Zdravím,
prosím o radu, na mé SD kartě jsem si donesl asi nějaký virus. Po připojení do Pc jsem vyděl na kartě jen zástupce ale ty pak také zmizeli ale na kartě podle vlastností nějaká data jsou. MS Essentials mi napsal toto.
Worm:VBS/Jenxcus!Ink
Kategorie: Červ
Popis: Tento program je nebezpečný. Automaticky se šíří prostřednictvím síťového připojení.
Doporučená akce: Ihned tento software odeberte.
Položky:
file:I:\DCIM.lnk
file:I:\NIKON001.lnk
Prosím o radu jak tyto fotky zahráním a jak mám provést kontrolu Pc jestli není také nakažen.
Předem děkuji
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Worm:VBS/Jenxcus!Ink na SD kartě
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Worm:VBS/Jenxcus!Ink na SD kartě
Zdravím!
Zkuste na to pustit USBFix: http://www.viry.cz/forum/viewtopic.php?f=24&t=102308 .
Zkuste na to pustit USBFix: http://www.viry.cz/forum/viewtopic.php?f=24&t=102308 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Worm:VBS/Jenxcus!Ink na SD kartě
Děkuji, fotky jsou na světě.
Můžu ještě poprosit o preventivní diagnostiku počítače? Jen aby jsem si byl jist že je PC čistý.
Jaký je nejlepší free program na ochranu v reálném čase?
Můžu ještě poprosit o preventivní diagnostiku počítače? Jen aby jsem si byl jist že je PC čistý.
Jaký je nejlepší free program na ochranu v reálném čase?
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Worm:VBS/Jenxcus!Ink na SD kartě
Jistě můžete. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 . Jako free antivir doporučujeme Avast, nebo Aviru.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Worm:VBS/Jenxcus!Ink na SD kartě
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:5-08-2014
Ran by Libis (administrator) on LIBIS-PC on 06-08-2014 15:42:11
Running from C:\Users\Libis\Desktop
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Gemfor s.r.o.) C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Spotify Ltd) C:\Users\Libis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\mmc.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mmc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\Libis\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-01-11] (Microsoft Corporation)
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\Run: [T-Mobile CManager] => C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2166552 2013-10-31] (Gemfor s.r.o.)
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-04-23] (Samsung)
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\Run: [Spotify Web Helper] => C:\Users\Libis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-29] (Spotify Ltd)
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [752736 2012-10-08] (ZONER software)
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\Run: [GoogleChromeAutoLaunch_B9AE4114AEC4CE08E1F35C1A4CD5141B] => C:\Program Files\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\MountPoints2: {0e9e5b5f-ffa0-11e3-9f4f-00271339a271} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\MountPoints2: {1a1fc715-ad03-11e3-8221-00271339a271} - F:\Autorun.exe
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\MountPoints2: {1a1fc722-ad03-11e3-8221-00271339a271} - F:\Autorun.exe
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.3
Tcpip\..\Interfaces\{51360748-645B-4F38-9F95-76C5E85EFEC0}: [NameServer]
FireFox:
========
FF ProfilePath: C:\Users\Libis\AppData\Roaming\Mozilla\Firefox\Profiles\r9ul02mi.default
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2014-02-02]
Chrome:
=======
CHR HomePage: hxxp://uloz.to/xkLwffK/galactik-football-01x13-utocnik-avi
CHR StartupUrls: "hxxp://www.delta-search.com/?affID=119816&babs ... 271339a271", "hxxp://www.search.ask.com/?o=APN10640A&gct=hp& ... 02-170&t=4", "hxxp://www.google.com"
CHR Extension: (Google Translate) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-01-11]
CHR Extension: (Dokumenty Google) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-11]
CHR Extension: (Disk Google) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-11]
CHR Extension: (YouTube) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-11]
CHR Extension: (Vyhledávání Google) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-11]
CHR Extension: (High Contrast) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2014-02-11]
CHR Extension: (Gmail Offline) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-02-11]
CHR Extension: (Tank Riders) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdmmodjlfegeieihcdcgcalkgmhgmiae [2014-02-11]
CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2014-01-11]
CHR Extension: (Mapy Google) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-01-11]
CHR Extension: (Spelunky HTML5) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhagnkphcmpkmabhocgimoncfaihkpof [2014-02-11]
CHR Extension: (Kontrola e-mailu Google) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-01-11]
CHR Extension: (Peněženka Google) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-11]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-01-11]
CHR Extension: (Gmail) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-11]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 MbnExt; C:\Program Files\T-Mobile\Web'n'walk Manager\MbnExt.dll [417128 2013-12-02] (Gemfor s.r.o.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-01-11] (Disc Soft Ltd)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [202752 2012-04-23] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 AIDA64Driver; \??\C:\Users\Libis\Desktop\ostatní\AIDA64 Extreme Edition\kerneld.x32 [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-06 15:42 - 2014-08-06 15:42 - 00016956 _____ () C:\Users\Libis\Desktop\FRST.txt
2014-08-06 15:40 - 2014-08-06 15:42 - 00000000 ____D () C:\FRST
2014-08-06 15:39 - 2014-08-06 15:39 - 00112640 _____ (forum.viry.cz) C:\Users\Libis\Desktop\FRSTLauncher.exe
2014-08-06 15:37 - 2014-08-06 15:37 - 01084928 _____ (Farbar) C:\Users\Libis\Desktop\FRST.exe
2014-08-01 19:36 - 2014-08-01 19:52 - 00000000 ____D () C:\Users\Libis\Desktop\Nová složka (3)
2014-08-01 17:43 - 2014-08-01 17:43 - 00000000 ____D () C:\Users\Libis\Desktop\Nová složka
2014-08-01 15:25 - 2014-08-02 14:54 - 00000000 ____D () C:\Users\Libis\Desktop\Kačí
2014-07-31 19:17 - 2014-07-31 19:43 - 00000000 ____D () C:\UsbFix
2014-07-29 21:24 - 2014-07-29 21:24 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-29 21:21 - 2014-07-31 19:20 - 00000000 ____D () C:\Windows\027B5748C40941FE949B7B81A8304EF4.TMP
2014-07-29 21:21 - 2014-07-29 21:21 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-07-29 20:37 - 2014-07-29 20:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-27 19:01 - 2014-07-27 19:02 - 00000000 ____D () C:\Users\Libis\Desktop\Nová složka (2)
2014-07-26 10:07 - 2014-07-26 10:08 - 00000000 ____D () C:\Users\Libis\AppData\Local\NPE
2014-07-26 10:07 - 2014-07-26 10:07 - 00000000 ____D () C:\ProgramData\Norton
2014-07-23 18:35 - 2014-08-04 17:30 - 00000000 ____D () C:\Users\Libis\Desktop\DCIM
2014-07-23 17:14 - 2014-06-21 09:49 - 00000512 ____H () C:\Users\Libis\Desktop\NIKON001.DSC
2014-07-20 11:38 - 2014-07-20 11:38 - 00000000 __SHD () C:\Users\Libis\AppData\Local\EmieUserList
2014-07-20 11:38 - 2014-07-20 11:38 - 00000000 __SHD () C:\Users\Libis\AppData\Local\EmieSiteList
2014-07-20 10:20 - 2014-07-20 11:38 - 00000132 _____ () C:\Users\Libis\AppData\Roaming\Adobe Formát GIF CS5 – předvolby
2014-07-18 18:07 - 2014-07-18 18:07 - 00000000 ____D () C:\Users\Libis\Documents\Fax
2014-07-18 18:07 - 2014-07-18 18:07 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-07-13 21:57 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-13 21:57 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-13 21:56 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-13 21:56 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-13 21:56 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-13 21:56 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-13 21:56 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-13 21:56 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-13 21:56 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-13 21:55 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-13 21:55 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-13 21:55 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-13 21:55 - 2014-06-19 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-13 21:55 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-13 21:55 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-13 21:55 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-13 21:55 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-13 21:55 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-13 21:55 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-13 21:55 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-13 21:55 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-13 21:55 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-13 21:55 - 2014-06-19 01:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-13 21:55 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-13 21:55 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-13 21:55 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-13 21:55 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-13 21:55 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-13 21:55 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-13 21:55 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-13 21:55 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-13 21:55 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-13 21:55 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-13 21:55 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-13 21:55 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-13 21:55 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-13 21:55 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-13 21:55 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-13 21:55 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-13 21:54 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-13 21:54 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-13 21:52 - 2014-06-30 03:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-13 21:52 - 2014-06-30 03:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-13 21:51 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 16:12 - 2014-07-09 16:12 - 00145368 _____ () C:\Windows\Minidump\070914-57923-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-06 15:42 - 2014-08-06 15:42 - 00016956 _____ () C:\Users\Libis\Desktop\FRST.txt
2014-08-06 15:42 - 2014-08-06 15:40 - 00000000 ____D () C:\FRST
2014-08-06 15:42 - 2009-07-14 06:34 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-06 15:42 - 2009-07-14 06:34 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-06 15:39 - 2014-08-06 15:39 - 00112640 _____ (forum.viry.cz) C:\Users\Libis\Desktop\FRSTLauncher.exe
2014-08-06 15:37 - 2014-08-06 15:37 - 01084928 _____ (Farbar) C:\Users\Libis\Desktop\FRST.exe
2014-08-06 15:30 - 2014-01-11 09:34 - 01059358 _____ () C:\Windows\WindowsUpdate.log
2014-08-06 15:01 - 2014-01-11 11:11 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-05 16:13 - 2014-01-11 11:11 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-05 16:08 - 2014-01-11 09:44 - 01582262 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-04 17:30 - 2014-07-23 18:35 - 00000000 ____D () C:\Users\Libis\Desktop\DCIM
2014-08-02 14:54 - 2014-08-01 15:25 - 00000000 ____D () C:\Users\Libis\Desktop\Kačí
2014-08-02 13:52 - 2009-07-14 06:39 - 00088892 _____ () C:\Windows\setupact.log
2014-08-01 19:52 - 2014-08-01 19:36 - 00000000 ____D () C:\Users\Libis\Desktop\Nová složka (3)
2014-08-01 19:09 - 2014-03-06 11:07 - 00000000 ____D () C:\Users\Libis\Desktop\ostatní
2014-08-01 18:57 - 2014-03-11 10:14 - 00000000 ____D () C:\Program Files Libis
2014-08-01 17:43 - 2014-08-01 17:43 - 00000000 ____D () C:\Users\Libis\Desktop\Nová složka
2014-08-01 17:11 - 2014-01-17 18:35 - 00000000 ____D () C:\Users\Libis\AppData\Local\CrashDumps
2014-08-01 08:23 - 2014-05-19 21:30 - 00000000 ____D () C:\Users\Libis\AppData\Roaming\Spotify
2014-08-01 08:20 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-01 08:13 - 2014-01-15 18:33 - 00000000 ____D () C:\Users\Libis\Desktop\Zástupci
2014-07-31 19:43 - 2014-07-31 19:17 - 00000000 ____D () C:\UsbFix
2014-07-31 19:20 - 2014-07-29 21:21 - 00000000 ____D () C:\Windows\027B5748C40941FE949B7B81A8304EF4.TMP
2014-07-31 19:20 - 2014-03-20 12:42 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-29 21:24 - 2014-07-29 21:24 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-29 21:21 - 2014-07-29 21:21 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-07-29 20:37 - 2014-07-29 20:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-29 20:32 - 2014-05-19 21:30 - 00000000 ____D () C:\Users\Libis\AppData\Local\Spotify
2014-07-29 20:30 - 2014-01-11 11:14 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 19:02 - 2014-07-27 19:01 - 00000000 ____D () C:\Users\Libis\Desktop\Nová složka (2)
2014-07-26 10:09 - 2014-01-11 11:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-26 10:08 - 2014-07-26 10:07 - 00000000 ____D () C:\Users\Libis\AppData\Local\NPE
2014-07-26 10:07 - 2014-07-26 10:07 - 00000000 ____D () C:\ProgramData\Norton
2014-07-20 11:38 - 2014-07-20 11:38 - 00000000 __SHD () C:\Users\Libis\AppData\Local\EmieUserList
2014-07-20 11:38 - 2014-07-20 11:38 - 00000000 __SHD () C:\Users\Libis\AppData\Local\EmieSiteList
2014-07-20 11:38 - 2014-07-20 10:20 - 00000132 _____ () C:\Users\Libis\AppData\Roaming\Adobe Formát GIF CS5 – předvolby
2014-07-18 18:07 - 2014-07-18 18:07 - 00000000 ____D () C:\Users\Libis\Documents\Fax
2014-07-18 18:07 - 2014-07-18 18:07 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-07-17 20:01 - 2014-01-14 08:35 - 00000000 ____D () C:\Users\Libis\AppData\Roaming\vlc
2014-07-14 04:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-07-14 03:25 - 2009-07-14 06:33 - 03860072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-14 03:21 - 2014-05-07 07:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-14 03:21 - 2009-07-14 11:21 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-14 03:05 - 2014-01-11 11:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-13 16:16 - 2014-01-11 10:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-13 16:13 - 2014-01-11 10:25 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 16:12 - 2014-07-09 16:12 - 00145368 _____ () C:\Windows\Minidump\070914-57923-01.dmp
2014-07-09 16:12 - 2014-01-17 21:00 - 00000000 ____D () C:\Windows\Minidump
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Libis\Desktop" je 170098 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv
C:\Windows\inf\ntvdm.vbe [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by Libis (administrator) on LIBIS-PC on 06-08-2014 15:42:11
Running from C:\Users\Libis\Desktop
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Gemfor s.r.o.) C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Spotify Ltd) C:\Users\Libis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\mmc.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mmc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\Libis\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-01-11] (Microsoft Corporation)
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\Run: [T-Mobile CManager] => C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2166552 2013-10-31] (Gemfor s.r.o.)
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-04-23] (Samsung)
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\Run: [Spotify Web Helper] => C:\Users\Libis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-29] (Spotify Ltd)
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [752736 2012-10-08] (ZONER software)
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\Run: [GoogleChromeAutoLaunch_B9AE4114AEC4CE08E1F35C1A4CD5141B] => C:\Program Files\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\MountPoints2: {0e9e5b5f-ffa0-11e3-9f4f-00271339a271} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\MountPoints2: {1a1fc715-ad03-11e3-8221-00271339a271} - F:\Autorun.exe
HKU\S-1-5-21-988370897-359538027-2129097604-1000\...\MountPoints2: {1a1fc722-ad03-11e3-8221-00271339a271} - F:\Autorun.exe
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.3
Tcpip\..\Interfaces\{51360748-645B-4F38-9F95-76C5E85EFEC0}: [NameServer]
FireFox:
========
FF ProfilePath: C:\Users\Libis\AppData\Roaming\Mozilla\Firefox\Profiles\r9ul02mi.default
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2014-02-02]
Chrome:
=======
CHR HomePage: hxxp://uloz.to/xkLwffK/galactik-football-01x13-utocnik-avi
CHR StartupUrls: "hxxp://www.delta-search.com/?affID=119816&babs ... 271339a271", "hxxp://www.search.ask.com/?o=APN10640A&gct=hp& ... 02-170&t=4", "hxxp://www.google.com"
CHR Extension: (Google Translate) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-01-11]
CHR Extension: (Dokumenty Google) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-11]
CHR Extension: (Disk Google) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-11]
CHR Extension: (YouTube) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-11]
CHR Extension: (Vyhledávání Google) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-11]
CHR Extension: (High Contrast) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2014-02-11]
CHR Extension: (Gmail Offline) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-02-11]
CHR Extension: (Tank Riders) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdmmodjlfegeieihcdcgcalkgmhgmiae [2014-02-11]
CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2014-01-11]
CHR Extension: (Mapy Google) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-01-11]
CHR Extension: (Spelunky HTML5) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhagnkphcmpkmabhocgimoncfaihkpof [2014-02-11]
CHR Extension: (Kontrola e-mailu Google) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-01-11]
CHR Extension: (Peněženka Google) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-11]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-01-11]
CHR Extension: (Gmail) - C:\Users\Libis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-11]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 MbnExt; C:\Program Files\T-Mobile\Web'n'walk Manager\MbnExt.dll [417128 2013-12-02] (Gemfor s.r.o.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-01-11] (Disc Soft Ltd)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [202752 2012-04-23] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 AIDA64Driver; \??\C:\Users\Libis\Desktop\ostatní\AIDA64 Extreme Edition\kerneld.x32 [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-06 15:42 - 2014-08-06 15:42 - 00016956 _____ () C:\Users\Libis\Desktop\FRST.txt
2014-08-06 15:40 - 2014-08-06 15:42 - 00000000 ____D () C:\FRST
2014-08-06 15:39 - 2014-08-06 15:39 - 00112640 _____ (forum.viry.cz) C:\Users\Libis\Desktop\FRSTLauncher.exe
2014-08-06 15:37 - 2014-08-06 15:37 - 01084928 _____ (Farbar) C:\Users\Libis\Desktop\FRST.exe
2014-08-01 19:36 - 2014-08-01 19:52 - 00000000 ____D () C:\Users\Libis\Desktop\Nová složka (3)
2014-08-01 17:43 - 2014-08-01 17:43 - 00000000 ____D () C:\Users\Libis\Desktop\Nová složka
2014-08-01 15:25 - 2014-08-02 14:54 - 00000000 ____D () C:\Users\Libis\Desktop\Kačí
2014-07-31 19:17 - 2014-07-31 19:43 - 00000000 ____D () C:\UsbFix
2014-07-29 21:24 - 2014-07-29 21:24 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-29 21:21 - 2014-07-31 19:20 - 00000000 ____D () C:\Windows\027B5748C40941FE949B7B81A8304EF4.TMP
2014-07-29 21:21 - 2014-07-29 21:21 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-07-29 20:37 - 2014-07-29 20:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-27 19:01 - 2014-07-27 19:02 - 00000000 ____D () C:\Users\Libis\Desktop\Nová složka (2)
2014-07-26 10:07 - 2014-07-26 10:08 - 00000000 ____D () C:\Users\Libis\AppData\Local\NPE
2014-07-26 10:07 - 2014-07-26 10:07 - 00000000 ____D () C:\ProgramData\Norton
2014-07-23 18:35 - 2014-08-04 17:30 - 00000000 ____D () C:\Users\Libis\Desktop\DCIM
2014-07-23 17:14 - 2014-06-21 09:49 - 00000512 ____H () C:\Users\Libis\Desktop\NIKON001.DSC
2014-07-20 11:38 - 2014-07-20 11:38 - 00000000 __SHD () C:\Users\Libis\AppData\Local\EmieUserList
2014-07-20 11:38 - 2014-07-20 11:38 - 00000000 __SHD () C:\Users\Libis\AppData\Local\EmieSiteList
2014-07-20 10:20 - 2014-07-20 11:38 - 00000132 _____ () C:\Users\Libis\AppData\Roaming\Adobe Formát GIF CS5 – předvolby
2014-07-18 18:07 - 2014-07-18 18:07 - 00000000 ____D () C:\Users\Libis\Documents\Fax
2014-07-18 18:07 - 2014-07-18 18:07 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-07-13 21:57 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-13 21:57 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-13 21:56 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-13 21:56 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-13 21:56 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-13 21:56 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-13 21:56 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-13 21:56 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-13 21:56 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-13 21:55 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-13 21:55 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-13 21:55 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-13 21:55 - 2014-06-19 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-13 21:55 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-13 21:55 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-13 21:55 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-13 21:55 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-13 21:55 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-13 21:55 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-13 21:55 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-13 21:55 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-13 21:55 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-13 21:55 - 2014-06-19 01:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-13 21:55 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-13 21:55 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-13 21:55 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-13 21:55 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-13 21:55 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-13 21:55 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-13 21:55 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-13 21:55 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-13 21:55 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-13 21:55 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-13 21:55 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-13 21:55 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-13 21:55 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-13 21:55 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-13 21:55 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-13 21:55 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-13 21:54 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-13 21:54 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-13 21:52 - 2014-06-30 03:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-13 21:52 - 2014-06-30 03:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-13 21:51 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 16:12 - 2014-07-09 16:12 - 00145368 _____ () C:\Windows\Minidump\070914-57923-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-06 15:42 - 2014-08-06 15:42 - 00016956 _____ () C:\Users\Libis\Desktop\FRST.txt
2014-08-06 15:42 - 2014-08-06 15:40 - 00000000 ____D () C:\FRST
2014-08-06 15:42 - 2009-07-14 06:34 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-06 15:42 - 2009-07-14 06:34 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-06 15:39 - 2014-08-06 15:39 - 00112640 _____ (forum.viry.cz) C:\Users\Libis\Desktop\FRSTLauncher.exe
2014-08-06 15:37 - 2014-08-06 15:37 - 01084928 _____ (Farbar) C:\Users\Libis\Desktop\FRST.exe
2014-08-06 15:30 - 2014-01-11 09:34 - 01059358 _____ () C:\Windows\WindowsUpdate.log
2014-08-06 15:01 - 2014-01-11 11:11 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-05 16:13 - 2014-01-11 11:11 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-05 16:08 - 2014-01-11 09:44 - 01582262 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-04 17:30 - 2014-07-23 18:35 - 00000000 ____D () C:\Users\Libis\Desktop\DCIM
2014-08-02 14:54 - 2014-08-01 15:25 - 00000000 ____D () C:\Users\Libis\Desktop\Kačí
2014-08-02 13:52 - 2009-07-14 06:39 - 00088892 _____ () C:\Windows\setupact.log
2014-08-01 19:52 - 2014-08-01 19:36 - 00000000 ____D () C:\Users\Libis\Desktop\Nová složka (3)
2014-08-01 19:09 - 2014-03-06 11:07 - 00000000 ____D () C:\Users\Libis\Desktop\ostatní
2014-08-01 18:57 - 2014-03-11 10:14 - 00000000 ____D () C:\Program Files Libis
2014-08-01 17:43 - 2014-08-01 17:43 - 00000000 ____D () C:\Users\Libis\Desktop\Nová složka
2014-08-01 17:11 - 2014-01-17 18:35 - 00000000 ____D () C:\Users\Libis\AppData\Local\CrashDumps
2014-08-01 08:23 - 2014-05-19 21:30 - 00000000 ____D () C:\Users\Libis\AppData\Roaming\Spotify
2014-08-01 08:20 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-01 08:13 - 2014-01-15 18:33 - 00000000 ____D () C:\Users\Libis\Desktop\Zástupci
2014-07-31 19:43 - 2014-07-31 19:17 - 00000000 ____D () C:\UsbFix
2014-07-31 19:20 - 2014-07-29 21:21 - 00000000 ____D () C:\Windows\027B5748C40941FE949B7B81A8304EF4.TMP
2014-07-31 19:20 - 2014-03-20 12:42 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-29 21:24 - 2014-07-29 21:24 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-29 21:21 - 2014-07-29 21:21 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-07-29 20:37 - 2014-07-29 20:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-29 20:32 - 2014-05-19 21:30 - 00000000 ____D () C:\Users\Libis\AppData\Local\Spotify
2014-07-29 20:30 - 2014-01-11 11:14 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 19:02 - 2014-07-27 19:01 - 00000000 ____D () C:\Users\Libis\Desktop\Nová složka (2)
2014-07-26 10:09 - 2014-01-11 11:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-26 10:08 - 2014-07-26 10:07 - 00000000 ____D () C:\Users\Libis\AppData\Local\NPE
2014-07-26 10:07 - 2014-07-26 10:07 - 00000000 ____D () C:\ProgramData\Norton
2014-07-20 11:38 - 2014-07-20 11:38 - 00000000 __SHD () C:\Users\Libis\AppData\Local\EmieUserList
2014-07-20 11:38 - 2014-07-20 11:38 - 00000000 __SHD () C:\Users\Libis\AppData\Local\EmieSiteList
2014-07-20 11:38 - 2014-07-20 10:20 - 00000132 _____ () C:\Users\Libis\AppData\Roaming\Adobe Formát GIF CS5 – předvolby
2014-07-18 18:07 - 2014-07-18 18:07 - 00000000 ____D () C:\Users\Libis\Documents\Fax
2014-07-18 18:07 - 2014-07-18 18:07 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-07-17 20:01 - 2014-01-14 08:35 - 00000000 ____D () C:\Users\Libis\AppData\Roaming\vlc
2014-07-14 04:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-07-14 03:25 - 2009-07-14 06:33 - 03860072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-14 03:21 - 2014-05-07 07:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-14 03:21 - 2009-07-14 11:21 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-14 03:05 - 2014-01-11 11:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-13 16:16 - 2014-01-11 10:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-13 16:13 - 2014-01-11 10:25 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 16:12 - 2014-07-09 16:12 - 00145368 _____ () C:\Windows\Minidump\070914-57923-01.dmp
2014-07-09 16:12 - 2014-01-17 21:00 - 00000000 ____D () C:\Windows\Minidump
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Libis\Desktop" je 170098 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv
C:\Windows\inf\ntvdm.vbe [x]
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Worm:VBS/Jenxcus!Ink na SD kartě
Jak je na tom váš oper. systém s legalitou?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Worm:VBS/Jenxcus!Ink na SD kartě
Co vím tak by měl být.
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Worm:VBS/Jenxcus!Ink na SD kartě
OK. Ještě poprosím o log OTL:
Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:
Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:
a klikněte na >Prohledat<. Dejte oba logy.CREATERESTOREPOINT
netsvcs
drivers32
savembr:0
/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5
%SystemDrive%\PhysicalMBR.bin /md5
*crack* /s
*keygen* /s
*loader* /s
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
Jan Kalous
- Návštěvník
- Příspěvky: 1
- Registrován: 13 říj 2016 05:39
Re: Worm:VBS/Jenxcus!Ink na SD kartě
Dobrý den, mám problém sestejným virem, ale nejde mi spustit ten odkaz na forum, píše to, že nejsem oprávněn.Rudy píše:Zdravím!
Zkuste na to pustit USBFix: http://www.viry.cz/forum/viewtopic.php?f=24&t=102308 .
Re: Worm:VBS/Jenxcus!Ink na SD kartě
Dobry den,
- Stahnete a spustte http://www.fosshub.com/UsbFix.html
- kliknete na Clean, vlozte nakazenou flashku do PC a kliknete na OK
- pri dotazu na asistenci kliknete na No
- upozorneni na ukonceni procesu - OK
- obsah prave vytvoreneho logu vlozte do pristiho prispevku
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Přispějete na provoz fóra?