VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o preventivku, pokus stažení viru

https://forum.viry.cz:443/viewtopic.php?t=148628

Stránka 1 z 1

Prosím o preventivku, pokus stažení viru

Napsal: 10 dub 2016 00:56
od MalyMartas
Zdravím,
našel jsem v logu webserveru (HFS fileserver) toto:
Obrázek
Ve složce C\:Users\Public jsem našel soubor CSRRS.exe, který podle Virustotal odpovídá tomu co se stáhne z té adresy, a ještě několik dalších ze stejného data (skryté jako systémové).
Obrázek
https://www.virustotal.com/cs/file/e8fb ... /analysis/
https://www.virustotal.com/cs/file/a03a ... /analysis/
https://www.virustotal.com/cs/file/fe9c ... /analysis/
https://www.virustotal.com/cs/file/6bea ... /analysis/
Všechny jsem zabalil do archivu (kdyby byly potřeba pro analýzu třeba), a soubory smazal.
PC se chová normálně (od té doby jsem ho nerestartoval), MS Security Essentials ani Malwarebytes nic nenašli. Ale vzhledem k tomu, že kromě toho csrrs.exe tam byly další soubory předpokládám, že si je ten csrrs.exe stáhnul. Rád bych si byl jistý že se někde jinde něco neschovalo :?:

Logfile of random's system information tool 1.10 (written by random/random)
Run by martin at 2016-04-10 01:15:19
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 544 GB (89%) free of 610 GB
Total RAM: 4021 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:15:29, on 10.4.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18163)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Programy\Growl\Growl.exe
C:\Programy\HFS - HTTP File Server\hfs.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE
C:\Programy\Python_2.7.10\python.exe
C:\Programy\iSpy\iSpyMonitor.exe
c:\programy\teamviewer\TeamViewer.exe
C:\Programy\PlexServer\Plex Media Server.exe
C:\Programy\PlexServer\PlexScriptHost.exe
C:\Programy\PlexServer\PlexScriptHost.exe
C:\Programy\Firefox\firefox.exe
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\Program Files\trend micro\martin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [iSpy] "C:\Programy\iSpy\iSpy.exe" -silent
O4 - HKCU\..\Run: [Growl] C:\Programy\Growl\Growl.exe
O4 - HKCU\..\Run: [ServerWMC] C:\Program Files (x86)\ServerWMC\ServerWMC.exe
O4 - HKCU\..\Run: [FileZilla Server Interface] "C:\Programy\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKCU\..\Run: [Plex Media Server] "C:\Programy\PlexServer\Plex Media Server.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: HFS.lnk = C:\Programy\HFS - HTTP File Server\hfs.exe
O4 - Startup: OneDrive pro firmy.lnk = C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE
O4 - Startup: PlexPyStart.lnk = C:\Programy\PlexPy\PlexPyStart.bat
O4 - Startup: sidebar.lnk = C:\Program Files\Windows Sidebar\sidebar.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Google Cloud Print Service (CloudPrintService) - Google Inc. - C:\Program Files (x86)\Google\Cloud Print Service\28.0.1493.2\cloud_print_service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programy\FileZilla Server\FileZilla Server.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Paramount Software UK Ltd - C:\Programy\Macrium Reflect\ReflectService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Programy\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9891 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Google\Cloud Print Service\28.0.1493.2\cloud_print_service.exe" --service --enable-logging --v=1
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Elantech\ETDService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Programy\FileZilla Server\FileZilla Server.exe"
"C:\Programy\Macrium Reflect\ReflectService.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --enable-logging --v=1 --type=service --user-data-dir="C:\Users\martin\AppData\Local\Google\Cloud Print Service" --no-service-autorun --auto-launch-at-startup --disable-background-mode --disable-default-apps --disable-extensions --disable-gpu --disable-software-rasterizer --disable-sync --no-first-run --no-startup-window
C:\Windows\system32\DllHost.exe /Processid:{48DA6741-1BF0-4A44-8325-293086C79077}
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
"taskhost.exe"
rdpclip
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Programy\Growl\Growl.exe"
"C:\Programy\HFS - HTTP File Server\hfs.exe"
"C:\Program Files (x86)\Windows Sidebar\sidebar.exe"
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"
"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\ehome\ehRecvr.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\ehome\mcGlidHost.exe -Embedding
"taskhost.exe"
"C:\Programy\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
"C:\Program Files\Microsoft Office 15\ClientX64\AppVShNotify.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --channel="2120.1.199315000\430897429" --lang --no-sandbox
"C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Users\martin\Desktop\instalacky\nástroje\CrystalDiskInfo\DiskInfoX64.exe"
C:\Windows\system32\cmd.exe /c ""C:\Programy\PlexPy\PlexPyStart.bat" "
\??\C:\Windows\system32\conhost.exe "306663413-1910587471694047357-358941333-15842399321440189111-1662417897-1751810243
C:\Programy\Python_2.7.10\python.exe C:\Programy\PlexPy\PlexPy.py
"C:\Programy\iSpy\iSpy.exe"
"C:\Programy\iSpy\iSpyMonitor.exe" ispy
"C:\Program Files (x86)\ServerWMC\ServerWMC.exe"
"c:\programy\teamviewer\TeamViewer.exe"
"C:\Programy\TeamViewer\tv_w32.exe" --action hooks --log C:\Programy\TeamViewer\TeamViewer11_Logfile.log
"C:\Programy\TeamViewer\tv_x64.exe" --action hooks --log C:\Programy\TeamViewer\TeamViewer11_Logfile.log
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
"LogonUI.exe" /flags:0x0
atieclxx
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Programy\PlexServer\Plex Media Server.exe"
"C:\Programy\PlexServer\PlexScriptHost.exe" "C:\Programy\PlexServer\Resources\Plug-ins-ee6e505\Framework.bundle\Contents\Resources\Versions\2\Python/bootstrap.py" "C:\Programy\PlexServer\Resources\Plug-ins-ee6e505\System.bundle"
\??\C:\Windows\system32\conhost.exe "1399085454-19649794-995331802-14577455682005089944-8911334408825301-967764563
"C:\Programy\PlexServer\PlexScriptHost.exe" "C:\Programy\PlexServer\Resources\Plug-ins-ee6e505\Framework.bundle\Contents\Resources\Versions\2\Python/bootstrap.py" "C:\Users\martin\AppData\Local\Plex Media Server\Plug-ins\Sub-Zero.bundle"
\??\C:\Windows\system32\conhost.exe "481967097-7080147664977383657055518991013844301873600847-15071388-1072059039
"C:\Windows\System32\taskmgr.exe"
"C:\Programy\Firefox\firefox.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe"
"C:\Windows\system32\perfmon.exe" /res

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe242_ Global\UsGthrCtrlFltPipeMssGthrPipe242 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
"C:\DOWN\RSITx64.exe"
"C:\Windows\eHome\EhTray.exe" /nav:-2
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\Macrium-Backup-{17E47608-4CBD-4BA8-B438-6D8C185F1C53}.job - C:\Programy\Macrium Reflect\Reflect.exe -e -w "C:\Users\martin\Documents\Reflect\My Backup.xml" -full -g {17E47608-4CBD-4BA8-B438-6D8C185F1C53}
C:\Windows\tasks\Macrium-Backup-{63B3FBB9-5C1D-42AB-AF0D-952944ACE590}.job - C:\Programy\Macrium Reflect\Reflect.exe -e -w "C:\Users\martin\Documents\Reflect\My Backup.xml" -diff -g {63B3FBB9-5C1D-42AB-AF0D-952944ACE590}

=========Mozilla firefox=========

ProfilePath - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\dbtbcfwi.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Programy\VLC32\npvlc.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled


C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\dbtbcfwi.default\extensions\
{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-12 228552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-12 895776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-12 2348336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-12 163016]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-12 720160]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-12 1741096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2015-04-30 1337000]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2010-01-18 324608]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-01-29 10038304]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2015-10-08 3738344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21 1174016]
"iSpy"=C:\Programy\iSpy\iSpy.exe [2015-09-16 3261952]
"Growl"=C:\Programy\Growl\Growl.exe [2012-03-21 3817472]
"ServerWMC"=C:\Program Files (x86)\ServerWMC\ServerWMC.exe [2015-12-23 422400]
"FileZilla Server Interface"=C:\Programy\FileZilla Server\FileZilla Server Interface.exe [2015-11-30 2539984]
"Plex Media Server"=C:\Programy\PlexServer\Plex Media Server.exe [2016-04-04 6540616]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2009-11-20 106496]
"RUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [2011-09-20 115048]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-01-29 594992]

C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
HFS.lnk - C:\Programy\HFS - HTTP File Server\hfs.exe
OneDrive pro firmy.lnk - C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE
PlexPyStart.lnk - C:\Programy\PlexPy\PlexPyStart.bat
sidebar.lnk - C:\Program Files (x86)\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-04-10 01:15:19 ----D---- C:\rsit
2016-04-10 01:15:19 ----D---- C:\Program Files\trend micro
2016-04-10 00:42:20 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2016-04-10 00:41:35 ----A---- C:\Windows\system32\drivers\mwac.sys
2016-04-10 00:41:35 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2016-04-10 00:41:35 ----A---- C:\Windows\system32\drivers\mbam.sys
2016-04-10 00:41:34 ----D---- C:\ProgramData\Malwarebytes
2016-03-12 12:41:26 ----D---- C:\onedrive_VSE
2016-03-12 12:25:30 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2016-03-12 12:25:29 ----D---- C:\Program Files (x86)\Microsoft Office
2016-03-12 12:20:50 ----D---- C:\Program Files\Microsoft Office 15

======List of files/folders modified in the last 1 month======

2016-04-10 01:15:19 ----RD---- C:\Program Files
2016-04-10 01:14:41 ----RD---- C:\DOWN
2016-04-10 01:12:30 ----D---- C:\Windows\Temp
2016-04-10 00:42:20 ----D---- C:\Windows\system32\drivers
2016-04-10 00:41:34 ----HD---- C:\ProgramData
2016-04-10 00:41:34 ----D---- C:\Programy
2016-04-10 00:19:46 ----D---- C:\TEMP
2016-04-10 00:00:01 ----D---- C:\Users\martin\AppData\Roaming\iSpy
2016-04-09 23:56:07 ----D---- C:\Windows\Prefetch
2016-04-09 06:00:53 ----SHD---- C:\System Volume Information
2016-04-07 20:58:41 ----D---- C:\TC
2016-04-07 19:48:23 ----D---- C:\ProgramData\Package Cache
2016-04-07 19:44:53 ----SHD---- C:\Windows\Installer
2016-04-05 16:38:09 ----D---- C:\Windows\system32\LogFiles
2016-03-31 20:54:41 ----D---- C:\Users\martin\AppData\Roaming\vlc
2016-03-13 20:43:15 ----SD---- C:\Users\martin\AppData\Roaming\Microsoft
2016-03-12 13:00:21 ----RSD---- C:\Windows\assembly
2016-03-12 13:00:21 ----D---- C:\Windows\Microsoft.NET
2016-03-12 12:37:44 ----D---- C:\Program Files (x86)\Common Files
2016-03-12 12:37:41 ----D---- C:\Program Files (x86)\Microsoft.NET
2016-03-12 12:36:28 ----D---- C:\Windows\system32\DriverStore
2016-03-12 12:36:26 ----D---- C:\Windows\inf
2016-03-12 12:27:09 ----SD---- C:\ProgramData\Microsoft
2016-03-12 12:25:43 ----D---- C:\Windows\system32\Tasks
2016-03-12 12:25:29 ----RD---- C:\Program Files (x86)
2016-03-12 12:25:29 ----D---- C:\Windows\SysWOW64
2016-03-12 12:25:29 ----D---- C:\Program Files\Common Files\Microsoft Shared
2016-03-12 12:22:17 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-03-04 280376]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 124568]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
R2 speedfan;speedfan; \??\C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R2 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Users\martin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys [2015-11-06 14544]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-01-22 6233088]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-01-22 161280]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-06-27 2753536]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-09-30 121872]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 ETD;ELAN Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2015-10-08 464472]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-01-29 2260256]
R3 IT9135BDA;IT9135 BDA Devices; C:\Windows\System32\Drivers\IT9135BDA.sys [2015-12-26 165504]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-03-04 75816]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2007-08-09 13680]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0); C:\Windows\system32\DRIVERS\rusb3hub.sys [2012-08-27 114568]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0); C:\Windows\system32\DRIVERS\rusb3xhc.sys [2012-08-27 230280]
S3 ALSysIO;ALSysIO; \??\C:\Users\martin\AppData\Local\Temp\ALSysIO64.sys []
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2015-07-15 96256]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 DIRECTIO;DIRECTIO; \??\C:\Programy\PassmarkPerformanceTest\DirectIo64.sys [2012-08-13 25704]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2009-05-20 202016]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-01-22 202752]
R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2016-02-09 2828016]
R2 CloudPrintService;Google Cloud Print Service; C:\Program Files (x86)\Google\Cloud Print Service\28.0.1493.2\cloud_print_service.exe [2015-12-06 4869072]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ETDService;Elan Service; C:\Program Files\Elantech\ETDService.exe [2015-10-08 144104]
R2 FileZilla Server;FileZilla Server FTP server; C:\Programy\FileZilla Server\FileZilla Server.exe [2015-11-30 827856]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-04-30 23816]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service; C:\Programy\Macrium Reflect\ReflectService.exe [2015-10-12 3476432]
R2 TeamViewer;TeamViewer 11; C:\Programy\TeamViewer\TeamViewer_Service.exe [2016-03-02 6942480]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-06 144200]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-06 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-12-12 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-10-30 147624]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2015-04-30 366544]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2016-03-01 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2016-03-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-03-01 118520]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-11-05 836176]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-11-06 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

Re: Prosím o preventivku, pokus stažení viru

Napsal: 10 dub 2016 07:53
od motji
Zdravím :)

:arrow: Stáhněte AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/
-Uložte program na plochu a ukončete všechny spuštěné programy .
-spusťte AdwCleaner, klikněte na Scan a po dokončení skenu na Clean
- provede se oprava, restartuje se pc - (případně restartujte) a objeví se log C:\AdwCleaner\AdwCleaner.txt , obsah logu zkopírujte zde.

Re: Prosím o preventivku, pokus stažení viru

Napsal: 10 dub 2016 08:28
od MalyMartas
Děkuji za reakci
Smazalo se mi nastavení Growlu, evidentně :-)

# AdwCleaner v5.109 - Log soubor vytvořen 10/04/2016 o 09:15:43
# Aktualizováno 04/04/2016 by Xplode
# Databáze : 2016-04-09.1 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (x64)
# Jméno uživatele : martin - N61JQ
# Spuštěno z : C:\Users\martin\Desktop\AdwCleaner.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****


***** [ Složky ] *****

[-] Složka smazáno : C:\ProgramData\Growl
[#] Složka smazáno : C:\ProgramData\Application Data\Growl
[-] Složka smazáno : C:\Users\martin\AppData\Local\Growl

***** [ Soubory ] *****


***** [ DLLs ] *****


***** [ Zástupci ] *****


***** [ Naplánované úkoly ] *****


***** [ Registr ] *****

[-] Klávesa smazáno : HKCU\Software\Conduit
[-] Klávesa smazáno : HKCU\Software\Growl
[-] Klávesa smazáno : HKLM\SOFTWARE\Conduit
[-] Klávesa smazáno : HKU\.DEFAULT\Software\Growl

***** [ Webové prohlížeče ] *****


*************************

:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1118 bytes] - [10/04/2016 09:15:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [1358 bytes] - [10/04/2016 09:12:04]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1264 bytes] ##########

Re: Prosím o preventivku, pokus stažení viru

Napsal: 10 dub 2016 10:25
od motji
Pardon, patrně se to ADW cleaneru nelíbilo. Ten program asi používáte vědomě, že? Bohužel ho neznám, nedokážu posoudit, ale můžeme autorovi ADW cleaneru napsat, proč ho maže.

Re: Prosím o preventivku, pokus stažení viru

Napsal: 10 dub 2016 11:45
od MalyMartas
Growl je pro posílání upozornění/oznámení z/do spousty programů a služeb.

Jinak myslíte že je vše v pořádku?

Re: Prosím o preventivku, pokus stažení viru

Napsal: 10 dub 2016 13:55
od motji
V logu nic nevidím, můžeme ještě zkusit combofix, ale pokud pc nevykazuje žádné známky infekce, je to zbytečné.
Ještě otázečku - office máte legální? Domnívám se že nikoliv, původce viru může být i odtud.

Re: Prosím o preventivku, pokus stažení viru

Napsal: 10 dub 2016 14:04
od MalyMartas
Office mám legální, z předplatného co poskytuje škola.
Pokud myslíte že je to Ok, tak děkuji :-)

Re: Prosím o preventivku, pokus stažení viru

Napsal: 10 dub 2016 14:23
od motji
Tak pro můj i Váš klid prosím vložte ještě druhý log z Frstu. :)

Re: Prosím o preventivku, pokus stažení viru

Napsal: 10 dub 2016 15:10
od MalyMartas
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by martin (administrator) on N61JQ (10-04-2016 15:39:43)
Running from C:\Users\martin\Desktop
Loaded Profiles: martin (Available Profiles: martin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Cloud Print Service\28.0.1493.2\cloud_print_service.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Paramount Software UK Ltd) C:\Programy\Macrium Reflect\ReflectService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Programy\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Mozilla Corporation) C:\Programy\Firefox\firefox.exe
(forum.viry.cz) C:\Users\martin\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-01-18] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3738344 2015-10-08] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-3857747641-366067632-2098841333-1000\...\Run: [iSpy] => C:\Programy\iSpy\iSpy.exe [3261952 2015-09-16] (http://www.ispyconnect.com)
HKU\S-1-5-21-3857747641-366067632-2098841333-1000\...\Run: [Growl] => C:\Programy\Growl\Growl.exe [3817472 2012-03-21] (element code project)
HKU\S-1-5-21-3857747641-366067632-2098841333-1000\...\Run: [ServerWMC] => C:\Program Files (x86)\ServerWMC\ServerWMC.exe [422400 2015-12-23] ()
HKU\S-1-5-21-3857747641-366067632-2098841333-1000\...\Run: [Plex Media Server] => C:\Programy\PlexServer\Plex Media Server.exe [6540616 2016-04-04] (Plex, Inc.)
ShellIconOverlayIdentifiers: [ Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [ Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [ Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-10-04] (Hermann Schinagl)
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HFS.lnk [2015-11-10]
ShortcutTarget: HFS.lnk -> C:\Programy\HFS - HTTP File Server\hfs.exe (rejetto)
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive pro firmy.lnk [2016-03-12]
ShortcutTarget: OneDrive pro firmy.lnk -> C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PlexPyStart.lnk [2015-11-14]
ShortcutTarget: PlexPyStart.lnk -> C:\Programy\PlexPy\PlexPyStart.bat ()
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sidebar.lnk [2015-03-21]
ShortcutTarget: sidebar.lnk -> C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.3
Tcpip\..\Interfaces\{4229987D-40E3-4580-AEA5-B8BE023DEB7D}: [DhcpNameServer] 192.168.2.3
Tcpip\..\Interfaces\{EB8E6E63-B988-4E6F-805F-894F8D09B45F}: [DhcpNameServer] 192.168.2.3

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-12] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-12] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-03-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\dbtbcfwi.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-03-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Programy\VLC32\npvlc.dll [2015-04-13] (VideoLAN)
FF Extension: Export Cookies - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\dbtbcfwi.default\extensions\exportcookies@aag.xpi [2015-11-08]
FF Extension: ChatZilla - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\dbtbcfwi.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2016-04-08]
StartMenuInternet: FIREFOX.EXE - C:\Programy\Firefox\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Překladač Google) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-02-21]
CHR Extension: (Prezentace Google) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-06]
CHR Extension: (Dokumenty Google) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-06]
CHR Extension: (Disk Google) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-06]
CHR Extension: (YouTube) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-06]
CHR Extension: (uBlock Origin) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-02-21]
CHR Extension: (Vyhledávání Google) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-06]
CHR Extension: (Tabulky Google) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-06]
CHR Extension: (HTTPS Everywhere) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-02-21]
CHR Extension: (Dokumenty Google offline) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-07]
CHR Extension: (Tamper Chrome (extension)) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hifhgpdkfodlpnlmlnmhchnkepplebkb [2016-02-21]
CHR Extension: (Imagus) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2016-02-21]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-02-21]
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb [2016-02-21]
CHR Extension: (Pocket) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-02-21]
CHR Extension: (Save to Pocket) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-02-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-06]
CHR Extension: (Tamper Chrome (application)) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\odldmflbckacdofpepkdkmkccgdfaemb [2016-02-21]
CHR Extension: (uMatrix) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfcmafjalglgifnmanfmnieipoejdcf [2016-02-21]
CHR Extension: (Recent Bookmarks) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\olndffocioplakeilhkgenfgdincjlpn [2016-02-21]
CHR Extension: (Gmail) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-06]
CHR Extension: (RSS Feed Reader) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2016-02-21]
CHR Profile: C:\Users\martin\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Docs) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 CloudPrintService; C:\Program Files (x86)\Google\Cloud Print Service\28.0.1493.2\cloud_print_service.exe [4869072 2015-12-06] (Google Inc.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144104 2015-10-08] (ELAN Microelectronics Corp.)
S3 FileZilla Server; C:\Programy\FileZilla Server\FileZilla Server.exe [827856 2015-11-30] (FileZilla Project)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 ReflectService.exe; C:\Programy\Macrium Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TeamViewer; C:\Programy\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [96256 2015-07-15] (Advanced Micro Devices) [File not signed]
S3 DIRECTIO; C:\Programy\PassmarkPerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2015-12-26] (ITE )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [168968 2015-10-12] (Windows (R) Win 7 DDK provider)
S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R2 WinRing0_1_2_0; C:\Users\martin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys [14544 2015-11-06] (OpenLibSys.org)
S3 ALSysIO; \??\C:\Users\martin\AppData\Local\Temp\ALSysIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-10 15:39 - 2016-04-10 15:40 - 00021522 _____ C:\Users\martin\Desktop\FRST.txt
2016-04-10 15:37 - 2016-04-10 15:39 - 00000000 ____D C:\FRST
2016-04-10 15:33 - 2016-04-10 15:35 - 00112640 _____ (forum.viry.cz) C:\Users\martin\Desktop\FRSTLauncher.exe
2016-04-10 15:33 - 2016-04-10 15:33 - 02374144 _____ (Farbar) C:\Users\martin\Desktop\FRST64.exe
2016-04-10 10:21 - 2016-02-05 20:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-10 10:21 - 2016-02-05 20:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-10 10:21 - 2016-02-05 19:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-10 10:21 - 2016-02-01 21:08 - 00114624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-04-10 10:21 - 2016-02-01 20:59 - 03243008 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-04-10 10:21 - 2016-02-01 20:59 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-04-10 10:21 - 2016-02-01 20:59 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-04-10 10:21 - 2016-02-01 20:56 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-04-10 10:21 - 2016-02-01 20:56 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-04-10 10:21 - 2016-02-01 20:49 - 02364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-04-10 10:21 - 2016-02-01 20:49 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-04-10 10:21 - 2016-02-01 20:49 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-04-10 10:21 - 2016-02-01 20:45 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-04-10 10:21 - 2015-06-03 22:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-10 10:20 - 2016-04-04 20:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-10 10:20 - 2016-04-04 20:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-10 10:20 - 2016-04-02 15:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-10 10:20 - 2016-03-23 16:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-10 10:20 - 2016-03-17 20:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-10 10:20 - 2016-03-17 20:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-10 10:20 - 2016-03-17 20:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-10 10:20 - 2016-03-17 20:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-10 10:20 - 2016-02-02 20:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-10 10:20 - 2016-01-21 02:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-10 10:20 - 2015-12-16 20:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-04-10 10:20 - 2015-12-16 20:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-04-10 10:20 - 2015-12-16 20:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-04-10 10:20 - 2015-12-16 20:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-04-10 10:20 - 2015-12-16 20:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-04-10 10:20 - 2015-12-16 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-04-10 10:20 - 2015-12-16 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-04-10 10:20 - 2015-12-16 20:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-04-10 09:53 - 2016-04-10 09:53 - 00002563 _____ C:\Users\martin\Desktop\Growl.lnk
2016-04-10 09:47 - 2016-04-10 09:47 - 00004155 _____ C:\Windows\Macrium Reflect Patch Log.txt
2016-04-10 09:20 - 2016-04-10 09:20 - 00000000 ____D C:\Users\martin\AppData\Local\Growl
2016-04-10 09:20 - 2016-04-10 09:20 - 00000000 ____D C:\ProgramData\Growl
2016-04-10 09:11 - 2016-04-10 09:15 - 00000000 ____D C:\AdwCleaner
2016-04-10 09:11 - 2016-04-10 09:11 - 03119168 _____ C:\Users\martin\Desktop\AdwCleaner.exe
2016-04-10 01:15 - 2016-04-10 01:15 - 00000000 ____D C:\rsit
2016-04-10 01:15 - 2016-04-10 01:15 - 00000000 ____D C:\Program Files\trend micro
2016-04-10 00:42 - 2016-04-10 00:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-10 00:41 - 2016-04-10 00:41 - 00000865 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-10 00:41 - 2016-04-10 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-10 00:41 - 2016-04-10 00:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-10 00:41 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-10 00:41 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-10 00:41 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-10 00:37 - 2016-04-10 00:37 - 00001380 _____ C:\Users\martin\Desktop\Process Explorer.lnk
2016-04-10 00:28 - 2016-04-10 00:54 - 02904972 _____ C:\Users\Public\virusUsersPublic.rar
2016-04-08 15:04 - 2016-04-08 15:04 - 00001763 _____ C:\Users\martin\Desktop\chatzilla profil.lnk
2016-04-07 19:44 - 2016-04-07 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2016-03-31 20:46 - 2016-03-31 20:46 - 00000000 _____ C:\reflectv6.1-1023-x64-0.dmp
2016-03-16 07:53 - 2016-03-16 08:05 - 00000000 ____D C:\Users\Public\Media
2016-03-12 12:41 - 2016-03-12 18:41 - 00000000 ____D C:\onedrive_VSE
2016-03-12 12:25 - 2016-03-12 12:39 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-12 12:25 - 2016-03-12 12:25 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-03-12 12:25 - 2016-03-12 12:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-03-12 12:22 - 2016-03-12 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-03-12 12:20 - 2016-03-12 12:21 - 00000000 ____D C:\Program Files\Microsoft Office 15

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-10 15:39 - 2015-11-08 12:56 - 00000000 ____D C:\TC
2016-04-10 15:22 - 2015-11-06 01:07 - 00000000 ___RD C:\DOWN
2016-04-10 14:59 - 2015-12-06 19:48 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-10 11:59 - 2015-12-06 19:48 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-10 11:59 - 2009-07-14 06:45 - 00025904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-10 11:59 - 2009-07-14 06:45 - 00025904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-10 11:57 - 2011-04-12 10:34 - 00668584 _____ C:\Windows\system32\perfh005.dat
2016-04-10 11:57 - 2011-04-12 10:34 - 00141212 _____ C:\Windows\system32\perfc005.dat
2016-04-10 11:57 - 2009-07-14 07:13 - 01582382 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-10 11:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-10 11:49 - 2015-11-06 02:46 - 00000000 ____D C:\Users\martin\AppData\Roaming\iSpy
2016-04-10 11:47 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-10 11:46 - 2015-11-06 01:26 - 00000032 _____ C:\Users\martin\AppData\Roaming\Network Meter_Usage.ini
2016-04-10 11:10 - 2009-07-14 06:45 - 00435024 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-10 11:06 - 2015-11-06 14:42 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-10 11:06 - 2011-04-12 10:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-04-10 10:39 - 2015-11-06 02:41 - 01558096 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-04-10 10:31 - 2015-11-06 14:08 - 00000000 ____D C:\Windows\system32\MRT
2016-04-10 10:24 - 2015-11-06 14:42 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-04-10 10:24 - 2015-11-06 14:42 - 00000000 ___SD C:\Windows\system32\GWX
2016-04-10 10:24 - 2015-11-06 14:08 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-10 10:23 - 2015-11-06 14:42 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-04-10 09:28 - 2015-12-25 03:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-10 09:28 - 2015-12-25 03:34 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-10 09:27 - 2015-12-25 03:35 - 00000000 ____D C:\Users\martin\.oracle_jre_usage
2016-04-10 09:27 - 2015-12-25 03:34 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-04-10 06:14 - 2016-01-28 18:48 - 00000476 _____ C:\Windows\Tasks\Macrium-Backup-{63B3FBB9-5C1D-42AB-AF0D-952944ACE590}.job
2016-04-10 01:22 - 2015-11-06 01:40 - 00007654 _____ C:\Users\martin\AppData\Local\Resmon.ResmonCfg
2016-04-10 00:41 - 2015-11-06 01:09 - 00000000 ____D C:\Programy
2016-04-10 00:19 - 2015-11-06 22:55 - 00000000 ____D C:\TEMP
2016-04-07 19:48 - 2015-11-06 22:18 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-04 06:15 - 2016-01-28 18:48 - 00000476 _____ C:\Windows\Tasks\Macrium-Backup-{17E47608-4CBD-4BA8-B438-6D8C185F1C53}.job
2016-03-31 20:54 - 2015-11-06 22:47 - 00000000 ____D C:\Users\martin\AppData\Roaming\vlc
2016-03-30 23:04 - 2015-12-06 19:48 - 00002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-30 23:04 - 2015-12-06 19:48 - 00002216 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-25 01:53 - 2015-11-06 01:21 - 00110568 _____ C:\Users\martin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-12 12:25 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-03-12 12:23 - 2015-11-06 00:56 - 00000000 ____D C:\Users\martin\AppData\Local\VirtualStore

==================== Files in the root of some directories =======

2015-11-07 21:29 - 2016-01-09 20:15 - 0000844 _____ () C:\Users\martin\AppData\Roaming\Drives Meter_Settings.ini
2015-11-06 01:26 - 2015-11-06 01:26 - 0001084 _____ () C:\Users\martin\AppData\Roaming\Network Meter_Settings.ini
2015-11-06 01:26 - 2016-04-10 11:46 - 0000032 _____ () C:\Users\martin\AppData\Roaming\Network Meter_Usage.ini
2015-11-06 01:40 - 2016-04-10 01:22 - 0007654 _____ () C:\Users\martin\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\martin\IP_Log_Data.js
C:\Users\Public\wget.exe


Some files in TEMP:
====================
C:\Users\martin\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\martin\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\martin\AppData\Local\Temp\libeay32.dll
C:\Users\martin\AppData\Local\Temp\msvcr120.dll
C:\Users\martin\AppData\Local\Temp\reflectPatch.exe
C:\Users\martin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Macrium-Backup-{17E47608-4CBD-4BA8-B438-6D8C185F1C53}.job => C:\Programy\Macrium Reflect\Reflect.exeh-e -w C:\Users\martin\Documents\Reflect\My Backup.xml
Task: C:\Windows\Tasks\Macrium-Backup-{63B3FBB9-5C1D-42AB-AF0D-952944ACE590}.job => C:\Programy\Macrium Reflect\Reflect.exeh-e -w C:\Users\martin\Documents\Reflect\My Backup.xml

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\martin\Desktop" je 230 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface
"C:\Programy\FileZilla Server\FileZilla Server Interface.exe"


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DefaultOutboundAction REG_DWORD 0x0
DefaultInboundAction REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Prosím o preventivku, pokus stažení viru

Napsal: 10 dub 2016 17:55
od motji
Předpokládám že to jste si zararoval toho šmejda?
C:\Users\Public\virusUsersPublic.rar

Re: Prosím o preventivku, pokus stažení viru

Napsal: 10 dub 2016 18:30
od MalyMartas
Ano, to je ono.

Re: Prosím o preventivku, pokus stažení viru

Napsal: 11 dub 2016 18:43
od motji
Nic špaatného nevidím, co počítač?

Re: Prosím o preventivku, pokus stažení viru

Napsal: 11 dub 2016 21:45
od MalyMartas
Vypadá zdravě a v pořádku, děkuji :-)

Re: Prosím o preventivku, pokus stažení viru

Napsal: 13 dub 2016 18:14
od motji
Dobře, kdyby něco, ozvěte se:)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz