SKYPEM MI PRISLA NEZNAMA PRILOHA EXE

[skoki]

Ahoj všem, chtěla jsem požádat o pomoc s odstraněním viru. Popíšu situaci : Skypem mi přišel neznámý soubor, na který jsem bez rozmyslu klikla. Nic se nestalo , tak jsem oslovila odesílatele o co se jedná, který mě informoval že se jedná o vir , ať to smažu. Pozdě . Název souboru " Statement 228222.pdf.exe" . Nechala jsem zkontrolovat PC anti-virem MBAM ( Malver bytes) Přikládám protokol : Tak ne bohužel mi nelze otevřít protokol . txt , nevím proč, tak přikládám výpis ručně.
Infekce datum soubor
Malware.packer.gpc 29.11. share . exe
Malware.packer.gpc 29.11. Recover.exe
Trojan.agent 29.11. 7F.tmp.exe
Trojan.agent 29.11. 79.tmp.exe
Backdoor.bot 29.11. Dc2.bpl
PUM.Disabled.SecurityCenter 28.11. HKLM\SOFTWARE\microsoft\SecurityCenterfirewall\DisabledNotify

Všechno jsem uložila do karentény a zatím žádnou další akci jsem neprováděla. Zda je můžu nechat odstranit a nebo to vyžaduje pracnější postup.

Co jsem objevila jako uživatel. Nejde mi např. otevřít nic v ovládacích panech napr. přidat a odebrat programy, zvuky, čas, no nic.. Ted tedy mi nešel ani printscreen, otevřít protokol antiviru a jako by nefungoval odkaz ..

Pokud někdo z Vás by si věděl rady . Předem děkuji

Monda

[vyosek]

Zdravim a pekne dopoledne preji

Restart PC, mackat F8 a zvolit Stav nouze s praci v siti

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Pockejte na dokonceni PreScanu
• Zvolte moznost Prohledat (scan)
• Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
• Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452

[skoki]

RogueKiller V8.7.9 [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Nouzový režim s prací v síti
Uživatel : Administrator [Práva správce]
Mód : Kontrola -- Datum : 12/03/2013 11:07:36
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 3 ¤¤¤
[All Users][SUSP UNIC] McAfee Security Scan Plus.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk @C:\PROGRA~1\MCAFEE~1\38A0D1~1.130\SSSCHE~1.EXE [-][7] -> NALEZENO
[Ivo][SUSP UNIC] Dropbox.lnk : C:\Documents and Settings\Ivo\Nabídka Start\Programy\Po spuštění\Dropbox.lnk @C:\DOCUME~1\Ivo\DATAAP~1\Dropbox\bin\Dropbox.exe /systemstartup [-][7] -> NALEZENO
[Ivo][SUSP UNIC] Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk : C:\Documents and Settings\Ivo\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk @C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE /tsr [-][7] -> NALEZENO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x2] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3500320AS +++++
--- User ---
[MBR] 027435ed955a83dafe07cf3116175d5d
[BSP] 512eab61af2cc4b335439754f4672abe : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_12032013_110736.txt >>

[vyosek]

Tady nic zasadniho

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=24&t=130784

[skoki]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2013-12-03 11:19:31
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 447 GB (94%) free of 477 GB
Total RAM: 2037 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:19:38, on 3.12.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21359)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Ivo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ivo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ivo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ivo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6683040390
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP Loader - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\nhsrvice.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MySQL - MySQL AB - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

--
End of file - 8400 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1078145449-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1078145449-682003330-1003UA.job
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06 95648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-08-30 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-05 194640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09 4502400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll [2013-10-05 1001936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-08-30 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-05 194640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-09-05 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-09-05 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-09-05 137752]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"GEST"== []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 948440]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\CTFMON.EXE [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Sybase\Adaptive Server Anywhere\9.0\win32\dbeng9.exe"="C:\Program Files\Sybase\Adaptive Server Anywhere\9.0\win32\dbeng9.exe:*:Enabled:Adaptive Server Anywhere Database Engine"
"C:\FORM studio 2009\FORMstudio.exe"="C:\FORM studio 2009\FORMstudio.exe:*:Enabled:FORM studio - hlavní modul"
"C:\Program Files\Generic\UoIP Server\USBoverIPServer.exe"="C:\Program Files\Generic\UoIP Server\USBoverIPServer.exe:*:Enabled:USB over IP Server"
"C:\Program Files\OpenVPN\bin\openvpn.exe"="C:\Program Files\OpenVPN\bin\openvpn.exe:*:Enabled:openvpn"
"C:\FORM studio 2010\FORMstudio.exe"="C:\FORM studio 2010\FORMstudio.exe:*:Enabled:FORM studio - hlavní modul"
"C:\Documents and Settings\Ivo\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Ivo\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"\\DUO35LR\Data\LCS\HELIOS_RED.13\SYSTEM\overdic.exe"="\\DUO35LR\Data\LCS\HELIOS_RED.13\SYSTEM\overdic.exe:*:Enabled:overdic"
"\\192.168.2.5\Data\LCS\HELIOS_RED.13\HELIOS_R.EXE"="\\192.168.2.5\Data\LCS\HELIOS_RED.13\HELIOS_R.EXE:*:Enabled:helios_r"
"C:\Program Files\TeamViewer\Version8\TeamViewer.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm

======List of files/folders created in the last 1 month======

2013-12-03 11:19:32 ----D---- C:\Program Files\trend micro
2013-12-03 11:19:31 ----D---- C:\rsit
2013-12-03 11:06:01 ----A---- C:\WINDOWS\system32\TrueSight.sys
2013-12-03 11:02:17 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2013-12-03 11:02:16 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2013-12-03 11:02:01 ----D---- C:\WINDOWS\CSC
2013-11-28 14:16:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-11-28 14:16:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-11-28 14:16:41 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2013-11-28 14:14:47 ----A---- C:\WINDOWS\ntbtlog.txt
2013-11-28 13:35:43 ----D---- C:\Program Files\ESET
2013-11-18 14:02:15 ----D---- C:\Program Files\Mozilla Firefox
2013-11-15 03:05:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2868626$
2013-11-15 03:05:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2900986$
2013-11-15 03:04:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2862152$
2013-11-15 03:04:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2876331$

======List of files/folders modified in the last 1 month======

2013-12-03 11:19:32 ----RD---- C:\Program Files
2013-12-03 11:12:07 ----SD---- C:\WINDOWS\Tasks
2013-12-03 11:08:41 ----D---- C:\WINDOWS\system32
2013-12-03 11:07:35 ----D---- C:\WINDOWS\system32\drivers
2013-12-03 11:06:45 ----D---- C:\WINDOWS\system32\CatRoot2
2013-12-03 11:02:16 ----D---- C:\Documents and Settings
2013-12-03 11:02:01 ----D---- C:\WINDOWS
2013-12-03 11:00:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-12-03 11:00:08 ----D---- C:\WINDOWS\Temp
2013-12-03 10:52:39 ----D---- C:\WINDOWS\Prefetch
2013-11-28 13:32:43 ----SHD---- C:\WINDOWS\Installer
2013-11-28 13:32:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2013-11-28 13:32:04 ----RD---- C:\Program Files\Skype
2013-11-25 09:38:09 ----D---- C:\Zalohy
2013-11-22 15:02:09 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-11-19 11:21:30 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2013-11-19 03:00:49 ----HD---- C:\WINDOWS\inf
2013-11-19 03:00:48 ----D---- C:\Program Files\Microsoft Security Client
2013-11-15 12:26:13 ----D---- C:\Program Files\McAfee Security Scan
2013-11-15 03:05:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-11-15 03:05:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-11-15 03:05:10 ----A---- C:\WINDOWS\imsins.BAK
2013-11-15 03:04:48 ----D---- C:\Program Files\Internet Explorer
2013-11-15 03:04:42 ----D---- C:\WINDOWS\system32\cs-cz
2013-11-15 03:04:26 ----D---- C:\WINDOWS\ie7updates
2013-11-15 03:02:37 ----D---- C:\WINDOWS\system32\MRT
2013-11-15 03:00:26 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 EST_BusEnum;Network USB Device Bus; C:\WINDOWS\system32\DRIVERS\GenBus.sys [2009-05-27 27008]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2010-08-20 26112]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2013-09-27 214696]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
S3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 EST_Server;Network USB Device; C:\WINDOWS\system32\DRIVERS\GenHC.sys [2009-06-03 171776]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
S3 TrueSight;TrueSight; \??\C:\WINDOWS\system32\TrueSight.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 22208]
S2 Apache2.2;Apache2.2; C:\xampp\apache\bin\httpd.exe [2009-12-19 29416]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
S2 HASP Loader;HASP Loader; C:\WINDOWS\system32\nhsrvice.exe [2005-05-29 249856]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-08-30 182184]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
S2 MySQL;MySQL; C:\xampp\mysql\bin\mysqld.exe [2009-12-19 6095504]
S2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-09-05 171680]
S2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-01 5087584]
S2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08 257416]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-14 194032]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 235216]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-18 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2010-08-20 36352]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[vyosek]

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[skoki]

Rkill 2.6.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/03/2013 12:52:12 PM in x86 mode. (Safe Mode)
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Documents and Settings\Administrator\Plocha\RogueKiller (1).exe (PID: 348) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Systém událostí modelu COM+ (EventSystem) is not Running.
Startup Type set to: Manual

* Centrum zabezpečení (wscsvc) is not Running.
Startup Type set to: Automatic

* Automatické aktualizace (wuauserv) is not Running.
Startup Type set to: Automatic

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 12/03/2013 12:52:49 PM
Execution time: 0 hours(s), 0 minute(s), and 36 seconds(s)

[vyosek]

Pokracujte ComboFixem

[skoki]

ComboFix 13-12-01.01 - Administrator 03.12.2013 13:19:44.1.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2037.1331 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Dokumenty\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0405.exe
c:\windows\msmqinst.log
c:\windows\system32\FlashPlayerApp.exe
c:\windows\system32\UNWISE.EXE
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-03 do 2013-12-03 )))))))))))))))))))))))))))))))
.
.
2013-12-03 10:19 . 2013-12-03 10:19 -------- d-----w- c:\program files\trend micro
2013-12-03 10:19 . 2013-12-03 10:19 -------- d-----w- C:\rsit
2013-12-03 10:06 . 2013-12-03 10:06 26624 ----a-w- c:\windows\system32\TrueSight.sys
2013-12-03 10:02 . 2013-12-03 10:02 -------- d-----w- c:\documents and settings\Administrator
2013-12-02 13:10 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{24213961-4CD7-4AC8-B8F2-136AB7433FC5}\mpengine.dll
2013-11-28 13:16 . 2013-11-28 13:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-11-28 13:16 . 2013-11-28 13:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-28 13:16 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-28 12:35 . 2013-11-28 12:35 -------- d-----w- c:\program files\ESET
2013-11-28 12:03 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2011-05-20 08:27 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-13 07:56 . 2008-04-14 12:00 841216 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:56 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2013-10-13 07:56 . 2008-04-14 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:56 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2013-10-12 15:57 . 2008-04-14 12:00 279552 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:13 . 2008-04-14 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-08 22:26 . 2013-03-05 11:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-07 11:00 . 2008-04-14 12:00 606208 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:42 . 2008-05-05 05:25 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-09-27 08:53 . 2010-10-24 19:25 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-04 13:47 . 2007-10-04 08:12 1024000 ----a-w- c:\windows\system32\ieframe.dll.mui
2012-07-18 08:04 . 2012-07-18 08:04 0 ----a-w- c:\program files\GUM6F.tmp
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Sybase\\Adaptive Server Anywhere\\9.0\\win32\\dbeng9.exe"=
"c:\\FORM studio 2009\\FORMstudio.exe"=
"c:\\Program Files\\Generic\\UoIP Server\\USBoverIPServer.exe"=
"c:\\Program Files\\OpenVPN\\bin\\openvpn.exe"=
"c:\\FORM studio 2010\\FORMstudio.exe"=
"c:\\Documents and Settings\\Ivo\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"475:TCP"= 475:TCP:HASP LM
"475:UDP"= 475:UDP:HASP LM
"2638:TCP"= 2638:TCP:septim
.
R3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\drivers\GenBus.sys [27.5.2009 13:19 27008]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [30.7.2010 8:19 29416]
S2 HASP Loader;HASP Loader;c:\windows\system32\nhsrvice.exe -service --> c:\windows\system32\nhsrvice.exe -service [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28.11.2013 14:16 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 9:34 171680]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [29.3.2013 9:39 5087584]
S3 EST_Server;Network USB Device;c:\windows\system32\drivers\GenHC.sys [13.5.2010 9:32 171776]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28.11.2013 14:16 22856]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [6.9.2013 18:29 235216]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-05 22:26]
.
2013-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 16:04]
.
2013-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 16:04]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-HASP License Manager - c:\windows\system32\UNWISE.EXE
AddRemove-Runtime VFP6 - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-03 13:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2013-12-03 13:22:55
ComboFix-quarantined-files.txt 2013-12-03 12:22
.
Před spuštěním: Volných bajtů: 470 081 425 408
Po spuštění: Volných bajtů: 470 589 861 888
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5710EDB48A3DF0E5B3D96E9CB9D4490F
413FC2A0C716421B3158746D63736515

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "GEST"="=-
  "GrooveMonitor"=-
  "SunJavaUpdateSched"=-
  "Adobe ARM"=-
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "475:TCP"=-
  "475:UDP"=-
  "2638:TCP"=-
  
  File::
  c:\windows\Tasks\Adobe Flash Player Updater.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[skoki]

ComboFix 13-12-01.01 - Administrator 03.12.2013 18:27:00.3.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2037.1753 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ivo\Local Settings\Temp\_is1.exe
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\GoogleCrashHandler.exe
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\GoogleUpdate.exe
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\GoogleUpdateBroker.exe
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\GoogleUpdateOnDemand.exe
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdate.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_am.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_ar.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_bg.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_bn.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_ca.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_cs.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_da.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_de.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_el.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_en-GB.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_en.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_es-419.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_es.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_et.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_fa.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_fi.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_fil.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_fr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_gu.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_hi.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_hr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_hu.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_id.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_is.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_it.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_iw.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_ja.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_kn.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_ko.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_lt.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_lv.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_ml.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_mr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_ms.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_nl.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_no.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_pl.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_pt-BR.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_pt-PT.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_ro.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_ru.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_sk.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_sl.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_sr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_sv.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_sw.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_ta.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_te.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_th.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_tr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_uk.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_ur.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_vi.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_zh-CN.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_zh-TW.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\npGoogleUpdate3.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\psmachine.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\psuser.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\GoogleCrashHandler.exe
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\GoogleCrashHandler64.exe
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\GoogleUpdate.exe
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\GoogleUpdateBroker.exe
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\GoogleUpdateOnDemand.exe
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\GoogleUpdateSetup.exe
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdate.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_am.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_ar.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_bg.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_bn.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_ca.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_cs.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_da.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_de.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_el.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_en-GB.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_en.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_es-419.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_es.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_et.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_fa.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_fi.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_fil.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_fr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_gu.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_hi.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_hr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_hu.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_id.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_is.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_it.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_iw.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_ja.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_kn.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_ko.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_lt.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_lv.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_ml.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_mr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_ms.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_nl.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_no.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_pl.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_pt-BR.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_pt-PT.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_ro.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_ru.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_sk.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_sl.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_sr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_sv.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_sw.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_ta.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_te.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_th.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_tr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_uk.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_ur.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_vi.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_zh-CN.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_zh-TW.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\npGoogleUpdate3.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\psmachine.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\psuser.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\GoogleCrashHandler.exe
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\GoogleCrashHandler64.exe
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\GoogleUpdate.exe
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\GoogleUpdateBroker.exe
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\GoogleUpdateOnDemand.exe
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\GoogleUpdateSetup.exe
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdate.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_am.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_ar.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_bg.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_bn.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_ca.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_cs.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_da.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_de.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_el.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_en-GB.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_en.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_es-419.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_es.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_et.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_fa.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_fi.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_fil.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_fr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_gu.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_hi.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_hr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_hu.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_id.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_is.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_it.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_iw.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_ja.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_kn.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_ko.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_lt.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_lv.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_ml.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_mr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_ms.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_nl.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_no.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_pl.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_pt-BR.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_pt-PT.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_ro.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_ru.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_sk.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_sl.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_sr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_sv.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_sw.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_ta.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_te.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_th.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_tr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_uk.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_ur.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_vi.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_zh-CN.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_zh-TW.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\npGoogleUpdate3.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\psmachine.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\psuser.dll
c:\documents and settings\Ivo\Local Settings\Temp\{D9703087-1ECA-4DD2-8EF7-15456FB20B83}\_Setup.dll
c:\documents and settings\Ivo\Local Settings\Temp\{D9703087-1ECA-4DD2-8EF7-15456FB20B83}\ISSetup.dll
c:\documents and settings\Ivo\Local Settings\Temp\AKSinstall\hasp_inst_help1.dll
c:\documents and settings\Ivo\Local Settings\Temp\AskInstallChecker.exe
c:\documents and settings\Ivo\Local Settings\Temp\AskToolbarInstaller.exe
c:\documents and settings\Ivo\Local Settings\Temp\GLBBFE.tmp
c:\documents and settings\Ivo\Local Settings\Temp\GoogleToolbarInstaller_en.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13680\abo.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13680\esop.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13680\faktury.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13680\majetek.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13680\ucto.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13685\abo.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13685\esop.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13685\faktury.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13685\majetek.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13685\ucto.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13690\abo.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13690\esop.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13690\faktury.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13690\majetek.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13690\ucto.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13695\abo.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13695\esop.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13695\faktury.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13695\majetek.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13695\ucto.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS8104\abo.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS8104\mzdy.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS8104\person.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\xfrx.sign.net.exe
c:\documents and settings\Ivo\Local Settings\Temp\isp3B.tmp\_Setup.dll
c:\documents and settings\Ivo\Local Settings\Temp\IXP000.TMP\XP_VS_Setup.exe
c:\documents and settings\Ivo\Local Settings\Temp\IXP001.TMP\XP_VS_Setup.exe
c:\documents and settings\Ivo\Local Settings\Temp\IXP002.TMP\XP_VS_Setup.exe
c:\documents and settings\Ivo\Local Settings\Temp\IXP003.TMP\XP_VS_Setup.exe
c:\documents and settings\Ivo\Local Settings\Temp\IXP004.TMP\XP_VS_Setup.exe
c:\documents and settings\Ivo\Local Settings\Temp\IXP005.TMP\XP_VS_Setup.exe
c:\documents and settings\Ivo\Local Settings\Temp\IXP006.TMP\XP_VS_Setup.exe
c:\documents and settings\Ivo\Local Settings\Temp\jre-6u11-windows-i586-p-iftw_196cf524.exe
c:\documents and settings\Ivo\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
c:\documents and settings\Ivo\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
c:\documents and settings\Ivo\Local Settings\Temp\kbpki\b266240ce6f54978f029.dll
c:\documents and settings\Ivo\Local Settings\Temp\kbpki\f93aa8bc3cdc9b4c6626.dll
c:\documents and settings\Ivo\Local Settings\Temp\NSISPromotion.dll
c:\documents and settings\Ivo\Local Settings\Temp\ose00000.exe
c:\documents and settings\Ivo\Local Settings\Temp\SET37.tmp
c:\documents and settings\Ivo\Local Settings\Temp\sfxC86.tmp\DesetiPrstyTesty.exe
c:\documents and settings\Ivo\Local Settings\Temp\SkypeSetup.exe
c:\documents and settings\Ivo\Local Settings\Temp\statement_28222.pdf.exe
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version5\install.exe
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version5\install64.exe
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version5\w2k\teamviewervpn.sys
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version5\x64\teamviewervpn.sys
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version5\x86\teamviewervpn.sys
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version6\TeamViewer_Desktop.exe
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version6\TeamViewer_Resource_cs.dll
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version6\TeamViewer_Service.exe
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version6\tv_w32.dll
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version6\tv_w32.exe
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version6\tv_x64.dll
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version6\tv_x64.exe
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version6\x64\TVMonitor.sys
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version6\x86\TVMonitor.sys
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version7\TeamViewer_.exe
c:\documents and settings\Ivo\Local Settings\Temp\upd.exE
c:\documents and settings\Ivo\Local Settings\Temp\vfp2c32.fll
.
---- Předchozí spuštění -------
.
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-03 do 2013-12-03 )))))))))))))))))))))))))))))))
.
.
2013-12-03 10:19 . 2013-12-03 10:19 -------- d-----w- c:\program files\trend micro
2013-12-03 10:19 . 2013-12-03 10:19 -------- d-----w- C:\rsit
2013-12-03 10:06 . 2013-12-03 10:06 26624 ----a-w- c:\windows\system32\TrueSight.sys
2013-12-03 10:02 . 2013-12-03 10:02 -------- d-----w- c:\documents and settings\Administrator
2013-12-02 13:10 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{24213961-4CD7-4AC8-B8F2-136AB7433FC5}\mpengine.dll
2013-11-28 13:16 . 2013-11-28 13:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-11-28 13:16 . 2013-11-28 13:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-28 13:16 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-28 12:35 . 2013-11-28 12:35 -------- d-----w- c:\program files\ESET
2013-11-28 12:03 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2011-05-20 08:27 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-13 07:56 . 2008-04-14 12:00 841216 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:56 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2013-10-13 07:56 . 2008-04-14 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:56 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2013-10-12 15:57 . 2008-04-14 12:00 279552 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:13 . 2008-04-14 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-08 22:26 . 2013-03-05 11:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-07 11:00 . 2008-04-14 12:00 606208 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:42 . 2008-05-05 05:25 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-09-27 08:53 . 2010-10-24 19:25 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-07-18 08:04 . 2012-07-18 08:04 0 ----a-w- c:\program files\GUM6F.tmp
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Sybase\\Adaptive Server Anywhere\\9.0\\win32\\dbeng9.exe"=
"c:\\FORM studio 2009\\FORMstudio.exe"=
"c:\\Program Files\\Generic\\UoIP Server\\USBoverIPServer.exe"=
"c:\\Program Files\\OpenVPN\\bin\\openvpn.exe"=
"c:\\FORM studio 2010\\FORMstudio.exe"=
"c:\\Documents and Settings\\Ivo\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\drivers\GenBus.sys [27.5.2009 13:19 27008]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [30.7.2010 8:19 29416]
S2 HASP Loader;HASP Loader;c:\windows\system32\nhsrvice.exe -service --> c:\windows\system32\nhsrvice.exe -service [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28.11.2013 14:16 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 9:34 171680]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [29.3.2013 9:39 5087584]
S3 EST_Server;Network USB Device;c:\windows\system32\drivers\GenHC.sys [13.5.2010 9:32 171776]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28.11.2013 14:16 22856]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [6.9.2013 18:29 235216]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Ivo\Data aplikací\Mozilla\Firefox\Profiles\qosf279d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 2009-09-02 16:56; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-03 18:31
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2013-12-03 18:32:21
ComboFix-quarantined-files.txt 2013-12-03 17:32
ComboFix2.txt 2013-12-03 12:22
.
Před spuštěním: Volných bajtů: 470 440 280 064
Po spuštění: Volných bajtů: 470 463 852 544
.
- - End Of File - - 1F9ECA0F3F5DD7802F148D47DD5D5777
413FC2A0C716421B3158746D63736515

[vyosek]

Jak se chova PC???

[skoki]

stále v ovládacích panelech nejdou otevřít systemová nastavení např. přidat odebrat programy, system, zobrazení atd.. Chrom stále nefunkční, při pokusu o reinstal se instalace nespustí.

[vyosek]

Zkuste Chrome odinstalovat napr.Revo uninstallerem