Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

spambot a mozna dalsi

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
skl
Návštěvník
Návštěvník
Příspěvky: 3
Registrován: 08 bře 2014 09:07

spambot a mozna dalsi

#1 Příspěvek od skl »

Dobry den,
potřeboval bych pomoct se spambotem, ktery se mi dostal do Outlooku a s kontrolou logu, jestli v pocitaci neni jeste neco dalsiho. Po zjisteni, ze rozesilam spam jsem nechal projet pocitac combofixem, VAPToolem a Malwarebytes ... kazdy si neco ukous :)

Dekuji

log z FRSTU:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-03-2014
Ran by sklendath (administrator) on SKLEN-TOSHIBA on 08-03-2014 08:10:08
Running from C:\Users\sklendath\Desktop
Microsoft® Windows Vista™ Home Premium (X86) OS Language: Czech
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION) c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
() C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(RealNetworks, Inc.) E:\filmy\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(forum.viry.cz) C:\Users\sklendath\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4444160 2007-04-25] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [411192 2007-03-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509496 2007-05-23] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [538744 2007-05-22] (TOSHIBA Corporation)
HKLM\...\Run: [KeNotify] - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34352 2006-11-06] ()
HKLM\...\Run: [HWSetup] - \HWSetup.exe hwSetUP
HKLM\...\Run: [SVPWUTIL] - C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2006-03-22] (TOSHIBA)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe
HKLM\...\Run: [topi] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [577536 2007-04-02] (TOSHIBA)
HKLM\...\Run: [Desktop SMS] - C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [1507328 2007-01-19] (Interactive Digital Media)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1451304 2009-03-20] (Synaptics Incorporated)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [571024 2007-05-04] (Toshiba)
HKLM\...\Run: [Symantec PIF AlertEng] - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [185896 2006-09-28] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] - C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM\...\Run: [CloneCDTray] - C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [976832 2009-12-17] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] - e:\filmy\Update\realsched.exe [295512 2013-03-20] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-4178443980-2086641671-1291764792-1000\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [413696 2006-11-15] (TOSHIBA)
HKU\S-1-5-21-4178443980-2086641671-1291764792-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-4178443980-2086641671-1291764792-1000\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4178443980-2086641671-1291764792-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-4178443980-2086641671-1291764792-1000\...\Run: [ICQ] - C:\Program Files\ICQ7.4\ICQ.exe [119608 2011-04-08] (ICQ, LLC.)
HKU\S-1-5-21-4178443980-2086641671-1291764792-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-4178443980-2086641671-1291764792-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... F6CB96857C&
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... F6CB96857C&
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 %SystemRoot%\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\sklendath\AppData\Roaming\Mozilla\Firefox\Profiles\859fghi3.default
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 - e:\filmy\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - e:\filmy\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\sklendath\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\sklendath\AppData\Roaming\Mozilla\Firefox\Profiles\859fghi3.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-10-06]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-06]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-02-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Skype Toolbars) - C:\Users\sklendath\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\sklendath\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-17]
CHR Extension: (Vyhledávání Google) - C:\Users\sklendath\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-17]
CHR Extension: (AdBlock) - C:\Users\sklendath\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-02-20]
CHR Extension: (RealDownloader) - C:\Users\sklendath\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-25]
CHR Extension: (Skype Click to Call) - C:\Users\sklendath\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-12-17]
CHR Extension: (Peněženka Google) - C:\Users\sklendath\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\sklendath\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-17]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]

========================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 gupdate1ca311b6fb5c570; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-09-09] (Google Inc.)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-26] (Symantec Corporation)
R2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Plánovač automatické aktualizace LiveUpdate; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-26] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S2 LiveUpdate Notice Ex; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]

==================== Drivers (Whitelisted) ====================

R0 65143846; C:\Windows\System32\DRIVERS\65143846.sys [133208 2014-03-07] (Kaspersky Lab ZAO)
S3 adusbmdm6501; C:\Windows\System32\DRIVERS\adusbmdm65.sys [64896 2005-05-02] (AnyDATA Corporation)
S3 adusbser; C:\Windows\System32\DRIVERS\adusbser.sys [97920 2006-12-20] (QUALCOMM Incorporated)
S3 adusbser6501; C:\Windows\System32\DRIVERS\adusbser65.sys [64896 2005-05-02] (AnyDATA Corporation)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [183912 2006-11-02] (Společnost Microsoft)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1060920 2008-07-24] (Společnost Microsoft)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-09-25] ()
S3 UVCFTR; C:\Windows\System32\DRIVERS\UVCFTR_S.SYS [11264 2007-03-12] (Chicony Electronics Co., Ltd.)
U3 abbggvw6; C:\Windows\system32\Drivers\abbggvw6.sys [0 ] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [22016 2006-11-02] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\SKLEND~1\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-08 08:10 - 2014-03-08 08:10 - 00024394 _____ () C:\Users\sklendath\Desktop\FRST.txt
2014-03-07 16:34 - 2014-03-07 16:34 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-07 16:32 - 2014-03-07 17:50 - 00133208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\65143846.sys
2014-03-07 16:30 - 2014-03-07 16:31 - 132307720 _____ () C:\Users\sklendath\Downloads\setup_11.0.1.1245.x01_2014_03_07_17_50.exe
2014-03-07 16:27 - 2014-03-07 16:27 - 00000809 _____ () C:\Users\sklendath\Desktop\CCleaner.lnk
2014-03-07 16:27 - 2014-03-07 16:27 - 00000000 ____D () C:\Users\sklendath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-03-07 16:27 - 2014-03-07 16:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-07 16:26 - 2014-03-07 16:26 - 01187896 _____ (Piriform Ltd) C:\Users\sklendath\Downloads\ccleaner.exe
2014-03-07 14:41 - 2014-03-07 14:41 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-03-07 14:41 - 2014-03-07 14:41 - 00289792 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-03-07 14:41 - 2014-03-07 14:41 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2014-03-07 14:41 - 2014-03-07 14:41 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-03-07 14:41 - 2014-03-07 14:41 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-03-07 14:41 - 2014-03-07 14:41 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-03-07 14:41 - 2014-03-07 14:41 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-03-07 14:41 - 2014-03-07 14:41 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-03-07 14:40 - 2014-03-07 14:40 - 01406464 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-03-07 14:40 - 2014-03-07 14:40 - 01260032 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-07 14:40 - 2014-03-07 14:40 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-03-07 14:40 - 2014-03-07 14:40 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-03-07 14:40 - 2014-03-07 14:40 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-03-07 14:40 - 2014-03-07 14:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-03-07 14:40 - 2014-03-07 14:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-03-07 14:39 - 2014-03-07 14:39 - 03502480 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-03-07 14:39 - 2014-03-07 14:39 - 03468168 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-03-07 14:38 - 2014-03-07 14:38 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2014-03-07 14:37 - 2014-03-07 14:37 - 00713728 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-03-07 14:37 - 2014-03-07 14:37 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-07 14:29 - 2014-03-07 14:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-07 14:28 - 2014-03-07 14:28 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-03-07 14:27 - 2014-03-07 14:27 - 00815104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-07 14:27 - 2014-03-07 14:27 - 00220672 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codecp.acm
2014-03-07 14:27 - 2014-03-07 14:27 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-03-07 14:27 - 2014-03-07 14:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\tcpipcfg.dll
2014-03-07 14:27 - 2014-03-07 14:27 - 00062464 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codeca.acm
2014-03-07 14:27 - 2014-03-07 14:27 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2014-03-07 14:27 - 2014-03-07 14:27 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\netiougc.exe
2014-03-07 14:27 - 2014-03-07 14:27 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TUNMP.SYS
2014-03-07 14:25 - 2014-03-07 14:25 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-03-07 14:25 - 2014-03-07 14:25 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2014-03-07 14:21 - 2014-03-07 14:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-07 14:19 - 2014-03-07 14:19 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-03-07 14:19 - 2014-03-07 14:19 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-03-07 14:19 - 2014-03-07 14:19 - 00473088 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-03-07 14:19 - 2014-03-07 14:19 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-03-07 14:19 - 2014-03-07 14:19 - 00435712 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-03-07 14:19 - 2014-03-07 14:19 - 00431104 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-03-07 14:19 - 2014-03-07 14:19 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-07 14:19 - 2014-03-07 14:19 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-03-07 14:19 - 2014-03-07 14:19 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-03-07 14:18 - 2014-03-07 14:18 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2014-03-07 14:18 - 2014-03-07 14:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll
2014-03-07 14:18 - 2014-03-07 14:18 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll
2014-03-07 14:15 - 2014-03-07 14:15 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll
2014-03-07 14:15 - 2014-03-07 14:15 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-03-07 14:14 - 2014-03-07 14:14 - 01327616 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-03-07 14:14 - 2014-03-07 14:14 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\msvfw32.dll
2014-03-07 14:14 - 2014-03-07 14:14 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\avifil32.dll
2014-03-07 14:14 - 2014-03-07 14:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\mciavi32.dll
2014-03-07 14:14 - 2014-03-07 14:14 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\avicap32.dll
2014-03-07 14:14 - 2014-03-07 14:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll
2014-03-07 14:14 - 2014-03-07 14:14 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll
2014-03-07 14:14 - 2014-03-07 14:14 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll
2014-03-07 14:14 - 2014-03-07 14:14 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll
2014-03-07 14:14 - 2014-03-07 14:14 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll
2014-03-07 12:02 - 2014-03-07 12:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\sklendath\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-07 12:02 - 2014-03-07 12:02 - 00000911 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-07 12:02 - 2014-03-07 12:02 - 00000000 ____D () C:\Users\sklendath\AppData\Roaming\Malwarebytes
2014-03-07 12:02 - 2014-03-07 12:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-07 12:02 - 2014-03-07 12:02 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-07 12:02 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-07 11:45 - 2014-03-08 08:10 - 00000000 ____D () C:\FRST
2014-03-07 11:44 - 2014-03-07 11:44 - 00112640 _____ (forum.viry.cz) C:\Users\sklendath\Desktop\FRSTLauncher.exe
2014-03-07 11:43 - 2014-03-07 11:43 - 01145344 _____ (Farbar) C:\Users\sklendath\Desktop\FRST.exe
2014-03-07 11:32 - 2014-03-07 11:32 - 00011126 _____ () C:\ComboFix.txt
2014-03-07 11:20 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-07 11:20 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-07 11:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-07 11:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-07 11:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-07 11:20 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-03-07 11:20 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-07 11:20 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-07 11:20 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-07 11:19 - 2014-03-07 11:33 - 00000000 ____D () C:\ComboFix
2014-03-07 11:18 - 2014-03-07 11:33 - 00000000 ____D () C:\Qoobox
2014-03-07 11:18 - 2014-03-07 11:30 - 00000000 ____D () C:\Windows\erdnt
2014-03-07 11:17 - 2014-03-07 11:18 - 05187267 ____R (Swearware) C:\Users\sklendath\Downloads\ComboFix.exe
2014-03-07 08:43 - 2014-03-07 08:43 - 00000000 ____D () C:\Users\sklendath\AppData\Local\Skype
2014-03-07 08:43 - 2014-03-07 08:43 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-24 09:16 - 2014-02-24 09:16 - 00028028 _____ () C:\Users\sklendath\Downloads\2014-Weekly-Calendar-Monday.xlsx
2014-02-21 16:03 - 2014-02-21 16:04 - 00000000 ____D () C:\Doc-2-Pdf
2014-02-21 16:03 - 2014-02-21 16:03 - 00000563 _____ () C:\Users\Public\Desktop\Batch Word to PDF Converter.lnk
2014-02-21 16:02 - 2014-02-21 16:02 - 01151547 _____ (Batchwork Software ) C:\Users\sklendath\Downloads\Batch-DOC-TO-PDF-Converter_2013.5.320.1678.exe
2014-02-21 15:50 - 2014-02-21 15:51 - 05177938 _____ (XSoft ) C:\Users\sklendath\Downloads\WordToPDF_setup.exe
2014-02-17 12:56 - 2014-02-17 12:56 - 00000000 ____D () C:\usr
2014-02-06 10:14 - 2014-02-21 07:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-08 08:10 - 2014-03-08 08:10 - 00024394 _____ () C:\Users\sklendath\Desktop\FRST.txt
2014-03-08 08:10 - 2014-03-07 11:45 - 00000000 ____D () C:\FRST
2014-03-08 08:04 - 2008-07-22 16:02 - 01489475 _____ () C:\Windows\WindowsUpdate.log
2014-03-08 07:46 - 2006-11-02 13:47 - 00003984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-08 07:46 - 2006-11-02 13:47 - 00003984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-08 07:39 - 2012-12-17 09:00 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-08 07:33 - 2009-09-09 08:08 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-07 18:33 - 2009-09-09 08:08 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-07 17:50 - 2014-03-07 16:32 - 00133208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\65143846.sys
2014-03-07 16:53 - 2011-02-01 20:04 - 00000000 ____D () C:\Users\sklendath\AppData\Roaming\Skype
2014-03-07 16:34 - 2014-03-07 16:34 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-07 16:31 - 2014-03-07 16:30 - 132307720 _____ () C:\Users\sklendath\Downloads\setup_11.0.1.1245.x01_2014_03_07_17_50.exe
2014-03-07 16:29 - 2012-03-28 06:28 - 00000000 ____D () C:\Windows\Minidump
2014-03-07 16:27 - 2014-03-07 16:27 - 00000809 _____ () C:\Users\sklendath\Desktop\CCleaner.lnk
2014-03-07 16:27 - 2014-03-07 16:27 - 00000000 ____D () C:\Users\sklendath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-03-07 16:27 - 2014-03-07 16:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-07 16:26 - 2014-03-07 16:26 - 01187896 _____ (Piriform Ltd) C:\Users\sklendath\Downloads\ccleaner.exe
2014-03-07 14:49 - 2008-07-22 16:20 - 00143880 _____ () C:\Users\sklendath\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-07 14:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-03-07 14:46 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-07 14:46 - 2006-11-02 13:47 - 00468456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-07 14:44 - 2006-11-02 14:01 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-07 14:43 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Movie Maker
2014-03-07 14:42 - 2008-07-24 14:29 - 00000000 ____D () C:\Users\sklendath\AppData\Roaming\ICQ
2014-03-07 14:41 - 2014-03-07 14:41 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-03-07 14:41 - 2014-03-07 14:41 - 00289792 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-03-07 14:41 - 2014-03-07 14:41 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2014-03-07 14:41 - 2014-03-07 14:41 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-03-07 14:41 - 2014-03-07 14:41 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-03-07 14:41 - 2014-03-07 14:41 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-03-07 14:41 - 2014-03-07 14:41 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-03-07 14:41 - 2014-03-07 14:41 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-03-07 14:40 - 2014-03-07 14:40 - 01406464 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-03-07 14:40 - 2014-03-07 14:40 - 01260032 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-07 14:40 - 2014-03-07 14:40 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-03-07 14:40 - 2014-03-07 14:40 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-03-07 14:40 - 2014-03-07 14:40 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-03-07 14:40 - 2014-03-07 14:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-03-07 14:40 - 2014-03-07 14:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-03-07 14:39 - 2014-03-07 14:39 - 03502480 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-03-07 14:39 - 2014-03-07 14:39 - 03468168 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-03-07 14:38 - 2014-03-07 14:38 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2014-03-07 14:37 - 2014-03-07 14:37 - 00713728 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-03-07 14:37 - 2014-03-07 14:37 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-07 14:29 - 2014-03-07 14:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-07 14:28 - 2014-03-07 14:28 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-03-07 14:27 - 2014-03-07 14:27 - 00815104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-07 14:27 - 2014-03-07 14:27 - 00220672 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codecp.acm
2014-03-07 14:27 - 2014-03-07 14:27 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-03-07 14:27 - 2014-03-07 14:27 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\tcpipcfg.dll
2014-03-07 14:27 - 2014-03-07 14:27 - 00062464 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codeca.acm
2014-03-07 14:27 - 2014-03-07 14:27 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2014-03-07 14:27 - 2014-03-07 14:27 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\netiougc.exe
2014-03-07 14:27 - 2014-03-07 14:27 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TUNMP.SYS
2014-03-07 14:25 - 2014-03-07 14:25 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-03-07 14:25 - 2014-03-07 14:25 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2014-03-07 14:24 - 2014-03-07 14:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-07 14:19 - 2014-03-07 14:19 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-03-07 14:19 - 2014-03-07 14:19 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-03-07 14:19 - 2014-03-07 14:19 - 00473088 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-03-07 14:19 - 2014-03-07 14:19 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-03-07 14:19 - 2014-03-07 14:19 - 00435712 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-03-07 14:19 - 2014-03-07 14:19 - 00431104 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-03-07 14:19 - 2014-03-07 14:19 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-07 14:19 - 2014-03-07 14:19 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-03-07 14:19 - 2014-03-07 14:19 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-03-07 14:18 - 2014-03-07 14:18 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2014-03-07 14:18 - 2014-03-07 14:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll
2014-03-07 14:18 - 2014-03-07 14:18 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll
2014-03-07 14:15 - 2014-03-07 14:15 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll
2014-03-07 14:15 - 2014-03-07 14:15 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-03-07 14:14 - 2014-03-07 14:14 - 01327616 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-03-07 14:14 - 2014-03-07 14:14 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\msvfw32.dll
2014-03-07 14:14 - 2014-03-07 14:14 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\avifil32.dll
2014-03-07 14:14 - 2014-03-07 14:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\mciavi32.dll
2014-03-07 14:14 - 2014-03-07 14:14 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\avicap32.dll
2014-03-07 14:14 - 2014-03-07 14:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll
2014-03-07 14:14 - 2014-03-07 14:14 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll
2014-03-07 14:14 - 2014-03-07 14:14 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll
2014-03-07 14:14 - 2014-03-07 14:14 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll
2014-03-07 14:14 - 2014-03-07 14:14 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll
2014-03-07 13:36 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-03-07 13:33 - 2008-07-22 23:21 - 00002411 _____ () C:\Windows\WINCMD.INI
2014-03-07 12:02 - 2014-03-07 12:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\sklendath\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-07 12:02 - 2014-03-07 12:02 - 00000911 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-07 12:02 - 2014-03-07 12:02 - 00000000 ____D () C:\Users\sklendath\AppData\Roaming\Malwarebytes
2014-03-07 12:02 - 2014-03-07 12:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-07 12:02 - 2014-03-07 12:02 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-07 11:44 - 2014-03-07 11:44 - 00112640 _____ (forum.viry.cz) C:\Users\sklendath\Desktop\FRSTLauncher.exe
2014-03-07 11:43 - 2014-03-07 11:43 - 01145344 _____ (Farbar) C:\Users\sklendath\Desktop\FRST.exe
2014-03-07 11:33 - 2014-03-07 11:19 - 00000000 ____D () C:\ComboFix
2014-03-07 11:33 - 2014-03-07 11:18 - 00000000 ____D () C:\Qoobox
2014-03-07 11:33 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2014-03-07 11:33 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-03-07 11:32 - 2014-03-07 11:32 - 00011126 _____ () C:\ComboFix.txt
2014-03-07 11:30 - 2014-03-07 11:18 - 00000000 ____D () C:\Windows\erdnt
2014-03-07 11:29 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-03-07 11:18 - 2014-03-07 11:17 - 05187267 ____R (Swearware) C:\Users\sklendath\Downloads\ComboFix.exe
2014-03-07 10:12 - 2009-09-09 08:01 - 00000924 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-03-07 09:45 - 2008-09-08 13:25 - 00000000 ____D () C:\Users\sklendath\AppData\Roaming\TOSHIBA
2014-03-07 08:43 - 2014-03-07 08:43 - 00000000 ____D () C:\Users\sklendath\AppData\Local\Skype
2014-03-07 08:43 - 2014-03-07 08:43 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-07 08:43 - 2011-02-01 20:04 - 00000000 ___RD () C:\Program Files\Skype
2014-03-07 08:43 - 2011-02-01 20:04 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 14:00 - 2006-11-02 11:33 - 01267844 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-04 07:56 - 2012-12-17 09:08 - 00001976 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-03 13:07 - 2008-08-12 15:13 - 00002627 _____ () C:\Users\sklendath\Desktop\Microsoft Office Word 2007.lnk
2014-03-01 10:04 - 2012-04-26 15:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-24 13:28 - 2008-08-12 15:13 - 00002585 _____ () C:\Users\sklendath\Desktop\Microsoft Office Excel 2007.lnk
2014-02-24 09:16 - 2014-02-24 09:16 - 00028028 _____ () C:\Users\sklendath\Downloads\2014-Weekly-Calendar-Monday.xlsx
2014-02-23 10:57 - 2008-07-22 16:20 - 00000000 ____D () C:\Users\sklendath
2014-02-23 08:54 - 2010-06-07 07:35 - 00000680 _____ () C:\Users\sklendath\AppData\Local\d3d9caps.dat
2014-02-21 16:04 - 2014-02-21 16:03 - 00000000 ____D () C:\Doc-2-Pdf
2014-02-21 16:03 - 2014-02-21 16:03 - 00000563 _____ () C:\Users\Public\Desktop\Batch Word to PDF Converter.lnk
2014-02-21 16:02 - 2014-02-21 16:02 - 01151547 _____ (Batchwork Software ) C:\Users\sklendath\Downloads\Batch-DOC-TO-PDF-Converter_2013.5.320.1678.exe
2014-02-21 15:51 - 2014-02-21 15:50 - 05177938 _____ (XSoft ) C:\Users\sklendath\Downloads\WordToPDF_setup.exe
2014-02-21 14:55 - 2012-10-03 07:39 - 00000000 ____D () C:\Users\sklendath\AppData\Roaming\ArcSoft
2014-02-21 09:39 - 2012-11-01 07:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 09:39 - 2011-05-23 08:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 07:47 - 2014-02-06 10:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-17 12:56 - 2014-02-17 12:56 - 00000000 ____D () C:\usr

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================




===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\sklendath\Desktop" je 249 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119534
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: spambot a mozna dalsi

#2 Příspěvek od Rudy »

Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=7E095E74-6060-4CCC-B591-F8E15B5D4DC6&apn_sauid=F12FE435-B5C0-4C72-9562-A3F6CB96857C&
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=7E095E74-6060-4CCC-B591-F8E15B5D4DC6&apn_sauid=F12FE435-B5C0-4C72-9562-A3F6CB96857C&
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
FF ProfilePath: C:\Users\sklendath\AppData\Roaming\Mozilla\Firefox\Profiles\859fghi3.default
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
CHR Extension: (RealDownloader) - C:\Users\sklendath\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-25]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
S3 Tosrfcom; No ImagePath
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
End
Uložte na plochu jako fixlist.txt. Pak znovu spusťte FRST a klikněte na >Fix<. Zkopírujte sem pak log, který se na závěr vytvoří.

Po ukončení této akce bych ještě rád viděl log ComboFix. který jste na vlastní riziko provedl včera.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
skl
Návštěvník
Návštěvník
Příspěvky: 3
Registrován: 08 bře 2014 09:07

Re: spambot a mozna dalsi

#3 Příspěvek od skl »

vypis po ,,fixu,,

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-03-2014
Ran by sklendath at 2014-03-08 11:58:23 Run:1
Running from C:\Users\sklendath\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=7E095E74-6060-4CCC-B591-F8E15B5D4DC6&apn_sauid=F12FE435-B5C0-4C72-9562-A3F6CB96857C&
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=7E095E74-6060-4CCC-B591-F8E15B5D4DC6&apn_sauid=F12FE435-B5C0-4C72-9562-A3F6CB96857C&
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
FF ProfilePath: C:\Users\sklendath\AppData\Roaming\Mozilla\Firefox\Profiles\859fghi3.default
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
CHR Extension: (RealDownloader) - C:\Users\sklendath\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-25]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
S3 Tosrfcom; No ImagePath
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA} => Key deleted successfully.
HKCR\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.
HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key deleted successfully.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key deleted successfully.
=> Should not be moved.
HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1 => Key deleted successfully.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll => Moved successfully.
HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1 => Key deleted successfully.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll => Moved successfully.
HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1 => Key deleted successfully.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll => Moved successfully.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ => Moved successfully.
C:\Users\sklendath\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji => Key deleted successfully.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx => Moved successfully.
Tosrfcom => Service deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job not found.

==== End of Fixlog ====

a vcerejsi combofix:

ComboFix 14-03-05.01 - sklendath 07.03.2014 11:21:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.2045.774 [GMT 1:00]
Spuštěný z: c:\users\sklendath\Downloads\ComboFix.exe
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\SKLEND~1\AppData\Local\Temp\ppcrlui_2264_2
c:\users\sklendath\AppData\Local\Microsoft\Windows\Temporary Internet Files\plot.log
c:\users\sklendath\AppData\Local\Temp\ppcrlui_2264_2
c:\windows\IsUn0405.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-07 do 2014-03-07 )))))))))))))))))))))))))))))))
.
.
2014-03-07 10:29 . 2014-03-07 10:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-07 07:43 . 2014-03-07 07:43 -------- d-----w- c:\users\sklendath\AppData\Local\Skype
2014-03-07 07:43 . 2014-03-07 07:43 -------- d-----w- c:\program files\Common Files\Skype
2014-03-03 14:20 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DBFEA27A-22CE-47F9-B61C-5918635D7E60}\mpengine.dll
2014-02-21 15:03 . 2014-02-21 15:04 -------- d-----w- C:\Doc-2-Pdf
2014-02-17 11:56 . 2014-02-17 11:56 -------- d-----w- C:\usr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 08:39 . 2012-11-01 06:48 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-21 08:39 . 2011-05-23 07:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-18 05:13 . 2009-10-09 13:38 231584 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-15 413696]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-04-08 119608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 1507328]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-17 976832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"TkBellExe"="e:\filmy\Update\realsched.exe" [2013-03-20 295512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-22 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\DRIVERS\adusbmdm65.sys [2005-05-02 64896]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2006-12-20 97920]
R3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\DRIVERS\adusbser65.sys [2005-05-02 64896]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 06:47 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-01 08:39]
.
2014-03-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-09 08:01]
.
2014-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 07:01]
.
2014-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-09 07:01]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\sklendath\AppData\Roaming\Mozilla\Firefox\Profiles\859fghi3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 2009-08-26 13:10; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- Asociace souborů -------
.
.scr=DWGTrueViewScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-07 11:29
Windows 6.0.6000 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????Q>?????8???`????????????
.
skenování skrytých souborů ...
.
.
c:\users\SKLEND~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2014-03-07 11:32:59
ComboFix-quarantined-files.txt 2014-03-07 10:32
.
Před spuštěním: Volných bajtů: 42 626 965 504
Po spuštění: Volných bajtů: 46 850 555 904
.
- - End Of File - - 8AD4E6AB9FD422677207EBA63C578EB0
5C616939100B85E558DA92B899A0FC36
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119534
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: spambot a mozna dalsi

#4 Příspěvek od Rudy »

Něco CF smazal a něco jsme smazali přes FRST. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
skl
Návštěvník
Návštěvník
Příspěvky: 3
Registrován: 08 bře 2014 09:07

Re: spambot a mozna dalsi

#5 Příspěvek od skl »

pozadam o znovuaktivaci e-mailu a uvidim :)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119534
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: spambot a mozna dalsi

#6 Příspěvek od Rudy »

OK. Případně se ozvěte. :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“