VIRY.CZ

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by tom at 2015-04-23 15:40:56 Run:2
Running from C:\Users\tom\Desktop\Bezpečnost\FRST
Loaded Profiles: tom (Available profiles: tom)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKU\S-1-5-21-3332171635-80688016-592393309-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3332171635-80688016-592393309-1001\...\MountPoints2: F - "F:\SETUP.EXE"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKLM-x32 -> DefaultScope value is missing.
2015-04-12 21:46 - 2015-04-14 16:25 - 00000000 ____D () C:\Program Files\trend micro
2015-04-12 21:46 - 2015-04-12 21:48 - 00000000 ____D () C:\rsit
2015-04-03 21:46 - 2015-04-04 10:43 - 00000000 ____D () C:\Program Files (x86)\c8e441a9-abd4-4721-b704-cb9cbd0d2ddb
2015-04-03 21:46 - 2015-04-04 10:43 - 00000000 ____D () C:\Program Files (x86)\c5c1e8b7-9d03-40f6-9ecf-a015924a15c0
2015-04-03 21:46 - 2015-04-04 10:43 - 00000000 ____D () C:\Program Files (x86)\5a1f3589-0adb-4951-8a7b-a30922551845
2015-04-03 21:46 - 2015-04-03 21:46 - 00000000 ____D () C:\Users\tom\AppData\Local\CrashRpt
2015-04-03 21:46 - 2015-04-03 21:46 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro

Task: {3052CD23-49C6-4342-9689-B03E9B81FD37} - System32\Tasks\{BFF7EEEF-31C2-45A5-9821-0A06C9D43121} => pcalua.exe -a E:\InstAll.exe -d E:\
Task: {4D820859-D391-4DAF-88D7-32E1D5B46968} - System32\Tasks\SPBIW_UpdateTask_Time_333733343637343037312d3734555b414a507857374a55 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {99CE4F40-1949-4477-A052-729E22B4B7E8} - System32\Tasks\{E14ED81C-88FC-428B-B3DC-B9E84D21AEDD} => pcalua.exe -a C:\Users\tom\Desktop\setup.exe -d C:\Users\tom\Desktop
Task: {AF003A68-C578-4D84-AA34-A199F4BEC493} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {EB687EFB-5FF0-4C3F-998D-7FC4237CA5C9} - System32\Tasks\brbrw_1280 => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\Crossbrowse.exe
Task: {F7373C5A-4029-4105-90CD-8FF29EC42128} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
C:\Users\Public\Documents\ShopperPro
C:\PROGRA~1\COMMON~1\System\SysMenu.dll
C:\PROGRA~1\COMMON~1\System\SysMenu64.dll
C:\Program Files (x86)\Crossbrowse
C:\ProgramData\ShopperPro
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NvBackend => value deleted successfully.
HKU\S-1-5-21-3332171635-80688016-592393309-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value deleted successfully.
"HKU\S-1-5-21-3332171635-80688016-592393309-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Program Files\trend micro => Moved successfully.
C:\rsit => Moved successfully.
C:\Program Files (x86)\c8e441a9-abd4-4721-b704-cb9cbd0d2ddb => Moved successfully.
C:\Program Files (x86)\c5c1e8b7-9d03-40f6-9ecf-a015924a15c0 => Moved successfully.
C:\Program Files (x86)\5a1f3589-0adb-4951-8a7b-a30922551845 => Moved successfully.
C:\Users\tom\AppData\Local\CrashRpt => Moved successfully.
C:\Users\Public\Documents\ShopperPro => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3052CD23-49C6-4342-9689-B03E9B81FD37}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3052CD23-49C6-4342-9689-B03E9B81FD37}" => Key deleted successfully.
C:\Windows\System32\Tasks\{BFF7EEEF-31C2-45A5-9821-0A06C9D43121} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BFF7EEEF-31C2-45A5-9821-0A06C9D43121}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D820859-D391-4DAF-88D7-32E1D5B46968}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D820859-D391-4DAF-88D7-32E1D5B46968}" => Key deleted successfully.
C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333733343637343037312d3734555b414a507857374a55 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_333733343637343037312d3734555b414a507857374a55" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99CE4F40-1949-4477-A052-729E22B4B7E8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99CE4F40-1949-4477-A052-729E22B4B7E8}" => Key deleted successfully.
C:\Windows\System32\Tasks\{E14ED81C-88FC-428B-B3DC-B9E84D21AEDD} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E14ED81C-88FC-428B-B3DC-B9E84D21AEDD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AF003A68-C578-4D84-AA34-A199F4BEC493}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF003A68-C578-4D84-AA34-A199F4BEC493}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB687EFB-5FF0-4C3F-998D-7FC4237CA5C9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB687EFB-5FF0-4C3F-998D-7FC4237CA5C9}" => Key deleted successfully.
C:\Windows\System32\Tasks\brbrw_1280 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\brbrw_1280" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F7373C5A-4029-4105-90CD-8FF29EC42128}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7373C5A-4029-4105-90CD-8FF29EC42128}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully.
"C:\Users\Public\Documents\ShopperPro" => File/Directory not found.
C:\PROGRA~1\COMMON~1\System\SysMenu.dll => Moved successfully.
C:\PROGRA~1\COMMON~1\System\SysMenu64.dll => Moved successfully.
"C:\Program Files (x86)\Crossbrowse" => File/Directory not found.
"C:\ProgramData\ShopperPro" => File/Directory not found.
EmptyTemp: => Removed 685.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 15:41:05 ====

Vyborne, toto by mohlo pomoct. Jak casto Vam provider psal maily o zavirovanem pocitaci? Dejte vedet pokud Vam jeste nejaky posle.

Naposledy - Virus byl detekovaný dne: 23.04 v 14:44:25 hodin.
Uvidím zítra.

Tak to vypadá že jsem čistý .Žádný mail nepřišel. To co jste odstranil byli zbytky z těch nevyžádaných programů? Jinak nevím kde jsem to mohl nabrat , protože eset mám nastaven dost agresivně. DĚKUJU.

Dobry vecer,

omlouvam se, ale o vikendu jsem nemel tolik volneho casu v kuse. Jeste jednou jsem projizdel cele tema, ale co bylo zdrojem nakazy uprimne netusim. Zda neaktualizovany software, spusteny zavirovany exe soubor, navstiveny web s exploitem... netusim. Dulezite je, ze jsme to spolecnymi silami s kolegou dali dohromady a Vam dekuju za trpelivost s odesilanim vzorku na etapy, ktere poslouzi k dalsimu zkoumani.

Zdravím,
setkal jsem se s identickým problémem. Zjistil jsem, že problém způsobila instalace Wintoflash, kde jsem nejspíše při instalaci nechal defaultní nastavení a do PC se nainstalovalo dalších 5 programů (vzpomínám si na pojmy ShoperPro,Emsisoft,,YTdownloader....další už teď nevím). Došlo i k integraci do prohlížečů FF, Chrome, IE. Jakmile jsem tyto návštěvníky odstranil, problém byl vyřešen včetně automaticky generovaných emailů od poskytovatele.
Pravda je, že antivirový program ani antimalware nic nehlásily.

Vzpomínám si že jsem taky instaloval wintoflash. Už nevím jestli to bylo přesně tím wintoflash protože, se mi taky nainstalovalo asi 5 programů, výše v diskuzi to někde bude. Mám dojem že mě se to ani při instalaci nezeptalo nebo jsem to přehlédl co všechno chci instalovat.