VIRY.CZ

Dobrý den, poskytovatel webhostingu mi zablokoval email učet, jelikož bylo přes něj odesláno velké mnoužství spamu. Tak jsem tedy změnil heslo na mail a na všech PC, kde běží Outlook s tímto účtem, provádím kontrolu na nežádoucí bordel. Dle podobných témat jsem provedl kontrolu přes MBAR a MBAM. Zasílám logy a děkuji za každou radu.

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
http://www.malwarebytes.org

Database version: v2013.11.27.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
importPC.cz :: IMPORTPC-DE2E4E [administrator]

27.11.2013 13:10:45
mbar-log-2013-11-27 (13-10-45).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 224331
Time elapsed: 15 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE (Security.Hijack) -> Delete on reboot.

Registry Values Detected: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE|Debugger (Security.Hijack) -> Data: "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" -> Delete on reboot.

Registry Data Items Detected: 1
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Replace on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\WINDOWS\KMSEmulator.exe (RiskWare.Tool.CK) -> Delete on reboot.
C:\WINDOWS\AutoKMS.exe (Riskware.Keygen) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
----------------------------------------------------------------------------------------
Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org

Verze: v2013.11.27.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
importPC.cz :: IMPORTPC-DE2E4E [administrátor]

27.11.2013 13:43:00
MBAM-log-2013-11-27 (15-13-43).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 302316
Uplynulý čas: 1 hodin, 29 minut, 34 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 27
C:\Documents and Settings\importPC.cz\Plocha\Software\Přehrávače filmů & Codecs\bsplayer223.953_clip.exe (Adware.Vomba) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\importPC.cz\Plocha\Software\TC UP\PLUGINS\Tools\Revelation\Revelation.exe (HackTool.Snadboy) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\importPC.cz\Plocha\Software\TC UP\PLUGINS\Tools\Revelation\RevelationHelper.dll (PUP.PWSTool.SnadBoy) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP446\A0047745.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP448\A0047907.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP448\A0047922.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP449\A0047986.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP451\A0048048.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP453\A0048257.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP453\A0048336.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP454\A0048352.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP455\A0048416.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP456\A0048460.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP458\A0048648.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP459\A0048695.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP460\A0048792.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP460\A0048805.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP462\A0048852.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP462\A0048867.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP462\A0048873.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP463\A0048886.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP464\A0048947.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP464\A0048953.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP465\A0048975.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP465\A0048982.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP466\A0049067.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{617EEEF0-2026-4391-AE9C-EA9411E14AFC}\RP467\A0049098.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.

(konec)

Zdravim

Poprosim o log z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by importPC.cz at 2013-11-27 15:36:21
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (37%) free of 76 GB
Total RAM: 2038 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:36:32, on 27.11.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Program Files\TeamViewer\Version8\tv_w32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Plocha\Remote_Panel_P.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
c:\program files\teamviewer\version8\TeamViewer_Desktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\importPC.cz\Plocha\RSIT.exe
C:\Program Files\trend micro\importPC.cz.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Remote Panel Program.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6864673342
O18 - Protocol: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - C:\Program Files\Bricsys\Bricscad V11\BrxProtIE.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

--
End of file - 6185 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AutoKMS.job
C:\WINDOWS\tasks\AutoKMSDaily.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\importPC.cz\Data aplikací\Mozilla\Firefox\Profiles\859hfk6y.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.117 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

C:\Documents and Settings\importPC.cz\Data aplikací\Mozilla\Firefox\Profiles\859hfk6y.default\extensions\
toolbar@ask.com

C:\Documents and Settings\importPC.cz\Data aplikací\Mozilla\Firefox\Profiles\859hfk6y.default\searchplugins\
askcom.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-03-09 4171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-30 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-04-25 1520776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-30 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-04-25 1520776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2000-01-01 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2000-01-01 137752]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2000-01-01 19520544]
"TWCU"=C:\Program Files\TP-LINK\TWCU\TWCU.exe [2006-03-29 364544]
"hp 1000 firmware"=C:\Program Files\hp LaserJet 1000\fwdl.exe [2001-12-15 36864]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 948440]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2013-04-25 1648264]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2013-04-04 532040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-08-20 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^importPC.cz^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.2.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-06-07 1195520]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Remote Panel Program.lnk - C:\Documents and Settings\All Users\Plocha\Remote_Panel_P.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2000-01-01 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-03-09 4171464]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\KMSEmulator.exe"="C:\WINDOWS\KMSEmulator.exe:*:Disabled:Local KMS Host"
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Program Files\TeamViewer\Version8\TeamViewer.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javaws.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-11-27 15:36:22 ----D---- C:\Program Files\trend micro
2013-11-27 15:36:21 ----D---- C:\rsit
2013-11-27 13:39:58 ----D---- C:\Documents and Settings\importPC.cz\Data aplikací\Malwarebytes
2013-11-27 13:39:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-11-27 13:39:18 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2013-11-27 13:10:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-11-27 13:10:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2013-11-27 13:10:33 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2013-11-27 13:09:54 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2013-11-18 06:38:54 ----D---- C:\Program Files\Mozilla Firefox
2013-11-14 14:58:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2868626$
2013-11-14 14:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2900986$
2013-11-14 14:57:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2862152$
2013-11-14 14:57:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2876331$
2013-10-30 10:25:52 ----A---- C:\WINDOWS\system32\javaws.exe
2013-10-30 10:25:44 ----A---- C:\WINDOWS\system32\javaw.exe
2013-10-30 10:25:44 ----A---- C:\WINDOWS\system32\java.exe
2013-10-30 10:08:31 ----D---- C:\Program Files\Common Files\Java

======List of files/folders modified in the last 1 month======

2013-11-27 15:36:22 ----RD---- C:\Program Files
2013-11-27 15:12:04 ----D---- C:\WINDOWS\Temp
2013-11-27 14:56:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-11-27 13:42:05 ----D---- C:\WINDOWS\system32\drivers
2013-11-27 13:39:59 ----D---- C:\WINDOWS\Prefetch
2013-11-27 13:38:59 ----SD---- C:\WINDOWS\Tasks
2013-11-27 13:29:18 ----D---- C:\WINDOWS\system32\CatRoot2
2013-11-27 13:28:29 ----RSD---- C:\WINDOWS\Fonts
2013-11-27 13:27:26 ----D---- C:\WINDOWS
2013-11-19 11:21:30 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2013-11-19 08:43:42 ----SHD---- C:\WINDOWS\Installer
2013-11-19 08:43:14 ----HD---- C:\WINDOWS\inf
2013-11-19 08:43:11 ----D---- C:\Program Files\Microsoft Security Client
2013-11-18 07:04:06 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-11-15 07:37:23 ----D---- C:\WINDOWS\system32
2013-11-14 14:59:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-11-14 14:58:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-11-14 14:58:54 ----A---- C:\WINDOWS\imsins.BAK
2013-11-14 14:56:25 ----D---- C:\Program Files\Internet Explorer
2013-11-14 14:53:27 ----A---- C:\WINDOWS\system32\MRT.exe
2013-11-11 09:51:46 ----D---- C:\lj1488
2013-11-11 06:29:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-05 12:08:33 ----A---- C:\WINDOWS\win.ini
2013-10-30 10:25:31 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-30 10:25:20 ----D---- C:\Program Files\Java
2013-10-30 10:08:31 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2013-09-27 214696]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-08-20 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-08-20 14592]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2011-12-03 21275]
R3 AR5211;TP-LINK Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-12-21 470048]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-14 156160]
R3 BCMTPM;BCMTPM; C:\WINDOWS\system32\DRIVERS\btpmw32.sys [2006-07-17 17290]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-12-03 239168]
R3 GTwinUSB;GTwinUSB; C:\WINDOWS\System32\Drivers\GTwinUSB.sys [2004-06-28 61840]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-08-20 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-08-20 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2000-01-01 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2000-01-01 5878304]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-08-20 12160]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys []
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2000-01-01 1691480]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2000-01-01 1395800]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;TP-LINK Configuration Service; C:\WINDOWS\system32\acs.exe [2005-12-30 36864]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-10-30 182696]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 22208]
R2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-01 5087584]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2011-10-20 1479488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-03-09 30798512]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-03 136176]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-18 119408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Co udelame s temi nelegalnimi Office?? Nase forum nepodporuje piratsky SW

Jedna se o domaci PC nebo nejaky pracovni\firemni??

No jestli je to možný důvod, tak to smažu. Pc nevyužívám přímo já (řeším s nimi web a hosting), ale donutím majitele toto odstranit. A ano používá to pro pracovní účely.

A vy tomu majiteli delate servis?? Jen tak a zdarma??

VIRY.CZ

PC odesílá SPAM

PC odesílá SPAM

Re: PC odesílá SPAM

Re: PC odesílá SPAM

Re: PC odesílá SPAM

Re: PC odesílá SPAM

Re: PC odesílá SPAM