VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Pomoc s e-mailem - spam

https://forum.viry.cz:443/viewtopic.php?t=137360

Stránka 1 z 1

Pomoc s e-mailem - spam

Napsal: 10 dub 2014 07:54
od jeromme
Dobrý den, chtěl bych požádat znalé o pomoc - můj dodavatel internetových služeb mne upozornil, že z mojeho e-mailu jsou odesílány spamy. K přístupu k e-mailu používám Microsoft Outlook 13, v počítači mám nainstalovaný Norton360. ten nic nezjistil, použil jsem Norton power eraser - ten také nic nezjistil. Použil jsem MBAM a UnhackMe. Ty něco našly a smazaly. Bohužel teď nevím, jestli to pomohlo nebo ne :( . Nevím, jak nastavit ve firewallu ochranu portu SMTP (aby posílal poštu jen na providera), protože jinou poštu nestahuji. Děkuji za pomoc, j.

Re: Pomoc s e-mailem - spam

Napsal: 10 dub 2014 17:11
od Rudy
Zdravím!
Zkuste tento postup: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Re: Pomoc s e-mailem - spam

Napsal: 10 dub 2014 19:02
od jeromme
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
Ran by Tom@Petr (administrator) on TOMPETR-PC on 10-04-2014 20:06:23
Running from C:\Users\Tom@Petr\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BitTorrent Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe
(MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS ShellProcess Execute] - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe [252544 2010-09-28] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Family Tree Builder Update] - C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2532864 2013-11-12] (MyHeritage)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\.DEFAULT\...\Run: [Copy] - "C:\Users\Tom@Petr\AppData\Roaming\Copy\CopyAgent.exe"
HKU\S-1-5-21-1856613146-119424693-3568056849-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-1856613146-119424693-3568056849-1000\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [1043536 2013-04-04] (BitTorrent Inc.)
HKU\S-1-5-21-1856613146-119424693-3568056849-1000\...\Run: [FixMyRegistry] - C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss
HKU\S-1-5-21-1856613146-119424693-3568056849-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1856613146-119424693-3568056849-1000\...\MountPoints2: I - I:\setup.exe
HKU\S-1-5-21-1856613146-119424693-3568056849-1000\...\MountPoints2: {8582b2a6-5a52-11e3-8513-f46d04979b59} - I:\SETUP.EXE
HKU\S-1-5-21-1856613146-119424693-3568056849-1000\...\MountPoints2: {8971dfd3-0a10-11e2-8f7f-f46d04979b59} - I:\setup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si= ... e&tid=2958
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si= ... e&tid=2958
SearchScopes: HKCU - {D0542036-DBF2-4B15-A3D0-238B6C4F6F65} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36

FireFox:
========
FF ProfilePath: C:\Users\Tom@Petr\AppData\Roaming\Mozilla\Firefox\Profiles\wiwg20ch.default
FF user.js: detected! => C:\Users\Tom@Petr\AppData\Roaming\Mozilla\Firefox\Profiles\wiwg20ch.default\user.js
FF SearchEngineOrder.1: Tuvaro
FF Homepage: centrum.cz
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Tom@Petr\AppData\Roaming\Mozilla\Firefox\Profiles\wiwg20ch.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: MEGA - C:\Users\Tom@Petr\AppData\Roaming\Mozilla\Firefox\Profiles\wiwg20ch.default\Extensions\firefox@mega.co.nz.xpi [2014-03-25]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-30]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-30]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\IPSFF [2013-10-09]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (No Name) - C:\Users\Tom@Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\jopdpbolklklaiookikgmdinfbooiipj [2013-12-05]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-22]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-05] (Symantec Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe [265040 2014-03-12] (Symantec Corporation)
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [736672 2011-09-08] (Enigma Software Group USA, LLC.)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-01] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20140409.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20140409.035\ENG64.SYS [126040 2013-09-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20140409.035\EX64.SYS [2099288 2013-09-26] (Symantec Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1502000.026\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1502000.026\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-27] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-08-05] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-10 20:06 - 2014-04-10 20:06 - 00018482 _____ () C:\Users\Tom@Petr\Desktop\FRST.txt
2014-04-10 20:05 - 2014-04-10 20:06 - 00000000 ____D () C:\FRST
2014-04-10 20:02 - 2014-04-10 20:02 - 02157056 _____ (Farbar) C:\Users\Tom@Petr\Desktop\FRST64.exe
2014-04-09 16:21 - 2014-04-10 15:21 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-04-09 16:21 - 2014-04-09 16:24 - 00000000 ____D () C:\Users\Tom@Petr\Documents\RegRun2
2014-04-09 16:21 - 2014-04-09 16:21 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-04-09 16:21 - 2014-04-09 16:21 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT
2014-04-09 16:21 - 2014-04-09 16:21 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-04-09 16:13 - 2014-04-10 19:06 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-09 16:13 - 2014-04-09 16:13 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-09 16:13 - 2014-04-09 16:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-09 16:13 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-09 16:13 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-09 16:13 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-09 15:22 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 15:22 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 15:22 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 15:22 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 15:22 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 15:22 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 15:22 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 15:22 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 15:22 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 15:22 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 15:22 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 15:22 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 15:22 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 15:22 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 15:22 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 15:22 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 15:22 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 15:22 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 15:22 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 15:22 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 15:22 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 18:14 - 2014-04-07 18:15 - 00000978 _____ () C:\Users\Tom@Petr\Desktop\Black ICE.lnk
2014-04-07 16:47 - 2014-04-07 16:47 - 03062248 ____N (Symantec Corporation) C:\Users\Tom@Petr\Desktop\NPE.exe
2014-04-01 15:21 - 2014-04-01 15:21 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-03-30 09:32 - 2014-03-30 09:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-25 16:38 - 2014-03-25 16:38 - 00000000 ___RD () C:\Users\Tom@Petr\Documents\MEGA
2014-03-25 16:37 - 2014-03-25 16:37 - 00000764 _____ () C:\Users\Public\Desktop\MEGAsync.lnk
2014-03-25 16:37 - 2014-03-25 16:37 - 00000000 ____D () C:\Users\Tom@Petr\AppData\Local\Mega Limited
2014-03-25 16:37 - 2014-03-25 16:37 - 00000000 ____D () C:\ProgramData\MEGAsync
2014-03-19 20:14 - 2014-03-19 20:22 - 00001080 _____ () C:\Users\Tom@Petr\AppData\Local\mrdownloader.nast
2014-03-13 16:35 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 16:35 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 16:35 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 16:35 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 16:35 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 16:35 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 16:35 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 16:35 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 16:35 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 16:35 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 16:35 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 16:35 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 16:35 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 16:35 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 16:35 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 16:35 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 16:35 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 16:35 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 16:35 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 16:35 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 16:35 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 16:35 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 16:35 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 16:35 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 16:35 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 16:35 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 16:35 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 16:35 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 16:35 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 16:35 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 16:35 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 16:35 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 16:35 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 16:35 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 16:35 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 16:35 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 16:35 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 16:35 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 16:35 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 16:35 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 16:34 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 16:34 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 16:34 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 16:34 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-10 20:06 - 2014-04-10 20:06 - 00018482 _____ () C:\Users\Tom@Petr\Desktop\FRST.txt
2014-04-10 20:06 - 2014-04-10 20:05 - 00000000 ____D () C:\FRST
2014-04-10 20:05 - 2012-04-20 18:38 - 00000000 ____D () C:\Users\Tom@Petr\AppData\Roaming\uTorrent
2014-04-10 20:02 - 2014-04-10 20:02 - 02157056 _____ (Farbar) C:\Users\Tom@Petr\Desktop\FRST64.exe
2014-04-10 20:02 - 2012-08-25 10:22 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-10 19:49 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-10 19:49 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-10 19:44 - 2012-11-13 17:37 - 01622499 _____ () C:\Windows\WindowsUpdate.log
2014-04-10 19:41 - 2012-04-22 17:22 - 00000000 ____D () C:\Users\Tom@Petr\Documents\Soubory aplikace Outlook
2014-04-10 19:30 - 2012-08-20 17:17 - 00000000 ____D () C:\Users\Tom@Petr\AppData\Local\CrashDumps
2014-04-10 19:06 - 2014-04-09 16:13 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 16:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-10 15:24 - 2009-07-14 17:18 - 00668882 _____ () C:\Windows\system32\perfh005.dat
2014-04-10 15:24 - 2009-07-14 17:18 - 00141542 _____ () C:\Windows\system32\perfc005.dat
2014-04-10 15:24 - 2009-07-14 07:13 - 01584626 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-10 15:21 - 2014-04-09 16:21 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-04-10 15:19 - 2012-11-13 17:44 - 00065702 _____ () C:\Windows\setupact.log
2014-04-10 15:19 - 2012-04-22 17:16 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-04-10 15:19 - 2012-04-20 17:54 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-10 15:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-09 20:08 - 2012-04-22 17:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 20:07 - 2013-08-15 00:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 20:06 - 2012-04-20 18:04 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 16:24 - 2014-04-09 16:21 - 00000000 ____D () C:\Users\Tom@Petr\Documents\RegRun2
2014-04-09 16:21 - 2014-04-09 16:21 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-04-09 16:21 - 2014-04-09 16:21 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT
2014-04-09 16:21 - 2014-04-09 16:21 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-04-09 16:19 - 2013-01-04 21:13 - 00245772 _____ () C:\Windows\PFRO.log
2014-04-09 16:19 - 2009-07-14 06:45 - 00000000 ____D () C:\Windows\Setup
2014-04-09 16:13 - 2014-04-09 16:13 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-09 16:13 - 2014-04-09 16:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-09 16:13 - 2013-12-01 09:51 - 00000000 ____D () C:\Users\Tom@Petr\AppData\Local\NPE
2014-04-09 16:13 - 2012-11-20 21:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-09 16:12 - 2013-01-12 12:12 - 00000000 ____D () C:\Program Files\EZ CD Audio Converter
2014-04-09 15:17 - 2009-07-14 06:45 - 05114208 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-08 18:55 - 2012-04-22 17:30 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-08 16:40 - 2013-04-08 18:59 - 00000000 ____D () C:\Users\Tom@Petr\AppData\Roaming\eM Client
2014-04-08 16:11 - 2012-04-21 07:47 - 00124064 _____ () C:\Users\Tom@Petr\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-08 16:09 - 2013-07-25 10:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-04-08 16:09 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini
2014-04-07 19:17 - 2012-12-27 10:27 - 00000082 ____N () C:\spyhunter.log
2014-04-07 18:15 - 2014-04-07 18:14 - 00000978 _____ () C:\Users\Tom@Petr\Desktop\Black ICE.lnk
2014-04-07 17:18 - 2012-12-27 09:27 - 00001619 _____ () C:\sh4_service.log
2014-04-07 16:47 - 2014-04-07 16:47 - 03062248 ____N (Symantec Corporation) C:\Users\Tom@Petr\Desktop\NPE.exe
2014-04-06 17:09 - 2014-03-08 10:27 - 00000000 ____D () C:\Users\Tom@Petr\AppData\Local\dxhr
2014-04-04 15:49 - 2012-06-10 17:32 - 00000000 ____D () C:\Users\Tom@Petr\Documents\Paradox Interactive
2014-04-03 09:51 - 2014-04-09 16:13 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-09 16:13 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-09 16:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 15:21 - 2014-04-01 15:21 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-04-01 15:16 - 2013-03-23 11:36 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-04-01 15:16 - 2013-03-23 11:36 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-03-31 15:17 - 2012-05-09 15:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-31 03:16 - 2014-04-09 15:22 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-09 15:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-09 15:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 15:22 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 09:32 - 2014-03-30 09:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 16:49 - 2013-04-23 17:22 - 00000000 ____D () C:\Users\Tom@Petr\AppData\Roaming\Mp3tag
2014-03-27 21:13 - 2012-06-27 17:30 - 00000000 ____D () C:\ProgramData\Origin
2014-03-25 17:05 - 2012-04-20 17:44 - 00000000 ___RD () C:\Users\Tom@Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-25 16:38 - 2014-03-25 16:38 - 00000000 ___RD () C:\Users\Tom@Petr\Documents\MEGA
2014-03-25 16:37 - 2014-03-25 16:37 - 00000764 _____ () C:\Users\Public\Desktop\MEGAsync.lnk
2014-03-25 16:37 - 2014-03-25 16:37 - 00000000 ____D () C:\Users\Tom@Petr\AppData\Local\Mega Limited
2014-03-25 16:37 - 2014-03-25 16:37 - 00000000 ____D () C:\ProgramData\MEGAsync
2014-03-22 09:45 - 2013-06-26 18:43 - 00000000 ____D () C:\Users\Tom@Petr\Documents\SimCity
2014-03-19 20:22 - 2014-03-19 20:14 - 00001080 _____ () C:\Users\Tom@Petr\AppData\Local\mrdownloader.nast
2014-03-14 16:12 - 2012-05-09 18:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 16:12 - 2012-05-09 18:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 19:02 - 2012-08-25 10:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 19:02 - 2012-08-25 10:22 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 19:02 - 2012-07-14 11:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 16:19 - 2012-04-20 20:12 - 00001224 _____ () C:\Users\Tom@Petr\AppData\Local\SRDownloader.nast
2014-03-12 16:19 - 2012-04-20 20:09 - 00028888 _____ () C:\Users\Tom@Petr\AppData\Local\SRDownloader.err
2014-03-11 16:34 - 2013-12-01 15:38 - 00000000 ____D () C:\ProgramData\IObit

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-10 16:18

==================== End Of Log ============================

Re: Pomoc s e-mailem - spam

Napsal: 10 dub 2014 20:00
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1856613146-119424693-3568056849-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-1856613146-119424693-3568056849-1000\...\MountPoints2: I - I:\setup.exe
HKU\S-1-5-21-1856613146-119424693-3568056849-1000\...\MountPoints2: {8582b2a6-5a52-11e3-8513-f46d04979b59} - I:\SETUP.EXE
HKU\S-1-5-21-1856613146-119424693-3568056849-1000\...\MountPoints2: {8971dfd3-0a10-11e2-8f7f-f46d04979b59} - I:\setup.exe
KCU\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si= ... e&tid=2958
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si= ... e&tid=2958
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO-x32: No Name - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - No File
FF ProfilePath: C:\Users\Tom@Petr\AppData\Roaming\Mozilla\Firefox\Profiles\wiwg20ch.default
FF user.js: detected! => C:\Users\Tom@Petr\AppData\Roaming\Mozilla\Firefox\Profiles\wiwg20ch.default\user.js
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
U0 Partizan; system32\drivers\Partizan.sys [X]
C:\Windows\Tasks\AutoKMS.job
Task: {010FD6B3-130D-4499-BF40-6F28D81E1FE1} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS\AutoKMS.exe
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Doporučuji odinstalovat AdvancedSystemCare. Důvod: http://forum.viry.cz/viewtopic.php?f=14 ... ilit=iobit .

Re: Pomoc s e-mailem - spam

Napsal: 11 dub 2014 15:45
od jeromme
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Tom@Petr at 2014-04-11 16:50:47 Run:1
Running from C:\Users\Tom@Petr\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1856613146-119424693-3568056849-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-1856613146-119424693-3568056849-1000\...\MountPoints2: I - I:\setup.exe
HKU\S-1-5-21-1856613146-119424693-3568056849-1000\...\MountPoints2: {8582b2a6-5a52-11e3-8513-f46d04979b59} - I:\SETUP.EXE
HKU\S-1-5-21-1856613146-119424693-3568056849-1000\...\MountPoints2: {8971dfd3-0a10-11e2-8f7f-f46d04979b59} - I:\setup.exe
KCU\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si= ... e&tid=2958
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si= ... e&tid=2958
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO-x32: No Name - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - No File
FF ProfilePath: C:\Users\Tom@Petr\AppData\Roaming\Mozilla\Firefox\Profiles\wiwg20ch.default
FF user.js: detected! => C:\Users\Tom@Petr\AppData\Roaming\Mozilla\Firefox\Profiles\wiwg20ch.default\user.js
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
U0 Partizan; system32\drivers\Partizan.sys [X]
C:\Windows\Tasks\AutoKMS.job
Task: {010FD6B3-130D-4499-BF40-6F28D81E1FE1} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS\AutoKMS.exe
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKU\S-1-5-21-1856613146-119424693-3568056849-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
HKU\S-1-5-21-1856613146-119424693-3568056849-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-1856613146-119424693-3568056849-1000 => Key not found.
HKU\S-1-5-21-1856613146-119424693-3568056849-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8582b2a6-5a52-11e3-8513-f46d04979b59} => Key deleted successfully.
HKCR\CLSID\{8582b2a6-5a52-11e3-8513-f46d04979b59} => Key not found.
HKU\S-1-5-21-1856613146-119424693-3568056849-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8971dfd3-0a10-11e2-8f7f-f46d04979b59} => Key deleted successfully.
HKCR\CLSID\{8971dfd3-0a10-11e2-8f7f-f46d04979b59} => Key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Default_Page_URL => Value not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Default_Page_URL => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => Key deleted successfully.
HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} => Key not found.
=> Should not be moved.
C:\Users\Tom@Petr\AppData\Roaming\Mozilla\Firefox\Profiles\wiwg20ch.default\user.js => Moved successfully.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
Partizan => Service deleted successfully.
C:\Windows\Tasks\AutoKMS.job => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{010FD6B3-130D-4499-BF40-6F28D81E1FE1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{010FD6B3-130D-4499-BF40-6F28D81E1FE1} => Key deleted successfully.
C:\Windows\System32\Tasks\AutoKMS => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => Key deleted successfully.
"C:\Windows\AutoKMS\AutoKMS.exe" => File/Directory not found.

==== End of Fixlog ====

Re: Pomoc s e-mailem - spam

Napsal: 11 dub 2014 17:27
od Rudy
Smazáno. Nastala nějaká změna?

Re: Pomoc s e-mailem - spam

Napsal: 11 dub 2014 17:40
od jeromme
Zdravím, počítač jsem restartoval, najelo to v pohodě ... já jsem měl problém jen s těmi e-maily. Děkuji moc za pomoc. Už jsem myslel, že budu muset opustit Norton360.

Re: Pomoc s e-mailem - spam

Napsal: 11 dub 2014 18:02
od Rudy
Norton si ponechte. Je to jeden ze špičkových AV. Nemáte zač! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz