-16 03:51:36
ComboFix-quarantined-files.txt 2017-02-16 02:51
.
Pre-Run: 23 924 473 856 bytes free
Post-Run: 23 852 232 704 bytes free
.
- - End Of File - - FEBAF9365B5E8D01B0B891AD16EA95A4
A36C5E4F47E84449FF07ED3517B43A31
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43060
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
ClearJavaCache::
KillAll::
File::
c:\windows\SysWOW64\Drivers\X6va029
c:\windows\xhunter1.sys
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1d15d3a1f1fb817.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA1d15d3a1fb25d4d.job
Folder::
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Google\Update
Driver::
SkypeUpdate
X6va029
xhunter1
DDS::
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va029]
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
ComboFix 17-01-29.01 - Miro . 02. 2017 12:49:59.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.8190.6167 [GMT 1:00]
Running from: c:\users\Miro\Desktop\ComboFix.exe
Command switches used :: c:\users\Miro\Desktop\CFScript.txt
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWOW64\Drivers\X6va029"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1d15d3a1f1fb817.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA1d15d3a1fb25d4d.job"
"c:\windows\xhunter1.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.32.7\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.32.7\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.32.7\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.32.7\GoogleUpdateCore.exe
c:\program files (x86)\Google\Update\1.3.32.7\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.32.7\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.32.7\GoogleUpdateWebPlugin.exe
c:\program files (x86)\Google\Update\1.3.32.7\goopdate.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.32.7\psmachine.dll
c:\program files (x86)\Google\Update\1.3.32.7\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.32.7\psuser.dll
c:\program files (x86)\Google\Update\1.3.32.7\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.32.7\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\55.0.2883.87\55.0.2883.87_55.0.2883.75_chrome_updater.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\56.0.2924.87\56.0.2924.87_55.0.2883.87_chrome_updater.exe
c:\program files (x86)\Google\Update\Download\{B210701E-FFC4-49E3-932B-370728C72662}\0.0.0.0\chromeremotedesktophost-55.0.2883.17.msi
c:\program files (x86)\Google\Update\Download\{B210701E-FFC4-49E3-932B-370728C72662}\0.0.0.0\chromeremotedesktophost-56.0.2924.51.msi
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1d15d3a1f1fb817.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA1d15d3a1fb25d4d.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA029
-------\Legacy_XHUNTER1
-------\Service_SkypeUpdate
-------\Service_X6va029
-------\Service_xhunter1
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2017-01-17 to 2017-02-17 )))))))))))))))))))))))))))))))
.
.
2017-02-17 12:22 . 2017-02-17 12:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-02-15 18:31 . 2017-02-15 18:31 203680 ----a-w- c:\windows\system32\drivers\zam64.sys
2017-02-15 18:31 . 2017-02-15 18:31 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2017-02-15 18:30 . 2017-02-15 18:31 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2017-02-15 18:30 . 2017-02-15 18:30 -------- d-----w- c:\users\Miro\AppData\Local\Zemana
2017-02-15 18:28 . 2017-02-16 02:53 -------- d-----w- c:\programdata\ProductData
2017-02-15 18:24 . 2017-02-15 17:40 24064 ----a-w- c:\windows\zoek-delete.exe
2017-02-15 18:24 . 2017-02-17 12:30 -------- d-----w- c:\users\Miro\AppData\Local\Temp
2017-02-15 17:40 . 2017-02-15 18:19 -------- d-----w- C:\zoek_backup
2017-02-13 08:28 . 2017-02-15 15:01 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-02-13 08:28 . 2017-02-15 17:38 -------- d-----w- c:\programdata\RogueKiller
2017-02-11 10:43 . 2017-02-15 19:58 176584 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-02-11 10:42 . 2017-02-16 00:28 110536 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-02-11 10:42 . 2017-02-16 01:35 81696 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-02-11 10:42 . 2017-02-16 00:28 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-02-11 10:42 . 2017-02-16 00:28 251848 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-02-11 10:42 . 2017-01-20 06:47 77416 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-02-11 10:42 . 2017-02-11 10:42 -------- d-----w- c:\program files\Malwarebytes
2017-02-11 10:23 . 2017-02-11 10:23 -------- d-----w- c:\users\Miro\AppData\Local\Adobe
2017-02-10 17:40 . 2017-02-10 17:40 -------- d-----w- c:\programdata\Sophos
2017-02-10 17:36 . 2017-02-10 17:36 -------- d-----w- c:\program files (x86)\Sophos
2017-02-10 17:05 . 2017-02-10 17:05 -------- d-----w- c:\program files (x86)\Common Files\IObit
2017-02-10 17:04 . 2017-02-10 17:04 -------- d-----w- c:\program files (x86)\IObit
2017-02-10 17:04 . 2017-02-10 17:36 -------- d-----w- c:\users\Miro\AppData\Roaming\IObit
2017-02-10 17:04 . 2017-02-10 17:05 -------- d-----w- c:\programdata\IObit
2017-02-04 14:21 . 2017-01-20 18:41 1755072 ----a-w- c:\windows\system32\nvspbridge64.dll
2017-02-04 14:21 . 2017-01-20 18:41 1317312 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2017-02-04 14:21 . 2017-01-20 18:41 120256 ----a-w- c:\windows\system32\NvRtmpStreamer64.dll
2017-02-04 14:21 . 2017-01-20 18:41 1872320 ----a-w- c:\windows\system32\nvspcap64.dll
2017-02-04 14:21 . 2017-01-20 18:41 1464768 ----a-w- c:\windows\SysWow64\nvspcap.dll
2017-02-04 14:20 . 2017-01-20 14:07 1951 ----a-w- c:\windows\NvContainerRecovery.bat
2017-02-04 14:20 . 2017-01-20 13:36 1951 ----a-w- c:\windows\NvTelemetryContainerRecovery.bat
2017-02-04 14:20 . 2017-01-20 18:41 57792 ----a-w- c:\windows\system32\drivers\nvvhci.sys
2017-01-28 16:59 . 2017-01-28 16:59 -------- d-----w- c:\programdata\Blizzard Entertainment
2017-01-24 09:04 . 2017-01-24 09:05 -------- d-----w- c:\users\Miro\AppData\Local\Viber
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-02-17 12:28 . 2015-05-08 11:19 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2017-02-14 15:06 . 2014-12-30 12:57 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-02-14 15:06 . 2014-12-30 12:57 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-20 18:41 . 2016-10-14 14:08 46016 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2017-01-20 18:41 . 2016-10-14 14:08 156608 ----a-w- c:\windows\system32\nvaudcap64v.dll
2017-01-20 18:41 . 2016-10-14 14:08 124352 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2016-12-03 00:31 . 2015-03-31 22:43 678560 ----a-w- c:\windows\SysWow64\%InstallDir%speclean.new
2015-03-26 11:48 . 2015-03-26 11:48 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:15 463360 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:15 463360 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:15 463360 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" [2012-08-17 3345408]
"uTorrent"="c:\users\Miro\AppData\Roaming\uTorrent\uTorrent.exe" [2017-02-04 2143936]
"Akamai NetSession Interface"="c:\users\Miro\AppData\Local\Akamai\netsession_win.exe" [2015-09-10 4691384]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-09-28 8944344]
"Dropbox Update"="c:\users\Miro\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2016-11-04 143144]
"Viber"="c:\users\Miro\AppData\Local\Viber\Viber.exe" [2017-01-16 43999824]
"f.lux"="c:\users\Miro\AppData\Local\FluxSoftware\Flux\flux.exe" [2016-12-06 1024240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PC Auto Shutdown"="c:\program files (x86)\PC Auto Shutdown\AutoShutdown.exe" [2014-10-22 1442472]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"VICTORY Gaming Keyboard"="c:\program files (x86)\Gaming Keyboard\Monitor.exe" [2013-04-09 270336]
.
c:\users\Miro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Miro\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2017-2-8 26220296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"KiesTrayAgent"=c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IObitUnSvr;IObit Uninstaller Service;c:\program files (x86)\IObit\IObit Uninstaller\IUService.exe;c:\program files (x86)\IObit\IObit Uninstaller\IUService.exe [x]
R2 WsAppService;Wondershare Application Framework Service;c:\program files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe;c:\program files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 ESRV_SVC_WILLAMETTE;Energy Server Service WILLAMETTE;c:\program files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
R3 JabraDFU;Jabra Bluecore DFU driver;c:\windows\system32\Drivers\JabraBcDfuX64.sys;c:\windows\SYSNATIVE\Drivers\JabraBcDfuX64.sys [x]
R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 semav6msr64;semav6msr64;c:\windows\system32\drivers\semav6msr64.sys;c:\windows\SYSNATIVE\drivers\semav6msr64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USER_ESRV_SVC_WILLAMETTE;User Energy Server Service WILLAMETTE;c:\program files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe;c:\program files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 SamsungMonitorFirmware;SamsungMonitorFirmware;c:\windows\system32\drivers\MFWCtwl.sys;c:\windows\SYSNATIVE\drivers\MFWCtwl.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S1 XQHDrv;BigNox Service;c:\windows\system32\DRIVERS\XQHDrv.sys;c:\windows\SYSNATIVE\DRIVERS\XQHDrv.sys [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
S2 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x]
S2 PCAutoShutdown_Service;PCAutoShutdown_Service;c:\program files (x86)\PC Auto Shutdown\ShutdownService.exe;c:\program files (x86)\PC Auto Shutdown\ShutdownService.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [x]
S2 SystemUsageReportSvc_WILLAMETTE;Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE;c:\program files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe;c:\program files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 nvvhci;NVVHCI Enumerator Service;c:\windows\system32\DRIVERS\nvvhci.sys;c:\windows\SYSNATIVE\DRIVERS\nvvhci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-02-06 23:01 1368920 ----a-w- c:\program files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-12-23 18:10 323152 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2017-02-16 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1224381604-4208406337-2997017474-1001Core1d23af3a9a59993.job
- c:\users\Miro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 22:36]
.
2017-02-17 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1224381604-4208406337-2997017474-1001UA.job
- c:\users\Miro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 22:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2016-05-23 20:49 2478880 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:13 470016 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:13 470016 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:13 470016 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-10-01 5595336]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2017-01-20 1872320]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2017-02-02 14416624]
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Miro\AppData\Roaming\Mozilla\Firefox\Profiles\eprl3kmx.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{2e085fd2-a3e4-4b39-8e10-6b8d35f55244} - c:\programdata\Package Cache\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}\VC_redist.x86.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.50 - c:\program files (x86)\Mio\MioMore Desktop 7.50\Uninstall.exe
AddRemove-{aa1dec3b-dc4b-4db0-8c18-9157457eff1f} - c:\programdata\Package Cache\{aa1dec3b-dc4b-4db0-8c18-9157457eff1f}\Intel Driver Update Utility Installer.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{d9e103e6-c2af-47a7-92d6-3287b0f68a88} - c:\programdata\Package Cache\{d9e103e6-c2af-47a7-92d6-3287b0f68a88}\JabraDirect3.1Setup.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
c:\program files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
c:\windows\system32\PnkBstrA.exe
c:\program files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\users\Miro\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\users\Miro\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
c:\users\Miro\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
c:\users\Miro\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
c:\program files (x86)\Gaming Keyboard\OSD.exe
c:\program files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
c:\program files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
.
**************************************************************************
.
Completion time: 2017-02-17 14:20:49 - machine was rebooted
ComboFix-quarantined-files.txt 2017-02-17 13:20
ComboFix2.txt 2017-02-16 02:52
.
Pre-Run: 25 069 744 128 bytes free
Post-Run: 24 329 572 352 bytes free
.
- - End Of File - - F5079C6D01BFDC7D0A03D74D92608187
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.8190.6167 [GMT 1:00]
Running from: c:\users\Miro\Desktop\ComboFix.exe
Command switches used :: c:\users\Miro\Desktop\CFScript.txt
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personální firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWOW64\Drivers\X6va029"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1d15d3a1f1fb817.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA1d15d3a1fb25d4d.job"
"c:\windows\xhunter1.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.32.7\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.32.7\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.32.7\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.32.7\GoogleUpdateCore.exe
c:\program files (x86)\Google\Update\1.3.32.7\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.32.7\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.32.7\GoogleUpdateWebPlugin.exe
c:\program files (x86)\Google\Update\1.3.32.7\goopdate.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.32.7\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.32.7\psmachine.dll
c:\program files (x86)\Google\Update\1.3.32.7\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.32.7\psuser.dll
c:\program files (x86)\Google\Update\1.3.32.7\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.32.7\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\55.0.2883.87\55.0.2883.87_55.0.2883.75_chrome_updater.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\56.0.2924.87\56.0.2924.87_55.0.2883.87_chrome_updater.exe
c:\program files (x86)\Google\Update\Download\{B210701E-FFC4-49E3-932B-370728C72662}\0.0.0.0\chromeremotedesktophost-55.0.2883.17.msi
c:\program files (x86)\Google\Update\Download\{B210701E-FFC4-49E3-932B-370728C72662}\0.0.0.0\chromeremotedesktophost-56.0.2924.51.msi
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1d15d3a1f1fb817.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA1d15d3a1fb25d4d.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA029
-------\Legacy_XHUNTER1
-------\Service_SkypeUpdate
-------\Service_X6va029
-------\Service_xhunter1
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2017-01-17 to 2017-02-17 )))))))))))))))))))))))))))))))
.
.
2017-02-17 12:22 . 2017-02-17 12:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-02-15 18:31 . 2017-02-15 18:31 203680 ----a-w- c:\windows\system32\drivers\zam64.sys
2017-02-15 18:31 . 2017-02-15 18:31 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2017-02-15 18:30 . 2017-02-15 18:31 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2017-02-15 18:30 . 2017-02-15 18:30 -------- d-----w- c:\users\Miro\AppData\Local\Zemana
2017-02-15 18:28 . 2017-02-16 02:53 -------- d-----w- c:\programdata\ProductData
2017-02-15 18:24 . 2017-02-15 17:40 24064 ----a-w- c:\windows\zoek-delete.exe
2017-02-15 18:24 . 2017-02-17 12:30 -------- d-----w- c:\users\Miro\AppData\Local\Temp
2017-02-15 17:40 . 2017-02-15 18:19 -------- d-----w- C:\zoek_backup
2017-02-13 08:28 . 2017-02-15 15:01 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-02-13 08:28 . 2017-02-15 17:38 -------- d-----w- c:\programdata\RogueKiller
2017-02-11 10:43 . 2017-02-15 19:58 176584 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-02-11 10:42 . 2017-02-16 00:28 110536 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-02-11 10:42 . 2017-02-16 01:35 81696 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-02-11 10:42 . 2017-02-16 00:28 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-02-11 10:42 . 2017-02-16 00:28 251848 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-02-11 10:42 . 2017-01-20 06:47 77416 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-02-11 10:42 . 2017-02-11 10:42 -------- d-----w- c:\program files\Malwarebytes
2017-02-11 10:23 . 2017-02-11 10:23 -------- d-----w- c:\users\Miro\AppData\Local\Adobe
2017-02-10 17:40 . 2017-02-10 17:40 -------- d-----w- c:\programdata\Sophos
2017-02-10 17:36 . 2017-02-10 17:36 -------- d-----w- c:\program files (x86)\Sophos
2017-02-10 17:05 . 2017-02-10 17:05 -------- d-----w- c:\program files (x86)\Common Files\IObit
2017-02-10 17:04 . 2017-02-10 17:04 -------- d-----w- c:\program files (x86)\IObit
2017-02-10 17:04 . 2017-02-10 17:36 -------- d-----w- c:\users\Miro\AppData\Roaming\IObit
2017-02-10 17:04 . 2017-02-10 17:05 -------- d-----w- c:\programdata\IObit
2017-02-04 14:21 . 2017-01-20 18:41 1755072 ----a-w- c:\windows\system32\nvspbridge64.dll
2017-02-04 14:21 . 2017-01-20 18:41 1317312 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2017-02-04 14:21 . 2017-01-20 18:41 120256 ----a-w- c:\windows\system32\NvRtmpStreamer64.dll
2017-02-04 14:21 . 2017-01-20 18:41 1872320 ----a-w- c:\windows\system32\nvspcap64.dll
2017-02-04 14:21 . 2017-01-20 18:41 1464768 ----a-w- c:\windows\SysWow64\nvspcap.dll
2017-02-04 14:20 . 2017-01-20 14:07 1951 ----a-w- c:\windows\NvContainerRecovery.bat
2017-02-04 14:20 . 2017-01-20 13:36 1951 ----a-w- c:\windows\NvTelemetryContainerRecovery.bat
2017-02-04 14:20 . 2017-01-20 18:41 57792 ----a-w- c:\windows\system32\drivers\nvvhci.sys
2017-01-28 16:59 . 2017-01-28 16:59 -------- d-----w- c:\programdata\Blizzard Entertainment
2017-01-24 09:04 . 2017-01-24 09:05 -------- d-----w- c:\users\Miro\AppData\Local\Viber
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-02-17 12:28 . 2015-05-08 11:19 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2017-02-14 15:06 . 2014-12-30 12:57 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-02-14 15:06 . 2014-12-30 12:57 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-20 18:41 . 2016-10-14 14:08 46016 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2017-01-20 18:41 . 2016-10-14 14:08 156608 ----a-w- c:\windows\system32\nvaudcap64v.dll
2017-01-20 18:41 . 2016-10-14 14:08 124352 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2016-12-03 00:31 . 2015-03-31 22:43 678560 ----a-w- c:\windows\SysWow64\%InstallDir%speclean.new
2015-03-26 11:48 . 2015-03-26 11:48 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 236872 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:15 463360 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:15 463360 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:15 463360 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" [2012-08-17 3345408]
"uTorrent"="c:\users\Miro\AppData\Roaming\uTorrent\uTorrent.exe" [2017-02-04 2143936]
"Akamai NetSession Interface"="c:\users\Miro\AppData\Local\Akamai\netsession_win.exe" [2015-09-10 4691384]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-09-28 8944344]
"Dropbox Update"="c:\users\Miro\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2016-11-04 143144]
"Viber"="c:\users\Miro\AppData\Local\Viber\Viber.exe" [2017-01-16 43999824]
"f.lux"="c:\users\Miro\AppData\Local\FluxSoftware\Flux\flux.exe" [2016-12-06 1024240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PC Auto Shutdown"="c:\program files (x86)\PC Auto Shutdown\AutoShutdown.exe" [2014-10-22 1442472]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"VICTORY Gaming Keyboard"="c:\program files (x86)\Gaming Keyboard\Monitor.exe" [2013-04-09 270336]
.
c:\users\Miro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Miro\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2017-2-8 26220296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"KiesTrayAgent"=c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IObitUnSvr;IObit Uninstaller Service;c:\program files (x86)\IObit\IObit Uninstaller\IUService.exe;c:\program files (x86)\IObit\IObit Uninstaller\IUService.exe [x]
R2 WsAppService;Wondershare Application Framework Service;c:\program files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe;c:\program files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 ESRV_SVC_WILLAMETTE;Energy Server Service WILLAMETTE;c:\program files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
R3 JabraDFU;Jabra Bluecore DFU driver;c:\windows\system32\Drivers\JabraBcDfuX64.sys;c:\windows\SYSNATIVE\Drivers\JabraBcDfuX64.sys [x]
R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 semav6msr64;semav6msr64;c:\windows\system32\drivers\semav6msr64.sys;c:\windows\SYSNATIVE\drivers\semav6msr64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USER_ESRV_SVC_WILLAMETTE;User Energy Server Service WILLAMETTE;c:\program files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe;c:\program files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 SamsungMonitorFirmware;SamsungMonitorFirmware;c:\windows\system32\drivers\MFWCtwl.sys;c:\windows\SYSNATIVE\drivers\MFWCtwl.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S1 XQHDrv;BigNox Service;c:\windows\system32\DRIVERS\XQHDrv.sys;c:\windows\SYSNATIVE\DRIVERS\XQHDrv.sys [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
S2 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x]
S2 PCAutoShutdown_Service;PCAutoShutdown_Service;c:\program files (x86)\PC Auto Shutdown\ShutdownService.exe;c:\program files (x86)\PC Auto Shutdown\ShutdownService.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [x]
S2 SystemUsageReportSvc_WILLAMETTE;Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE;c:\program files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe;c:\program files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 nvvhci;NVVHCI Enumerator Service;c:\windows\system32\DRIVERS\nvvhci.sys;c:\windows\SYSNATIVE\DRIVERS\nvvhci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-02-06 23:01 1368920 ----a-w- c:\program files (x86)\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-12-23 18:10 323152 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2017-02-16 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1224381604-4208406337-2997017474-1001Core1d23af3a9a59993.job
- c:\users\Miro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 22:36]
.
2017-02-17 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1224381604-4208406337-2997017474-1001UA.job
- c:\users\Miro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 22:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2016-05-23 20:49 2478880 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-02-07 04:45 287048 ----a-w- c:\users\Miro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:13 470016 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:13 470016 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:13 470016 ----a-w- c:\users\Miro\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-10-01 5595336]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2017-01-20 1872320]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2017-02-02 14416624]
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Miro\AppData\Roaming\Mozilla\Firefox\Profiles\eprl3kmx.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{2e085fd2-a3e4-4b39-8e10-6b8d35f55244} - c:\programdata\Package Cache\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}\VC_redist.x86.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.50 - c:\program files (x86)\Mio\MioMore Desktop 7.50\Uninstall.exe
AddRemove-{aa1dec3b-dc4b-4db0-8c18-9157457eff1f} - c:\programdata\Package Cache\{aa1dec3b-dc4b-4db0-8c18-9157457eff1f}\Intel Driver Update Utility Installer.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{d9e103e6-c2af-47a7-92d6-3287b0f68a88} - c:\programdata\Package Cache\{d9e103e6-c2af-47a7-92d6-3287b0f68a88}\JabraDirect3.1Setup.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
c:\program files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
c:\windows\system32\PnkBstrA.exe
c:\program files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\users\Miro\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\users\Miro\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
c:\users\Miro\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
c:\users\Miro\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
c:\program files (x86)\Gaming Keyboard\OSD.exe
c:\program files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
c:\program files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
.
**************************************************************************
.
Completion time: 2017-02-17 14:20:49 - machine was rebooted
ComboFix-quarantined-files.txt 2017-02-17 13:20
ComboFix2.txt 2017-02-16 02:52
.
Pre-Run: 25 069 744 128 bytes free
Post-Run: 24 329 572 352 bytes free
.
- - End Of File - - F5079C6D01BFDC7D0A03D74D92608187
A36C5E4F47E84449FF07ED3517B43A31
Re: Prosím o kontrolu logu
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 18:52:35, on 17. 2. 2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
FIREFOX: 51.0.1 (x86 en-US)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe
C:\Users\Miro\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\Miro\AppData\Local\Viber\Viber.exe
C:\Users\Miro\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Users\Miro\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\PC Auto Shutdown\AutoShutdown.exe
C:\Program Files (x86)\Gaming Keyboard\Monitor.EXE
C:\Users\Miro\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
C:\Users\Miro\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
C:\Users\Miro\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
C:\Program Files (x86)\Gaming Keyboard\OSD.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Miro\AppData\Local\Akamai\netsession_win.exe
C:\Users\Miro\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Download\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O4 - HKLM\..\Run: [PC Auto Shutdown] "C:\Program Files (x86)\PC Auto Shutdown\AutoShutdown.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [VICTORY Gaming Keyboard] "C:\Program Files (x86)\Gaming Keyboard\Monitor.exe"
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" Minimum
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Miro\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Miro\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Miro\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [Viber] "C:\Users\Miro\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [f.lux] "C:\Users\Miro\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - Startup: Dropbox.lnk = Miro\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Vzdialená plocha Chrome (chromoting) - Spoločnosť Google Inc. - C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: EPSON V3 Service4(05) (EPSON_PM_RPCV4_05) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
O23 - Service: Energy Server Service WILLAMETTE (ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PCAutoShutdown_Service - GoldSolution Software, Inc. - C:\Program Files (x86)\PC Auto Shutdown\ShutdownService.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - PowerUp Software, LLC - C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE (SystemUsageReportSvc_WILLAMETTE) - Unknown owner - C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: User Energy Server Service WILLAMETTE (USER_ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Application Framework Service (WsAppService) - Unknown owner - C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
--
End of file - 12243 bytes
Scan saved at 18:52:35, on 17. 2. 2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
FIREFOX: 51.0.1 (x86 en-US)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe
C:\Users\Miro\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\Miro\AppData\Local\Viber\Viber.exe
C:\Users\Miro\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Users\Miro\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\PC Auto Shutdown\AutoShutdown.exe
C:\Program Files (x86)\Gaming Keyboard\Monitor.EXE
C:\Users\Miro\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
C:\Users\Miro\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
C:\Users\Miro\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
C:\Program Files (x86)\Gaming Keyboard\OSD.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Miro\AppData\Local\Akamai\netsession_win.exe
C:\Users\Miro\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Download\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O4 - HKLM\..\Run: [PC Auto Shutdown] "C:\Program Files (x86)\PC Auto Shutdown\AutoShutdown.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [VICTORY Gaming Keyboard] "C:\Program Files (x86)\Gaming Keyboard\Monitor.exe"
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" Minimum
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Miro\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Miro\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Miro\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [Viber] "C:\Users\Miro\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [f.lux] "C:\Users\Miro\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - Startup: Dropbox.lnk = Miro\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Vzdialená plocha Chrome (chromoting) - Spoločnosť Google Inc. - C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: EPSON V3 Service4(05) (EPSON_PM_RPCV4_05) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
O23 - Service: Energy Server Service WILLAMETTE (ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PCAutoShutdown_Service - GoldSolution Software, Inc. - C:\Program Files (x86)\PC Auto Shutdown\ShutdownService.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - PowerUp Software, LLC - C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE (SystemUsageReportSvc_WILLAMETTE) - Unknown owner - C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: User Energy Server Service WILLAMETTE (USER_ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Application Framework Service (WsAppService) - Unknown owner - C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
--
End of file - 12243 bytes
Re: Prosím o kontrolu logu
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-02-17 18:55:06
-----------------------------
18:55:06.926 OS Version: Windows x64 6.1.7601 Service Pack 1
18:55:06.926 Number of processors: 4 586 0x170A
18:55:06.926 ComputerName: MIRO-PC UserName: Miro
18:55:09.001 Initialize success
18:55:09.313 VM: initialized successfully
18:55:09.313 VM: Intel CPU supported
18:55:15.534 VM: supported disk I/O ataport.SYS
18:55:24.366 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
18:55:24.366 Disk 0 Vendor: ST31000528AS CC44 Size: 953868MB BusType: 3
18:55:24.460 Disk 0 MBR read successfully
18:55:24.460 Disk 0 MBR scan
18:55:24.460 Disk 0 Windows 7 default MBR code
18:55:24.475 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:55:24.475 Disk 0 Boot: NTFS code=2
18:55:24.491 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 249902 MB offset 206848
18:55:24.491 Disk 0 Partition - 00 0F Extended LBA 703863 MB offset 512007615
18:55:24.506 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 703863 MB offset 512007678
18:55:24.522 Disk 0 scanning C:\Windows\system32\drivers
18:55:29.311 Service scanning
18:55:31.464 Service ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys **LOCKED** 5
18:55:31.604 Service epfw C:\Windows\system32\DRIVERS\epfw.sys **LOCKED** 5
18:55:31.636 Service EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys **LOCKED** 5
18:55:31.636 Service epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys **LOCKED** 5
18:55:38.640 Modules scanning
18:55:38.640 Disk 0 trace - called modules:
18:55:38.656 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:55:38.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80079f0060]
18:55:38.671 3 CLASSPNP.SYS[fffff880019b743f] -> nt!IofCallDriver -> [0xfffffa800755d9b0]
18:55:38.671 5 ACPI.sys[fffff88000f097a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80079e9060]
18:55:38.687 Disk 0 statistics 93080/0/0 @ 11,21 MB/s
18:55:38.687 Scan finished successfully
18:57:47.668 Disk 0 MBR has been saved successfully to "C:\Users\Miro\Desktop\MBR.dat"
18:57:47.668 The log file has been saved successfully to "C:\Users\Miro\Desktop\aswMBR.txt"
Run date: 2017-02-17 18:55:06
-----------------------------
18:55:06.926 OS Version: Windows x64 6.1.7601 Service Pack 1
18:55:06.926 Number of processors: 4 586 0x170A
18:55:06.926 ComputerName: MIRO-PC UserName: Miro
18:55:09.001 Initialize success
18:55:09.313 VM: initialized successfully
18:55:09.313 VM: Intel CPU supported
18:55:15.534 VM: supported disk I/O ataport.SYS
18:55:24.366 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
18:55:24.366 Disk 0 Vendor: ST31000528AS CC44 Size: 953868MB BusType: 3
18:55:24.460 Disk 0 MBR read successfully
18:55:24.460 Disk 0 MBR scan
18:55:24.460 Disk 0 Windows 7 default MBR code
18:55:24.475 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:55:24.475 Disk 0 Boot: NTFS code=2
18:55:24.491 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 249902 MB offset 206848
18:55:24.491 Disk 0 Partition - 00 0F Extended LBA 703863 MB offset 512007615
18:55:24.506 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 703863 MB offset 512007678
18:55:24.522 Disk 0 scanning C:\Windows\system32\drivers
18:55:29.311 Service scanning
18:55:31.464 Service ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys **LOCKED** 5
18:55:31.604 Service epfw C:\Windows\system32\DRIVERS\epfw.sys **LOCKED** 5
18:55:31.636 Service EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys **LOCKED** 5
18:55:31.636 Service epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys **LOCKED** 5
18:55:38.640 Modules scanning
18:55:38.640 Disk 0 trace - called modules:
18:55:38.656 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:55:38.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80079f0060]
18:55:38.671 3 CLASSPNP.SYS[fffff880019b743f] -> nt!IofCallDriver -> [0xfffffa800755d9b0]
18:55:38.671 5 ACPI.sys[fffff88000f097a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80079e9060]
18:55:38.687 Disk 0 statistics 93080/0/0 @ 11,21 MB/s
18:55:38.687 Scan finished successfully
18:57:47.668 Disk 0 MBR has been saved successfully to "C:\Users\Miro\Desktop\MBR.dat"
18:57:47.668 The log file has been saved successfully to "C:\Users\Miro\Desktop\aswMBR.txt"
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43060
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Vlož nový log z HJT + informuj o problémech
Návod
Kód: Vybrat vše
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Miro\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Vlož nový log z HJT + informuj o problémech
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
Myslím, že už je všetko v poriadku. PC sa zdá byť o trošku rýchlejší, hlavného problému (Adbobe_Arkalis malwaru) som sa zdá sa zbavil.
Ďakujem veľmi pekne za pomoc :)
---------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:21:06, on 19. 2. 2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
FIREFOX: 51.0.1 (x86 en-US)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe
C:\Users\Miro\AppData\Local\Akamai\netsession_win.exe
C:\Users\Miro\AppData\Local\Viber\Viber.exe
C:\Users\Miro\AppData\Local\Akamai\netsession_win.exe
C:\Users\Miro\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Users\Miro\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\PC Auto Shutdown\AutoShutdown.exe
C:\Program Files (x86)\Gaming Keyboard\Monitor.EXE
C:\Program Files (x86)\Gaming Keyboard\OSD.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Users\Miro\Desktop\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O4 - HKLM\..\Run: [PC Auto Shutdown] "C:\Program Files (x86)\PC Auto Shutdown\AutoShutdown.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [VICTORY Gaming Keyboard] "C:\Program Files (x86)\Gaming Keyboard\Monitor.exe"
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" Minimum
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Miro\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Miro\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [Viber] "C:\Users\Miro\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [f.lux] "C:\Users\Miro\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - Startup: Dropbox.lnk = Miro\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Vzdialená plocha Chrome (chromoting) - Spoločnosť Google Inc. - C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: EPSON V3 Service4(05) (EPSON_PM_RPCV4_05) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
O23 - Service: Energy Server Service WILLAMETTE (ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PCAutoShutdown_Service - GoldSolution Software, Inc. - C:\Program Files (x86)\PC Auto Shutdown\ShutdownService.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - PowerUp Software, LLC - C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE (SystemUsageReportSvc_WILLAMETTE) - Unknown owner - C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: User Energy Server Service WILLAMETTE (USER_ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Application Framework Service (WsAppService) - Unknown owner - C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
--
End of file - 11447 bytes
Ďakujem veľmi pekne za pomoc :)
---------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:21:06, on 19. 2. 2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
FIREFOX: 51.0.1 (x86 en-US)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe
C:\Users\Miro\AppData\Local\Akamai\netsession_win.exe
C:\Users\Miro\AppData\Local\Viber\Viber.exe
C:\Users\Miro\AppData\Local\Akamai\netsession_win.exe
C:\Users\Miro\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Users\Miro\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\PC Auto Shutdown\AutoShutdown.exe
C:\Program Files (x86)\Gaming Keyboard\Monitor.EXE
C:\Program Files (x86)\Gaming Keyboard\OSD.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Users\Miro\Desktop\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O4 - HKLM\..\Run: [PC Auto Shutdown] "C:\Program Files (x86)\PC Auto Shutdown\AutoShutdown.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [VICTORY Gaming Keyboard] "C:\Program Files (x86)\Gaming Keyboard\Monitor.exe"
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe" Minimum
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Miro\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Miro\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [Viber] "C:\Users\Miro\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [f.lux] "C:\Users\Miro\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - Startup: Dropbox.lnk = Miro\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Vzdialená plocha Chrome (chromoting) - Spoločnosť Google Inc. - C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: EPSON V3 Service4(05) (EPSON_PM_RPCV4_05) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
O23 - Service: Energy Server Service WILLAMETTE (ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PCAutoShutdown_Service - GoldSolution Software, Inc. - C:\Program Files (x86)\PC Auto Shutdown\ShutdownService.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - PowerUp Software, LLC - C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE (SystemUsageReportSvc_WILLAMETTE) - Unknown owner - C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: User Energy Server Service WILLAMETTE (USER_ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Application Framework Service (WsAppService) - Unknown owner - C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
--
End of file - 11447 bytes
- Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
V HJT fixni:
Vyčisti systém CCleanerem
====================================================
Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde: C: \ DelFix.txt
Pokud nejsou problémy, je to vše a můžeš dát vyřešeno , zelenou fajfku.
Kód: Vybrat vše
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
Vyčisti systém CCleanerem
====================================================
Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde: C: \ DelFix.txt
Pokud nejsou problémy, je to vše a můžeš dát vyřešeno , zelenou fajfku.
Láska hřeje, ale uhlí je uhlí.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: Prosím o kontrolu logu Vyřešeno
Všetko už vyzerá byť v poriadku, ďakujem za asistenciu :)
------------------------
# DelFix v1.013 - Logfile created 23/02/2017 at 11:06:58
# Updated 17/04/2016 by Xplode
# Username : Miro - MIRO-PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\Miro\Desktop\adwcleaner_6.043.exe
Deleted : C:\Users\Miro\Desktop\HijackThis.exe
Deleted : C:\Users\Miro\Downloads\AVENGERS-2---CZ.mkv
Deleted : C:\Users\Miro\Downloads\Avengers-Confidential-Black-Widow-&-Punisher-BRRip-CZ.avi
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
~ Cleaning system restore ...
Deleted : RP #362 [Plánovaný kontrolný bod | 02/21/2017 16:17:14]
New restore point created !
########## - EOF - ##########
------------------------
# DelFix v1.013 - Logfile created 23/02/2017 at 11:06:58
# Updated 17/04/2016 by Xplode
# Username : Miro - MIRO-PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\Miro\Desktop\adwcleaner_6.043.exe
Deleted : C:\Users\Miro\Desktop\HijackThis.exe
Deleted : C:\Users\Miro\Downloads\AVENGERS-2---CZ.mkv
Deleted : C:\Users\Miro\Downloads\Avengers-Confidential-Black-Widow-&-Punisher-BRRip-CZ.avi
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
~ Cleaning system restore ...
Deleted : RP #362 [Plánovaný kontrolný bod | 02/21/2017 16:17:14]
New restore point created !
########## - EOF - ##########
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 3 hosti