Preventivni kontrola

Zpráva

KEnik · #1 Příspěvek od **KEnik** » 18 zář 2014 19:24

Jedna se o PC kde drive doslo k ukradeni hesl k outlooku ( bylo slovnikove ale na serveru byl failban)
Nyni doslo ke zneuziti PC a odesilani spamu primo z jineho PC ve stejne skupine.

Proto pro jistotu prosim o kontrolu.

Dekuji.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Uzivatel (administrator) on UZIVATEL-HP on 18-09-2014 20:19:45
Running from C:\Users\Uzivatel\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Ai Squared ) C:\Program Files\ZoomText 9.1\ZtUac.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Ai Squared ) C:\Program Files\ZoomText 9.1\ZoomTextHelperService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Acronis) C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
() C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7596576 2009-07-02] (Realtek Semiconductor)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-11-04] ()
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Bonus.SSR.FR10] => C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe [940808 2009-11-30] (ABBYY.)
HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM\...\Run: [SAOB Monitor] => C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe [2536752 2010-09-02] (Acronis)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5502312 2010-09-23] (Acronis)
HKLM\...\Run: [Slu~ba Acronis Scheduler2] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [391144 2010-09-23] (Acronis)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5078504 2013-03-21] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-10-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-3067088073-3652413539-1205788036-1001\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-10-16] (Hewlett-Packard Company)
HKU\S-1-5-21-3067088073-3652413539-1205788036-1001\...\Run: [ZoomText] => C:\Program Files\ZoomText 9.1\Zt.exe [3536120 2010-02-23] (Ai Squared )
HKU\S-1-5-21-3067088073-3652413539-1205788036-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll ()
ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll ()
ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {36d4eb82-c101-4026-a65b-217e82619cc5} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... rceid=IE_5
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={73B9 ... 2012-07-12 06:15:43&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {A901CCCB-B7A0-420B-A81A-B76E52BEFED4} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKCU - {b1b53ecb-da56-4bc6-8060-3854a39520e8} URL = http://www.firmy.cz/phr/{searchTerms}?sourceid=IE_5
SearchScopes: HKCU - {e4ae80ef-6e6d-4833-9021-d722676f6389} URL = http://search.seznam.cz/?q={searchTerms}&sourceid=IE_5
SearchScopes: HKCU - {f2b88002-71bf-4cad-a75f-fc93c7aa5af6} URL = http://www.mapy.cz/?query={searchTerms}&sourceid=IE_5
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-06-11]

Chrome:
=======
CHR CustomProfile: C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-01]
CHR Extension: (Google Drive) - C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-01]
CHR Extension: (YouTube) - C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-01]
CHR Extension: (Google Search) - C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-01]
CHR Extension: (Google Wallet) - C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01]
CHR Extension: (Gmail) - C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [814344 2009-11-25] (ABBYY)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [780368 2010-09-23] (Acronis)
R2 AdobeActiveFileMonitor11.0; C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3975088 2011-03-22] (Acronis)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2007-05-23] (CrypKey (Canada) Ltd.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1341664 2013-03-21] (ESET)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-10-16] (Hewlett-Packard Company) [File not signed]
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 ZoomText Helper Service; C:\Program Files\ZoomText 9.1\ZoomTextHelperService.exe [11776 2010-02-23] (Ai Squared ) [File not signed]
S2 HP Health Check Service; "C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Ai2Chroniker; C:\Windows\System32\DRIVERS\Ai2Chroniker.sys [12872 2011-03-15] (Ai Squared )
R3 Ai2Mmpd; C:\Windows\System32\DRIVERS\Ai2Mmpd.sys [11848 2011-03-15] (Ai Squared )
R1 Ai2sXP; C:\Windows\System32\drivers\Ai2sXP.sys [7680 2010-11-24] (Ai Squared ) [File not signed]
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [171680 2013-02-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [122240 2013-01-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [105760 2013-01-10] (ESET)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [28632 2009-09-21] (Intel Corporation ) [File not signed]
R1 NetworkX; C:\Windows\system32\ckldrv.sys [16896 2007-05-01] () [File not signed]
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
S3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [311808 2009-07-14] (Realtek)
S3 catchme; \??\C:\Users\Uzivatel\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 20:20 - 2014-09-18 20:20 - 00112640 _____ (forum.viry.cz) C:\Users\Uzivatel\Desktop\Nepotvrzeno 757003.crdownload
2014-09-18 20:19 - 2014-09-18 20:20 - 00016209 _____ () C:\Users\Uzivatel\Desktop\FRST.txt
2014-09-18 20:19 - 2014-09-18 20:19 - 01097728 _____ (Farbar) C:\Users\Uzivatel\Desktop\FRST.exe
2014-09-18 20:19 - 2014-09-18 20:19 - 00000000 ____D () C:\FRST
2014-09-18 20:18 - 2014-09-18 20:18 - 00112640 _____ (forum.viry.cz) C:\Users\Uzivatel\Desktop\Nepotvrzeno 768214.crdownload
2014-09-18 14:14 - 2014-09-18 14:14 - 00000914 _____ () C:\Users\Uzivatel\Dokumenty – zástupce.lnk
2014-09-16 10:17 - 2014-09-16 10:17 - 00056832 _____ () C:\Users\Uzivatel\Documents\Kopie - 2015 - KALENDÁŘ + ROZPOČET FORM.xls
2014-09-10 21:45 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 21:45 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 21:45 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 21:45 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 21:45 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 21:45 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 21:45 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 21:45 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 21:45 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 21:45 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 21:45 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 21:45 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 21:45 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 21:45 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 21:45 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 21:45 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 21:45 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 21:45 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 21:45 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 21:45 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 21:45 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 21:45 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 21:45 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 21:45 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 21:45 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 21:45 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 21:45 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 21:45 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 21:45 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 21:45 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 21:45 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 07:07 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 07:07 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 07:07 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 07:06 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 07:06 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 07:06 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-07 14:21 - 2014-09-07 14:21 - 03419407 _____ () C:\Users\Uzivatel\Documents\IMG_0809.MOV
2014-09-07 12:36 - 2014-09-07 12:36 - 05474367 _____ () C:\Users\Uzivatel\Documents\IMG_0806.MOV
2014-08-31 07:31 - 2014-08-31 07:31 - 00000924 _____ () C:\Users\Uzivatel\Desktop\Centrum zařízení Windows Mobile.lnk
2014-08-31 07:31 - 2014-08-31 07:31 - 00000000 ____D () C:\Users\Uzivatel\Documents\Dokumenty na Uzivatel - Zařízení
2014-08-28 06:57 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 06:57 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 14:42 - 2014-08-26 17:28 - 00295681 _____ () C:\Users\Uzivatel\Documents\Kopie - CZK Ceník-Výprodej 8_2014.xlsx
2014-08-25 17:03 - 2014-08-25 17:03 - 00000000 ____D () C:\Program Files\Garmin GPS Plugin
2014-08-25 17:02 - 2014-08-25 17:10 - 00000000 ____D () C:\Users\Uzivatel\AppData\Roaming\Garmin
2014-08-25 16:58 - 2014-08-25 16:59 - 26395416 _____ (DeLorme Publishing ) C:\Users\Uzivatel\Downloads\DeLorme_GPS_Plugin.exe
2014-08-21 12:53 - 2014-08-21 12:53 - 00310607 _____ () C:\Users\Uzivatel\Desktop\stažený soubor.htm
2014-08-21 07:45 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-21 07:45 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-21 07:45 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-21 07:45 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-21 07:44 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-21 07:44 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-21 07:44 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-21 07:44 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-21 07:44 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 20:20 - 2014-09-18 20:20 - 00112640 _____ (forum.viry.cz) C:\Users\Uzivatel\Desktop\Nepotvrzeno 757003.crdownload
2014-09-18 20:20 - 2014-09-18 20:19 - 00016209 _____ () C:\Users\Uzivatel\Desktop\FRST.txt
2014-09-18 20:19 - 2014-09-18 20:19 - 01097728 _____ (Farbar) C:\Users\Uzivatel\Desktop\FRST.exe
2014-09-18 20:19 - 2014-09-18 20:19 - 00000000 ____D () C:\FRST
2014-09-18 20:18 - 2014-09-18 20:18 - 00112640 _____ (forum.viry.cz) C:\Users\Uzivatel\Desktop\Nepotvrzeno 768214.crdownload
2014-09-18 20:03 - 2013-08-28 18:04 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-18 19:49 - 2014-05-07 22:38 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6a345a0ee96f.job
2014-09-18 19:08 - 2012-09-03 06:26 - 00000000 ____D () C:\Users\Uzivatel\Documents\Nová složka (2)
2014-09-18 14:21 - 2014-03-12 19:14 - 00000000 ____D () C:\Users\Uzivatel\Desktop\inspirace
2014-09-18 14:19 - 2010-08-20 12:15 - 00000000 ____D () C:\Users\Uzivatel
2014-09-18 14:14 - 2014-09-18 14:14 - 00000914 _____ () C:\Users\Uzivatel\Dokumenty – zástupce.lnk
2014-09-18 08:49 - 2014-03-29 10:33 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4b2982147e38.job
2014-09-18 07:03 - 2010-08-20 15:00 - 00000000 ____D () C:\Users\Uzivatel\AppData\Local\Adobe
2014-09-18 07:00 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-18 07:00 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-18 06:54 - 2010-08-20 11:34 - 02012265 _____ () C:\Windows\WindowsUpdate.log
2014-09-18 06:53 - 2011-03-28 13:43 - 00142600 _____ () C:\Windows\error.log
2014-09-18 06:52 - 2011-03-28 13:43 - 00108440 _____ () C:\Windows\setupact.log
2014-09-18 06:52 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-16 20:25 - 2014-06-25 09:11 - 00001062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-16 10:17 - 2014-09-16 10:17 - 00056832 _____ () C:\Users\Uzivatel\Documents\Kopie - 2015 - KALENDÁŘ + ROZPOČET FORM.xls
2014-09-14 12:01 - 2011-09-11 10:34 - 00000000 ____D () C:\Users\Uzivatel\Documents\Marcela
2014-09-11 08:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-11 07:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-10 21:46 - 2011-03-15 16:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 21:45 - 2013-08-15 22:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 21:34 - 2010-08-20 15:36 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 21:33 - 2014-05-01 01:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 21:32 - 2009-07-25 14:54 - 01566464 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 12:03 - 2013-08-28 18:04 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 12:03 - 2012-01-22 10:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-09 22:51 - 2014-04-01 15:25 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-07 14:21 - 2014-09-07 14:21 - 03419407 _____ () C:\Users\Uzivatel\Documents\IMG_0809.MOV
2014-09-07 12:36 - 2014-09-07 12:36 - 05474367 _____ () C:\Users\Uzivatel\Documents\IMG_0806.MOV
2014-09-05 03:52 - 2014-09-10 07:06 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 03:47 - 2014-09-10 07:06 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-31 07:31 - 2014-08-31 07:31 - 00000924 _____ () C:\Users\Uzivatel\Desktop\Centrum zařízení Windows Mobile.lnk
2014-08-31 07:31 - 2014-08-31 07:31 - 00000000 ____D () C:\Users\Uzivatel\Documents\Dokumenty na Uzivatel - Zařízení
2014-08-30 08:29 - 2011-04-04 20:22 - 00000000 ____D () C:\Users\Uzivatel\AppData\Roaming\Skype
2014-08-29 06:46 - 2009-07-14 06:33 - 00469984 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 17:28 - 2014-08-26 14:42 - 00295681 _____ () C:\Users\Uzivatel\Documents\Kopie - CZK Ceník-Výprodej 8_2014.xlsx
2014-08-25 17:10 - 2014-08-25 17:02 - 00000000 ____D () C:\Users\Uzivatel\AppData\Roaming\Garmin
2014-08-25 17:03 - 2014-08-25 17:03 - 00000000 ____D () C:\Program Files\Garmin GPS Plugin
2014-08-25 16:59 - 2014-08-25 16:58 - 26395416 _____ (DeLorme Publishing ) C:\Users\Uzivatel\Downloads\DeLorme_GPS_Plugin.exe
2014-08-25 06:53 - 2010-08-20 15:33 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 03:46 - 2014-08-28 06:57 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-28 06:57 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 12:53 - 2014-08-21 12:53 - 00310607 _____ () C:\Users\Uzivatel\Desktop\stažený soubor.htm
2014-08-19 19:39 - 2014-09-10 21:45 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 00:26 - 2014-09-10 21:45 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:08 - 2014-09-10 21:45 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

Files to move or delete:
====================
C:\Users\Uzivatel\AppData\Roaming\settings.ini

Some content of TEMP:
====================
C:\Users\Uzivatel\AppData\Local\temp\AAMHelper.exe
C:\Users\Uzivatel\AppData\Local\temp\AdobeApplicationManager.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-16 08:18

==================== End Of Log ============================

#2 Příspěvek od **Rudy** » 19 zář 2014 17:45

Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={73B9 ... 2012-07-12 06:15:43&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
C:\Program Files\Google\Google Toolbar
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6a345a0ee96f.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4b2982147e38.job
C:\Users\Uzivatel\AppData\Roaming\settings.ini
C:\Users\Uzivatel\AppData\Local\temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

KEnik · #3 Příspěvek od **KEnik** » 22 zář 2014 12:40

Fixnuto díky.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Uzivatel at 2014-09-22 13:39:25 Run:1
Running from C:\Users\Uzivatel\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={73B9 ... 2012-07-12 06:15:43&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
C:\Program Files\Google\Google Toolbar
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6a345a0ee96f.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4b2982147e38.job
C:\Users\Uzivatel\AppData\Roaming\settings.ini
C:\Users\Uzivatel\AppData\Local\temp
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\ICQ Search => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}" => Key deleted successfully.
"HKCR\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
"HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
"HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
C:\Program Files\Google\Google Toolbar => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.

#4 Příspěvek od **Rudy** » 22 zář 2014 18:18

Smazáno. Hesla polud možno změňte.

KEnik · #5 Příspěvek od **KEnik** » 23 zář 2014 07:42

Dobrý den,
děkuji moc
hesla změněna okamžitě po zjištění.
Ted i změněn hosting - mají ošetřen spam filter odchozích zpráv a alert na nezvyklé mnozství odeslaných emailů.

#6 Příspěvek od **Rudy** » 23 zář 2014 19:16

OK, nemáte zač!

VIRY.CZ

Preventivni kontrola

Preventivni kontrola

Re: Preventivni kontrola

Re: Preventivni kontrola

Re: Preventivni kontrola

Re: Preventivni kontrola

Re: Preventivni kontrola