VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

SKYPEM MI PRISLA NEZNAMA PRILOHA EXE

https://forum.viry.cz:443/viewtopic.php?t=134416

Stránka 1 z 1

SKYPEM MI PRISLA NEZNAMA PRILOHA EXE

Napsal: 03 pro 2013 10:29
od skoki
Ahoj všem, chtěla jsem požádat o pomoc s odstraněním viru. Popíšu situaci : Skypem mi přišel neznámý soubor, na který jsem bez rozmyslu klikla. Nic se nestalo , tak jsem oslovila odesílatele o co se jedná, který mě informoval že se jedná o vir , ať to smažu. Pozdě :( . Název souboru " Statement 228222.pdf.exe" . Nechala jsem zkontrolovat PC anti-virem MBAM ( Malver bytes) Přikládám protokol : Tak ne bohužel mi nelze otevřít protokol . txt , nevím proč, tak přikládám výpis ručně.
Infekce datum soubor
Malware.packer.gpc 29.11. share . exe
Malware.packer.gpc 29.11. Recover.exe
Trojan.agent 29.11. 7F.tmp.exe
Trojan.agent 29.11. 79.tmp.exe
Backdoor.bot 29.11. Dc2.bpl
PUM.Disabled.SecurityCenter 28.11. HKLM\SOFTWARE\microsoft\SecurityCenterfirewall\DisabledNotify

Všechno jsem uložila do karentény a zatím žádnou další akci jsem neprováděla. Zda je můžu nechat odstranit a nebo to vyžaduje pracnější postup.

Co jsem objevila jako uživatel. Nejde mi např. otevřít nic v ovládacích panech napr. přidat a odebrat programy, zvuky, čas, no nic.. :cry: Ted tedy mi nešel ani printscreen, otevřít protokol antiviru a jako by nefungoval odkaz ..

Pokud někdo z Vás by si věděl rady . Předem děkuji

Monda

Re: SKYPEM MI PRISLA NEZNAMA PRILOHA EXE

Napsal: 03 pro 2013 10:34
od vyosek
Zdravim a pekne dopoledne preji :)

:arrow: Restart PC, mackat F8 a zvolit Stav nouze s praci v siti

:arrow: Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
  • Ukoncete vsechny programy
  • Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
  • Pockejte na dokonceni PreScanu
  • Zvolte moznost Prohledat (scan)
  • Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
  • Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452

Re: SKYPEM MI PRISLA NEZNAMA PRILOHA EXE

Napsal: 03 pro 2013 11:07
od skoki
RogueKiller V8.7.9 [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Nouzový režim s prací v síti
Uživatel : Administrator [Práva správce]
Mód : Kontrola -- Datum : 12/03/2013 11:07:36
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 3 ¤¤¤
[All Users][SUSP UNIC] McAfee Security Scan Plus.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk @C:\PROGRA~1\MCAFEE~1\38A0D1~1.130\SSSCHE~1.EXE [-][7] -> NALEZENO
[Ivo][SUSP UNIC] Dropbox.lnk : C:\Documents and Settings\Ivo\Nabídka Start\Programy\Po spuštění\Dropbox.lnk @C:\DOCUME~1\Ivo\DATAAP~1\Dropbox\bin\Dropbox.exe /systemstartup [-][7] -> NALEZENO
[Ivo][SUSP UNIC] Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk : C:\Documents and Settings\Ivo\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk @C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE /tsr [-][7] -> NALEZENO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x2] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3500320AS +++++
--- User ---
[MBR] 027435ed955a83dafe07cf3116175d5d
[BSP] 512eab61af2cc4b335439754f4672abe : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_12032013_110736.txt >>

Re: SKYPEM MI PRISLA NEZNAMA PRILOHA EXE

Napsal: 03 pro 2013 11:12
od vyosek
:arrow: Tady nic zasadniho :?:

:arrow: Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=24&t=130784

Re: SKYPEM MI PRISLA NEZNAMA PRILOHA EXE

Napsal: 03 pro 2013 11:18
od skoki
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2013-12-03 11:19:31
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 447 GB (94%) free of 477 GB
Total RAM: 2037 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:19:38, on 3.12.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21359)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Ivo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ivo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ivo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ivo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6683040390
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP Loader - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\nhsrvice.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MySQL - MySQL AB - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

--
End of file - 8400 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1078145449-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1078145449-682003330-1003UA.job
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06 95648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-08-30 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-05 194640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09 4502400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll [2013-10-05 1001936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-08-30 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-05 194640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-09-05 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-09-05 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-09-05 137752]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"GEST"== []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 948440]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\CTFMON.EXE [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Sybase\Adaptive Server Anywhere\9.0\win32\dbeng9.exe"="C:\Program Files\Sybase\Adaptive Server Anywhere\9.0\win32\dbeng9.exe:*:Enabled:Adaptive Server Anywhere Database Engine"
"C:\FORM studio 2009\FORMstudio.exe"="C:\FORM studio 2009\FORMstudio.exe:*:Enabled:FORM studio - hlavní modul"
"C:\Program Files\Generic\UoIP Server\USBoverIPServer.exe"="C:\Program Files\Generic\UoIP Server\USBoverIPServer.exe:*:Enabled:USB over IP Server"
"C:\Program Files\OpenVPN\bin\openvpn.exe"="C:\Program Files\OpenVPN\bin\openvpn.exe:*:Enabled:openvpn"
"C:\FORM studio 2010\FORMstudio.exe"="C:\FORM studio 2010\FORMstudio.exe:*:Enabled:FORM studio - hlavní modul"
"C:\Documents and Settings\Ivo\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Ivo\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"\\DUO35LR\Data\LCS\HELIOS_RED.13\SYSTEM\overdic.exe"="\\DUO35LR\Data\LCS\HELIOS_RED.13\SYSTEM\overdic.exe:*:Enabled:overdic"
"\\192.168.2.5\Data\LCS\HELIOS_RED.13\HELIOS_R.EXE"="\\192.168.2.5\Data\LCS\HELIOS_RED.13\HELIOS_R.EXE:*:Enabled:helios_r"
"C:\Program Files\TeamViewer\Version8\TeamViewer.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm

======List of files/folders created in the last 1 month======

2013-12-03 11:19:32 ----D---- C:\Program Files\trend micro
2013-12-03 11:19:31 ----D---- C:\rsit
2013-12-03 11:06:01 ----A---- C:\WINDOWS\system32\TrueSight.sys
2013-12-03 11:02:17 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2013-12-03 11:02:16 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2013-12-03 11:02:01 ----D---- C:\WINDOWS\CSC
2013-11-28 14:16:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-11-28 14:16:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-11-28 14:16:41 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2013-11-28 14:14:47 ----A---- C:\WINDOWS\ntbtlog.txt
2013-11-28 13:35:43 ----D---- C:\Program Files\ESET
2013-11-18 14:02:15 ----D---- C:\Program Files\Mozilla Firefox
2013-11-15 03:05:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2868626$
2013-11-15 03:05:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2900986$
2013-11-15 03:04:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2862152$
2013-11-15 03:04:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2876331$

======List of files/folders modified in the last 1 month======

2013-12-03 11:19:32 ----RD---- C:\Program Files
2013-12-03 11:12:07 ----SD---- C:\WINDOWS\Tasks
2013-12-03 11:08:41 ----D---- C:\WINDOWS\system32
2013-12-03 11:07:35 ----D---- C:\WINDOWS\system32\drivers
2013-12-03 11:06:45 ----D---- C:\WINDOWS\system32\CatRoot2
2013-12-03 11:02:16 ----D---- C:\Documents and Settings
2013-12-03 11:02:01 ----D---- C:\WINDOWS
2013-12-03 11:00:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-12-03 11:00:08 ----D---- C:\WINDOWS\Temp
2013-12-03 10:52:39 ----D---- C:\WINDOWS\Prefetch
2013-11-28 13:32:43 ----SHD---- C:\WINDOWS\Installer
2013-11-28 13:32:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2013-11-28 13:32:04 ----RD---- C:\Program Files\Skype
2013-11-25 09:38:09 ----D---- C:\Zalohy
2013-11-22 15:02:09 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-11-19 11:21:30 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2013-11-19 03:00:49 ----HD---- C:\WINDOWS\inf
2013-11-19 03:00:48 ----D---- C:\Program Files\Microsoft Security Client
2013-11-15 12:26:13 ----D---- C:\Program Files\McAfee Security Scan
2013-11-15 03:05:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-11-15 03:05:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-11-15 03:05:10 ----A---- C:\WINDOWS\imsins.BAK
2013-11-15 03:04:48 ----D---- C:\Program Files\Internet Explorer
2013-11-15 03:04:42 ----D---- C:\WINDOWS\system32\cs-cz
2013-11-15 03:04:26 ----D---- C:\WINDOWS\ie7updates
2013-11-15 03:02:37 ----D---- C:\WINDOWS\system32\MRT
2013-11-15 03:00:26 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 EST_BusEnum;Network USB Device Bus; C:\WINDOWS\system32\DRIVERS\GenBus.sys [2009-05-27 27008]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2010-08-20 26112]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2013-09-27 214696]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
S3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 EST_Server;Network USB Device; C:\WINDOWS\system32\DRIVERS\GenHC.sys [2009-06-03 171776]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
S3 TrueSight;TrueSight; \??\C:\WINDOWS\system32\TrueSight.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 22208]
S2 Apache2.2;Apache2.2; C:\xampp\apache\bin\httpd.exe [2009-12-19 29416]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
S2 HASP Loader;HASP Loader; C:\WINDOWS\system32\nhsrvice.exe [2005-05-29 249856]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-08-30 182184]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
S2 MySQL;MySQL; C:\xampp\mysql\bin\mysqld.exe [2009-12-19 6095504]
S2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-09-05 171680]
S2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-01 5087584]
S2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08 257416]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-14 194032]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 235216]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-18 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2010-08-20 36352]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: SKYPEM MI PRISLA NEZNAMA PRILOHA EXE

Napsal: 03 pro 2013 12:24
od vyosek
:arrow: Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: SKYPEM MI PRISLA NEZNAMA PRILOHA EXE

Napsal: 03 pro 2013 12:53
od skoki
Rkill 2.6.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/03/2013 12:52:12 PM in x86 mode. (Safe Mode)
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Documents and Settings\Administrator\Plocha\RogueKiller (1).exe (PID: 348) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Systém událostí modelu COM+ (EventSystem) is not Running.
Startup Type set to: Manual

* Centrum zabezpečení (wscsvc) is not Running.
Startup Type set to: Automatic

* Automatické aktualizace (wuauserv) is not Running.
Startup Type set to: Automatic

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 12/03/2013 12:52:49 PM
Execution time: 0 hours(s), 0 minute(s), and 36 seconds(s)

Re: SKYPEM MI PRISLA NEZNAMA PRILOHA EXE

Napsal: 03 pro 2013 13:01
od vyosek
Pokracujte ComboFixem

Re: SKYPEM MI PRISLA NEZNAMA PRILOHA EXE

Napsal: 03 pro 2013 13:21
od skoki
ComboFix 13-12-01.01 - Administrator 03.12.2013 13:19:44.1.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2037.1331 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Dokumenty\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0405.exe
c:\windows\msmqinst.log
c:\windows\system32\FlashPlayerApp.exe
c:\windows\system32\UNWISE.EXE
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-03 do 2013-12-03 )))))))))))))))))))))))))))))))
.
.
2013-12-03 10:19 . 2013-12-03 10:19 -------- d-----w- c:\program files\trend micro
2013-12-03 10:19 . 2013-12-03 10:19 -------- d-----w- C:\rsit
2013-12-03 10:06 . 2013-12-03 10:06 26624 ----a-w- c:\windows\system32\TrueSight.sys
2013-12-03 10:02 . 2013-12-03 10:02 -------- d-----w- c:\documents and settings\Administrator
2013-12-02 13:10 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{24213961-4CD7-4AC8-B8F2-136AB7433FC5}\mpengine.dll
2013-11-28 13:16 . 2013-11-28 13:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-11-28 13:16 . 2013-11-28 13:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-28 13:16 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-28 12:35 . 2013-11-28 12:35 -------- d-----w- c:\program files\ESET
2013-11-28 12:03 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2011-05-20 08:27 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-13 07:56 . 2008-04-14 12:00 841216 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:56 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2013-10-13 07:56 . 2008-04-14 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:56 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2013-10-12 15:57 . 2008-04-14 12:00 279552 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:13 . 2008-04-14 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-08 22:26 . 2013-03-05 11:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-07 11:00 . 2008-04-14 12:00 606208 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:42 . 2008-05-05 05:25 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-09-27 08:53 . 2010-10-24 19:25 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-04 13:47 . 2007-10-04 08:12 1024000 ----a-w- c:\windows\system32\ieframe.dll.mui
2012-07-18 08:04 . 2012-07-18 08:04 0 ----a-w- c:\program files\GUM6F.tmp
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Sybase\\Adaptive Server Anywhere\\9.0\\win32\\dbeng9.exe"=
"c:\\FORM studio 2009\\FORMstudio.exe"=
"c:\\Program Files\\Generic\\UoIP Server\\USBoverIPServer.exe"=
"c:\\Program Files\\OpenVPN\\bin\\openvpn.exe"=
"c:\\FORM studio 2010\\FORMstudio.exe"=
"c:\\Documents and Settings\\Ivo\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"475:TCP"= 475:TCP:HASP LM
"475:UDP"= 475:UDP:HASP LM
"2638:TCP"= 2638:TCP:septim
.
R3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\drivers\GenBus.sys [27.5.2009 13:19 27008]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [30.7.2010 8:19 29416]
S2 HASP Loader;HASP Loader;c:\windows\system32\nhsrvice.exe -service --> c:\windows\system32\nhsrvice.exe -service [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28.11.2013 14:16 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 9:34 171680]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [29.3.2013 9:39 5087584]
S3 EST_Server;Network USB Device;c:\windows\system32\drivers\GenHC.sys [13.5.2010 9:32 171776]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28.11.2013 14:16 22856]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [6.9.2013 18:29 235216]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-05 22:26]
.
2013-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 16:04]
.
2013-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 16:04]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-HASP License Manager - c:\windows\system32\UNWISE.EXE
AddRemove-Runtime VFP6 - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-03 13:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2013-12-03 13:22:55
ComboFix-quarantined-files.txt 2013-12-03 12:22
.
Před spuštěním: Volných bajtů: 470 081 425 408
Po spuštění: Volných bajtů: 470 589 861 888
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5710EDB48A3DF0E5B3D96E9CB9D4490F
413FC2A0C716421B3158746D63736515

Re: SKYPEM MI PRISLA NEZNAMA PRILOHA EXE

Napsal: 03 pro 2013 17:49
od vyosek
:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=-
"GrooveMonitor"=-
"SunJavaUpdateSched"=-
"Adobe ARM"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"475:TCP"=-
"475:UDP"=-
"2638:TCP"=-

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

ClearJavaCache::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: SKYPEM MI PRISLA NEZNAMA PRILOHA EXE

Napsal: 03 pro 2013 18:31
od skoki
ComboFix 13-12-01.01 - Administrator 03.12.2013 18:27:00.3.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2037.1753 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ivo\Local Settings\Temp\_is1.exe
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\GoogleCrashHandler.exe
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\GoogleUpdate.exe
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\GoogleUpdateBroker.exe
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\GoogleUpdateOnDemand.exe
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdate.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_am.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_ar.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_bg.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_bn.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_ca.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_cs.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_da.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_de.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_el.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_en-GB.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_en.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_es-419.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_es.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_et.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_fa.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_fi.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_fil.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_fr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_gu.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_hi.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_hr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_hu.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_id.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_is.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_it.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_iw.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_ja.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_kn.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_ko.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_lt.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_lv.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_ml.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_mr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_ms.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_nl.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_no.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_pl.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_pt-BR.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_pt-PT.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_ro.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_ru.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_sk.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_sl.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_sr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_sv.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_sw.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_ta.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_te.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_th.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_tr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_uk.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_ur.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_vi.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_zh-CN.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\goopdateres_zh-TW.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\npGoogleUpdate3.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\psmachine.dll
c:\documents and settings\Ivo\Local Settings\Temp\{110D2BC8-6E02-4F91-8C33-43B853518E59}\psuser.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\GoogleCrashHandler.exe
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\GoogleCrashHandler64.exe
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\GoogleUpdate.exe
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\GoogleUpdateBroker.exe
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\GoogleUpdateOnDemand.exe
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\GoogleUpdateSetup.exe
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdate.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_am.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_ar.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_bg.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_bn.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_ca.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_cs.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_da.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_de.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_el.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_en-GB.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_en.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_es-419.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_es.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_et.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_fa.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_fi.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_fil.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_fr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_gu.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_hi.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_hr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_hu.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_id.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_is.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_it.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_iw.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_ja.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_kn.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_ko.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_lt.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_lv.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_ml.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_mr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_ms.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_nl.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_no.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_pl.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_pt-BR.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_pt-PT.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_ro.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_ru.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_sk.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_sl.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_sr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_sv.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_sw.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_ta.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_te.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_th.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_tr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_uk.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_ur.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_vi.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_zh-CN.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\goopdateres_zh-TW.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\npGoogleUpdate3.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\psmachine.dll
c:\documents and settings\Ivo\Local Settings\Temp\{9CB78F01-6D8B-4135-BF07-C2DA956FDA65}\psuser.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\GoogleCrashHandler.exe
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\GoogleCrashHandler64.exe
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\GoogleUpdate.exe
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\GoogleUpdateBroker.exe
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\GoogleUpdateOnDemand.exe
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\GoogleUpdateSetup.exe
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdate.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_am.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_ar.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_bg.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_bn.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_ca.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_cs.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_da.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_de.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_el.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_en-GB.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_en.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_es-419.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_es.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_et.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_fa.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_fi.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_fil.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_fr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_gu.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_hi.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_hr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_hu.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_id.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_is.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_it.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_iw.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_ja.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_kn.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_ko.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_lt.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_lv.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_ml.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_mr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_ms.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_nl.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_no.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_pl.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_pt-BR.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_pt-PT.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_ro.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_ru.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_sk.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_sl.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_sr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_sv.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_sw.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_ta.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_te.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_th.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_tr.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_uk.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_ur.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_vi.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_zh-CN.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\goopdateres_zh-TW.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\npGoogleUpdate3.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\psmachine.dll
c:\documents and settings\Ivo\Local Settings\Temp\{C12082E2-4403-495C-92C9-F1C5218CEE9A}\psuser.dll
c:\documents and settings\Ivo\Local Settings\Temp\{D9703087-1ECA-4DD2-8EF7-15456FB20B83}\_Setup.dll
c:\documents and settings\Ivo\Local Settings\Temp\{D9703087-1ECA-4DD2-8EF7-15456FB20B83}\ISSetup.dll
c:\documents and settings\Ivo\Local Settings\Temp\AKSinstall\hasp_inst_help1.dll
c:\documents and settings\Ivo\Local Settings\Temp\AskInstallChecker.exe
c:\documents and settings\Ivo\Local Settings\Temp\AskToolbarInstaller.exe
c:\documents and settings\Ivo\Local Settings\Temp\GLBBFE.tmp
c:\documents and settings\Ivo\Local Settings\Temp\GoogleToolbarInstaller_en.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13680\abo.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13680\esop.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13680\faktury.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13680\majetek.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13680\ucto.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13685\abo.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13685\esop.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13685\faktury.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13685\majetek.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13685\ucto.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13690\abo.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13690\esop.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13690\faktury.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13690\majetek.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13690\ucto.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13695\abo.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13695\esop.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13695\faktury.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13695\majetek.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS13695\ucto.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS8104\abo.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS8104\mzdy.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\SYS8104\person.exe
c:\documents and settings\Ivo\Local Settings\Temp\HELIOS_R\xfrx.sign.net.exe
c:\documents and settings\Ivo\Local Settings\Temp\isp3B.tmp\_Setup.dll
c:\documents and settings\Ivo\Local Settings\Temp\IXP000.TMP\XP_VS_Setup.exe
c:\documents and settings\Ivo\Local Settings\Temp\IXP001.TMP\XP_VS_Setup.exe
c:\documents and settings\Ivo\Local Settings\Temp\IXP002.TMP\XP_VS_Setup.exe
c:\documents and settings\Ivo\Local Settings\Temp\IXP003.TMP\XP_VS_Setup.exe
c:\documents and settings\Ivo\Local Settings\Temp\IXP004.TMP\XP_VS_Setup.exe
c:\documents and settings\Ivo\Local Settings\Temp\IXP005.TMP\XP_VS_Setup.exe
c:\documents and settings\Ivo\Local Settings\Temp\IXP006.TMP\XP_VS_Setup.exe
c:\documents and settings\Ivo\Local Settings\Temp\jre-6u11-windows-i586-p-iftw_196cf524.exe
c:\documents and settings\Ivo\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
c:\documents and settings\Ivo\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
c:\documents and settings\Ivo\Local Settings\Temp\kbpki\b266240ce6f54978f029.dll
c:\documents and settings\Ivo\Local Settings\Temp\kbpki\f93aa8bc3cdc9b4c6626.dll
c:\documents and settings\Ivo\Local Settings\Temp\NSISPromotion.dll
c:\documents and settings\Ivo\Local Settings\Temp\ose00000.exe
c:\documents and settings\Ivo\Local Settings\Temp\SET37.tmp
c:\documents and settings\Ivo\Local Settings\Temp\sfxC86.tmp\DesetiPrstyTesty.exe
c:\documents and settings\Ivo\Local Settings\Temp\SkypeSetup.exe
c:\documents and settings\Ivo\Local Settings\Temp\statement_28222.pdf.exe
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version5\install.exe
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version5\install64.exe
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version5\w2k\teamviewervpn.sys
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version5\x64\teamviewervpn.sys
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version5\x86\teamviewervpn.sys
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version6\TeamViewer_Desktop.exe
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version6\TeamViewer_Resource_cs.dll
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version6\TeamViewer_Service.exe
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version6\tv_w32.dll
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version6\tv_w32.exe
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version6\tv_x64.dll
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version6\tv_x64.exe
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version6\x64\TVMonitor.sys
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version6\x86\TVMonitor.sys
c:\documents and settings\Ivo\Local Settings\Temp\TeamViewer\Version7\TeamViewer_.exe
c:\documents and settings\Ivo\Local Settings\Temp\upd.exE
c:\documents and settings\Ivo\Local Settings\Temp\vfp2c32.fll
.
---- Předchozí spuštění -------
.
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-03 do 2013-12-03 )))))))))))))))))))))))))))))))
.
.
2013-12-03 10:19 . 2013-12-03 10:19 -------- d-----w- c:\program files\trend micro
2013-12-03 10:19 . 2013-12-03 10:19 -------- d-----w- C:\rsit
2013-12-03 10:06 . 2013-12-03 10:06 26624 ----a-w- c:\windows\system32\TrueSight.sys
2013-12-03 10:02 . 2013-12-03 10:02 -------- d-----w- c:\documents and settings\Administrator
2013-12-02 13:10 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{24213961-4CD7-4AC8-B8F2-136AB7433FC5}\mpengine.dll
2013-11-28 13:16 . 2013-11-28 13:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-11-28 13:16 . 2013-11-28 13:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-28 13:16 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-28 12:35 . 2013-11-28 12:35 -------- d-----w- c:\program files\ESET
2013-11-28 12:03 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2011-05-20 08:27 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-13 07:56 . 2008-04-14 12:00 841216 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:56 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2013-10-13 07:56 . 2008-04-14 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:56 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2013-10-12 15:57 . 2008-04-14 12:00 279552 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:13 . 2008-04-14 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-08 22:26 . 2013-03-05 11:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-07 11:00 . 2008-04-14 12:00 606208 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:42 . 2008-05-05 05:25 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-09-27 08:53 . 2010-10-24 19:25 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-07-18 08:04 . 2012-07-18 08:04 0 ----a-w- c:\program files\GUM6F.tmp
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Sybase\\Adaptive Server Anywhere\\9.0\\win32\\dbeng9.exe"=
"c:\\FORM studio 2009\\FORMstudio.exe"=
"c:\\Program Files\\Generic\\UoIP Server\\USBoverIPServer.exe"=
"c:\\Program Files\\OpenVPN\\bin\\openvpn.exe"=
"c:\\FORM studio 2010\\FORMstudio.exe"=
"c:\\Documents and Settings\\Ivo\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\drivers\GenBus.sys [27.5.2009 13:19 27008]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [30.7.2010 8:19 29416]
S2 HASP Loader;HASP Loader;c:\windows\system32\nhsrvice.exe -service --> c:\windows\system32\nhsrvice.exe -service [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28.11.2013 14:16 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5.9.2013 9:34 171680]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [29.3.2013 9:39 5087584]
S3 EST_Server;Network USB Device;c:\windows\system32\drivers\GenHC.sys [13.5.2010 9:32 171776]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28.11.2013 14:16 22856]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [6.9.2013 18:29 235216]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Ivo\Data aplikací\Mozilla\Firefox\Profiles\qosf279d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 2009-09-02 16:56; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-03 18:31
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2013-12-03 18:32:21
ComboFix-quarantined-files.txt 2013-12-03 17:32
ComboFix2.txt 2013-12-03 12:22
.
Před spuštěním: Volných bajtů: 470 440 280 064
Po spuštění: Volných bajtů: 470 463 852 544
.
- - End Of File - - 1F9ECA0F3F5DD7802F148D47DD5D5777
413FC2A0C716421B3158746D63736515

Re: SKYPEM MI PRISLA NEZNAMA PRILOHA EXE

Napsal: 03 pro 2013 18:34
od vyosek
Jak se chova PC???

Re: SKYPEM MI PRISLA NEZNAMA PRILOHA EXE

Napsal: 04 pro 2013 10:19
od skoki
stále v ovládacích panelech nejdou otevřít systemová nastavení např. přidat odebrat programy, system, zobrazení atd.. Chrom stále nefunkční, při pokusu o reinstal se instalace nespustí.

Re: SKYPEM MI PRISLA NEZNAMA PRILOHA EXE

Napsal: 04 pro 2013 19:31
od vyosek
Zkuste Chrome odinstalovat napr.Revo uninstallerem
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz