Pomoc, suspenzor PC

[AnnaCV]

Ahojky, jsem tu nová a prosím o pomoc. Nemůžu se zbavit suspenzorpc , jsem laik a možná se mnou přijdete o nervy. Moc prosím pomooooooooooooc, děkuju zoufalá AnnaCV

[Reklama]

[AnnaCV]

Zapomněla jsem. Tady je log


ComboFix 08-02-20.1 - Administrator 2008-02-21 9:44:13.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.265 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
.

2008-02-20 19:45 . 2004-08-17 14:49 147,968 --a------ C:\WINDOWS\R.COM
2008-02-20 19:45 . 2004-08-17 14:49 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-02-20 19:45 . 2008-02-20 19:46 50 --a------ C:\WINDOWS\Lic.xxx
2008-02-19 19:04 . 2008-02-19 19:04 <DIR> dr------- C:\Documents and Settings\NetworkService\Oblíbené položky
2008-02-19 11:14 . 2008-02-19 17:10 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-19 11:14 . 2008-02-19 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-02-19 09:20 . 2008-02-19 09:20 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\SuspenzorPC
2008-02-19 09:14 . 2008-02-19 09:14 <DIR> d-------- C:\Program Files\Common Files\SuspenzorPC
2008-02-19 09:14 . 2008-02-19 09:58 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC
2008-02-19 09:13 . 2007-02-13 08:09 388,126 --a------ C:\WINDOWS\system32\sqlite3.dll
2008-02-19 09:13 . 2008-02-19 09:13 253,448 --a------ C:\Documents and Settings\Administrator\Data aplikací\installer_cz[3].exe
2008-02-19 09:02 . 2008-02-19 09:02 18,944 --a------ C:\WINDOWS\system32\drvgof.dll
2008-02-18 17:52 . 2008-02-18 17:52 26,624 --a------ C:\WINDOWS\system32\winexy32.dll
2008-02-13 14:01 . 2008-02-13 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Avg7
2008-02-13 13:48 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-13 13:48 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-13 13:48 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-13 13:48 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-07 12:29 . 2008-02-07 12:29 <DIR> d-------- C:\Documents and Settings\Administrator\Různé
2008-02-01 19:31 . 2008-02-01 19:31 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQ Toolbar
2008-02-01 19:06 . 2008-02-20 19:35 <DIR> d-------- C:\Program Files\ICQToolbar
2008-02-01 19:06 . 2008-02-01 19:20 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQ
2008-02-01 19:05 . 2008-02-01 19:20 <DIR> d-------- C:\Program Files\ICQ6
2008-02-01 19:03 . 2008-02-01 19:03 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2008-01-31 21:33 . 2008-02-19 17:40 521 --a------ C:\hpfr3420.xml

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 17:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-01 21:10 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\MSN6
2008-02-01 18:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-31 19:02 --------- d-----w C:\Program Files\Google
2007-12-27 21:50 --------- d-----w C:\Program Files\SigmaTel
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-01-09 20:43 42,288 ----a-w C:\Documents and Settings\Administrator\Data aplikací\GDIPFONTCACHEV1.DAT
2005-08-28 19:28 0 ---ha-w C:\Documents and Settings\Administrator\hpothb07.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 14:49 1667584]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51 57344]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-31 15:25 171448]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-17 16:12 172280]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-15 10:42 4112384]
"nwiz"="nwiz.exe" [2004-07-15 10:42 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-07-15 10:42 81920]
"mouseElf"="C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE" [2002-08-20 10:59 172032]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Cmaudio"="cmicnfg.cpl" []
"MSys32"="D:\Hry\Tetris 3000\data\morfitwebentrance.exe" [ ]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-10-14 11:20 1224754]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-04 17:18 77824]
"DAEMON Tools-1033"="D:\Různé\daemon.exe" [2004-08-22 17:05 81920]
"CHotkey"="mHotkey.exe" [2002-07-05 15:37 491008 C:\WINDOWS\mHotkey.exe]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50 40960]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"MSDisp32"="C:\WINDOWS\system32\drvgof.dll" [2008-02-19 09:02 18944]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49 15360]

C:\Documents and Settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
PowerReg Scheduler.exe [2005-09-04 11:46:41 256000]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

R3 genmcmn;Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gmfiltr.sys [2002-05-29 19:21]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2006-01-20 14:48]

.
Contents of the 'Scheduled Tasks' folder
"2005-09-12 06:00:58 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1100415536.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 09:45:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"CHotkey"="mHotkey.exe"
.
Completion time: 2008-02-21 9:46:13
ComboFix-quarantined-files.txt 2008-02-21 08:45:57
ComboFix2.txt 2008-02-20 18:33:44

[memphisto]

Vítej na fóru PC-HELP.CZ

jdeš na to hopem.první jsi měla poslat log z HijackThis, ale to nevadí

[AnnaCV]

Ahoj
když já nevím jak se to hi.... (nevím jak se to píše( používá). Mohu se zeptat co mám dělat s tím co jsi mi poslal?

[memphisto]

poslal jsem ti návod.když klikneš na ten modrý název HijackThis, tak se ti otevře nová stránka s návodem, ale neva. jsi nová.to tě omlouvá

jinak otevři si ten návod-klikni hned v prvním odstavci na ZDE a stáhni si HJT do svého počítače, rozbal ho do vlastní složky, spusť, vyber scan and save logfile, vyskočí na tebe textový editor a celý jeho obsah zkopíruj sem do tohoto topicu pak se ti na to někdo mrkne a poradí

[AnnaCV]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:37, on 20.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
D:\Různé\daemon.exe
C:\WINDOWS\mHotkey.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Administrator\Plocha\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MSys32] "D:\Hry\Tetris 3000\data\morfitwebentrance.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Různé\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvgof.dll,startup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1899782968
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6838 bytes





Já jsem tady na to tele, promiň

[memphisto]

v pořádku.nic se neděje. já ti bohužellog nezkontroluju. vyznám se trochu v tom,ale přenechám to odborníkům jako Baron Prášil, Fredik atd. já tě jen nasměroval, aby pak měli ušetřenou práci, aby nemuseli z někoho páčit log,ale aby to všechno měli nachystané

[Rewqa]

Sorry, ze vstupuju do topicu, ale co je to ten SuspenzorPC? Uz sou tady o tom dva topicy.

[AnnaCV]

Je to hnus. Pořád se mi objevují jakási falešná oznámení. Žlutý trojúhelník a červený křížek. Nemůžu se toho zbavit, pořád mě to otravuje. Víc ti říct nemůžu, protože tomu sama nerozumím, jsem laik. Měj se hezky

[AnnaCV]

Snad jsem ti nezkomolila jméno. V každém případě ti moc děkuju Teď je doufám, že mi pomůže něhjaký ten odborník. Měj se hezky, AnnaCV

[Baron Prášil]

fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
O4 - HKLM\..\Run: [MSys32] "D:\Hry\Tetris 3000\data\morfitwebentrance.exe"
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvgof.dll,startup
O4 - Startup: PowerReg Scheduler.exe

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
D:\Hry\Tetris 3000\data\morfitwebentrance.exe
C:\WINDOWS\system32\drvgof.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSys32"=-
"MSDisp32"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+novej log z hijackthis

[AnnaCV]

ComboFix 08-02-20.1 - Administrator 2008-02-20 16:58:49.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.246 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\drvgof.dll
D:\Hry\Tetris 3000\data\morfitwebentrance.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drvgof.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.

2008-02-20 19:45 . 2004-08-17 14:49 147,968 --a------ C:\WINDOWS\R.COM
2008-02-20 19:45 . 2004-08-17 14:49 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-02-20 19:45 . 2008-02-20 19:46 50 --a------ C:\WINDOWS\Lic.xxx
2008-02-19 19:04 . 2008-02-19 19:04 <DIR> dr------- C:\Documents and Settings\NetworkService\Oblíbené položky
2008-02-19 11:14 . 2008-02-19 17:10 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-19 11:14 . 2008-02-19 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-02-19 09:20 . 2008-02-19 09:20 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\SuspenzorPC
2008-02-19 09:14 . 2008-02-19 09:14 <DIR> d-------- C:\Program Files\Common Files\SuspenzorPC
2008-02-19 09:14 . 2008-02-19 09:58 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SuspenzorPC
2008-02-19 09:13 . 2007-02-13 08:09 388,126 --a------ C:\WINDOWS\system32\sqlite3.dll
2008-02-19 09:13 . 2008-02-19 09:13 253,448 --a------ C:\Documents and Settings\Administrator\Data aplikací\installer_cz[3].exe
2008-02-18 17:52 . 2008-02-18 17:52 26,624 --a------ C:\WINDOWS\system32\winexy32.dll
2008-02-13 14:01 . 2008-02-13 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Avg7
2008-02-13 13:48 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-13 13:48 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-13 13:48 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-13 13:48 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-07 12:29 . 2008-02-07 12:29 <DIR> d-------- C:\Documents and Settings\Administrator\Různé
2008-02-01 19:31 . 2008-02-01 19:31 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQ Toolbar
2008-02-01 19:06 . 2008-02-21 09:47 <DIR> d-------- C:\Program Files\ICQToolbar
2008-02-01 19:06 . 2008-02-01 19:20 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ICQ
2008-02-01 19:05 . 2008-02-01 19:20 <DIR> d-------- C:\Program Files\ICQ6
2008-02-01 19:03 . 2008-02-01 19:03 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2008-01-31 21:33 . 2008-02-20 16:53 521 --a------ C:\hpfr3420.xml

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 17:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-01 21:10 --------- d-----w C:\Documents and Settings\Administrator\Data aplikací\MSN6
2008-02-01 18:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-31 19:02 --------- d-----w C:\Program Files\Google
2007-12-27 21:50 --------- d-----w C:\Program Files\SigmaTel
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-01-09 20:43 42,288 ----a-w C:\Documents and Settings\Administrator\Data aplikací\GDIPFONTCACHEV1.DAT
2005-08-28 19:28 0 ---ha-w C:\Documents and Settings\Administrator\hpothb07.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 14:49 1667584]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51 57344]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-31 15:25 171448]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-17 16:12 172280]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-15 10:42 4112384]
"nwiz"="nwiz.exe" [2004-07-15 10:42 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-07-15 10:42 81920]
"mouseElf"="C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE" [2002-08-20 10:59 172032]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Cmaudio"="cmicnfg.cpl" []
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-10-14 11:20 1224754]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-04 17:18 77824]
"DAEMON Tools-1033"="D:\Různé\daemon.exe" [2004-08-22 17:05 81920]
"CHotkey"="mHotkey.exe" [2002-07-05 15:37 491008 C:\WINDOWS\mHotkey.exe]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50 40960]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

R3 genmcmn;Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gmfiltr.sys [2002-05-29 19:21]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2006-01-20 14:48]

.
Contents of the 'Scheduled Tasks' folder
"2005-09-12 06:00:58 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1100415536.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 17:00:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"CHotkey"="mHotkey.exe"
.
Completion time: 2008-02-20 17:00:53
ComboFix-quarantined-files.txt 2008-02-20 16:00:37
ComboFix2.txt 2008-02-21 08:46:14
ComboFix3.txt 2008-02-20 18:33:44




Opravdu mockrát děkuju, teď jdu na ten hijackthis