Na počítači rodičů se během týdne objevila nějaká havěť (prázdná plocha), kterou prý něčím zlividovali. Chtěl bych prověřit, jestli něco nezůstalo:
----------------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by Pavel at 2013-01-11 19:14:45
Microsoft® Windows Vista™ Home Premium
System drive C: has 50 GB (35%) free of 140 GB
Total RAM: 2047 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:14:57, on 11.1.2013
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Cumulus\cumulus.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Pavel\Downloads\RSIT.exe
C:\Program Files\trend micro\Pavel.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Cumulus.lnk = C:\Cumulus\cumulus.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 4371 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\53v402vt.default
prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.146 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-11-10 449512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-11-10 155384]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-10-01 4702208]
"Skytel"=C:\Windows\Skytel.exe [2007-08-03 1826816]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"PAC207_Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"AVG_UI"=C:\Program Files\AVG\AVG2013\avgui.exe [2012-12-11 3147384]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2012-11-10 1232896]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-11-09 17877168]
C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Cumulus.lnk - C:\Cumulus\cumulus.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======List of files/folders created in the last 1 month======
2013-01-11 19:14:45 ----D---- C:\rsit
2013-01-11 19:14:45 ----D---- C:\Program Files\trend micro
2013-01-09 19:29:37 ----D---- C:\Program Files\Mozilla Firefox
2013-01-09 19:22:22 ----ASH---- C:\hiberfil.sys
2013-01-09 19:20:10 ----D---- C:\Windows\temp
2013-01-09 19:20:08 ----A---- C:\ComboFix.txt
2013-01-09 19:19:29 ----SHD---- C:\$RECYCLE.BIN
2013-01-09 19:10:34 ----A---- C:\Windows\zip.exe
2013-01-09 19:10:34 ----A---- C:\Windows\SWXCACLS.exe
2013-01-09 19:10:34 ----A---- C:\Windows\SWSC.exe
2013-01-09 19:10:34 ----A---- C:\Windows\SWREG.exe
2013-01-09 19:10:34 ----A---- C:\Windows\sed.exe
2013-01-09 19:10:34 ----A---- C:\Windows\PEV.exe
2013-01-09 19:10:34 ----A---- C:\Windows\NIRCMD.exe
2013-01-09 19:10:34 ----A---- C:\Windows\MBR.exe
2013-01-09 19:10:34 ----A---- C:\Windows\grep.exe
2013-01-09 19:10:24 ----D---- C:\Qoobox
2013-01-09 19:10:10 ----D---- C:\Windows\erdnt
2013-01-09 19:07:57 ----A---- C:\Windows\ntbtlog.txt
2013-01-08 21:18:54 ----A---- C:\ProgramData\dsgsdgdsgdsgw.js
======List of files/folders modified in the last 1 month======
2013-01-11 19:14:56 ----D---- C:\Windows\Prefetch
2013-01-11 19:14:45 ----RD---- C:\Program Files
2013-01-11 19:08:47 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2013-01-11 18:27:52 ----D---- C:\ProgramData\MFAData
2013-01-11 13:16:10 ----D---- C:\Users\Pavel\AppData\Roaming\vlc
2013-01-11 13:07:55 ----D---- C:\LVWIN60
2013-01-11 11:20:45 ----D---- C:\Zaloha
2013-01-11 09:59:47 ----SHD---- C:\Windows\Installer
2013-01-11 09:59:12 ----D---- C:\Windows\System32
2013-01-11 09:58:13 ----D---- C:\Windows\system32\drivers
2013-01-10 20:13:35 ----D---- C:\Windows\inf
2013-01-10 20:13:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-01-09 19:42:37 ----SHD---- C:\System Volume Information
2013-01-09 19:30:23 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-01-09 19:20:10 ----D---- C:\Windows
2013-01-09 19:18:48 ----A---- C:\Windows\system.ini
2013-01-09 19:18:42 ----D---- C:\Windows\system32\drivers\etc
2013-01-09 19:17:59 ----D---- C:\ProgramData
2013-01-09 19:16:45 ----D---- C:\Windows\AppPatch
2013-01-09 19:16:44 ----D---- C:\Program Files\Common Files
2013-01-09 17:21:35 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-01-08 21:25:01 ----D---- C:\ProgramData\Skype
2013-01-08 21:24:56 ----RD---- C:\Program Files\Skype
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHX;AVGIDSHX; C:\Windows\system32\DRIVERS\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver; C:\Windows\system32\DRIVERS\avglogx.sys [2012-09-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2012-09-14 35552]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimx.sys [2012-09-21 19936]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2012-10-02 159712]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2012-09-21 164832]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\l160x86.sys [2007-10-31 46592]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-10-02 1967576]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
R3 mvusbews;USB EWS Device; C:\Windows\System32\Drivers\mvusbews.sys [2010-04-29 17408]
R3 PAC207;Trust 100K Series Webcam; C:\Windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-19 2314752]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 catchme;catchme; \??\C:\Users\Pavel\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver; C:\Windows\System32\Drivers\FTD2XX.sys [2003-01-24 24197]
S3 FTDIBUS;PRESTO Driver; C:\Windows\system32\drivers\ftdibus.sys [2009-02-17 57672]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 HPSIService;HP SI Service; C:\Windows\system32\HPSIsvc.exe [2010-04-30 99896]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-10-19 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-09 251400]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-01-09 115760]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zbytky nějaké havěti
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Zbytky nějaké havěti
Cumulus je program na USB meteostanici, měl by být v pořádku.
Combofix.txt tu je:
ComboFix 13-01-08.01 - Pavel 09.01.2013 19:12:39.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.2047.1676 [GMT 1:00]
Spuštěný z: c:\users\Pavel\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
c:\users\Pavel\wgsdgsdgdsgsd.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-09 do 2013-01-09 )))))))))))))))))))))))))))))))
.
.
2013-01-09 18:18 . 2013-01-09 18:18 -------- d-----w- c:\users\Pavel\AppData\Local\temp
2013-01-08 20:18 . 2013-01-08 20:18 2892 ----a-w- c:\programdata\dsgsdgdsgdsgw.js
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 16:21 . 2012-11-09 23:18 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 16:21 . 2012-11-09 23:18 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-05 20:09 . 2012-12-05 20:09 1178737 ----a-w- c:\windows\unins003.exe
2012-12-05 20:08 . 2012-12-05 20:09 1188443 ----a-w- c:\windows\unins002.exe
2012-11-23 19:53 . 2012-11-23 19:53 348256 ----a-w- c:\programdata\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2012-11-23 19:53 . 2012-11-23 19:53 348256 ----a-w- c:\programdata\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2012-11-23 19:52 . 2012-11-23 19:52 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-11-12 17:11 . 2012-11-12 17:11 515664 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-11-12 10:57 . 2012-11-12 10:57 687771 ----a-w- c:\windows\unins001.exe
2012-11-12 10:54 . 2012-11-12 10:54 687753 ----a-w- c:\windows\unins000.exe
2012-11-11 02:06 . 2012-11-11 02:06 378368 ----a-w- c:\windows\system32\winhttp.dll
2012-11-11 02:05 . 2012-11-11 02:05 268800 ----a-w- c:\windows\system32\es.dll
2012-11-11 02:04 . 2012-11-11 02:04 40960 ----a-w- c:\windows\system32\drivers\cs-CZ\http.sys.mui
2012-11-10 03:05 . 2012-11-10 03:05 72704 ----a-w- c:\windows\system32\fontsub.dll
2012-11-10 03:05 . 2012-11-10 03:05 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-11-10 03:05 . 2012-11-10 03:05 289792 ----a-w- c:\windows\system32\atmfd.dll
2012-11-10 03:05 . 2012-11-10 03:05 24064 ----a-w- c:\windows\system32\lpk.dll
2012-11-10 03:05 . 2012-11-10 03:05 156672 ----a-w- c:\windows\system32\t2embed.dll
2012-11-10 03:05 . 2012-11-10 03:05 10240 ----a-w- c:\windows\system32\dciman32.dll
2012-11-10 03:04 . 2012-11-10 03:04 72704 ----a-w- c:\windows\system32\admparse.dll
2012-11-10 03:04 . 2012-11-10 03:04 832512 ----a-w- c:\windows\system32\wininet.dll
2012-11-10 03:04 . 2012-11-10 03:04 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2012-11-10 03:04 . 2012-11-10 03:04 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-11-10 03:04 . 2012-11-10 03:04 48128 ----a-w- c:\windows\system32\mshtmler.dll
2012-11-10 03:04 . 2012-11-10 03:04 389120 ----a-w- c:\windows\system32\html.iec
2012-11-10 03:04 . 2012-11-10 03:04 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-10 03:04 . 2012-11-10 03:04 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-10 03:04 . 2012-11-10 03:04 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-10 03:04 . 2012-11-10 03:04 56320 ----a-w- c:\windows\system32\iesetup.dll
2012-11-10 03:02 . 2012-11-10 03:02 61440 ----a-w- c:\windows\system32\winipsec.dll
2012-11-10 03:02 . 2012-11-10 03:02 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2012-11-10 03:02 . 2012-11-10 03:02 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2012-11-10 03:02 . 2012-11-10 03:02 272896 ----a-w- c:\windows\system32\polstore.dll
2012-11-10 03:02 . 2012-11-10 03:02 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-11-10 03:02 . 2012-11-10 03:02 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2012-11-10 03:01 . 2012-11-10 03:01 87040 ----a-w- c:\windows\system32\msoert2.dll
2012-11-10 03:01 . 2012-11-10 03:01 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2012-11-10 03:01 . 2012-11-10 03:01 205824 ----a-w- c:\windows\system32\msoeacct.dll
2012-11-10 03:00 . 2012-11-10 03:00 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-11-10 03:00 . 2012-11-10 03:00 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2012-11-10 03:00 . 2012-11-10 03:00 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2012-11-10 03:00 . 2012-11-10 03:00 19968 ----a-w- c:\windows\system32\ARP.EXE
2012-11-10 03:00 . 2012-11-10 03:00 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2012-11-10 03:00 . 2012-11-10 03:00 15360 ----a-w- c:\windows\system32\netevent.dll
2012-11-10 03:00 . 2012-11-10 03:00 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2012-11-10 03:00 . 2012-11-10 03:00 103936 ----a-w- c:\windows\system32\netiohlp.dll
2012-11-10 03:00 . 2012-11-10 03:00 10240 ----a-w- c:\windows\system32\finger.exe
2012-11-10 02:59 . 2012-11-10 02:59 194560 ----a-w- c:\windows\system32\WebClnt.dll
2012-11-10 02:59 . 2012-11-10 02:59 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2012-11-10 02:58 . 2012-11-10 02:58 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2012-11-10 02:58 . 2012-11-10 02:58 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2012-11-10 02:58 . 2012-11-10 02:58 502272 ----a-w- c:\windows\system32\wlansvc.dll
2012-11-10 02:58 . 2012-11-10 02:58 47104 ----a-w- c:\windows\system32\wlanapi.dll
2012-11-10 02:58 . 2012-11-10 02:58 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2012-11-10 02:58 . 2012-11-10 02:58 297984 ----a-w- c:\windows\system32\wlansec.dll
2012-11-10 02:57 . 2012-11-10 02:57 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-11-10 02:57 . 2012-11-10 02:57 1260032 ----a-w- c:\windows\system32\msxml3.dll
2012-11-10 02:57 . 2012-11-10 02:57 2048 ----a-w- c:\windows\system32\msxml6r.dll
2012-11-10 02:57 . 2012-11-10 02:57 1406464 ----a-w- c:\windows\system32\msxml6.dll
2012-11-10 02:57 . 2012-11-10 02:57 216576 ----a-w- c:\windows\system32\msv1_0.dll
2012-11-10 02:56 . 2012-11-10 02:56 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-11-10 02:56 . 2012-11-10 02:56 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-11-10 02:56 . 2012-11-10 02:56 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-11-10 02:55 . 2012-11-10 02:55 49664 ----a-w- c:\windows\system32\csrsrv.dll
2012-11-10 02:55 . 2012-11-10 02:55 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-11-10 02:54 . 2012-11-10 02:54 98816 ----a-w- c:\windows\system32\mfps.dll
2012-11-10 02:54 . 2012-11-10 02:54 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2012-11-10 02:54 . 2012-11-10 02:54 2855424 ----a-w- c:\windows\system32\mf.dll
2012-11-10 02:54 . 2012-11-10 02:54 2048 ----a-w- c:\windows\system32\mferror.dll
2012-11-10 02:54 . 2012-11-10 02:54 24576 ----a-w- c:\windows\system32\mfpmp.exe
2012-11-10 02:52 . 2012-11-10 02:52 434176 ----a-w- c:\windows\system32\vbscript.dll
2012-11-10 02:51 . 2012-11-10 02:51 71680 ----a-w- c:\windows\system32\atl.dll
2012-11-10 02:50 . 2012-11-10 02:50 297472 ----a-w- c:\windows\system32\gdi32.dll
2012-11-10 02:49 . 2012-11-10 02:49 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2012-11-10 02:48 . 2012-11-10 02:48 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2012-11-10 02:48 . 2012-11-10 02:48 30208 ----a-w- c:\windows\system32\xolehlp.dll
2012-11-10 02:47 . 2012-11-10 02:47 156160 ----a-w- c:\windows\system32\wkssvc.dll
2012-11-10 02:47 . 2012-11-10 02:47 36352 ----a-w- c:\windows\system32\tsgqec.dll
2012-11-10 02:47 . 2012-11-10 02:47 1871872 ----a-w- c:\windows\system32\mstscax.dll
2012-11-10 02:47 . 2012-11-10 02:47 116736 ----a-w- c:\windows\system32\aaclient.dll
2012-11-10 02:46 . 2012-11-10 02:46 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2012-11-10 02:44 . 2012-11-10 02:44 414208 ----a-w- c:\windows\system32\msscp.dll
2012-11-10 02:44 . 2012-11-10 02:44 86016 ----a-w- c:\windows\system32\icfupgd.dll
2012-11-10 02:44 . 2012-11-10 02:44 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2012-11-10 02:44 . 2012-11-10 02:44 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2012-11-10 02:44 . 2012-11-10 02:44 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2012-11-10 02:44 . 2012-11-10 02:44 16896 ----a-w- c:\windows\system32\wfapigp.dll
2012-11-10 02:44 . 2012-11-10 02:44 61952 ----a-w- c:\windows\system32\cmifw.dll
2012-11-10 02:40 . 2012-11-10 02:40 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-10 02:39 . 2012-11-10 02:39 696832 ----a-w- c:\windows\system32\localspl.dll
2012-11-10 02:38 . 2012-11-10 02:38 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2012-11-10 02:38 . 2012-11-10 02:38 2923520 ----a-w- c:\windows\explorer.exe
2012-11-10 02:37 . 2012-11-10 02:37 171520 ----a-w- c:\windows\system32\wintrust.dll
2012-11-10 02:36 . 2012-11-10 02:36 7680 ----a-w- c:\windows\system32\lsass.exe
2012-11-10 02:36 . 2012-11-10 02:36 72704 ----a-w- c:\windows\system32\secur32.dll
2012-11-10 02:36 . 2012-11-10 02:36 494592 ----a-w- c:\windows\system32\kerberos.dll
2012-11-10 02:36 . 2012-11-10 02:36 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-11-10 02:36 . 2012-11-10 02:36 175104 ----a-w- c:\windows\system32\wdigest.dll
2012-11-10 02:36 . 2012-11-10 02:36 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-10 02:36 . 2012-11-10 02:36 272384 ----a-w- c:\windows\system32\schannel.dll
2012-12-05 08:07 . 2012-12-05 08:07 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2012-11-10 1232896]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Cumulus.lnk - c:\cumulus\cumulus.exe [2011-12-26 10076672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ECACHE
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-09 16:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\53v402vt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: network.proxy.socks - 10.0.0.40
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-10 11:11; eliteproxyswitcher@my-proxy.com; c:\users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\53v402vt.default\extensions\eliteproxyswitcher@my-proxy.com.xpi
FF - ExtSQL: 2012-11-23 20:06; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-09 19:18
Windows 6.0.6000 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Celkový čas: 2013-01-09 19:20:08
ComboFix-quarantined-files.txt 2013-01-09 18:20
.
Před spuštěním: Volných bajtů: 53 439 127 552
Po spuštění: Volných bajtů: 53 612 150 784
.
- - End Of File - - A5A74A4A1057E6578A6E4DBE5E47166F
Combofix.txt tu je:
ComboFix 13-01-08.01 - Pavel 09.01.2013 19:12:39.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.2047.1676 [GMT 1:00]
Spuštěný z: c:\users\Pavel\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
c:\users\Pavel\wgsdgsdgdsgsd.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-09 do 2013-01-09 )))))))))))))))))))))))))))))))
.
.
2013-01-09 18:18 . 2013-01-09 18:18 -------- d-----w- c:\users\Pavel\AppData\Local\temp
2013-01-08 20:18 . 2013-01-08 20:18 2892 ----a-w- c:\programdata\dsgsdgdsgdsgw.js
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 16:21 . 2012-11-09 23:18 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 16:21 . 2012-11-09 23:18 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-05 20:09 . 2012-12-05 20:09 1178737 ----a-w- c:\windows\unins003.exe
2012-12-05 20:08 . 2012-12-05 20:09 1188443 ----a-w- c:\windows\unins002.exe
2012-11-23 19:53 . 2012-11-23 19:53 348256 ----a-w- c:\programdata\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2012-11-23 19:53 . 2012-11-23 19:53 348256 ----a-w- c:\programdata\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2012-11-23 19:52 . 2012-11-23 19:52 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-11-12 17:11 . 2012-11-12 17:11 515664 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-11-12 10:57 . 2012-11-12 10:57 687771 ----a-w- c:\windows\unins001.exe
2012-11-12 10:54 . 2012-11-12 10:54 687753 ----a-w- c:\windows\unins000.exe
2012-11-11 02:06 . 2012-11-11 02:06 378368 ----a-w- c:\windows\system32\winhttp.dll
2012-11-11 02:05 . 2012-11-11 02:05 268800 ----a-w- c:\windows\system32\es.dll
2012-11-11 02:04 . 2012-11-11 02:04 40960 ----a-w- c:\windows\system32\drivers\cs-CZ\http.sys.mui
2012-11-10 03:05 . 2012-11-10 03:05 72704 ----a-w- c:\windows\system32\fontsub.dll
2012-11-10 03:05 . 2012-11-10 03:05 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-11-10 03:05 . 2012-11-10 03:05 289792 ----a-w- c:\windows\system32\atmfd.dll
2012-11-10 03:05 . 2012-11-10 03:05 24064 ----a-w- c:\windows\system32\lpk.dll
2012-11-10 03:05 . 2012-11-10 03:05 156672 ----a-w- c:\windows\system32\t2embed.dll
2012-11-10 03:05 . 2012-11-10 03:05 10240 ----a-w- c:\windows\system32\dciman32.dll
2012-11-10 03:04 . 2012-11-10 03:04 72704 ----a-w- c:\windows\system32\admparse.dll
2012-11-10 03:04 . 2012-11-10 03:04 832512 ----a-w- c:\windows\system32\wininet.dll
2012-11-10 03:04 . 2012-11-10 03:04 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2012-11-10 03:04 . 2012-11-10 03:04 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-11-10 03:04 . 2012-11-10 03:04 48128 ----a-w- c:\windows\system32\mshtmler.dll
2012-11-10 03:04 . 2012-11-10 03:04 389120 ----a-w- c:\windows\system32\html.iec
2012-11-10 03:04 . 2012-11-10 03:04 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-10 03:04 . 2012-11-10 03:04 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-10 03:04 . 2012-11-10 03:04 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-10 03:04 . 2012-11-10 03:04 56320 ----a-w- c:\windows\system32\iesetup.dll
2012-11-10 03:02 . 2012-11-10 03:02 61440 ----a-w- c:\windows\system32\winipsec.dll
2012-11-10 03:02 . 2012-11-10 03:02 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2012-11-10 03:02 . 2012-11-10 03:02 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2012-11-10 03:02 . 2012-11-10 03:02 272896 ----a-w- c:\windows\system32\polstore.dll
2012-11-10 03:02 . 2012-11-10 03:02 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-11-10 03:02 . 2012-11-10 03:02 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2012-11-10 03:01 . 2012-11-10 03:01 87040 ----a-w- c:\windows\system32\msoert2.dll
2012-11-10 03:01 . 2012-11-10 03:01 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2012-11-10 03:01 . 2012-11-10 03:01 205824 ----a-w- c:\windows\system32\msoeacct.dll
2012-11-10 03:00 . 2012-11-10 03:00 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-11-10 03:00 . 2012-11-10 03:00 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2012-11-10 03:00 . 2012-11-10 03:00 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2012-11-10 03:00 . 2012-11-10 03:00 19968 ----a-w- c:\windows\system32\ARP.EXE
2012-11-10 03:00 . 2012-11-10 03:00 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2012-11-10 03:00 . 2012-11-10 03:00 15360 ----a-w- c:\windows\system32\netevent.dll
2012-11-10 03:00 . 2012-11-10 03:00 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2012-11-10 03:00 . 2012-11-10 03:00 103936 ----a-w- c:\windows\system32\netiohlp.dll
2012-11-10 03:00 . 2012-11-10 03:00 10240 ----a-w- c:\windows\system32\finger.exe
2012-11-10 02:59 . 2012-11-10 02:59 194560 ----a-w- c:\windows\system32\WebClnt.dll
2012-11-10 02:59 . 2012-11-10 02:59 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2012-11-10 02:58 . 2012-11-10 02:58 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2012-11-10 02:58 . 2012-11-10 02:58 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2012-11-10 02:58 . 2012-11-10 02:58 502272 ----a-w- c:\windows\system32\wlansvc.dll
2012-11-10 02:58 . 2012-11-10 02:58 47104 ----a-w- c:\windows\system32\wlanapi.dll
2012-11-10 02:58 . 2012-11-10 02:58 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2012-11-10 02:58 . 2012-11-10 02:58 297984 ----a-w- c:\windows\system32\wlansec.dll
2012-11-10 02:57 . 2012-11-10 02:57 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-11-10 02:57 . 2012-11-10 02:57 1260032 ----a-w- c:\windows\system32\msxml3.dll
2012-11-10 02:57 . 2012-11-10 02:57 2048 ----a-w- c:\windows\system32\msxml6r.dll
2012-11-10 02:57 . 2012-11-10 02:57 1406464 ----a-w- c:\windows\system32\msxml6.dll
2012-11-10 02:57 . 2012-11-10 02:57 216576 ----a-w- c:\windows\system32\msv1_0.dll
2012-11-10 02:56 . 2012-11-10 02:56 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-11-10 02:56 . 2012-11-10 02:56 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-11-10 02:56 . 2012-11-10 02:56 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-11-10 02:55 . 2012-11-10 02:55 49664 ----a-w- c:\windows\system32\csrsrv.dll
2012-11-10 02:55 . 2012-11-10 02:55 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-11-10 02:54 . 2012-11-10 02:54 98816 ----a-w- c:\windows\system32\mfps.dll
2012-11-10 02:54 . 2012-11-10 02:54 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2012-11-10 02:54 . 2012-11-10 02:54 2855424 ----a-w- c:\windows\system32\mf.dll
2012-11-10 02:54 . 2012-11-10 02:54 2048 ----a-w- c:\windows\system32\mferror.dll
2012-11-10 02:54 . 2012-11-10 02:54 24576 ----a-w- c:\windows\system32\mfpmp.exe
2012-11-10 02:52 . 2012-11-10 02:52 434176 ----a-w- c:\windows\system32\vbscript.dll
2012-11-10 02:51 . 2012-11-10 02:51 71680 ----a-w- c:\windows\system32\atl.dll
2012-11-10 02:50 . 2012-11-10 02:50 297472 ----a-w- c:\windows\system32\gdi32.dll
2012-11-10 02:49 . 2012-11-10 02:49 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2012-11-10 02:48 . 2012-11-10 02:48 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2012-11-10 02:48 . 2012-11-10 02:48 30208 ----a-w- c:\windows\system32\xolehlp.dll
2012-11-10 02:47 . 2012-11-10 02:47 156160 ----a-w- c:\windows\system32\wkssvc.dll
2012-11-10 02:47 . 2012-11-10 02:47 36352 ----a-w- c:\windows\system32\tsgqec.dll
2012-11-10 02:47 . 2012-11-10 02:47 1871872 ----a-w- c:\windows\system32\mstscax.dll
2012-11-10 02:47 . 2012-11-10 02:47 116736 ----a-w- c:\windows\system32\aaclient.dll
2012-11-10 02:46 . 2012-11-10 02:46 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2012-11-10 02:44 . 2012-11-10 02:44 414208 ----a-w- c:\windows\system32\msscp.dll
2012-11-10 02:44 . 2012-11-10 02:44 86016 ----a-w- c:\windows\system32\icfupgd.dll
2012-11-10 02:44 . 2012-11-10 02:44 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2012-11-10 02:44 . 2012-11-10 02:44 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2012-11-10 02:44 . 2012-11-10 02:44 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2012-11-10 02:44 . 2012-11-10 02:44 16896 ----a-w- c:\windows\system32\wfapigp.dll
2012-11-10 02:44 . 2012-11-10 02:44 61952 ----a-w- c:\windows\system32\cmifw.dll
2012-11-10 02:40 . 2012-11-10 02:40 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-10 02:39 . 2012-11-10 02:39 696832 ----a-w- c:\windows\system32\localspl.dll
2012-11-10 02:38 . 2012-11-10 02:38 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2012-11-10 02:38 . 2012-11-10 02:38 2923520 ----a-w- c:\windows\explorer.exe
2012-11-10 02:37 . 2012-11-10 02:37 171520 ----a-w- c:\windows\system32\wintrust.dll
2012-11-10 02:36 . 2012-11-10 02:36 7680 ----a-w- c:\windows\system32\lsass.exe
2012-11-10 02:36 . 2012-11-10 02:36 72704 ----a-w- c:\windows\system32\secur32.dll
2012-11-10 02:36 . 2012-11-10 02:36 494592 ----a-w- c:\windows\system32\kerberos.dll
2012-11-10 02:36 . 2012-11-10 02:36 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-11-10 02:36 . 2012-11-10 02:36 175104 ----a-w- c:\windows\system32\wdigest.dll
2012-11-10 02:36 . 2012-11-10 02:36 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-10 02:36 . 2012-11-10 02:36 272384 ----a-w- c:\windows\system32\schannel.dll
2012-12-05 08:07 . 2012-12-05 08:07 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2012-11-10 1232896]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Cumulus.lnk - c:\cumulus\cumulus.exe [2011-12-26 10076672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ECACHE
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-09 16:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\53v402vt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: network.proxy.socks - 10.0.0.40
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-10 11:11; eliteproxyswitcher@my-proxy.com; c:\users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\53v402vt.default\extensions\eliteproxyswitcher@my-proxy.com.xpi
FF - ExtSQL: 2012-11-23 20:06; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-09 19:18
Windows 6.0.6000 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Celkový čas: 2013-01-09 19:20:08
ComboFix-quarantined-files.txt 2013-01-09 18:20
.
Před spuštěním: Volných bajtů: 53 439 127 552
Po spuštění: Volných bajtů: 53 612 150 784
.
- - End Of File - - A5A74A4A1057E6578A6E4DBE5E47166F
Re: Zbytky nějaké havěti
Díky za prověření, smažu.
Co se stanice týče tak je to GARNI 1080. Celkově spokojenost, ale zjistili jsme, že tam je nějak "lacině" řešen A/D převodník, takže při dlouhém kabelu mezi teploměrem (dole ve stínu) a senzorem větru (nahoře na střeše) se občas v odečtu teploty objevují náhlé chyby.
Co se stanice týče tak je to GARNI 1080. Celkově spokojenost, ale zjistili jsme, že tam je nějak "lacině" řešen A/D převodník, takže při dlouhém kabelu mezi teploměrem (dole ve stínu) a senzorem větru (nahoře na střeše) se občas v odečtu teploty objevují náhlé chyby.
Přispějete na provoz fóra?