prosim o kontrolu logu

[sluslu]

ComboFix 09-03-02.03 - zkouska 2009-03-04 16:08:33.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.511.122 [GMT 1:00]
Spuštěný z: c:\documents and settings\zkouska\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\zkouska\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated)
* Vytvořen nový Bod Obnovení
* Resident AV is active


FILE ::
c:\program files\Apple Software Update\SoftwareUpdate.exe
c:\program files\serial.tde
c:\program files\serial.zip
c:\program files\wunauclt.tbe
c:\program files\wunauclt.zip
c:\windows\system32\wunauclt.exe
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\zkouska\Data aplikací\AD ON Multimedia
c:\documents and settings\zkouska\Data aplikací\AD ON Multimedia\eBay Shortcuts\config.ini
c:\documents and settings\zkouska\Data aplikací\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-04 do 2009-03-04 )))))))))))))))))))))))))))))))
.

2009-03-02 17:01 . 2009-03-02 17:01 <DIR> d-------- c:\documents and settings\zkouska\Data aplikací\Lavasoft
2009-03-02 17:01 . 2009-03-02 17:01 <DIR> d-------- c:\documents and settings\zkouska\Data aplikací\Lavasoft
2009-03-02 17:01 . 2009-03-02 17:01 <DIR> d-------- c:\documents and settings\zkouska\Data aplikací\Lavasoft
2009-03-02 16:35 . 2009-03-02 16:35 <DIR> d-------- c:\documents and settings\zkouska\Data aplikací\Malwarebytes
2009-03-02 16:35 . 2009-03-02 16:35 <DIR> d-------- c:\documents and settings\zkouska\Data aplikací\Malwarebytes
2009-03-02 16:35 . 2009-03-02 16:35 <DIR> d-------- c:\documents and settings\zkouska\Data aplikací\Malwarebytes
2009-03-01 00:10 . 2009-03-01 00:10 <DIR> d-------- c:\program files\ICQ6Toolbar
2009-03-01 00:04 . 2009-03-01 00:14 <DIR> d-------- c:\program files\ICQ6.5
2009-02-19 15:32 . 2009-02-19 15:32 <DIR> d-------- c:\program files\Solveig Multimedia
2009-02-19 15:32 . 2009-02-23 13:06 <DIR> d-------- c:\program files\Common Files\Solveig Multimedia
2009-02-19 15:32 . 2009-02-23 13:06 <DIR> d-------- c:\program files\Common Files\Elecard
2009-02-19 14:56 . 2009-02-19 15:01 <DIR> d-------- c:\program files\ProgDVB
2009-02-15 12:05 . 2009-02-15 19:18 <DIR> d-------- c:\documents and settings\zkouska\Data aplikací\Azureus
2009-02-15 12:05 . 2009-02-15 19:18 <DIR> d-------- c:\documents and settings\zkouska\Data aplikací\Azureus
2009-02-15 12:05 . 2009-02-15 19:18 <DIR> d-------- c:\documents and settings\zkouska\Data aplikací\Azureus
2009-02-15 12:05 . 2009-02-15 12:05 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Azureus
2009-02-12 01:35 . 2009-02-12 01:35 <DIR> d-------- c:\documents and settings\zkouska\Data aplikací\InterVideo
2009-02-12 01:35 . 2009-02-12 01:35 <DIR> d-------- c:\documents and settings\zkouska\Data aplikací\InterVideo
2009-02-12 01:35 . 2009-02-12 01:35 <DIR> d-------- c:\documents and settings\zkouska\Data aplikací\InterVideo
2009-02-11 15:14 . 2009-02-11 15:15 <DIR> d-------- c:\program files\Winamp
2009-02-11 15:14 . 2009-02-11 15:23 <DIR> d-------- c:\documents and settings\zkouska\Data aplikací\Winamp
2009-02-11 15:14 . 2009-02-11 15:23 <DIR> d-------- c:\documents and settings\zkouska\Data aplikací\Winamp
2009-02-11 15:14 . 2009-02-11 15:23 <DIR> d-------- c:\documents and settings\zkouska\Data aplikací\Winamp
2009-02-11 14:13 . 2001-12-10 17:42 204,800 --a------ c:\windows\system32\IVIresizeW7.dll
2009-02-11 14:13 . 2001-12-10 17:42 200,704 --a------ c:\windows\system32\IVIresizeA6.dll
2009-02-11 14:13 . 2001-12-10 17:42 192,512 --a------ c:\windows\system32\IVIresizeP6.dll
2009-02-11 14:13 . 2001-12-10 17:42 192,512 --a------ c:\windows\system32\IVIresizeM6.dll
2009-02-11 14:13 . 2001-12-10 17:42 188,416 --a------ c:\windows\system32\IVIresizePX.dll
2009-02-11 14:13 . 2001-12-10 17:42 20,480 --a------ c:\windows\system32\IVIresize.dll
2009-02-11 14:10 . 2009-02-11 14:14 <DIR> d-------- c:\program files\InterVideo
2009-02-11 14:00 . 2003-03-25 10:27 59,392 --------- c:\windows\system32\agrsmdel.exe
2009-02-05 17:18 . 2009-02-05 17:18 <DIR> d-------- c:\program files\FLVPlayer
2009-02-05 01:49 . 2009-02-05 01:49 <DIR> d-------- c:\documents and settings\zkouska\Data aplikací\CyberLink
2009-02-05 01:49 . 2009-02-05 01:49 <DIR> d-------- c:\documents and settings\zkouska\Data aplikací\CyberLink
2009-02-05 01:49 . 2009-02-05 01:49 <DIR> d-------- c:\documents and settings\zkouska\Data aplikací\CyberLink
2009-02-04 22:46 . 2009-02-24 23:25 <DIR> d-------- c:\program files\Krtecek

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 14:54 --------- d-----w c:\program files\Apple Software Update
2009-03-02 17:59 --------- d-----w c:\documents and settings\zkouska\Data aplikací\Skype
2009-03-02 17:59 --------- d-----w c:\documents and settings\zkouska\Data aplikací\Skype
2009-03-02 17:59 --------- d-----w c:\documents and settings\zkouska\Data aplikací\Skype
2009-03-02 17:14 --------- d-----w c:\documents and settings\zkouska\Data aplikací\skypePM
2009-03-02 17:14 --------- d-----w c:\documents and settings\zkouska\Data aplikací\skypePM
2009-03-02 17:14 --------- d-----w c:\documents and settings\zkouska\Data aplikací\skypePM
2009-02-28 23:10 --------- d-----w c:\documents and settings\All Users\Data aplikací\ICQ
2009-02-23 23:17 --------- d-----w c:\documents and settings\zkouska\Data aplikací\ICQ
2009-02-23 23:17 --------- d-----w c:\documents and settings\zkouska\Data aplikací\ICQ
2009-02-23 23:17 --------- d-----w c:\documents and settings\zkouska\Data aplikací\ICQ
2009-02-23 15:29 --------- d-----w c:\program files\QIP
2009-02-22 21:37 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-15 11:19 --------- d-----w c:\program files\Azureus
2009-02-03 17:31 --------- d-----w c:\program files\IDAutomation.com Code 39 Free Font
2009-01-28 17:50 --------- d-----w c:\program files\ImTOO
2009-01-28 17:34 --------- d-----w c:\program files\Activision
2009-01-27 11:27 --------- d-----w c:\program files\Call of Duty Dawnville Demo
2009-01-26 23:09 --------- d-----w c:\program files\Call of Duty Single Player Demo
2009-01-26 09:40 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-25 23:45 --------- d-----w c:\program files\EA GAMES
2009-01-25 20:53 --------- d-----w c:\program files\GoldWave
2009-01-21 09:34 --------- d-----w c:\documents and settings\zkouska\Data aplikací\AdobeUM
2009-01-21 09:34 --------- d-----w c:\documents and settings\zkouska\Data aplikací\AdobeUM
2009-01-21 09:34 --------- d-----w c:\documents and settings\zkouska\Data aplikací\AdobeUM
2009-01-17 15:21 --------- d-----w c:\documents and settings\zkouska\Data aplikací\Teleca
2009-01-17 15:21 --------- d-----w c:\documents and settings\zkouska\Data aplikací\Teleca
2009-01-17 15:21 --------- d-----w c:\documents and settings\zkouska\Data aplikací\Teleca
2009-01-17 15:18 --------- d-----w c:\program files\Common Files\Teleca Shared
2009-01-17 15:18 --------- d-----w c:\documents and settings\All Users\Data aplikací\Sony Ericsson
2009-01-16 12:44 --------- d-----w c:\documents and settings\zkouska\Data aplikací\Canneverbe_Limited
2009-01-16 12:44 --------- d-----w c:\documents and settings\zkouska\Data aplikací\Canneverbe_Limited
2009-01-16 12:44 --------- d-----w c:\documents and settings\zkouska\Data aplikací\Canneverbe_Limited
2009-01-16 12:43 --------- d-----w c:\program files\CDBurnerXP
2009-01-16 12:39 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-11 14:31 --------- d-----w c:\program files\Ahead
2009-01-10 16:14 --------- d-----w c:\program files\Common Files\LightScribe
2009-01-10 16:14 --------- d-----w c:\documents and settings\zkouska\Data aplikací\Ahead
2009-01-10 16:14 --------- d-----w c:\documents and settings\zkouska\Data aplikací\Ahead
2009-01-10 16:14 --------- d-----w c:\documents and settings\zkouska\Data aplikací\Ahead
2009-01-10 16:09 --------- d-----w c:\program files\Common Files\Ahead
2009-01-07 09:45 720,896 -c--a-w c:\windows\iun6002.exe
2009-01-06 20:42 --------- d-----w c:\documents and settings\zkouska\Data aplikací\Nokia Multimedia Player
2009-01-06 20:42 --------- d-----w c:\documents and settings\zkouska\Data aplikací\Nokia Multimedia Player
2009-01-06 20:42 --------- d-----w c:\documents and settings\zkouska\Data aplikací\Nokia Multimedia Player
2009-01-04 17:53 --------- d-----w c:\documents and settings\zkouska\Data aplikací\DivX
2009-01-04 17:53 --------- d-----w c:\documents and settings\zkouska\Data aplikací\DivX
2009-01-04 17:53 --------- d-----w c:\documents and settings\zkouska\Data aplikací\DivX
2009-01-04 17:04 --------- d-----w c:\program files\QuickTime
2009-01-04 17:03 --------- d-----w c:\documents and settings\All Users\Data aplikací\Apple Computer
2009-01-04 17:01 --------- d-----w c:\program files\Botanika_zelena_priroda
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-01-02 12:34 32 -c--a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2007-12-28 20:37 336 -c-ha-w c:\documents and settings\LocalService\hpothb07.dat
2007-12-28 20:37 164 -c-ha-w c:\documents and settings\All Users\hpothb07.dat
2007-12-28 20:37 0 -c-ha-w c:\documents and settings\Default User\hpothb07.dat
2007-12-28 20:37 0 ---ha-w c:\documents and settings\zkouska\hpothb07.dat
2007-03-24 20:25 340 -c-ha-w c:\documents and settings\NetworkService\hpothb07.dat
2006-09-18 13:15 161 -c-ha-w c:\documents and settings\Zdenka\hpothb07.dat
2004-03-11 11:27 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2008-08-30 07:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083020080831\index.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-03-18 949376]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-03 136600]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-03-24 1294446]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Enable Labtec Wireless Desktop.lnk - c:\program files\Labtec Wireless Desktop\MagicKey.exe [2006-07-07 258048]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-02-11 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.l3codec"= l3codecp.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm) Demo\\mohpa_demo.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Aspyr Media, Inc\\THAW\\Game\\THAW.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Python25\\python.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\MumboJumbo\\Luxor\\luxor.exe"=
"c:\\Program Files\\EA GAMES\\MOHAADemo\\MOHAADemo.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9569:TCP"= 9569:TCP:BitComet 9569 TCP
"9569:UDP"= 9569:UDP:BitComet 9569 UDP

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2006-07-07 11776]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-03-18 15424]
R2 713xTVCard;SAA7134 TV Card;c:\windows\system32\drivers\SAA713x.sys [2005-03-15 277504]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2007-08-24 21920]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-04-21 9344]
S0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys --> c:\windows\system32\DRIVERS\viasraid.sys [?]
S1 prodrv03;Star Force copy protection driver v3;c:\windows\system32\drivers\prodrv03.sys [2006-10-07 115968]
S3 CapFilt;CapFilt;c:\windows\system32\drivers\CapFilt.sys [2007-03-10 17920]
S3 dTVdrvNT;dTVdrvNT;\??\c:\program files\AV Music Morpher Gold\Effects\DirectX\dTVdrvNT.sys --> c:\program files\AV Music Morpher Gold\Effects\DirectX\dTVdrvNT.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2007-06-16 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2007-06-16 85696]
.
Obsah adresáře 'Naplánované úlohy'

2009-03-03 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1198875995.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Connection Wizard,ShellNext = hxxp://www.seznam.cz/
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Zdenka\Nabídka Start\Programy\IMVU\Run IMVU.lnk
LSP: c:\windows\system32\imon.dll
TCP: {716FE1FB-B2B4-44C3-A0D0-90C4B0FF16A0} = 10.0.70.1,212.80.66.7
FF - ProfilePath - c:\documents and settings\zkouska\Data aplikací\Mozilla\Firefox\Profiles\qxtgj0g1.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 16:12:42
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(604)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2009-03-04 16:17:33
ComboFix-quarantined-files.txt 2009-03-04 15:17:27
ComboFix2.txt 2009-03-04 15:03:28
ComboFix3.txt 2009-03-04 12:53:03

Před spuštěním: Volných bajtů: 46 847 537 152
Po spuštění: Volných bajtů: 46,833,549,312

238 --- E O F --- 2009-02-25 11:35:06



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:47, on 4.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60064
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60064
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Zdenka\Nabídka Start\Programy\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2119009250
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2119428734
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{716FE1FB-B2B4-44C3-A0D0-90C4B0FF16A0}: NameServer = 10.0.70.1,212.80.66.7
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

--
End of file - 8985 bytes

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Vše.