Re: prosba o pomoc
Napsal: 15 črc 2010 19:35
ComboFix 10-07-15.01 - Administrator 15.07.2010 20:22:18.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.783 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Dokumenty\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 100714-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-15 do 2010-07-15 )))))))))))))))))))))))))))))))
.
2012-09-22 15:09 . 2012-09-22 15:09 -------- d-----w- c:\program files\Eee Storage
2012-09-22 15:08 . 2012-09-22 15:08 -------- d-----w- c:\program files\Elantech
2012-09-22 08:32 . 2008-04-08 13:59 10752 ----a-w- c:\windows\system32\drivers\ASUSACPI.SYS
2012-09-22 08:32 . 2012-09-22 08:32 -------- d-----w- c:\program files\EeePC
2010-07-15 17:22 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-15 17:22 . 2010-07-15 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-15 17:22 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-15 15:09 . 2010-07-15 15:09 -------- d-----w- C:\_OTM
2010-07-15 09:32 . 2010-07-15 09:32 -------- d-----w- c:\program files\trend micro
2010-07-15 09:31 . 2010-07-15 09:32 -------- d-----w- C:\rsit
2010-07-15 06:09 . 2010-07-15 06:09 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-15 06:07 . 2010-07-15 06:07 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-14 15:10 . 2010-07-14 15:10 -------- d--h--w- c:\windows\$hf_mig$
2010-07-13 20:02 . 2010-07-13 20:08 -------- d-----w- c:\program files\Cyklotrasy
2010-07-11 10:30 . 2010-07-11 10:30 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-11 10:27 . 2010-07-11 10:28 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-07-11 10:27 . 2010-07-11 10:27 -------- d-----w- c:\windows\system32\LogFiles
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-22 08:33 . 2008-08-19 08:13 -------- d-----w- c:\program files\ASUS
2010-06-14 14:31 . 2008-07-29 16:21 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-25 12:58 . 2008-07-29 17:34 62336 ----a-w- c:\windows\system32\perfc005.dat
2010-05-25 12:58 . 2008-07-29 17:34 379806 ----a-w- c:\windows\system32\perfh005.dat
2010-05-06 10:35 . 2008-07-29 17:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2008-07-29 17:34 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2008-07-29 17:31 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-11-29 19:13 . 2009-11-29 19:13 1234120 ----a-w- c:\program files\wrar380cz.exe
2008-06-17 09:35 . 2009-07-09 15:41 212992 ----a-r- c:\program files\MSP_Uninstall.exe
2008-05-07 14:34 . 2008-08-19 08:31 15523560 ----a-w- c:\program files\U1 Setup.exe
2007-04-04 07:24 . 2009-07-09 15:41 90112 ----a-r- c:\program files\axesstel.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-09-17 106496]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-09-16 593920]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-09-03 335872]
"ETDWareDetect"="c:\program files\Elantech\ETDDect.exe" [2008-08-28 204800]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Karolinka Nov kov \Nabˇdka Start\Programy\Po spuçtŘnˇ\
StarOffice 8.lnk - c:\program files\Sun\StarOffice 8\program\quickstart.exe [2007-8-17 122880]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AutoRun OSCleaner.lnk - c:\program files\ASUS\Asus OS Cleaner\AsOSCleaner.exe [2008-8-19 118784]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2012-9-22 311296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 09:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [9.7.2009 17:41 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [9.7.2009 17:41 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\axtmvprt.sys [9.7.2009 17:41 38784]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [19.8.2008 10:21 38272]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bee19642-6c9e-11de-88e1-002354465ba1}]
\Shell\AutoRun\command - D:\Axesstel_Setup.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-WindowsSysControl - c:\documents and settings\Karolinka Nováková\Data aplikací\winsvrcn.exe
HKCU-Run-JDK5SWFMZY - c:\docume~1\KAROLI~1\LOCALS~1\Temp\Opr.exe
HKCU-Run-ICQ - ~c:\program files\ICQ7.0\ICQ.exe
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3012)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\RTHDCPL.EXE
c:\program files\Sun\StarOffice 8\program\soffice.exe
c:\program files\Sun\StarOffice 8\program\soffice.BIN
.
**************************************************************************
.
Celkový čas: 2010-07-15 20:33:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-15 18:33
Před spuštěním: 8 270 708 736
Po spuštění: 8 246 218 752
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 10A463EF41936EBAE2EF9ACEDC981FFE
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.783 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Dokumenty\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 100714-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-15 do 2010-07-15 )))))))))))))))))))))))))))))))
.
2012-09-22 15:09 . 2012-09-22 15:09 -------- d-----w- c:\program files\Eee Storage
2012-09-22 15:08 . 2012-09-22 15:08 -------- d-----w- c:\program files\Elantech
2012-09-22 08:32 . 2008-04-08 13:59 10752 ----a-w- c:\windows\system32\drivers\ASUSACPI.SYS
2012-09-22 08:32 . 2012-09-22 08:32 -------- d-----w- c:\program files\EeePC
2010-07-15 17:22 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-15 17:22 . 2010-07-15 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-15 17:22 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-15 15:09 . 2010-07-15 15:09 -------- d-----w- C:\_OTM
2010-07-15 09:32 . 2010-07-15 09:32 -------- d-----w- c:\program files\trend micro
2010-07-15 09:31 . 2010-07-15 09:32 -------- d-----w- C:\rsit
2010-07-15 06:09 . 2010-07-15 06:09 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-15 06:07 . 2010-07-15 06:07 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-14 15:10 . 2010-07-14 15:10 -------- d--h--w- c:\windows\$hf_mig$
2010-07-13 20:02 . 2010-07-13 20:08 -------- d-----w- c:\program files\Cyklotrasy
2010-07-11 10:30 . 2010-07-11 10:30 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-11 10:27 . 2010-07-11 10:28 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-07-11 10:27 . 2010-07-11 10:27 -------- d-----w- c:\windows\system32\LogFiles
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-22 08:33 . 2008-08-19 08:13 -------- d-----w- c:\program files\ASUS
2010-06-14 14:31 . 2008-07-29 16:21 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-25 12:58 . 2008-07-29 17:34 62336 ----a-w- c:\windows\system32\perfc005.dat
2010-05-25 12:58 . 2008-07-29 17:34 379806 ----a-w- c:\windows\system32\perfh005.dat
2010-05-06 10:35 . 2008-07-29 17:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:09 . 2008-07-29 17:34 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:32 . 2008-07-29 17:31 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-11-29 19:13 . 2009-11-29 19:13 1234120 ----a-w- c:\program files\wrar380cz.exe
2008-06-17 09:35 . 2009-07-09 15:41 212992 ----a-r- c:\program files\MSP_Uninstall.exe
2008-05-07 14:34 . 2008-08-19 08:31 15523560 ----a-w- c:\program files\U1 Setup.exe
2007-04-04 07:24 . 2009-07-09 15:41 90112 ----a-r- c:\program files\axesstel.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-09-17 106496]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-09-16 593920]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-09-03 335872]
"ETDWareDetect"="c:\program files\Elantech\ETDDect.exe" [2008-08-28 204800]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Karolinka Nov kov \Nabˇdka Start\Programy\Po spuçtŘnˇ\
StarOffice 8.lnk - c:\program files\Sun\StarOffice 8\program\quickstart.exe [2007-8-17 122880]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AutoRun OSCleaner.lnk - c:\program files\ASUS\Asus OS Cleaner\AsOSCleaner.exe [2008-8-19 118784]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2012-9-22 311296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 09:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [9.7.2009 17:41 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [9.7.2009 17:41 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\axtmvprt.sys [9.7.2009 17:41 38784]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [19.8.2008 10:21 38272]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bee19642-6c9e-11de-88e1-002354465ba1}]
\Shell\AutoRun\command - D:\Axesstel_Setup.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://home.sweetim.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-WindowsSysControl - c:\documents and settings\Karolinka Nováková\Data aplikací\winsvrcn.exe
HKCU-Run-JDK5SWFMZY - c:\docume~1\KAROLI~1\LOCALS~1\Temp\Opr.exe
HKCU-Run-ICQ - ~c:\program files\ICQ7.0\ICQ.exe
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3012)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\RTHDCPL.EXE
c:\program files\Sun\StarOffice 8\program\soffice.exe
c:\program files\Sun\StarOffice 8\program\soffice.BIN
.
**************************************************************************
.
Celkový čas: 2010-07-15 20:33:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-15 18:33
Před spuštěním: 8 270 708 736
Po spuštění: 8 246 218 752
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 10A463EF41936EBAE2EF9ACEDC981FFE
no co uz...uz je to ok,,ale combofix stale je niekde inde,,preto odinstalujes ho takto: