Asi vir, prosím pomocte mi..... Vyřešeno

[vachi]

tajto zplneno jenze po restartu vyjel log z avengeru ale kousl se mi comp, takže ten log ted nemám, ulozil se automaticky nekam??? Jinak, pc ted hazí chyby že chybí nejake soubory v tom win32...

[Reklama]

[jaro3]

Pokud máš stáhlé Tools , tak tam je DDS pod názvem buss
a jestli Ti půjde VerTer, tak oba rozjeď

[vachi]

DDS (Version 1.1.0) - NTFSx86
Run by xp at 20:19:48,62 on so 10.01.2009
Internet Explorer: 6.0.2900.2180
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1470 [GMT 1:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\ksr10.tmp
svchost.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Games\Age Of Empires ii\Config.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EXPERTool\TBPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\xp\Plocha\buss.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.cz.o2.com/welcome/cz/index.html
uURLSearchHooks: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
BHO: Podpora odkazu pro Adobe PDF Reader: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: N/A: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\ssqQjKcA.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: N/A: {e0017ac1-552c-4250-84cd-cfbc61e8209a} - c:\windows\system32\geBuSMee.dll
TB: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [GAINWARD] c:\program files\expertool\TBPanel.exe /A
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ICQ] "c:\program files\icq6.5\ICQ.exe" silent
uRun: [rs32net] c:\windows\system32\rs32net.exe
uRun: [cogad] "c:\documents and settings\xp\data aplikací\cogad\cogad.exe" 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [DAEMON Tools Lite] c:\program files\daemon tools lite\daemon.exe -autorun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [WinampAgent] "c:\program files\winamp\Winampa.exe"
mRun: [tvjbmonitor] c:\program files\mmedia\tv jukebox 3.0\tvjbMonitor.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Config] c:\program files\microsoft games\age of empires ii\Config.exe
mRun: [TO2SSM_McciTrayApp] c:\program files\to2ssm\McciTrayApp.exe
mRun: [rs32net] c:\windows\system32\rs32net.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [54f554f2] rundll32.exe "c:\windows\system32\xmberwrs.dll",b
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uExplorerRun: [system] c:\windows\sys.exe f
StartupFolder: c:\docume~1\xp\nabdka~1\programy\posput~1\openof~1.lnk - c:\program files\openoffice.org 2.2\program\quickstart.exe
IE: Download Using &BitSpirit - c:\program files\bitspirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: sbqzkq - sbqzkq32.dll
Notify: ssqqjkca - ssqQjKcA.dll
SEH: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
c:\windows\system32\ssqQjKcA.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\geBuSMee

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\xp\dataap~1\mozilla\firefox\profiles\yvp6xdu5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\daemon tools toolbar\firefoxdtt\components\DTToolbarFF.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.SOAPEncoding.schemaCollection", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.key.chromeAccess", 4);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("keyword.URL", "chrome://browser-region/locale/region.properties");

============= SERVICES / DRIVERS ===============

R0 ati7ssxx;ati7ssxx;c:\windows\system32\drivers\ati7ssxx.sys [2009-1-9 32768]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-6-10 34312]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-5-12 611664]
R2 ekrn;Eset Service;"c:\program files\eset\eset nod32 antivirus\ekrn.exe" [2008-6-10 468224]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2008-12-9 222456]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-3 69120]
S0 ati0ffxx;ati0ffxx;c:\windows\system32\drivers\ati0ffxx.sys []
S2 icf;ICF;c:\windows\system32\svchost.exe:ext.exe []
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys [2009-1-9 5760]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys []

=============== Created Last 30 ================

2009-01-10 20:05 <DIR> --d----- c:\docume~1\xp\dataap~1\DAEMON Tools Pro
2009-01-10 00:05 <DIR> --d----- c:\program files\Mjcore
2009-01-10 00:05 1,261,816 ---sh--- c:\windows\system32\biksosbf.ini
2009-01-10 00:05 90,624 a------- c:\windows\system32\fbsoskib.dll
2009-01-09 14:25 <DIR> --d----- c:\docume~1\alluse~1\dataap~1\DAEMON Tools Lite
2009-01-09 14:25 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-01-09 14:25 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-01-09 14:25 <DIR> --d----- c:\docume~1\xp\dataap~1\DAEMON Tools Lite
2009-01-09 14:17 <DIR> --d----- c:\program files\Alcohol Soft
2009-01-09 10:30 <DIR> --d----- c:\program files\ESET
2009-01-09 10:21 5,760 a------- c:\windows\system32\drivers\restore.sys
2009-01-09 10:06 16,896 a------- c:\windows\system32\sbqzkq32.dll
2009-01-09 10:05 16,896 a------- c:\windows\system32\sbqzkq.dll
2009-01-09 10:05 32,768 a------- c:\windows\system32\drivers\ati7ssxx.sys
2009-01-09 00:20 507,400 a------- c:\windows\system32\XAudio2_1.dll
2009-01-09 00:20 238,088 a------- c:\windows\system32\xactengine3_1.dll
2009-01-09 00:20 65,032 a------- c:\windows\system32\XAPOFX1_0.dll
2009-01-09 00:20 3,850,760 a------- c:\windows\system32\D3DX9_38.dll
2009-01-09 00:20 1,491,992 a------- c:\windows\system32\D3DCompiler_38.dll
2009-01-09 00:20 467,984 a------- c:\windows\system32\d3dx10_38.dll
2009-01-09 00:20 25,608 a------- c:\windows\system32\X3DAudio1_4.dll
2009-01-09 00:19 <DIR> --d----- c:\windows\Logs
2009-01-09 00:19 682,280 a------- c:\windows\system32\pbsvc.exe
2009-01-09 00:04 1,254,442 ---sh--- c:\windows\system32\srwrebmx.ini
2009-01-09 00:03 178,243 a--sh--- c:\windows\system32\eeMSuBeg.ini2
2009-01-09 00:03 178,243 a--sh--- c:\windows\system32\eeMSuBeg.ini
2009-01-09 00:03 297,984 a------- c:\windows\system32\geBuSMee.dll
2009-01-08 23:59 <DIR> --d----- c:\docume~1\xp\dataap~1\cogad
2009-01-08 23:58 46,080 a------- c:\windows\system32\rqRHbXnL.dll
2009-01-08 23:58 58,880 a------- c:\windows\system32\ssqQjKcA.dll
2009-01-08 23:58 100,588 a------- c:\windows\system32\drivers\538ffccb.sys
2009-01-08 23:58 0 a------- C:\begaxy.exe
2009-01-08 23:58 0 a------- C:\rvlksh.exe
2009-01-08 23:58 2 a------- C:\1425364061
2009-01-08 23:58 33,280 a------- c:\windows\system32\crypts.dll
2009-01-08 23:58 84,992 a------- C:\cxhfsbpt.exe
2008-12-23 12:18 <DIR> --d----- c:\docume~1\xp\dataap~1\2K Sports
2008-12-23 11:58 <DIR> --d----- c:\program files\NBA 2K9
2008-12-22 20:08 <DIR> --d----- C:\FIFA 09 Demo

==================== Find3M ====================

2009-01-10 20:14 14,336 a------- c:\windows\system32\svchost.exe
2009-01-10 18:52 137,688 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-01-10 18:51 202,040 a------- c:\windows\system32\PnkBstrB.exe
2009-01-09 14:46 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-01-09 00:19 22,328 a------- c:\docume~1\xp\dataap~1\PnkBstrK.sys
2008-12-23 19:09 70,968 a------- c:\windows\system32\PnkBstrA.exe
2008-11-19 23:05 393,192 a------- c:\windows\system32\perfh005.dat
2008-11-19 23:05 70,106 a------- c:\windows\system32\perfc005.dat

============= FINISH: 20:20:43,70 ===============

[vachi]

tak jsem rozjel i verter...... mas sem dat taky ten log?

[jaro3]

jo , samozřejmě ten log pošli po restartu by se měl vytvořit, ale koukám že je to dost zavirovaný, to bude na delší čas , momentálně moc času nemám..

[vachi]

ComboFix 08-12-23.01 - xp 2009-01-10 20:24:31.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.2047.1509 [GMT 1:00]
Spuštěný z: c:\documents and settings\xp\Plocha\VerTer.exe
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.
ADS - svchost.exe: deleted 25600 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\program files\Mjcore
c:\program files\Mjcore\Mjcore.dll
c:\windows\system32\crypts.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-10 do 2009-01-10 )))))))))))))))))))))))))))))))
.

2009-01-10 20:05 . 2009-01-10 20:05 <DIR> d-------- c:\documents and settings\xp\Data aplikací\DAEMON Tools Pro
2009-01-10 00:05 . 2009-01-10 00:05 1,261,816 ---hs---- c:\windows\system32\biksosbf.ini
2009-01-10 00:05 . 2009-01-10 00:05 90,624 --a------ c:\windows\system32\fbsoskib.dll
2009-01-09 14:25 . 2009-01-09 14:25 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-01-09 14:25 . 2009-01-10 19:55 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-01-09 14:25 . 2009-01-09 14:25 <DIR> d-------- c:\documents and settings\xp\Data aplikací\DAEMON Tools Lite
2009-01-09 14:25 . 2009-01-09 14:25 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-01-09 14:17 . 2009-01-09 14:17 <DIR> d-------- c:\program files\Alcohol Soft
2009-01-09 10:30 . 2009-01-09 10:30 <DIR> d-------- c:\program files\ESET
2009-01-09 10:21 . 2009-01-10 20:14 5,760 --a------ c:\windows\system32\drivers\restore.sys
2009-01-09 10:16 . 2009-01-09 10:31 <DIR> d-------- c:\windows\LastGood
2009-01-09 10:06 . 2009-01-10 20:14 16,896 --a------ c:\windows\system32\sbqzkq32.dll
2009-01-09 10:05 . 2009-01-10 20:14 32,768 --a------ c:\windows\system32\drivers\ati7ssxx.sys
2009-01-09 10:05 . 2009-01-10 19:56 16,896 --a------ c:\windows\system32\sbqzkq.dll
2009-01-09 00:20 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2009-01-09 00:20 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2009-01-09 00:20 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2009-01-09 00:20 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2009-01-09 00:20 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2009-01-09 00:20 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2009-01-09 00:20 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2009-01-09 00:19 . 2009-01-09 00:19 <DIR> d-------- c:\windows\Logs
2009-01-09 00:19 . 2009-01-09 00:19 682,280 --a------ c:\windows\system32\pbsvc.exe
2009-01-09 00:04 . 2009-01-09 00:04 1,254,442 ---hs---- c:\windows\system32\srwrebmx.ini
2009-01-09 00:03 . 2009-01-09 00:03 297,984 --a------ c:\windows\system32\geBuSMee.dll
2009-01-09 00:03 . 2009-01-10 20:24 178,303 --ahs---- c:\windows\system32\eeMSuBeg.ini
2009-01-09 00:03 . 2009-01-10 20:23 178,243 --ahs---- c:\windows\system32\eeMSuBeg.ini2
2009-01-08 23:59 . 2009-01-10 19:55 <DIR> d-------- c:\documents and settings\xp\Data aplikací\cogad
2009-01-08 23:58 . 2009-01-10 20:26 100,588 --a------ c:\windows\system32\drivers\538ffccb.sys
2009-01-08 23:58 . 2009-01-08 23:58 84,992 --a------ C:\cxhfsbpt.exe
2009-01-08 23:58 . 2009-01-08 23:58 58,880 --a------ c:\windows\system32\ssqQjKcA.dll
2009-01-08 23:58 . 2009-01-08 23:58 46,080 --a------ c:\windows\system32\rqRHbXnL.dll
2009-01-08 23:58 . 2009-01-08 23:58 2 --a------ C:\1425364061
2009-01-08 23:58 . 2009-01-08 23:58 0 --a------ C:\rvlksh.exe
2009-01-08 23:58 . 2009-01-08 23:58 0 --a------ C:\begaxy.exe
2009-01-08 14:29 . 2009-01-08 14:29 <DIR> d-------- c:\documents and settings\xp\Data aplikací\Leadertech
2009-01-04 23:55 . 2009-01-04 23:55 <DIR> d-------- c:\documents and settings\xp\Data aplikací\dvdcss
2009-01-04 23:47 . 2009-01-04 23:47 <DIR> d-------- c:\documents and settings\xp\Data aplikací\CyberLink
2008-12-23 12:18 . 2008-12-23 12:18 <DIR> d-------- c:\documents and settings\xp\Data aplikací\2K Sports
2008-12-23 11:58 . 2008-12-23 12:16 <DIR> d-------- c:\program files\NBA 2K9
2008-12-22 20:08 . 2008-12-22 20:09 <DIR> d-------- C:\FIFA 09 Demo

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-10 19:15 --------- d-----w c:\documents and settings\xp\Data aplikací\OpenOffice.org2
2009-01-10 19:14 14,336 ----a-w c:\windows\system32\svchost.exe
2009-01-10 17:52 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-10 17:51 202,040 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-09 13:46 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-01-08 23:56 --------- d-----w c:\program files\EA SPORTS
2009-01-08 23:19 22,328 ----a-w c:\documents and settings\xp\Data aplikací\PnkBstrK.sys
2009-01-08 23:18 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-08 23:04 --------- d-----w c:\program files\Activision
2008-12-29 18:43 --------- d-----w c:\documents and settings\xp\Data aplikací\uTorrent
2008-12-23 18:09 70,968 ----a-w c:\windows\system32\PnkBstrA.exe
2008-12-10 08:26 --------- d-----w c:\program files\Common Files\Adobe
2008-12-09 10:34 --------- d-----w c:\program files\ICQ6.5
2008-12-09 10:34 --------- d-----w c:\documents and settings\xp\Data aplikací\ICQ
2008-12-09 10:33 --------- d-----w c:\program files\ICQ6Toolbar
2008-12-09 10:33 --------- d-----w c:\documents and settings\All Users\Data aplikací\ICQ
2008-12-03 12:38 --------- d-----w c:\program files\GamePark
2008-11-21 09:59 --------- d-----w c:\program files\Winamp
2008-11-20 18:54 --------- d-----w c:\documents and settings\xp\Data aplikací\Skype
2008-11-20 18:40 --------- d-----w c:\documents and settings\xp\Data aplikací\skypePM
2008-11-19 22:06 --------- d-----w c:\program files\edu-learning
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e0017ac1-552c-4250-84cd-cfbc61e8209a}]
2009-01-09 00:03 297984 --a------ c:\windows\system32\geBuSMee.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2008-07-03 2177576]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2008-11-30 172792]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"tvjbmonitor"="c:\program files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe" [2006-08-08 53248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Config"="c:\program files\Microsoft Games\Age Of Empires ii\Config.exe" [2006-07-06 151552]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\xp\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-03-22 393216]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\ssqQjKcA.dll" [2009-01-08 58880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sbqzkq]
2009-01-10 20:14 16896 c:\windows\system32\sbqzkq32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqqjkca]
2009-01-08 23:58 58880 c:\windows\system32\ssqQjKcA.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\geBuSMee

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0ffxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7ssxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

R0 ati7ssxx;ati7ssxx;c:\windows\system32\Drivers\ati7ssxx.sys [2009-01-09 32768]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-06-10 468224]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-12-09 222456]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]
S0 ati0ffxx;ati0ffxx;c:\windows\system32\Drivers\ati0ffxx.sys []
S2 icf;ICF;c:\windows\system32\svchost.exe:ext.exe []
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys [2009-01-09 5760]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfdee082-949e-11dd-917b-0021851c1169}]
\Shell\AutoRun\command - g:\flash.exe g:\
\Shell\Explore\command - g:\flash.exe g:\
\Shell\Open\command - g:\flash.exe g:\

*Newly Created Service* - catchme
.
Obsah adresáře 'Naplánované úlohy'

2009-01-10 c:\windows\Tasks\ibaiszya.job
- c:\windows\system32\rundll32.exe [2004-08-17 14:49]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{2438eb8d-17e4-4822-8dcf-039b4eefc44a} - (no file)
BHO-{e3e6d0af-05be-4a52-89f1-5bb1c7663aa4} - (no file)
HKCU-Run-rs32net - c:\windows\System32\rs32net.exe
HKCU-Run-cogad - c:\documents and settings\xp\Data aplikací\cogad\cogad.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\Winampa.exe
HKLM-Run-54f554f2 - c:\windows\system32\xmberwrs.dll


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.cz.o2.com/welcome/cz/index.html
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
FF - ProfilePath - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\yvp6xdu5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 20:26:46
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\icf]
"ImagePath"="c:\windows\system32\svchost.exe:ext.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\538ffccb]
"ImagePath"="\SystemRoot\System32\drivers\538ffccb.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSmqlt.sys"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\ssqQjKcA.dll
c:\windows\system32\sbqzkq.dll

- - - - - - - > 'lsass.exe'(808)
c:\windows\system32\geBuSMee.dll
.
Celkový čas: 2009-01-10 20:27:24
ComboFix-quarantined-files.txt 2009-01-10 19:27:22

Před spuštěním: 1 111 302 144
Po spuštění: 2,589,978,624

210

[jaro3]

comboFix je prošlý zkus stáhnout odsud:
http://www.edisk.cz/stahni/32426/CFI.rar_2.75MB.html
Vypni rez. ochranu u NOD32.
vypni rez. ochranu u SpyBota:
- spusť Spybot - Search & Destroy
- nahoře v menu zvol: Režim => Pro pokročilé
- objeví se ti varovné okno kde zvol Ano
- okno programu se ti přepne do pokročilého zobrazení a tam zvol: Nástroje => Rezidentní
- tam zruš zatržení pokud bude u položky: Rezidentní program "TeaTimer" (Ochrana ...)
- zavři program
Restartuj PC.
Po té si stáhni ResetTeaTimer.bat(viz. Poznámka)
a ulož si ho na disku.
- spusť ho a po vyzvání zmáčkni libovolnou klávesu
- po proběhnutí a výzvě opět zmáčkni libovolnou klávesu a program se zavře.
Poznámka:
- pokud používáš Operu, tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit cíl odkazu jako...
- pokud používáš Firefox tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit odkaz jako...

Stáhni si ho
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[vachi]

ten resetteatimer se mi ulozil jen jako poznamkový blok, není tam nikde možnost ANO

[jaro3]

Na odkaz klikni pravým tlačítkem a vyber uložit cíl odkazu...atd. pak se Ti stáhne s koncovkou .bat, je to tam napsané, zítra pokračování.

[vachi]

mam firefoxe dal jsem ulozit odkaz jako a ulozil se s koncovkou bat.txt

[jaro3]

Tak to nevím , teď jsem to zkoušel v Opeře i v FF a bez problémů staženo-ResetTeaTimer.bat (dávkový soubor pro systém M..)
Tak to vynech a deaktivuj celý Spybot a pokračuj ComboFixem.

[vachi]

ComboFix 09-01-10.02 - xp 2009-01-11 10:11:18.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.2047.1564 [GMT 1:00]
Spuštěný z: c:\documents and settings\xp\Plocha\CFI\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
ADS - svchost.exe: deleted 32256 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\sbqzkq.dll
c:\windows\system32\sbqzkq32.dll
.
---- Previous Run -------
.
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\xp\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\biksosbf.ini
c:\windows\system32\drivers\TDSSmqlt.sys
c:\windows\system32\eeMSuBeg.ini
c:\windows\system32\eeMSuBeg.ini2
c:\windows\system32\fbsoskib.dll
c:\windows\system32\geBuSMee.dll
c:\windows\system32\java2.sys c:\windows\system32\snjava.dll
c:\windows\system32\sbqzkq.dll
c:\windows\system32\sbqzkq32.dll
c:\windows\system32\srwrebmx.ini
c:\windows\system32\ssqQjKcA.dll
c:\windows\system32\TDSShrxx.dll
c:\windows\system32\TDSSkhyp.log
c:\windows\system32\TDSSkkai.log
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSmtvd.dat
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoiqt.dll
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSvkql.dll
c:\windows\system32\TDSSxfum.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys
-------\Legacy_icf
-------\Service_icf
-------\Service_restore
-------\Legacy_fci
-------\Legacy_icf
-------\Service_fci
-------\Service_icf
-------\Service_restore


((((((((((((((((((((((((( Soubory vytvořené od 2008-12-11 do 2009-01-11 )))))))))))))))))))))))))))))))
.

2009-01-10 20:05 . 2009-01-10 20:05 <DIR> d-------- c:\documents and settings\xp\Data aplikací\DAEMON Tools Pro
2009-01-09 14:25 . 2009-01-09 14:25 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-01-09 14:25 . 2009-01-10 19:55 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-01-09 14:25 . 2009-01-09 14:25 <DIR> d-------- c:\documents and settings\xp\Data aplikací\DAEMON Tools Lite
2009-01-09 14:25 . 2009-01-09 14:25 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-01-09 14:17 . 2009-01-09 14:17 <DIR> d-------- c:\program files\Alcohol Soft
2009-01-09 10:30 . 2009-01-09 10:30 <DIR> d-------- c:\program files\ESET
2009-01-09 10:21 . 2009-01-11 10:14 5,760 --a------ c:\windows\system32\drivers\restore.sys
2009-01-09 00:20 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2009-01-09 00:20 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2009-01-09 00:20 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2009-01-09 00:20 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2009-01-09 00:20 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2009-01-09 00:20 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2009-01-09 00:20 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2009-01-09 00:19 . 2009-01-09 00:19 <DIR> d-------- c:\windows\Logs
2009-01-09 00:19 . 2009-01-09 00:19 682,280 --a------ c:\windows\system32\pbsvc.exe
2009-01-08 23:59 . 2009-01-10 19:55 <DIR> d-------- c:\documents and settings\xp\Data aplikací\cogad
2009-01-08 23:58 . 2009-01-11 10:14 100,588 --a------ c:\windows\system32\drivers\538ffccb.sys
2009-01-08 23:58 . 2009-01-08 23:58 84,992 --a------ C:\cxhfsbpt.exe
2009-01-08 23:58 . 2009-01-08 23:58 46,080 --a------ c:\windows\system32\rqRHbXnL.dll
2009-01-08 23:58 . 2009-01-08 23:58 2 --a------ C:\1425364061
2009-01-08 23:58 . 2009-01-08 23:58 0 --a------ C:\rvlksh.exe
2009-01-08 23:58 . 2009-01-08 23:58 0 --a------ C:\begaxy.exe
2009-01-08 14:29 . 2009-01-08 14:29 <DIR> d-------- c:\documents and settings\xp\Data aplikací\Leadertech
2009-01-04 23:55 . 2009-01-04 23:55 <DIR> d-------- c:\documents and settings\xp\Data aplikací\dvdcss
2009-01-04 23:47 . 2009-01-04 23:47 <DIR> d-------- c:\documents and settings\xp\Data aplikací\CyberLink
2008-12-23 12:18 . 2008-12-23 12:18 <DIR> d-------- c:\documents and settings\xp\Data aplikací\2K Sports
2008-12-23 11:58 . 2008-12-23 12:16 <DIR> d-------- c:\program files\NBA 2K9
2008-12-22 20:08 . 2008-12-22 20:09 <DIR> d-------- C:\FIFA 09 Demo

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 09:14 --------- d-----w c:\documents and settings\xp\Data aplikací\OpenOffice.org2
2009-01-10 19:47 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-10 19:05 --------- d-----w c:\documents and settings\xp\Data aplikací\DAEMON Tools
2009-01-08 23:56 --------- d-----w c:\program files\EA SPORTS
2009-01-08 23:19 22,328 ----a-w c:\documents and settings\xp\Data aplikací\PnkBstrK.sys
2009-01-08 23:18 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-08 23:04 --------- d-----w c:\program files\Activision
2008-12-29 18:43 --------- d-----w c:\documents and settings\xp\Data aplikací\uTorrent
2008-12-10 08:26 --------- d-----w c:\program files\Common Files\Adobe
2008-12-09 10:34 --------- d-----w c:\program files\ICQ6.5
2008-12-09 10:34 --------- d-----w c:\documents and settings\xp\Data aplikací\ICQ
2008-12-09 10:33 --------- d-----w c:\program files\ICQ6Toolbar
2008-12-09 10:33 --------- d-----w c:\documents and settings\All Users\Data aplikací\ICQ
2008-12-03 12:38 --------- d-----w c:\program files\GamePark
2008-11-21 09:59 --------- d-----w c:\program files\Winamp
2008-11-20 18:54 --------- d-----w c:\documents and settings\xp\Data aplikací\Skype
2008-11-20 18:40 --------- d-----w c:\documents and settings\xp\Data aplikací\skypePM
2008-11-19 22:06 --------- d-----w c:\program files\edu-learning
.

((((((((((((((((((((((((((((( snapshot@2009-01-10_20.26.58,31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-01-10 19:14:38 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-11 09:14:33 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-10 19:14:38 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-11 09:14:33 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-11 09:09:31 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009011120090112\index.dat
- 2009-01-10 19:14:38 49,152 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-11 09:14:33 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-10 19:14:35 14,336 -c--a-w c:\windows\system32\dllcache\svchost.exe
+ 2009-01-11 09:09:20 14,336 -c--a-w c:\windows\system32\dllcache\svchost.exe
- 2009-01-10 17:51:34 202,040 ----a-w c:\windows\system32\PnkBstrB.exe
+ 2009-01-10 19:47:23 202,040 ----a-w c:\windows\system32\PnkBstrB.exe
- 2009-01-10 19:14:35 14,336 ----a-w c:\windows\system32\svchost.exe
+ 2009-01-11 09:09:20 14,336 ----a-w c:\windows\system32\svchost.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6704e6e2-7d64-4c95-8712-bc8b5c44dd79}]
c:\windows\system32\geBuSMee.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2008-07-03 2177576]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2008-11-30 172792]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"tvjbmonitor"="c:\program files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe" [2006-08-08 53248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Config"="c:\program files\Microsoft Games\Age Of Empires ii\Config.exe" [2006-07-06 151552]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\xp\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-03-22 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sbqzkq]
2009-01-11 10:14 16896 c:\windows\system32\sbqzkq.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0ffxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7ssxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

R0 ati7ssxx;ati7ssxx;c:\windows\system32\Drivers\ati7ssxx.sys --> c:\windows\system32\Drivers\ati7ssxx.sys [?]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-06-10 34312]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224]
R4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-12-09 222456]
S0 ati0ffxx;ati0ffxx;c:\windows\system32\Drivers\ati0ffxx.sys --> c:\windows\system32\Drivers\ati0ffxx.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfdee082-949e-11dd-917b-0021851c1169}]
\Shell\AutoRun\command - g:\flash.exe g:\
\Shell\Explore\command - g:\flash.exe g:\
\Shell\Open\command - g:\flash.exe g:\
.
Obsah adresáře 'Naplánované úlohy'

2009-01-11 c:\windows\Tasks\ibaiszya.job
- c:\windows\system32\rundll32.exe [2004-08-17 14:49]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{2438eb8d-17e4-4822-8dcf-039b4eefc44a} - (no file)
BHO-{e3e6d0af-05be-4a52-89f1-5bb1c7663aa4} - (no file)


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.cz.o2.com/welcome/cz/index.html
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
FF - ProfilePath - c:\documents and settings\xp\Data aplikací\Mozilla\Firefox\Profiles\yvp6xdu5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 10:14:32
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\windows\system32\sbqzkq.dll 16896 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\538ffccb]
"ImagePath"="\SystemRoot\System32\drivers\538ffccb.sys"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\OpenOffice.org 2.2\program\soffice.exe
c:\program files\OpenOffice.org 2.2\program\soffice.bin
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\temp\cerF.tmp
.
**************************************************************************
.
Celkový čas: 2009-01-11 10:16:50 - počítač byl restartován [xp]
ComboFix-quarantined-files.txt 2009-01-11 09:16:48
ComboFix2.txt 2009-01-10 19:27:25

Před spuštěním: 2,512,420,864
Po spuštění: 2,516,082,688

240