na notebooku - zvuk a video se zacalo trhat, zvuk chrasti
Napsal: 08 pro 2012 21:59
Dobry den, na notebooku se zniceho nic seka zvuk a video a zvuk chrasti. Dekuji.
ComboFix 12-12-07.01 - Janicka 08.12.2012 14:23:06.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2038.1412 [GMT 1:00]
Spuštěný z: c:\documents and settings\Janicka\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\MAILTRAN.INI
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\TRNCOM.INI
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-08 do 2012-12-08 )))))))))))))))))))))))))))))))
.
.
2012-12-08 12:58 . 2012-12-08 12:59 -------- d-----w- c:\program files\CCleaner
2012-12-08 12:37 . 2007-05-10 09:23 4952064 ----a-w- c:\windows\system32\stacgui.cpl
2012-12-08 12:37 . 2007-05-10 09:22 405504 ----a-w- c:\windows\stsystra.exe
2012-12-08 12:37 . 2007-04-10 16:02 1601536 ----a-w- c:\windows\system32\stlang.dll
2012-12-08 12:37 . 2012-12-08 12:37 -------- d-----w- c:\windows\LastGood
2012-12-08 12:36 . 2007-05-10 09:23 270336 ----a-w- c:\windows\system32\stacapi.dll
2012-12-08 12:25 . 2012-12-08 12:26 -------- d-----w- c:\documents and settings\Janicka\Local Settings\Data aplikací\Akamai
2012-12-08 11:42 . 2012-12-08 11:40 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-08 11:42 . 2012-12-08 11:41 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-18 18:33 . 2012-11-18 18:33 -------- d-----w- c:\documents and settings\All Users\Synology
2012-11-18 18:33 . 2012-11-18 18:33 -------- d-----w- c:\program files\Synology
2012-11-15 20:13 . 2012-11-15 20:16 -------- d-----w- c:\documents and settings\Janicka\Data aplikací\flash
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-08 11:40 . 2012-03-02 13:51 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-08 11:40 . 2012-03-02 13:53 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-08 11:35 . 2012-04-13 19:19 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-08 11:35 . 2012-03-02 12:40 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 19:57 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2006-03-02 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-11-19 17:09 . 2012-11-19 17:09 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 14:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-01-31 17147528]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"OEXPRESS"="c:\windows\OETRN.EXE" [2012-03-02 26624]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-21 39408]
"Akamai NetSession Interface"="c:\documents and settings\Janicka\Local Settings\Data aplikací\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"RemoteControl11"="c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-04-20 234792]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe" [2004-06-22 729088]
"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-06-03 32768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Janicka\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2012-3-3 106560]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD11\\PowerDVD11.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD11\\PDVD11Serv.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD11\\Common\\MediaServer\\CLMSServer.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD11\\Movie\\PowerDVD Cinema\\PowerDVDCinema11.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Synology\\Assistant\\DSAssistant.exe"=
"c:\\Documents and Settings\\Janicka\\Local Settings\\Data aplikací\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3170:TCP"= 3170:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/03/03 12:15];c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [3.3.2012 12:14 77296]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [3.3.2012 12:15 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [3.3.2012 12:15 70952]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [3.3.2012 12:15 312616]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.2.2012 17:38 1373576]
R2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [3.3.2012 12:15 71664]
R2 UsbClientService;UsbClientService;c:\program files\Synology\Assistant\UsbClientService.exe [18.9.2012 4:10 248704]
R3 busenum;Synology Virtual USB Hub;c:\windows\system32\drivers\busenum.sys [27.8.2012 10:19 45792]
R3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [9.6.2012 9:39 146720]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [31.1.2012 15:09 158856]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2.3.2012 12:00 11520]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - HTTPFILTER
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 11:35]
.
2012-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-21 23:03]
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-21 23:03]
.
2012-12-08 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 14:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Trusted Zone: dell.com
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Janicka\Data aplikací\Mozilla\Firefox\Profiles\u5fg26pk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_result ... r=1.3.1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.3.1&q=
FF - ExtSQL: !HIDDEN! 2012-03-10 09:27; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-08 14:30
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\System32\BCMLogon.dll
.
Celkový čas: 2012-12-08 14:33:34
ComboFix-quarantined-files.txt 2012-12-08 13:33
.
Před spuštěním: Volných bajtů: 31 355 428 864
Po spuštění: Volných bajtů: 31 583 186 944
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 6A8753445D009663C937AC2DCF952335
ComboFix 12-12-07.01 - Janicka 08.12.2012 14:23:06.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2038.1412 [GMT 1:00]
Spuštěný z: c:\documents and settings\Janicka\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\MAILTRAN.INI
c:\documents and settings\NetworkService\Local Settings\Temporary Internet Files\TRNCOM.INI
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-08 do 2012-12-08 )))))))))))))))))))))))))))))))
.
.
2012-12-08 12:58 . 2012-12-08 12:59 -------- d-----w- c:\program files\CCleaner
2012-12-08 12:37 . 2007-05-10 09:23 4952064 ----a-w- c:\windows\system32\stacgui.cpl
2012-12-08 12:37 . 2007-05-10 09:22 405504 ----a-w- c:\windows\stsystra.exe
2012-12-08 12:37 . 2007-04-10 16:02 1601536 ----a-w- c:\windows\system32\stlang.dll
2012-12-08 12:37 . 2012-12-08 12:37 -------- d-----w- c:\windows\LastGood
2012-12-08 12:36 . 2007-05-10 09:23 270336 ----a-w- c:\windows\system32\stacapi.dll
2012-12-08 12:25 . 2012-12-08 12:26 -------- d-----w- c:\documents and settings\Janicka\Local Settings\Data aplikací\Akamai
2012-12-08 11:42 . 2012-12-08 11:40 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-08 11:42 . 2012-12-08 11:41 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-18 18:33 . 2012-11-18 18:33 -------- d-----w- c:\documents and settings\All Users\Synology
2012-11-18 18:33 . 2012-11-18 18:33 -------- d-----w- c:\program files\Synology
2012-11-15 20:13 . 2012-11-15 20:16 -------- d-----w- c:\documents and settings\Janicka\Data aplikací\flash
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-08 11:40 . 2012-03-02 13:51 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-08 11:40 . 2012-03-02 13:53 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-08 11:35 . 2012-04-13 19:19 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-08 11:35 . 2012-03-02 12:40 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 19:57 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2006-03-02 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-11-19 17:09 . 2012-11-19 17:09 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 14:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-01-31 17147528]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"OEXPRESS"="c:\windows\OETRN.EXE" [2012-03-02 26624]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-21 39408]
"Akamai NetSession Interface"="c:\documents and settings\Janicka\Local Settings\Data aplikací\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"RemoteControl11"="c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-04-20 234792]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe" [2004-06-22 729088]
"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-06-03 32768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Janicka\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2012-3-3 106560]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD11\\PowerDVD11.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD11\\PDVD11Serv.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD11\\Common\\MediaServer\\CLMSServer.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD11\\Movie\\PowerDVD Cinema\\PowerDVDCinema11.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Synology\\Assistant\\DSAssistant.exe"=
"c:\\Documents and Settings\\Janicka\\Local Settings\\Data aplikací\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3170:TCP"= 3170:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/03/03 12:15];c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [3.3.2012 12:14 77296]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [3.3.2012 12:15 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [3.3.2012 12:15 70952]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [3.3.2012 12:15 312616]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [28.2.2012 17:38 1373576]
R2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [3.3.2012 12:15 71664]
R2 UsbClientService;UsbClientService;c:\program files\Synology\Assistant\UsbClientService.exe [18.9.2012 4:10 248704]
R3 busenum;Synology Virtual USB Hub;c:\windows\system32\drivers\busenum.sys [27.8.2012 10:19 45792]
R3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [9.6.2012 9:39 146720]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [31.1.2012 15:09 158856]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2.3.2012 12:00 11520]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - HTTPFILTER
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 11:35]
.
2012-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-21 23:03]
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-21 23:03]
.
2012-12-08 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 14:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Trusted Zone: dell.com
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Janicka\Data aplikací\Mozilla\Firefox\Profiles\u5fg26pk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_result ... r=1.3.1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.3.1&q=
FF - ExtSQL: !HIDDEN! 2012-03-10 09:27; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-08 14:30
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\System32\BCMLogon.dll
.
Celkový čas: 2012-12-08 14:33:34
ComboFix-quarantined-files.txt 2012-12-08 13:33
.
Před spuštěním: Volných bajtů: 31 355 428 864
Po spuštění: Volných bajtů: 31 583 186 944
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 6A8753445D009663C937AC2DCF952335
