Prosím o kontrolu logu

Marťan · Příspěvekod **Marťan** » 19 črc 2017 18:46

ComboFix 17-07-07.01 - Martys 19.07.2017 18:32:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4048.2029 [GMT 2:00]
Spuštěný z: c:\users\Martys\Desktop\ComboFix.exe
AV: AVG Antivirus *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: AVG Antivirus *Disabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
SP: AVG Antivirus *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\sqlite-3.7.151-amd64-sqlitejdbc.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-06-19 do 2017-07-19 )))))))))))))))))))))))))))))))
.
.
2017-07-19 16:40 . 2017-07-19 16:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-07-19 16:13 . 2017-07-19 16:13 203680 ----a-w- c:\windows\system32\drivers\zam64.sys
2017-07-19 16:13 . 2017-07-19 16:13 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2017-07-19 16:13 . 2017-07-19 16:13 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2017-07-19 16:12 . 2017-07-19 16:12 -------- d-----w- c:\users\Martys\AppData\Local\Zemana
2017-07-19 13:29 . 2017-07-19 12:48 24064 ----a-w- c:\windows\zoek-delete.exe
2017-07-19 13:29 . 2017-07-19 16:40 -------- d-----w- c:\users\Martys\AppData\Local\Temp
2017-07-19 12:47 . 2017-07-19 13:24 -------- d-----w- C:\zoek_backup
2017-07-17 18:41 . 2017-07-17 18:41 188352 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-07-17 18:41 . 2017-07-19 14:16 101784 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-07-17 18:41 . 2017-07-19 15:20 84256 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-07-17 18:41 . 2017-07-19 14:16 45472 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-07-17 18:41 . 2017-07-19 14:14 253856 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-17 18:41 . 2017-06-27 10:06 77376 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-07-17 18:40 . 2017-07-17 18:40 -------- d-----w- c:\programdata\Malwarebytes
2017-07-17 18:40 . 2017-07-17 18:40 -------- d-----w- c:\program files\Malwarebytes
2017-07-17 18:22 . 2017-07-18 09:45 -------- d-----w- C:\AdwCleaner
2017-07-16 10:25 . 2017-07-16 10:25 -------- d-----w- c:\users\Martys\AppData\Local\Adobe
2017-07-16 10:25 . 2017-07-16 10:25 -------- d-----w- c:\users\Martys\AppData\Local\Apps
2017-07-15 17:41 . 2017-07-15 17:42 -------- d-----w- c:\users\Martys\AppData\Roaming\SoftPerfect Network Scanner
2017-07-15 17:41 . 2017-07-15 17:41 -------- d-----w- c:\program files\SoftPerfect Network Scanner
2017-07-11 05:19 . 2017-07-11 05:19 401584 ----a-w- c:\windows\system32\avgBoot.exe
2017-07-06 18:58 . 2013-07-04 12:57 259584 ----a-w- c:\windows\system32\WebClnt.dll
2017-07-06 18:58 . 2013-07-04 12:50 102400 ----a-w- c:\windows\system32\davclnt.dll
2017-07-06 18:58 . 2013-07-04 11:57 205824 ----a-w- c:\windows\SysWow64\WebClnt.dll
2017-07-06 18:58 . 2013-07-04 11:51 81920 ----a-w- c:\windows\SysWow64\davclnt.dll
2017-07-06 18:58 . 2013-07-04 10:11 140800 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2017-07-06 18:56 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2017-07-06 18:56 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2017-07-06 18:56 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2017-07-06 18:07 . 2015-02-04 03:16 392192 ----a-w- c:\windows\system32\WMPhoto.dll
2017-07-06 18:07 . 2015-02-04 02:54 318464 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2017-06-30 21:49 . 2017-06-30 23:08 -------- d-----w- C:\Filmy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-19 10:35 . 2016-12-18 10:20 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-07-18 12:03 . 2017-03-11 17:03 139112 ----a-w- c:\windows\system32\drivers\avgmonflt.sys
2017-07-12 06:14 . 2014-05-03 10:12 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-07-12 06:14 . 2014-05-03 10:12 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-07-11 05:23 . 2017-03-11 17:03 353744 ----a-w- c:\windows\system32\drivers\avgvmm.sys
2017-07-11 05:19 . 2017-03-11 17:03 191208 ----a-w- c:\windows\system32\drivers\avgStm.sys
2017-07-11 05:19 . 2017-03-11 17:03 578048 ----a-w- c:\windows\system32\drivers\avgSP.sys
2017-07-11 05:19 . 2017-03-11 17:03 76832 ----a-w- c:\windows\system32\drivers\avgRvrt.sys
2017-07-11 05:19 . 2017-03-11 17:03 39424 ----a-w- c:\windows\system32\drivers\avgHwid.sys
2017-07-11 05:19 . 2017-03-11 17:03 102792 ----a-w- c:\windows\system32\drivers\avgRdr2.sys
2017-07-11 05:18 . 2017-03-11 17:03 1008288 ----a-w- c:\windows\system32\drivers\avgSnx.sys
2017-07-11 05:18 . 2017-03-11 17:03 546968 ----a-w- c:\windows\system32\drivers\avgNetSec.sys
2017-07-11 05:17 . 2017-03-11 17:03 51336 ----a-w- c:\windows\system32\drivers\avgbuniva.sys
2017-07-11 05:17 . 2017-03-11 17:03 336896 ----a-w- c:\windows\system32\drivers\avgbloga.sys
2017-07-11 05:17 . 2017-03-11 17:03 313616 ----a-w- c:\windows\system32\drivers\avgbidsdrivera.sys
2017-07-11 05:17 . 2017-03-11 17:03 192584 ----a-w- c:\windows\system32\drivers\avgbidsha.sys
2017-07-11 05:17 . 2017-03-11 17:03 166624 ----a-w- c:\windows\system32\drivers\avgbdiska.sys
2017-07-05 07:30 . 2016-12-30 17:28 256040 ----a-w- c:\windows\system32\iseguard64.dll
2017-07-05 07:29 . 2016-12-30 17:28 205536 ----a-w- c:\windows\SysWow64\iseguard32.dll
2017-07-05 07:29 . 2016-12-30 17:28 50856 ----a-w- c:\windows\system32\drivers\isedrv.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt01]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 285000 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt02]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 285000 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt03]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 285000 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt04]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 285000 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt05]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 285000 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt06]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 285000 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt07]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 285000 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt08]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 285000 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt09]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 285000 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 285000 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MultiScreen"="c:\program files (x86)\MultiScreen\MultiScreen.exe" [2009-08-11 303104]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"Dropbox Update"="c:\users\Martys\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2016-12-14 143144]
"Gaijin.Net Agent"="c:\users\Martys\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" [2017-06-28 2010056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-04-23 311616]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Clarus Drive Manager"="c:\program files (x86)\Samsung Drive Manager\Drive Manager.exe" [2013-12-18 8135744]
"AvgUi"="c:\program files (x86)\AVG\Framework\Common\avguirna.exe" [2017-07-03 239592]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-09-22 587288]
"IseUI"="c:\program files (x86)\COMODO\Internet Security Essentials\vkise.exe" [2017-07-05 3632848]
.
c:\users\Martys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Martys\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2017-7-14 3486520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GIGABYTE OC_GURU.lnk - c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe [2013-5-10 21946368]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2014-3-8 1207312]
Samsung Drive Manager Real-Time.lnk - c:\program files (x86)\Samsung Drive Manager\ABRTMon.exe [2015-2-3 136192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"UVS10 Preload"=c:\program files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
.
R2 avgStm;avgStm;c:\windows\system32\drivers\avgStm.sys;c:\windows\SYSNATIVE\drivers\avgStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R2 Origin Web Helper Service;Origin Web Helper Service;c:\program files (x86)\Origin\OriginWebHelperService.exe;c:\program files (x86)\Origin\OriginWebHelperService.exe [x]
R3 avgbIDSAgent;avgbIDSAgent;c:\program files (x86)\AVG\Antivirus\x64\aswidsagenta.exe;c:\program files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [x]
R3 avgHwid;avgHwid;c:\windows\system32\drivers\avgHwid.sys;c:\windows\SYSNATIVE\drivers\avgHwid.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 GPCIDrv;GPCIDrv;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan620.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 avgbidsh;avgbidsh;c:\windows\\SystemRoot\system32\drivers\avgbidsha.sys;c:\windows\\SystemRoot\system32\drivers\avgbidsha.sys [x]
S0 avgblog;avgblog;c:\windows\\SystemRoot\system32\drivers\avgbloga.sys;c:\windows\\SystemRoot\system32\drivers\avgbloga.sys [x]
S0 avgbuniv;avgbuniv;c:\windows\\SystemRoot\system32\drivers\avgbuniva.sys;c:\windows\\SystemRoot\system32\drivers\avgbuniva.sys [x]
S0 avgRvrt;avgRvrt;c:\windows\\SystemRoot\system32\drivers\avgRvrt.sys;c:\windows\\SystemRoot\system32\drivers\avgRvrt.sys [x]
S0 avgVmm;avgVmm;c:\windows\\SystemRoot\system32\drivers\avgVmm.sys;c:\windows\\SystemRoot\system32\drivers\avgVmm.sys [x]
S1 avgbdisk;avgbdisk;c:\windows\system32\drivers\avgbdiska.sys;c:\windows\SYSNATIVE\drivers\avgbdiska.sys [x]
S1 avgbidsdriver;avgbidsdriver;c:\windows\system32\drivers\avgbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\avgbidsdrivera.sys [x]
S1 avgNetSec;avgNetSec;c:\windows\system32\drivers\avgNetSec.sys;c:\windows\SYSNATIVE\drivers\avgNetSec.sys [x]
S1 avgRdr;avgRdr;c:\windows\system32\drivers\avgRdr2.sys;c:\windows\SYSNATIVE\drivers\avgRdr2.sys [x]
S1 avgSnx;avgSnx;c:\windows\system32\drivers\avgSnx.sys;c:\windows\SYSNATIVE\drivers\avgSnx.sys [x]
S1 avgSP;avgSP;c:\windows\system32\drivers\avgSP.sys;c:\windows\SYSNATIVE\drivers\avgSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S1 isedrv;Internet Security Essentials;c:\windows\system32\drivers\isedrv.sys;c:\windows\SYSNATIVE\drivers\isedrv.sys [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [x]
S2 AVG Antivirus;AVG Antivirus;c:\program files (x86)\AVG\Antivirus\AVGSvc.exe;c:\program files (x86)\AVG\Antivirus\AVGSvc.exe [x]
S2 AVG Firewall;AVG Firewall Service;c:\program files (x86)\AVG\Antivirus\afwServ.exe;c:\program files (x86)\AVG\Antivirus\afwServ.exe [x]
S2 avgMonFlt;avgMonFlt;c:\windows\system32\drivers\avgMonFlt.sys;c:\windows\SYSNATIVE\drivers\avgMonFlt.sys [x]
S2 avgsvc;AVG Service;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 isesrv;isesrv;c:\program files (x86)\COMODO\Internet Security Essentials\isesrv.exe;c:\program files (x86)\COMODO\Internet Security Essentials\isesrv.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 Samsung Link Service;Samsung Link Service;c:\program files\Samsung\Samsung Link\Samsung Link.exe;c:\program files\Samsung\Samsung Link\Samsung Link.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 SZDrvSvc;Samsung Drive Manager Service;c:\program files (x86)\Samsung Drive Manager\SZDrvSvc.exe;c:\program files (x86)\Samsung Drive Manager\SZDrvSvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 avgNetNd6;AVG Firewall NDIS6 Helper;c:\windows\system32\DRIVERS\avgNetNd6.sys;c:\windows\SYSNATIVE\DRIVERS\avgNetNd6.sys [x]
S3 mdf16;mdf16;c:\program files (x86)\Samsung Drive Manager\mdf16.sys;c:\program files (x86)\Samsung Drive Manager\mdf16.sys [x]
S3 mvd23;mvd23;c:\program files (x86)\Samsung Drive Manager\mvd23.sys;c:\program files (x86)\Samsung Drive Manager\mvd23.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 subvgaproduct64;subvgaproduct64;c:\windows\system32\DRIVERS\subvga64.sys;c:\windows\SYSNATIVE\DRIVERS\subvga64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ZAM
*NewlyCreated* - ZAM_GUARD
*Deregistered* - ESProtectionDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 14:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2017-07-19 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2131128835-2277457285-3308782453-1000Core.job
- c:\users\Martys\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 16:07]
.
2017-07-19 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2131128835-2277457285-3308782453-1000UA.job
- c:\users\Martys\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 16:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 333128 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 333128 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 333128 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 333128 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 333128 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 333128 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 333128 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 333128 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
"Samsung Link"="c:\program files\Samsung\Samsung Link\Samsung Link Tray Agent.exe" [2016-03-03 608456]
"AvgUi"="c:\program files (x86)\AVG\Framework\Common\avguirna.exe" [2017-07-03 239592]
"AVGUI.exe"="c:\program files (x86)\AVG\Antivirus\AvLaunch.exe" [2017-07-11 263232]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-05-09 3146704]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2017-06-19 15546512]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL =
mDefault_Page_URL =
mLocal Page = c:\windows\SYSTEM32\blank.htm
mSearch Page =
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Martys\AppData\Roaming\Mozilla\Firefox\Profiles\bbmxikm6.default-1500151254905\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
Binary file temp00 matches
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_26_0_0_137_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_26_0_0_137_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_26_0_0_137_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_26_0_0_137_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_137.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.26"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_137.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_137.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_137.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2017-07-19 18:43:26
ComboFix-quarantined-files.txt 2017-07-19 16:43
.
Před spuštěním: 9 069 301 760
Po spuštění: 8 836 694 016
.
- - End Of File - - 4998C4F4830CC127621AC135342A9833
A36C5E4F47E84449FF07ED3517B43A31

Reklama

Marťan · Příspěvekod **Marťan** » 19 črc 2017 19:04

Sakra, nevím jestli se mi to neodeslalo nebo co, ještě pošlu log z rogue a zemana, log z rogue jsem našel, ale s příponou .json, mám to přepsat na txt a poslat?

Příspěvekod **jaro3** » 19 črc 2017 19:32

AV: Malwarebytes -- trvale vypni rez. ochranu

Pokud se vše smazalo/nahradilo , tak posílat nemusíš.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\system32\drivers\isedrv.sys

Folder::
c:\program files (x86)\COMODO\Internet Security Essentials

Driver::
isedrv
isesrv

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IseUI"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_26_0_0_137_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_26_0_0_137_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_26_0_0_137_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_26_0_0_137_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_137.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.26"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_137.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_137.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_137.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Marťan · Příspěvekod **Marťan** » 19 črc 2017 20:18

RogueKiller V12.11.7.0 (x64) [Jul 17 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Martys [Práva správce]
Started from : C:\Users\Martys\Desktop\RogueKiller_portable64.exe
Mód : Prohledat -- Datum : 07/19/2017 19:34:52 (Duration : 00:41:04)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 ATA Device +++++
--- User ---
[MBR] 623286f413d7be0ea744103846afacfa
[BSP] cdfb58ac99afa63eeb6735aa2dbda04b : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 199899 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600000 | Size: 753867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST3250410AS ATA Device +++++
--- User ---
[MBR] 427f9967cd76ca66bedb1f7db214886c
[BSP] 6e8801838f6625bab00d383c09d15574 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238473 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Marťan · Příspěvekod **Marťan** » 19 črc 2017 21:46

Zde je sken, akorát mi combofix napsal nesnažte se restartovat počitač sami, ale po chvili mi vyjelo okno, neumim tu dat fotku, to by bylo nejlepší, ale bylo tam :
Unable to create a backup of the current registry file
C:windows,system32,config,software!
continue restoration of this file?

dal jsem ano, a pak vyskočil hlaška error restoring
C:windows,system32, config,software!
continue with the nex file_
RegReplaceKey:5-přistup byl odepřen
dal jsem NE.

ComboFix 17-07-07.01 - Martys 19.07.2017 20:36:01.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4048.2419 [GMT 2:00]
Spuštěný z: c:\users\Martys\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Martys\Desktop\CFScript.txt
AV: AVG Antivirus *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: AVG Antivirus *Disabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
SP: AVG Antivirus *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\isedrv.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\COMODO\Internet Security Essentials
c:\program files (x86)\COMODO\Internet Security Essentials\authroot.stl
c:\program files (x86)\COMODO\Internet Security Essentials\cmdhtml.dll
c:\program files (x86)\COMODO\Internet Security Essentials\isesrv.exe
c:\program files (x86)\COMODO\Internet Security Essentials\Translations\vkise.bulgarian.xml
c:\program files (x86)\COMODO\Internet Security Essentials\Translations\vkise.dutch.xml
c:\program files (x86)\COMODO\Internet Security Essentials\Translations\vkise.english.xml
c:\program files (x86)\COMODO\Internet Security Essentials\Translations\vkise.french.xml
c:\program files (x86)\COMODO\Internet Security Essentials\Translations\vkise.german.xml
c:\program files (x86)\COMODO\Internet Security Essentials\Translations\vkise.chinese.xml
c:\program files (x86)\COMODO\Internet Security Essentials\Translations\vkise.romanian.xml
c:\program files (x86)\COMODO\Internet Security Essentials\Translations\vkise.russian.xml
c:\program files (x86)\COMODO\Internet Security Essentials\Translations\vkise.spanish.xml
c:\program files (x86)\COMODO\Internet Security Essentials\Translations\vkise.turkish.xml
c:\program files (x86)\COMODO\Internet Security Essentials\Translations\vkise.ukrainian.xml
c:\program files (x86)\COMODO\Internet Security Essentials\Translations\vkise.vietnamese.xml
c:\program files (x86)\COMODO\Internet Security Essentials\vkise.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ISEDRV
-------\Service_isedrv
-------\Service_isesrv
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-06-19 do 2017-07-19 )))))))))))))))))))))))))))))))
.
.
2017-07-19 18:43 . 2017-07-19 18:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2017-07-19 18:43 . 2017-07-19 18:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2017-07-19 18:43 . 2017-07-19 18:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-07-19 16:13 . 2017-07-19 16:13 203680 ----a-w- c:\windows\system32\drivers\zam64.sys
2017-07-19 16:13 . 2017-07-19 16:13 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2017-07-19 16:13 . 2017-07-19 16:13 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2017-07-19 16:12 . 2017-07-19 16:12 -------- d-----w- c:\users\Martys\AppData\Local\Zemana
2017-07-19 13:29 . 2017-07-19 12:48 24064 ----a-w- c:\windows\zoek-delete.exe
2017-07-19 13:29 . 2017-07-19 18:57 -------- d-----w- c:\users\Martys\AppData\Local\Temp
2017-07-19 12:47 . 2017-07-19 13:24 -------- d-----w- C:\zoek_backup
2017-07-17 18:41 . 2017-07-19 18:56 188352 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-07-17 18:41 . 2017-07-19 18:56 101784 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-07-17 18:41 . 2017-07-19 18:56 84256 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-07-17 18:41 . 2017-07-19 18:56 45472 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-07-17 18:41 . 2017-07-19 18:55 253856 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-17 18:41 . 2017-06-27 10:06 77376 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-07-17 18:40 . 2017-07-17 18:40 -------- d-----w- c:\programdata\Malwarebytes
2017-07-17 18:40 . 2017-07-17 18:40 -------- d-----w- c:\program files\Malwarebytes
2017-07-17 18:22 . 2017-07-18 09:45 -------- d-----w- C:\AdwCleaner
2017-07-16 10:25 . 2017-07-16 10:25 -------- d-----w- c:\users\Martys\AppData\Local\Adobe
2017-07-16 10:25 . 2017-07-16 10:25 -------- d-----w- c:\users\Martys\AppData\Local\Apps
2017-07-15 17:41 . 2017-07-15 17:42 -------- d-----w- c:\users\Martys\AppData\Roaming\SoftPerfect Network Scanner
2017-07-15 17:41 . 2017-07-15 17:41 -------- d-----w- c:\program files\SoftPerfect Network Scanner
2017-07-11 05:19 . 2017-07-11 05:19 401584 ----a-w- c:\windows\system32\avgBoot.exe
2017-07-06 18:58 . 2013-07-04 12:57 259584 ----a-w- c:\windows\system32\WebClnt.dll
2017-07-06 18:58 . 2013-07-04 12:50 102400 ----a-w- c:\windows\system32\davclnt.dll
2017-07-06 18:58 . 2013-07-04 11:57 205824 ----a-w- c:\windows\SysWow64\WebClnt.dll
2017-07-06 18:58 . 2013-07-04 11:51 81920 ----a-w- c:\windows\SysWow64\davclnt.dll
2017-07-06 18:58 . 2013-07-04 10:11 140800 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2017-07-06 18:56 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2017-07-06 18:56 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2017-07-06 18:56 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2017-07-06 18:07 . 2015-02-04 03:16 392192 ----a-w- c:\windows\system32\WMPhoto.dll
2017-07-06 18:07 . 2015-02-04 02:54 318464 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2017-06-30 21:49 . 2017-06-30 23:08 -------- d-----w- C:\Filmy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-19 17:34 . 2016-12-18 10:20 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-07-18 12:03 . 2017-03-11 17:03 139112 ----a-w- c:\windows\system32\drivers\avgmonflt.sys
2017-07-12 06:14 . 2014-05-03 10:12 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-07-12 06:14 . 2014-05-03 10:12 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-07-11 05:23 . 2017-03-11 17:03 353744 ----a-w- c:\windows\system32\drivers\avgvmm.sys
2017-07-11 05:19 . 2017-03-11 17:03 191208 ----a-w- c:\windows\system32\drivers\avgStm.sys
2017-07-11 05:19 . 2017-03-11 17:03 578048 ----a-w- c:\windows\system32\drivers\avgSP.sys
2017-07-11 05:19 . 2017-03-11 17:03 76832 ----a-w- c:\windows\system32\drivers\avgRvrt.sys
2017-07-11 05:19 . 2017-03-11 17:03 39424 ----a-w- c:\windows\system32\drivers\avgHwid.sys
2017-07-11 05:19 . 2017-03-11 17:03 102792 ----a-w- c:\windows\system32\drivers\avgRdr2.sys
2017-07-11 05:18 . 2017-03-11 17:03 1008288 ----a-w- c:\windows\system32\drivers\avgSnx.sys
2017-07-11 05:18 . 2017-03-11 17:03 546968 ----a-w- c:\windows\system32\drivers\avgNetSec.sys
2017-07-11 05:17 . 2017-03-11 17:03 51336 ----a-w- c:\windows\system32\drivers\avgbuniva.sys
2017-07-11 05:17 . 2017-03-11 17:03 336896 ----a-w- c:\windows\system32\drivers\avgbloga.sys
2017-07-11 05:17 . 2017-03-11 17:03 313616 ----a-w- c:\windows\system32\drivers\avgbidsdrivera.sys
2017-07-11 05:17 . 2017-03-11 17:03 192584 ----a-w- c:\windows\system32\drivers\avgbidsha.sys
2017-07-11 05:17 . 2017-03-11 17:03 166624 ----a-w- c:\windows\system32\drivers\avgbdiska.sys
2017-07-05 07:30 . 2016-12-30 17:28 256040 ----a-w- c:\windows\system32\iseguard64.dll
2017-07-05 07:29 . 2016-12-30 17:28 205536 ----a-w- c:\windows\SysWow64\iseguard32.dll
2017-07-05 07:29 . 2016-12-30 17:28 50856 ----a-w- c:\windows\system32\drivers\isedrv.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt01]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 285000 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt02]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 285000 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt03]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 285000 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt04]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 285000 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt05]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 285000 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt06]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 285000 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt07]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 285000 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt08]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 285000 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt09]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 285000 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 285000 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt.17.0.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MultiScreen"="c:\program files (x86)\MultiScreen\MultiScreen.exe" [2009-08-11 303104]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"Dropbox Update"="c:\users\Martys\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2016-12-14 143144]
"Gaijin.Net Agent"="c:\users\Martys\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" [2017-06-28 2010056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-04-23 311616]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Clarus Drive Manager"="c:\program files (x86)\Samsung Drive Manager\Drive Manager.exe" [2013-12-18 8135744]
"AvgUi"="c:\program files (x86)\AVG\Framework\Common\avguirna.exe" [2017-07-03 239592]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-09-22 587288]
.
c:\users\Martys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Martys\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2017-7-14 3486520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GIGABYTE OC_GURU.lnk - c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe [2013-5-10 21946368]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2014-3-8 1207312]
Samsung Drive Manager Real-Time.lnk - c:\program files (x86)\Samsung Drive Manager\ABRTMon.exe [2015-2-3 136192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"UVS10 Preload"=c:\program files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Origin Web Helper Service;Origin Web Helper Service;c:\program files (x86)\Origin\OriginWebHelperService.exe;c:\program files (x86)\Origin\OriginWebHelperService.exe [x]
R3 avgHwid;avgHwid;c:\windows\system32\drivers\avgHwid.sys;c:\windows\SYSNATIVE\drivers\avgHwid.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 GPCIDrv;GPCIDrv;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan620.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 avgbidsh;avgbidsh;c:\windows\\SystemRoot\system32\drivers\avgbidsha.sys;c:\windows\\SystemRoot\system32\drivers\avgbidsha.sys [x]
S0 avgblog;avgblog;c:\windows\\SystemRoot\system32\drivers\avgbloga.sys;c:\windows\\SystemRoot\system32\drivers\avgbloga.sys [x]
S0 avgbuniv;avgbuniv;c:\windows\\SystemRoot\system32\drivers\avgbuniva.sys;c:\windows\\SystemRoot\system32\drivers\avgbuniva.sys [x]
S0 avgRvrt;avgRvrt;c:\windows\\SystemRoot\system32\drivers\avgRvrt.sys;c:\windows\\SystemRoot\system32\drivers\avgRvrt.sys [x]
S0 avgVmm;avgVmm;c:\windows\\SystemRoot\system32\drivers\avgVmm.sys;c:\windows\\SystemRoot\system32\drivers\avgVmm.sys [x]
S1 avgbdisk;avgbdisk;c:\windows\system32\drivers\avgbdiska.sys;c:\windows\SYSNATIVE\drivers\avgbdiska.sys [x]
S1 avgbidsdriver;avgbidsdriver;c:\windows\system32\drivers\avgbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\avgbidsdrivera.sys [x]
S1 avgNetSec;avgNetSec;c:\windows\system32\drivers\avgNetSec.sys;c:\windows\SYSNATIVE\drivers\avgNetSec.sys [x]
S1 avgRdr;avgRdr;c:\windows\system32\drivers\avgRdr2.sys;c:\windows\SYSNATIVE\drivers\avgRdr2.sys [x]
S1 avgSnx;avgSnx;c:\windows\system32\drivers\avgSnx.sys;c:\windows\SYSNATIVE\drivers\avgSnx.sys [x]
S1 avgSP;avgSP;c:\windows\system32\drivers\avgSP.sys;c:\windows\SYSNATIVE\drivers\avgSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae64.sys;c:\windows\SYSNATIVE\drivers\mbae64.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [x]
S2 AVG Antivirus;AVG Antivirus;c:\program files (x86)\AVG\Antivirus\AVGSvc.exe;c:\program files (x86)\AVG\Antivirus\AVGSvc.exe [x]
S2 AVG Firewall;AVG Firewall Service;c:\program files (x86)\AVG\Antivirus\afwServ.exe;c:\program files (x86)\AVG\Antivirus\afwServ.exe [x]
S2 avgMonFlt;avgMonFlt;c:\windows\system32\drivers\avgMonFlt.sys;c:\windows\SYSNATIVE\drivers\avgMonFlt.sys [x]
S2 avgStm;avgStm;c:\windows\system32\drivers\avgStm.sys;c:\windows\SYSNATIVE\drivers\avgStm.sys [x]
S2 avgsvc;AVG Service;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 Samsung Link Service;Samsung Link Service;c:\program files\Samsung\Samsung Link\Samsung Link.exe;c:\program files\Samsung\Samsung Link\Samsung Link.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 SZDrvSvc;Samsung Drive Manager Service;c:\program files (x86)\Samsung Drive Manager\SZDrvSvc.exe;c:\program files (x86)\Samsung Drive Manager\SZDrvSvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 avgbIDSAgent;avgbIDSAgent;c:\program files (x86)\AVG\Antivirus\x64\aswidsagenta.exe;c:\program files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [x]
S3 avgNetNd6;AVG Firewall NDIS6 Helper;c:\windows\system32\DRIVERS\avgNetNd6.sys;c:\windows\SYSNATIVE\DRIVERS\avgNetNd6.sys [x]
S3 MBAMFarflt;MBAMFarflt;c:\windows\system32\drivers\farflt.sys;c:\windows\SYSNATIVE\drivers\farflt.sys [x]
S3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 mdf16;mdf16;c:\program files (x86)\Samsung Drive Manager\mdf16.sys;c:\program files (x86)\Samsung Drive Manager\mdf16.sys [x]
S3 mvd23;mvd23;c:\program files (x86)\Samsung Drive Manager\mvd23.sys;c:\program files (x86)\Samsung Drive Manager\mvd23.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 subvgaproduct64;subvgaproduct64;c:\windows\system32\DRIVERS\subvga64.sys;c:\windows\SYSNATIVE\DRIVERS\subvga64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*NewlyCreated* - MBAMCHAMELEON
*NewlyCreated* - MBAMFARFLT
*NewlyCreated* - MBAMPROTECTION
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBPROTECTION
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 14:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2017-07-19 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2131128835-2277457285-3308782453-1000Core.job
- c:\users\Martys\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 16:07]
.
2017-07-19 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2131128835-2277457285-3308782453-1000UA.job
- c:\users\Martys\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 16:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 333128 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 333128 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 333128 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 333128 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 333128 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 333128 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 333128 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-07-12 19:49 333128 ----a-w- c:\users\Martys\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
"Samsung Link"="c:\program files\Samsung\Samsung Link\Samsung Link Tray Agent.exe" [2016-03-03 608456]
"AvgUi"="c:\program files (x86)\AVG\Framework\Common\avguirna.exe" [2017-07-03 239592]
"AVGUI.exe"="c:\program files (x86)\AVG\Antivirus\AvLaunch.exe" [2017-07-11 263232]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-05-09 3146704]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2017-06-19 15546512]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL =
mDefault_Page_URL =
mLocal Page = c:\windows\SYSTEM32\blank.htm
mSearch Page =
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Martys\AppData\Roaming\Mozilla\Firefox\Profiles\bbmxikm6.default-1500151254905\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
Binary file temp00 matches
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_26_0_0_137_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_26_0_0_137_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
c:\program files (x86)\AVG\Framework\Common\avguix.exe
.
**************************************************************************
.
Celkový čas: 2017-07-19 21:03:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2017-07-19 19:02
ComboFix2.txt 2017-07-19 16:43
.
Před spuštěním: 8 733 253 632
Po spuštění: 8 479 977 472
.
- - End Of File - - 4251E0AA48D28D99CA3FEC9531AF4F19
A36C5E4F47E84449FF07ED3517B43A31

Marťan · Příspěvekod **Marťan** » 19 črc 2017 21:53

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-07-19 21:47:43
-----------------------------
21:47:43.228 OS Version: Windows x64 6.1.7601 Service Pack 1
21:47:43.228 Number of processors: 4 586 0x1001
21:47:43.228 ComputerName: MARTYS-PC UserName: Martys
21:47:44.195 Initialize success
21:47:44.460 VM: initialized successfully
21:47:44.476 VM: Amd CPU BiosDisabled
21:47:51.167 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
21:47:51.167 Disk 0 Vendor: ST3250410AS 3.AAF Size: 238475MB BusType: 11
21:47:51.183 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
21:47:51.183 Disk 1 Vendor: ST1000DM003-1CH162 CC49 Size: 953869MB BusType: 11
21:47:51.308 Disk 1 MBR read successfully
21:47:51.308 Disk 1 MBR scan
21:47:51.308 Disk 1 Windows 7 default MBR code
21:47:51.323 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:47:51.323 Disk 1 Boot: NTFS code=2
21:47:51.339 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 199899 MB offset 206848
21:47:51.355 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 753867 MB offset 409600000
21:47:51.401 Disk 1 scanning C:\Windows\system32\drivers
21:47:58.515 Service scanning
21:48:12.337 Modules scanning
21:48:12.337 Disk 1 trace - called modules:
21:48:12.352 ntoskrnl.exe CLASSPNP.SYS disk.sys avgSP.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:48:12.368 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004415060]
21:48:12.383 3 avgSP.sys[fffff88003b041d2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80040fc060]
21:48:12.383 Disk 1 statistics 107310/0/0 @ 8,98 MB/s
21:48:12.383 Scan finished successfully
21:53:03.505 Disk 1 MBR has been saved successfully to "C:\Users\Martys\Desktop\MBR.dat"
21:53:03.515 The log file has been saved successfully to "C:\Users\Martys\Desktop\aswMBR.txt"

Marťan · Příspěvekod **Marťan** » 19 črc 2017 21:57

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:54:52, on 19.7.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16533)

FIREFOX: 43.0.1 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\Martys\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Clarus Drive Manager] C:\Program Files (x86)\Samsung Drive Manager\Drive Manager.exe -Hide
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Martys\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [Gaijin.Net Agent] "C:\Users\Martys\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
O4 - Startup: Dropbox.lnk = Martys\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: GIGABYTE OC_GURU.lnk = C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Samsung Drive Manager Real-Time.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AllShare Framework DMS - Samsung - C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
O23 - Service: AVG Antivirus - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
O23 - Service: AVG Firewall Service (AVG Firewall) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Antivirus\afwServ.exe
O23 - Service: avgbIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung Link Service - Samsung Electronics Co.,Ltd - C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Aktivátor Správce výběru OS Acronis (Správce výběru OS) - Unknown owner - C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Samsung Drive Manager Service (SZDrvSvc) - Clarus, Inc. - C:\Program Files (x86)\Samsung Drive Manager\SZDrvSvc.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 11610 bytes

Příspěvekod **jaro3** » 19 črc 2017 22:43

Problémy se zálohou Combofixu jsou běžné , on je staven spíš na XP..

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Marťan · Příspěvekod **Marťan** » 20 črc 2017 12:39

# DelFix v1.013 - Logfile created 20/07/2017 at 12:34:55
# Updated 17/04/2016 by Xplode
# Username : Martys - MARTYS-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\Martys\Desktop\JRT.exe
Deleted : C:\Users\Martys\Desktop\JRT.txt
Deleted : C:\Users\Martys\Desktop\MBR.dat
Deleted : C:\Users\Martys\Desktop\RogueKiller_portable64.exe
Deleted : C:\Users\Martys\Desktop\zoek.exe
Deleted : C:\Users\Martys\Downloads\AdwCleaner.exe
Deleted : C:\Users\Martys\Downloads\HijackThis.exe
Deleted : C:\Users\Martys\Downloads\hijackthis.log
Deleted : C:\Users\Martys\Downloads\TFC.exe
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #214 [Naplánovaný kontrolní bod | 07/20/2017 09:18:47]

New restore point created !

########## - EOF - ##########

Příspěvekod **jaro3** » 20 črc 2017 17:21

Co problémy?

Marťan · Příspěvekod **Marťan** » 20 črc 2017 19:29

Vypadá to o moc líp, procesor taky v nečinnosti není vytížen, myslím že OK. Malwarebytes mi běží a jsou u něho zaplé ochrany, to mám nechat nebo vše odinstalovat?

Příspěvekod **jaro3** » 20 črc 2017 19:36

U Malwarebytes bys mohl vypnout trvale rez. ochranu.

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

Prosím o kontrolu logu Vyřešeno

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online