Prosím o preventivku, pokus stažení viru

[MalyMartas]

Zdravím,
našel jsem v logu webserveru (HFS fileserver) toto:

Ve složce C\:Users\Public jsem našel soubor CSRRS.exe, který podle Virustotal odpovídá tomu co se stáhne z té adresy, a ještě několik dalších ze stejného data (skryté jako systémové).

https://www.virustotal.com/cs/file/e8fb ... /analysis/
https://www.virustotal.com/cs/file/a03a ... /analysis/
https://www.virustotal.com/cs/file/fe9c ... /analysis/
https://www.virustotal.com/cs/file/6bea ... /analysis/
Všechny jsem zabalil do archivu (kdyby byly potřeba pro analýzu třeba), a soubory smazal.
PC se chová normálně (od té doby jsem ho nerestartoval), MS Security Essentials ani Malwarebytes nic nenašli. Ale vzhledem k tomu, že kromě toho csrrs.exe tam byly další soubory předpokládám, že si je ten csrrs.exe stáhnul. Rád bych si byl jistý že se někde jinde něco neschovalo

Logfile of random's system information tool 1.10 (written by random/random)
Run by martin at 2016-04-10 01:15:19
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 544 GB (89%) free of 610 GB
Total RAM: 4021 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:15:29, on 10.4.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18163)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Programy\Growl\Growl.exe
C:\Programy\HFS - HTTP File Server\hfs.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE
C:\Programy\Python_2.7.10\python.exe
C:\Programy\iSpy\iSpyMonitor.exe
c:\programy\teamviewer\TeamViewer.exe
C:\Programy\PlexServer\Plex Media Server.exe
C:\Programy\PlexServer\PlexScriptHost.exe
C:\Programy\PlexServer\PlexScriptHost.exe
C:\Programy\Firefox\firefox.exe
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\Program Files\trend micro\martin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [iSpy] "C:\Programy\iSpy\iSpy.exe" -silent
O4 - HKCU\..\Run: [Growl] C:\Programy\Growl\Growl.exe
O4 - HKCU\..\Run: [ServerWMC] C:\Program Files (x86)\ServerWMC\ServerWMC.exe
O4 - HKCU\..\Run: [FileZilla Server Interface] "C:\Programy\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKCU\..\Run: [Plex Media Server] "C:\Programy\PlexServer\Plex Media Server.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: HFS.lnk = C:\Programy\HFS - HTTP File Server\hfs.exe
O4 - Startup: OneDrive pro firmy.lnk = C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE
O4 - Startup: PlexPyStart.lnk = C:\Programy\PlexPy\PlexPyStart.bat
O4 - Startup: sidebar.lnk = C:\Program Files\Windows Sidebar\sidebar.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Google Cloud Print Service (CloudPrintService) - Google Inc. - C:\Program Files (x86)\Google\Cloud Print Service\28.0.1493.2\cloud_print_service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programy\FileZilla Server\FileZilla Server.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Paramount Software UK Ltd - C:\Programy\Macrium Reflect\ReflectService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Programy\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9891 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Google\Cloud Print Service\28.0.1493.2\cloud_print_service.exe" --service --enable-logging --v=1
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Elantech\ETDService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Programy\FileZilla Server\FileZilla Server.exe"
"C:\Programy\Macrium Reflect\ReflectService.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --enable-logging --v=1 --type=service --user-data-dir="C:\Users\martin\AppData\Local\Google\Cloud Print Service" --no-service-autorun --auto-launch-at-startup --disable-background-mode --disable-default-apps --disable-extensions --disable-gpu --disable-software-rasterizer --disable-sync --no-first-run --no-startup-window
C:\Windows\system32\DllHost.exe /Processid:{48DA6741-1BF0-4A44-8325-293086C79077}
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
"taskhost.exe"
rdpclip
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Programy\Growl\Growl.exe"
"C:\Programy\HFS - HTTP File Server\hfs.exe"
"C:\Program Files (x86)\Windows Sidebar\sidebar.exe"
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"
"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\ehome\ehRecvr.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\ehome\mcGlidHost.exe -Embedding
"taskhost.exe"
"C:\Programy\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
"C:\Program Files\Microsoft Office 15\ClientX64\AppVShNotify.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --channel="2120.1.199315000\430897429" --lang --no-sandbox
"C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Users\martin\Desktop\instalacky\nástroje\CrystalDiskInfo\DiskInfoX64.exe"
C:\Windows\system32\cmd.exe /c ""C:\Programy\PlexPy\PlexPyStart.bat" "
\??\C:\Windows\system32\conhost.exe "306663413-1910587471694047357-358941333-15842399321440189111-1662417897-1751810243
C:\Programy\Python_2.7.10\python.exe C:\Programy\PlexPy\PlexPy.py
"C:\Programy\iSpy\iSpy.exe"
"C:\Programy\iSpy\iSpyMonitor.exe" ispy
"C:\Program Files (x86)\ServerWMC\ServerWMC.exe"
"c:\programy\teamviewer\TeamViewer.exe"
"C:\Programy\TeamViewer\tv_w32.exe" --action hooks --log C:\Programy\TeamViewer\TeamViewer11_Logfile.log
"C:\Programy\TeamViewer\tv_x64.exe" --action hooks --log C:\Programy\TeamViewer\TeamViewer11_Logfile.log
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
"LogonUI.exe" /flags:0x0
atieclxx
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Programy\PlexServer\Plex Media Server.exe"
"C:\Programy\PlexServer\PlexScriptHost.exe" "C:\Programy\PlexServer\Resources\Plug-ins-ee6e505\Framework.bundle\Contents\Resources\Versions\2\Python/bootstrap.py" "C:\Programy\PlexServer\Resources\Plug-ins-ee6e505\System.bundle"
\??\C:\Windows\system32\conhost.exe "1399085454-19649794-995331802-14577455682005089944-8911334408825301-967764563
"C:\Programy\PlexServer\PlexScriptHost.exe" "C:\Programy\PlexServer\Resources\Plug-ins-ee6e505\Framework.bundle\Contents\Resources\Versions\2\Python/bootstrap.py" "C:\Users\martin\AppData\Local\Plex Media Server\Plug-ins\Sub-Zero.bundle"
\??\C:\Windows\system32\conhost.exe "481967097-7080147664977383657055518991013844301873600847-15071388-1072059039
"C:\Windows\System32\taskmgr.exe"
"C:\Programy\Firefox\firefox.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe"
"C:\Windows\system32\perfmon.exe" /res

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe242_ Global\UsGthrCtrlFltPipeMssGthrPipe242 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
"C:\DOWN\RSITx64.exe"
"C:\Windows\eHome\EhTray.exe" /nav:-2
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\Macrium-Backup-{17E47608-4CBD-4BA8-B438-6D8C185F1C53}.job - C:\Programy\Macrium Reflect\Reflect.exe -e -w "C:\Users\martin\Documents\Reflect\My Backup.xml" -full -g {17E47608-4CBD-4BA8-B438-6D8C185F1C53}
C:\Windows\tasks\Macrium-Backup-{63B3FBB9-5C1D-42AB-AF0D-952944ACE590}.job - C:\Programy\Macrium Reflect\Reflect.exe -e -w "C:\Users\martin\Documents\Reflect\My Backup.xml" -diff -g {63B3FBB9-5C1D-42AB-AF0D-952944ACE590}

=========Mozilla firefox=========

ProfilePath - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\dbtbcfwi.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Programy\VLC32\npvlc.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled


C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\dbtbcfwi.default\extensions\
{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-12 228552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-12 895776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-12 2348336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-12 163016]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-12 720160]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-12 1741096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2015-04-30 1337000]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2010-01-18 324608]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-01-29 10038304]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2015-10-08 3738344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21 1174016]
"iSpy"=C:\Programy\iSpy\iSpy.exe [2015-09-16 3261952]
"Growl"=C:\Programy\Growl\Growl.exe [2012-03-21 3817472]
"ServerWMC"=C:\Program Files (x86)\ServerWMC\ServerWMC.exe [2015-12-23 422400]
"FileZilla Server Interface"=C:\Programy\FileZilla Server\FileZilla Server Interface.exe [2015-11-30 2539984]
"Plex Media Server"=C:\Programy\PlexServer\Plex Media Server.exe [2016-04-04 6540616]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2009-11-20 106496]
"RUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [2011-09-20 115048]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-01-29 594992]

C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
HFS.lnk - C:\Programy\HFS - HTTP File Server\hfs.exe
OneDrive pro firmy.lnk - C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE
PlexPyStart.lnk - C:\Programy\PlexPy\PlexPyStart.bat
sidebar.lnk - C:\Program Files (x86)\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-04-10 01:15:19 ----D---- C:\rsit
2016-04-10 01:15:19 ----D---- C:\Program Files\trend micro
2016-04-10 00:42:20 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2016-04-10 00:41:35 ----A---- C:\Windows\system32\drivers\mwac.sys
2016-04-10 00:41:35 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2016-04-10 00:41:35 ----A---- C:\Windows\system32\drivers\mbam.sys
2016-04-10 00:41:34 ----D---- C:\ProgramData\Malwarebytes
2016-03-12 12:41:26 ----D---- C:\onedrive_VSE
2016-03-12 12:25:30 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2016-03-12 12:25:29 ----D---- C:\Program Files (x86)\Microsoft Office
2016-03-12 12:20:50 ----D---- C:\Program Files\Microsoft Office 15

======List of files/folders modified in the last 1 month======

2016-04-10 01:15:19 ----RD---- C:\Program Files
2016-04-10 01:14:41 ----RD---- C:\DOWN
2016-04-10 01:12:30 ----D---- C:\Windows\Temp
2016-04-10 00:42:20 ----D---- C:\Windows\system32\drivers
2016-04-10 00:41:34 ----HD---- C:\ProgramData
2016-04-10 00:41:34 ----D---- C:\Programy
2016-04-10 00:19:46 ----D---- C:\TEMP
2016-04-10 00:00:01 ----D---- C:\Users\martin\AppData\Roaming\iSpy
2016-04-09 23:56:07 ----D---- C:\Windows\Prefetch
2016-04-09 06:00:53 ----SHD---- C:\System Volume Information
2016-04-07 20:58:41 ----D---- C:\TC
2016-04-07 19:48:23 ----D---- C:\ProgramData\Package Cache
2016-04-07 19:44:53 ----SHD---- C:\Windows\Installer
2016-04-05 16:38:09 ----D---- C:\Windows\system32\LogFiles
2016-03-31 20:54:41 ----D---- C:\Users\martin\AppData\Roaming\vlc
2016-03-13 20:43:15 ----SD---- C:\Users\martin\AppData\Roaming\Microsoft
2016-03-12 13:00:21 ----RSD---- C:\Windows\assembly
2016-03-12 13:00:21 ----D---- C:\Windows\Microsoft.NET
2016-03-12 12:37:44 ----D---- C:\Program Files (x86)\Common Files
2016-03-12 12:37:41 ----D---- C:\Program Files (x86)\Microsoft.NET
2016-03-12 12:36:28 ----D---- C:\Windows\system32\DriverStore
2016-03-12 12:36:26 ----D---- C:\Windows\inf
2016-03-12 12:27:09 ----SD---- C:\ProgramData\Microsoft
2016-03-12 12:25:43 ----D---- C:\Windows\system32\Tasks
2016-03-12 12:25:29 ----RD---- C:\Program Files (x86)
2016-03-12 12:25:29 ----D---- C:\Windows\SysWOW64
2016-03-12 12:25:29 ----D---- C:\Program Files\Common Files\Microsoft Shared
2016-03-12 12:22:17 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-03-04 280376]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 124568]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
R2 speedfan;speedfan; \??\C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R2 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Users\martin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys [2015-11-06 14544]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-01-22 6233088]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-01-22 161280]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-06-27 2753536]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-09-30 121872]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 ETD;ELAN Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2015-10-08 464472]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-01-29 2260256]
R3 IT9135BDA;IT9135 BDA Devices; C:\Windows\System32\Drivers\IT9135BDA.sys [2015-12-26 165504]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-03-04 75816]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2007-08-09 13680]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0); C:\Windows\system32\DRIVERS\rusb3hub.sys [2012-08-27 114568]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0); C:\Windows\system32\DRIVERS\rusb3xhc.sys [2012-08-27 230280]
S3 ALSysIO;ALSysIO; \??\C:\Users\martin\AppData\Local\Temp\ALSysIO64.sys []
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2015-07-15 96256]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 DIRECTIO;DIRECTIO; \??\C:\Programy\PassmarkPerformanceTest\DirectIo64.sys [2012-08-13 25704]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2009-05-20 202016]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-01-22 202752]
R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2016-02-09 2828016]
R2 CloudPrintService;Google Cloud Print Service; C:\Program Files (x86)\Google\Cloud Print Service\28.0.1493.2\cloud_print_service.exe [2015-12-06 4869072]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ETDService;Elan Service; C:\Program Files\Elantech\ETDService.exe [2015-10-08 144104]
R2 FileZilla Server;FileZilla Server FTP server; C:\Programy\FileZilla Server\FileZilla Server.exe [2015-11-30 827856]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-04-30 23816]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service; C:\Programy\Macrium Reflect\ReflectService.exe [2015-10-12 3476432]
R2 TeamViewer;TeamViewer 11; C:\Programy\TeamViewer\TeamViewer_Service.exe [2016-03-02 6942480]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-06 144200]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-06 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-12-12 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-10-30 147624]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2015-04-30 366544]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2016-03-01 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2016-03-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-03-01 118520]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-11-05 836176]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-11-06 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

[motji]

Zdravím

Stáhněte AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/
-Uložte program na plochu a ukončete všechny spuštěné programy .
-spusťte AdwCleaner, klikněte na Scan a po dokončení skenu na Clean
- provede se oprava, restartuje se pc - (případně restartujte) a objeví se log C:\AdwCleaner\AdwCleaner.txt , obsah logu zkopírujte zde.

[MalyMartas]

Děkuji za reakci
Smazalo se mi nastavení Growlu, evidentně

# AdwCleaner v5.109 - Log soubor vytvořen 10/04/2016 o 09:15:43
# Aktualizováno 04/04/2016 by Xplode
# Databáze : 2016-04-09.1 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (x64)
# Jméno uživatele : martin - N61JQ
# Spuštěno z : C:\Users\martin\Desktop\AdwCleaner.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****


***** [ Složky ] *****

[-] Složka smazáno : C:\ProgramData\Growl
[#] Složka smazáno : C:\ProgramData\Application Data\Growl
[-] Složka smazáno : C:\Users\martin\AppData\Local\Growl

***** [ Soubory ] *****


***** [ DLLs ] *****


***** [ Zástupci ] *****


***** [ Naplánované úkoly ] *****


***** [ Registr ] *****

[-] Klávesa smazáno : HKCU\Software\Conduit
[-] Klávesa smazáno : HKCU\Software\Growl
[-] Klávesa smazáno : HKLM\SOFTWARE\Conduit
[-] Klávesa smazáno : HKU\.DEFAULT\Software\Growl

***** [ Webové prohlížeče ] *****


*************************

:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1118 bytes] - [10/04/2016 09:15:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [1358 bytes] - [10/04/2016 09:12:04]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1264 bytes] ##########

[motji]

Pardon, patrně se to ADW cleaneru nelíbilo. Ten program asi používáte vědomě, že? Bohužel ho neznám, nedokážu posoudit, ale můžeme autorovi ADW cleaneru napsat, proč ho maže.

[MalyMartas]

Growl je pro posílání upozornění/oznámení z/do spousty programů a služeb.

Jinak myslíte že je vše v pořádku?

[motji]

V logu nic nevidím, můžeme ještě zkusit combofix, ale pokud pc nevykazuje žádné známky infekce, je to zbytečné.
Ještě otázečku - office máte legální? Domnívám se že nikoliv, původce viru může být i odtud.

[MalyMartas]

Office mám legální, z předplatného co poskytuje škola.
Pokud myslíte že je to Ok, tak děkuji

[motji]

Tak pro můj i Váš klid prosím vložte ještě druhý log z Frstu.

[MalyMartas]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by martin (administrator) on N61JQ (10-04-2016 15:39:43)
Running from C:\Users\martin\Desktop
Loaded Profiles: martin (Available Profiles: martin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Cloud Print Service\28.0.1493.2\cloud_print_service.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Paramount Software UK Ltd) C:\Programy\Macrium Reflect\ReflectService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Programy\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Mozilla Corporation) C:\Programy\Firefox\firefox.exe
(forum.viry.cz) C:\Users\martin\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-01-18] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3738344 2015-10-08] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-3857747641-366067632-2098841333-1000\...\Run: [iSpy] => C:\Programy\iSpy\iSpy.exe [3261952 2015-09-16] (http://www.ispyconnect.com)
HKU\S-1-5-21-3857747641-366067632-2098841333-1000\...\Run: [Growl] => C:\Programy\Growl\Growl.exe [3817472 2012-03-21] (element code project)
HKU\S-1-5-21-3857747641-366067632-2098841333-1000\...\Run: [ServerWMC] => C:\Program Files (x86)\ServerWMC\ServerWMC.exe [422400 2015-12-23] ()
HKU\S-1-5-21-3857747641-366067632-2098841333-1000\...\Run: [Plex Media Server] => C:\Programy\PlexServer\Plex Media Server.exe [6540616 2016-04-04] (Plex, Inc.)
ShellIconOverlayIdentifiers: [ Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [ Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HFS.lnk [2015-11-10]
ShortcutTarget: HFS.lnk -> C:\Programy\HFS - HTTP File Server\hfs.exe (rejetto)
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive pro firmy.lnk [2016-03-12]
ShortcutTarget: OneDrive pro firmy.lnk -> C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PlexPyStart.lnk [2015-11-14]
ShortcutTarget: PlexPyStart.lnk -> C:\Programy\PlexPy\PlexPyStart.bat ()
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar.lnk [2015-03-21]
ShortcutTarget: sidebar.lnk -> C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.3
Tcpip\..\Interfaces\{4229987D-40E3-4580-AEA5-B8BE023DEB7D}: [DhcpNameServer] 192.168.2.3
Tcpip\..\Interfaces\{EB8E6E63-B988-4E6F-805F-894F8D09B45F}: [DhcpNameServer] 192.168.2.3

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-12] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-12] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-03-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\dbtbcfwi.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-03-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Programy\VLC32\npvlc.dll [2015-04-13] (VideoLAN)
FF Extension: Export Cookies - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\dbtbcfwi.default\extensions\exportcookies@aag.xpi [2015-11-08]
FF Extension: ChatZilla - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\dbtbcfwi.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2016-04-08]
StartMenuInternet: FIREFOX.EXE - C:\Programy\Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Překladač Google) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-02-21]
CHR Extension: (Prezentace Google) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-06]
CHR Extension: (Dokumenty Google) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-06]
CHR Extension: (Disk Google) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-06]
CHR Extension: (YouTube) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-06]
CHR Extension: (uBlock Origin) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-02-21]
CHR Extension: (Vyhledávání Google) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-06]
CHR Extension: (Tabulky Google) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-06]
CHR Extension: (HTTPS Everywhere) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-02-21]
CHR Extension: (Dokumenty Google offline) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-07]
CHR Extension: (Tamper Chrome (extension)) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hifhgpdkfodlpnlmlnmhchnkepplebkb [2016-02-21]
CHR Extension: (Imagus) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2016-02-21]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-02-21]
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb [2016-02-21]
CHR Extension: (Pocket) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-02-21]
CHR Extension: (Save to Pocket) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-02-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-06]
CHR Extension: (Tamper Chrome (application)) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\odldmflbckacdofpepkdkmkccgdfaemb [2016-02-21]
CHR Extension: (uMatrix) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfcmafjalglgifnmanfmnieipoejdcf [2016-02-21]
CHR Extension: (Recent Bookmarks) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\olndffocioplakeilhkgenfgdincjlpn [2016-02-21]
CHR Extension: (Gmail) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-06]
CHR Extension: (RSS Feed Reader) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2016-02-21]
CHR Profile: C:\Users\martin\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Docs) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 CloudPrintService; C:\Program Files (x86)\Google\Cloud Print Service\28.0.1493.2\cloud_print_service.exe [4869072 2015-12-06] (Google Inc.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144104 2015-10-08] (ELAN Microelectronics Corp.)
S3 FileZilla Server; C:\Programy\FileZilla Server\FileZilla Server.exe [827856 2015-11-30] (FileZilla Project)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 ReflectService.exe; C:\Programy\Macrium Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TeamViewer; C:\Programy\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2015-07-15] (Advanced Micro Devices) [File not signed]
S3 DIRECTIO; C:\Programy\PassmarkPerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2015-12-26] (ITE )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [168968 2015-10-12] (Windows (R) Win 7 DDK provider)
S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R2 WinRing0_1_2_0; C:\Users\martin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys [14544 2015-11-06] (OpenLibSys.org)
S3 ALSysIO; \??\C:\Users\martin\AppData\Local\Temp\ALSysIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-10 15:39 - 2016-04-10 15:40 - 00021522 _____ C:\Users\martin\Desktop\FRST.txt
2016-04-10 15:37 - 2016-04-10 15:39 - 00000000 ____D C:\FRST
2016-04-10 15:33 - 2016-04-10 15:35 - 00112640 _____ (forum.viry.cz) C:\Users\martin\Desktop\FRSTLauncher.exe
2016-04-10 15:33 - 2016-04-10 15:33 - 02374144 _____ (Farbar) C:\Users\martin\Desktop\FRST64.exe
2016-04-10 10:21 - 2016-02-05 20:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-10 10:21 - 2016-02-05 20:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-10 10:21 - 2016-02-05 19:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-10 10:21 - 2016-02-01 21:08 - 00114624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-04-10 10:21 - 2016-02-01 20:59 - 03243008 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-04-10 10:21 - 2016-02-01 20:59 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-04-10 10:21 - 2016-02-01 20:59 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-04-10 10:21 - 2016-02-01 20:56 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-04-10 10:21 - 2016-02-01 20:56 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-04-10 10:21 - 2016-02-01 20:49 - 02364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-04-10 10:21 - 2016-02-01 20:49 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-04-10 10:21 - 2016-02-01 20:49 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-04-10 10:21 - 2016-02-01 20:45 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-04-10 10:21 - 2015-06-03 22:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-10 10:20 - 2016-04-04 20:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-10 10:20 - 2016-04-04 20:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-10 10:20 - 2016-04-02 15:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-10 10:20 - 2016-03-23 16:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-10 10:20 - 2016-03-17 20:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-10 10:20 - 2016-03-17 20:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-10 10:20 - 2016-03-17 20:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-10 10:20 - 2016-03-17 20:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-10 10:20 - 2016-02-02 20:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-10 10:20 - 2016-01-21 02:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-10 10:20 - 2015-12-16 20:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-04-10 10:20 - 2015-12-16 20:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-04-10 10:20 - 2015-12-16 20:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-04-10 10:20 - 2015-12-16 20:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-04-10 10:20 - 2015-12-16 20:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-04-10 10:20 - 2015-12-16 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-04-10 10:20 - 2015-12-16 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-04-10 10:20 - 2015-12-16 20:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-04-10 09:53 - 2016-04-10 09:53 - 00002563 _____ C:\Users\martin\Desktop\Growl.lnk
2016-04-10 09:47 - 2016-04-10 09:47 - 00004155 _____ C:\Windows\Macrium Reflect Patch Log.txt
2016-04-10 09:20 - 2016-04-10 09:20 - 00000000 ____D C:\Users\martin\AppData\Local\Growl
2016-04-10 09:20 - 2016-04-10 09:20 - 00000000 ____D C:\ProgramData\Growl
2016-04-10 09:11 - 2016-04-10 09:15 - 00000000 ____D C:\AdwCleaner
2016-04-10 09:11 - 2016-04-10 09:11 - 03119168 _____ C:\Users\martin\Desktop\AdwCleaner.exe
2016-04-10 01:15 - 2016-04-10 01:15 - 00000000 ____D C:\rsit
2016-04-10 01:15 - 2016-04-10 01:15 - 00000000 ____D C:\Program Files\trend micro
2016-04-10 00:42 - 2016-04-10 00:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-10 00:41 - 2016-04-10 00:41 - 00000865 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-10 00:41 - 2016-04-10 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-10 00:41 - 2016-04-10 00:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-10 00:41 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-10 00:41 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-10 00:41 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-10 00:37 - 2016-04-10 00:37 - 00001380 _____ C:\Users\martin\Desktop\Process Explorer.lnk
2016-04-10 00:28 - 2016-04-10 00:54 - 02904972 _____ C:\Users\Public\virusUsersPublic.rar
2016-04-08 15:04 - 2016-04-08 15:04 - 00001763 _____ C:\Users\martin\Desktop\chatzilla profil.lnk
2016-04-07 19:44 - 2016-04-07 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2016-03-31 20:46 - 2016-03-31 20:46 - 00000000 _____ C:\reflectv6.1-1023-x64-0.dmp
2016-03-16 07:53 - 2016-03-16 08:05 - 00000000 ____D C:\Users\Public\Media
2016-03-12 12:41 - 2016-03-12 18:41 - 00000000 ____D C:\onedrive_VSE
2016-03-12 12:25 - 2016-03-12 12:39 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-12 12:25 - 2016-03-12 12:25 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-03-12 12:25 - 2016-03-12 12:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-03-12 12:22 - 2016-03-12 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-03-12 12:20 - 2016-03-12 12:21 - 00000000 ____D C:\Program Files\Microsoft Office 15

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-10 15:39 - 2015-11-08 12:56 - 00000000 ____D C:\TC
2016-04-10 15:22 - 2015-11-06 01:07 - 00000000 ___RD C:\DOWN
2016-04-10 14:59 - 2015-12-06 19:48 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-10 11:59 - 2015-12-06 19:48 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-10 11:59 - 2009-07-14 06:45 - 00025904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-10 11:59 - 2009-07-14 06:45 - 00025904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-10 11:57 - 2011-04-12 10:34 - 00668584 _____ C:\Windows\system32\perfh005.dat
2016-04-10 11:57 - 2011-04-12 10:34 - 00141212 _____ C:\Windows\system32\perfc005.dat
2016-04-10 11:57 - 2009-07-14 07:13 - 01582382 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-10 11:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-10 11:49 - 2015-11-06 02:46 - 00000000 ____D C:\Users\martin\AppData\Roaming\iSpy
2016-04-10 11:47 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-10 11:46 - 2015-11-06 01:26 - 00000032 _____ C:\Users\martin\AppData\Roaming\Network Meter_Usage.ini
2016-04-10 11:10 - 2009-07-14 06:45 - 00435024 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-10 11:06 - 2015-11-06 14:42 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-10 11:06 - 2011-04-12 10:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-04-10 10:39 - 2015-11-06 02:41 - 01558096 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-04-10 10:31 - 2015-11-06 14:08 - 00000000 ____D C:\Windows\system32\MRT
2016-04-10 10:24 - 2015-11-06 14:42 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-04-10 10:24 - 2015-11-06 14:42 - 00000000 ___SD C:\Windows\system32\GWX
2016-04-10 10:24 - 2015-11-06 14:08 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-10 10:23 - 2015-11-06 14:42 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-04-10 09:28 - 2015-12-25 03:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-10 09:28 - 2015-12-25 03:34 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-10 09:27 - 2015-12-25 03:35 - 00000000 ____D C:\Users\martin\.oracle_jre_usage
2016-04-10 09:27 - 2015-12-25 03:34 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-04-10 06:14 - 2016-01-28 18:48 - 00000476 _____ C:\Windows\Tasks\Macrium-Backup-{63B3FBB9-5C1D-42AB-AF0D-952944ACE590}.job
2016-04-10 01:22 - 2015-11-06 01:40 - 00007654 _____ C:\Users\martin\AppData\Local\Resmon.ResmonCfg
2016-04-10 00:41 - 2015-11-06 01:09 - 00000000 ____D C:\Programy
2016-04-10 00:19 - 2015-11-06 22:55 - 00000000 ____D C:\TEMP
2016-04-07 19:48 - 2015-11-06 22:18 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-04 06:15 - 2016-01-28 18:48 - 00000476 _____ C:\Windows\Tasks\Macrium-Backup-{17E47608-4CBD-4BA8-B438-6D8C185F1C53}.job
2016-03-31 20:54 - 2015-11-06 22:47 - 00000000 ____D C:\Users\martin\AppData\Roaming\vlc
2016-03-30 23:04 - 2015-12-06 19:48 - 00002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-30 23:04 - 2015-12-06 19:48 - 00002216 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-25 01:53 - 2015-11-06 01:21 - 00110568 _____ C:\Users\martin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-12 12:25 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-03-12 12:23 - 2015-11-06 00:56 - 00000000 ____D C:\Users\martin\AppData\Local\VirtualStore

==================== Files in the root of some directories =======

2015-11-07 21:29 - 2016-01-09 20:15 - 0000844 _____ () C:\Users\martin\AppData\Roaming\Drives Meter_Settings.ini
2015-11-06 01:26 - 2015-11-06 01:26 - 0001084 _____ () C:\Users\martin\AppData\Roaming\Network Meter_Settings.ini
2015-11-06 01:26 - 2016-04-10 11:46 - 0000032 _____ () C:\Users\martin\AppData\Roaming\Network Meter_Usage.ini
2015-11-06 01:40 - 2016-04-10 01:22 - 0007654 _____ () C:\Users\martin\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\martin\IP_Log_Data.js
C:\Users\Public\wget.exe


Some files in TEMP:
====================
C:\Users\martin\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\martin\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\martin\AppData\Local\Temp\libeay32.dll
C:\Users\martin\AppData\Local\Temp\msvcr120.dll
C:\Users\martin\AppData\Local\Temp\reflectPatch.exe
C:\Users\martin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Macrium-Backup-{17E47608-4CBD-4BA8-B438-6D8C185F1C53}.job => C:\Programy\Macrium Reflect\Reflect.exeh-e -w C:\Users\martin\Documents\Reflect\My Backup.xml
Task: C:\Windows\Tasks\Macrium-Backup-{63B3FBB9-5C1D-42AB-AF0D-952944ACE590}.job => C:\Programy\Macrium Reflect\Reflect.exeh-e -w C:\Users\martin\Documents\Reflect\My Backup.xml

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\martin\Desktop" je 230 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface
"C:\Programy\FileZilla Server\FileZilla Server Interface.exe"


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DefaultOutboundAction REG_DWORD 0x0
DefaultInboundAction REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[motji]

Předpokládám že to jste si zararoval toho šmejda?
C:\Users\Public\virusUsersPublic.rar

[MalyMartas]

Ano, to je ono.

[motji]

Nic špaatného nevidím, co počítač?

[MalyMartas]

Vypadá zdravě a v pořádku, děkuji

[motji]

Dobře, kdyby něco, ozvěte se:)