!HELP! TrojanDropper.Agent.DGO virus

[BUBINO]

Najprv vyriesime tu tabulku. Dostante sa do biosu pri starte mackajte DELETE, F2, F12, ESC+DELETE, ESC+F1,...proste sa tam dostante a vyhladajte z ponuky, alebo najdite "CPU Fan" a oznacte na enabled

S tym Antivirom, ako nespusti?Skuste ho odkliknut.Mal by sa zpamäatat. Proste ho len spustite.


Ano, urcite by sa to dalo, ale tym nechapem, ake mali moje rady zmysel, pri ktorych som stravil niekolko hodin .

[Oblak]

ok na ten BIOS se podívám

Antivir po preinstalovani funguje a nabíhá i po restartu, supr.

Do preinstalace celeho systemu se nechce ale pred tim jsem uz byl tak na dně že se mi to jevilo jako poslední varianta. Ted jen musím odzkoušet všechny programy a aplikace které potřebuji a používám a častí windows, jestli jsou všechny bezproblémové.

moc děkuji za HELP.

Ted vypadá vše normálně a v pořádku, kromě toho velkého souboru, ketrý mi nepřijal žádný ze serverů ke kontrole. ale budu ho tam ještě zkoušet nastrčit.

urcitě napíšu dále jak a co se chová a nechová.

Ještě jedou díky, už mám takz na tváři usměv a né bezradnost.

[BUBINO]

Subor bude ok, tak sa nemusite s nim zapodievat.

Ak to je ok, tak to mam radost, rado sa stalo, aj na buduce

[Oblak]

Ješte jednou díky, Počítač šlape jako hodinky. Supr.

[BUBINO]

Neni zac

[Ambruz]

Nemůžu se tohoto viru zbavit,proto předem díky za radu.

ComboFix 08-01-30.6 - pc 2008-01-30 18:06:59.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1555 [GMT 1:00]
Running from: c:\Prográmky\Ochr\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.

2008-01-30 17:40 . 2008-01-30 17:40 <DIR> d-------- C:\Program Files\Yamicsoft
2008-01-29 19:37 . 2008-01-29 19:38 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-01-29 19:36 . 2008-01-30 18:07 <DIR> d-------- C:\Program Files\Trojan Remover
2008-01-29 19:33 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-01-29 19:33 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-01-29 19:33 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-01-29 19:33 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-01-29 19:33 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-01-29 16:22 . 2008-01-29 16:22 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-01-27 08:58 . 2008-01-27 08:58 <DIR> d-------- C:\Program Files\ROUTE66
2008-01-23 18:29 . 2008-01-23 18:29 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-01-23 18:11 . 2008-01-23 18:11 109,248 --a------ C:\WINDOWS\system\MSWINSCK.OCX
2008-01-18 18:09 . 2008-01-18 18:12 <DIR> d-------- C:\WINDOWS\system32\cs-CZ
2008-01-18 17:46 . 2008-01-18 17:46 424 --a------ C:\WINDOWS\Marias.ini
2008-01-18 16:11 . 2008-01-21 21:28 90,112 --a------ C:\WINDOWS\UpdReg .EXE
2008-01-17 20:07 . 2008-01-17 20:07 <DIR> d-------- C:\Program Files\Common Files\Creative
2008-01-17 20:07 . 1999-12-12 18:01 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2008-01-17 20:07 . 1999-11-17 18:00 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
2008-01-12 00:13 . 2008-01-12 00:13 <DIR> d-------- C:\Documents and Settings\pc\Data aplikací\Eset
2008-01-12 00:12 . 2008-01-29 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Eset
2008-01-07 18:09 . 2008-01-17 18:51 70 --a------ C:\WINDOWS\sbwin.ini
2008-01-07 17:18 . 2008-01-07 17:18 <DIR> d-------- C:\Documents and Settings\pc\Data aplikací\CyberLink
2008-01-07 17:18 . 2008-01-07 17:18 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2008-01-07 17:15 . 2008-01-07 17:16 <DIR> d-------- C:\Program Files\CyberLink
2008-01-06 14:32 . 2008-01-06 14:32 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-06 14:32 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-06 13:59 . 2008-01-06 14:08 0 --a------ C:\WINDOWS\PlayList.Fpl
2008-01-06 13:58 . 2008-01-06 14:07 389,120 --a------ C:\WINDOWS\system32\ACTSKN43.OCX
2008-01-06 13:43 . 2008-01-07 18:09 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-06 11:23 . 2008-01-06 11:27 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-01-05 18:29 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-05 18:28 . 2008-01-05 18:29 <DIR> d-------- C:\Program Files\Java
2008-01-05 18:27 . 2008-01-05 18:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-03 20:59 . 2008-01-06 11:54 67 --a------ C:\WINDOWS\Power Video Converter.INI
2007-12-25 08:15 . 2007-12-25 08:15 <DIR> d-------- C:\Documents and Settings\pc\Data aplikací\Audacity
2007-12-24 12:16 . 2007-12-24 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2007-12-24 09:07 . 2008-01-06 14:37 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-12-24 09:07 . 2007-12-24 11:11 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-12-24 09:07 . 2008-01-06 14:38 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-23 11:40 . 2007-12-23 11:40 <DIR> d-------- C:\Program Files\Logitech
2007-12-23 11:40 . 2007-12-23 11:40 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-12-23 11:40 . 2004-05-13 23:40 167,936 --a------ C:\WINDOWS\system32\WmJoyFrc.dll
2007-12-23 11:40 . 2004-05-13 23:54 44,384 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2007-12-23 11:40 . 2004-05-13 23:54 21,440 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2007-12-23 11:40 . 2004-05-13 23:54 14,720 --a------ C:\WINDOWS\system32\drivers\WmHidLo.sys
2007-12-23 11:40 . 2004-05-13 23:54 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2007-12-23 11:40 . 2004-05-13 23:54 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2007-12-21 08:21 . 2007-12-21 08:21 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 08:20 . 2007-12-21 08:20 30,216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 08:19 . 2007-12-21 08:19 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-12-16 11:26 . 2004-08-17 15:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-12-16 11:26 . 2004-08-17 15:45 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-12-16 10:15 . 2007-12-16 10:15 <DIR> d-------- C:\Program Files\KONAMI
2007-12-06 22:26 . 2008-01-06 14:18 <DIR> d-------- C:\Program Files\ffdshow
2007-12-06 22:26 . 2007-12-01 00:00 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-12-06 22:26 . 2007-12-05 20:17 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-12-06 22:26 . 2007-12-03 19:56 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2007-12-06 22:26 . 2007-12-01 00:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-12-06 21:53 . 2008-01-06 14:07 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-06 16:48 . 2007-12-06 16:48 <DIR> d-------- C:\Documents and Settings\pc\Data aplikací\Nero
2007-12-06 16:46 . 2007-12-06 16:47 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-12-06 16:46 . 2007-12-06 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Nero
2007-12-05 22:25 . 2007-12-06 16:46 <DIR> d-------- C:\Program Files\Nero
2007-12-02 09:52 . 2007-12-02 09:52 <DIR> d-------- C:\Documents and Settings\pc\Data aplikací\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 16:49 --------- d-----w C:\Program Files\7-Zip
2008-01-29 17:11 --------- d-----w C:\Documents and Settings\pc\Data aplikací\Lavasoft
2008-01-27 07:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 07:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-22 15:47 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-01-18 15:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-18 15:13 --------- d-----w C:\Documents and Settings\pc\Data aplikací\Creative
2008-01-17 19:07 --------- d-----w C:\Program Files\Creative
2008-01-07 16:15 505,392 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-01-07 15:58 --------- d-----w C:\Documents and Settings\pc\Data aplikací\uTorrent
2007-12-23 10:11 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-23 06:44 --------- d-----w C:\Program Files\Opera
2007-12-16 08:24 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-12-08 10:24 --------- d-----w C:\Documents and Settings\pc\Data aplikací\ICQ
2007-11-22 18:19 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-11-19 09:01 81,920 ----a-w C:\Documents and Settings\pc\Data aplikací\ezpinst.exe
2007-11-19 09:01 47,360 ----a-w C:\Documents and Settings\pc\Data aplikací\pcouffin.sys
2007-11-04 08:00 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-04 07:18 491,520 ----a-w C:\WINDOWS\WebIE.dll
2007-11-04 07:18 45,056 ----a-w C:\WINDOWS\TRNOEH.DLL
2007-11-04 07:18 356,352 ----a-w C:\WINDOWS\TrnOutl.dll
2007-11-04 07:18 294,912 ----a-w C:\WINDOWS\TrnWord.dll
2007-11-04 07:18 26,624 ----a-w C:\WINDOWS\OETRN.EXE
2007-11-04 07:18 200,704 ----a-w C:\WINDOWS\TRNOET.DLL
2007-11-04 07:17 516,096 ----a-w C:\WINDOWS\UN32.EXE
2007-10-23 13:20 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-10-22 07:51 972,072 ----a-w C:\WINDOWS\UNRecode.exe
.

Kód: Vybrat vše

<pre>
----a-w           204,800 2008-01-18 15:11:37  C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU .exe
----a-w            57,344 2008-01-18 15:11:36  C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol .exe
----a-w            71,216 2008-01-08 15:21:24  C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w            54,832 2008-01-08 15:21:24  C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
----a-w         1,443,072 2008-01-30 16:46:14  C:\Program Files\ESET\ESET NOD32 Antivirus\egui .exe
----a-w           132,496 2008-01-06 12:43:24  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w           474,704 2008-01-30 16:46:14  C:\Program Files\Trojan Remover\Trjscan .exe
----a-w            90,112 2008-01-21 20:28:54  C:\WINDOWS\UpdReg .EXE
----a-w            15,360 2008-01-07 17:09:10  C:\WINDOWS\system32\ctfmon .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [2005-05-03 12:38 64512 C:\WINDOWS\system32\P17.DLL]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-02-23 04:25 7774208]
"nwiz"="nwiz.exe" [2007-02-23 04:25 1622016 C:\WINDOWS\system32\nwiz.exe]
"egui"="c:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]

C:\Documents and Settings\pc\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Vyroci.lnk - C:\Program Files\Vyroci\Vyroci.exe [2007-11-03 19:57:59 342528]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
SlimStar 250.lnk - C:\Program Files\SlimStar 250\MagicKey.exe [2007-11-04 10:32:56 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cgoojkeh]
cgoojkeh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurrrp]
wvurrrp.dll

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2006-04-21 09:54]
R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys [2006-04-21 09:54]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-17 16:49]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 18:07:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-30 18:07:45
ComboFix-quarantined-files.txt 2008-01-30 17:07:44
ComboFix2.txt 2008-01-30 17:01:12
.
2007-11-21 06:38:05 --- E O F ---

[Ambruz]

Nemůžu se tohoto viru zbavit,proto předem díky za radu.

ComboFix 08-01-30.6 - pc 2008-01-30 18:06:59.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1555 [GMT 1:00]
Running from: c:\Prográmky\Ochr\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.

2008-01-30 17:40 . 2008-01-30 17:40 <DIR> d-------- C:\Program Files\Yamicsoft
2008-01-29 19:37 . 2008-01-29 19:38 <DIR> d-a------ C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-01-29 19:36 . 2008-01-30 18:07 <DIR> d-------- C:\Program Files\Trojan Remover
2008-01-29 19:33 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-01-29 19:33 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-01-29 19:33 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-01-29 19:33 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-01-29 19:33 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-01-29 16:22 . 2008-01-29 16:22 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-01-27 08:58 . 2008-01-27 08:58 <DIR> d-------- C:\Program Files\ROUTE66
2008-01-23 18:29 . 2008-01-23 18:29 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-01-23 18:11 . 2008-01-23 18:11 109,248 --a------ C:\WINDOWS\system\MSWINSCK.OCX
2008-01-18 18:09 . 2008-01-18 18:12 <DIR> d-------- C:\WINDOWS\system32\cs-CZ
2008-01-18 17:46 . 2008-01-18 17:46 424 --a------ C:\WINDOWS\Marias.ini
2008-01-18 16:11 . 2008-01-21 21:28 90,112 --a------ C:\WINDOWS\UpdReg .EXE
2008-01-17 20:07 . 2008-01-17 20:07 <DIR> d-------- C:\Program Files\Common Files\Creative
2008-01-17 20:07 . 1999-12-12 18:01 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2008-01-17 20:07 . 1999-11-17 18:00 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
2008-01-12 00:13 . 2008-01-12 00:13 <DIR> d-------- C:\Documents and Settings\pc\Data aplikací\Eset
2008-01-12 00:12 . 2008-01-29 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Eset
2008-01-07 18:09 . 2008-01-17 18:51 70 --a------ C:\WINDOWS\sbwin.ini
2008-01-07 17:18 . 2008-01-07 17:18 <DIR> d-------- C:\Documents and Settings\pc\Data aplikací\CyberLink
2008-01-07 17:18 . 2008-01-07 17:18 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2008-01-07 17:15 . 2008-01-07 17:16 <DIR> d-------- C:\Program Files\CyberLink
2008-01-06 14:32 . 2008-01-06 14:32 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-06 14:32 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-06 13:59 . 2008-01-06 14:08 0 --a------ C:\WINDOWS\PlayList.Fpl
2008-01-06 13:58 . 2008-01-06 14:07 389,120 --a------ C:\WINDOWS\system32\ACTSKN43.OCX
2008-01-06 13:43 . 2008-01-07 18:09 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-06 11:23 . 2008-01-06 11:27 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-01-05 18:29 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-05 18:28 . 2008-01-05 18:29 <DIR> d-------- C:\Program Files\Java
2008-01-05 18:27 . 2008-01-05 18:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-03 20:59 . 2008-01-06 11:54 67 --a------ C:\WINDOWS\Power Video Converter.INI
2007-12-25 08:15 . 2007-12-25 08:15 <DIR> d-------- C:\Documents and Settings\pc\Data aplikací\Audacity
2007-12-24 12:16 . 2007-12-24 12:16 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
2007-12-24 09:07 . 2008-01-06 14:37 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-12-24 09:07 . 2007-12-24 11:11 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-12-24 09:07 . 2008-01-06 14:38 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-23 11:40 . 2007-12-23 11:40 <DIR> d-------- C:\Program Files\Logitech
2007-12-23 11:40 . 2007-12-23 11:40 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-12-23 11:40 . 2004-05-13 23:40 167,936 --a------ C:\WINDOWS\system32\WmJoyFrc.dll
2007-12-23 11:40 . 2004-05-13 23:54 44,384 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2007-12-23 11:40 . 2004-05-13 23:54 21,440 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2007-12-23 11:40 . 2004-05-13 23:54 14,720 --a------ C:\WINDOWS\system32\drivers\WmHidLo.sys
2007-12-23 11:40 . 2004-05-13 23:54 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2007-12-23 11:40 . 2004-05-13 23:54 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2007-12-21 08:21 . 2007-12-21 08:21 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 08:20 . 2007-12-21 08:20 30,216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 08:19 . 2007-12-21 08:19 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-12-16 11:26 . 2004-08-17 15:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-12-16 11:26 . 2004-08-17 15:45 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-12-16 10:15 . 2007-12-16 10:15 <DIR> d-------- C:\Program Files\KONAMI
2007-12-06 22:26 . 2008-01-06 14:18 <DIR> d-------- C:\Program Files\ffdshow
2007-12-06 22:26 . 2007-12-01 00:00 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2007-12-06 22:26 . 2007-12-05 20:17 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-12-06 22:26 . 2007-12-03 19:56 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2007-12-06 22:26 . 2007-12-01 00:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-12-06 21:53 . 2008-01-06 14:07 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-06 16:48 . 2007-12-06 16:48 <DIR> d-------- C:\Documents and Settings\pc\Data aplikací\Nero
2007-12-06 16:46 . 2007-12-06 16:47 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-12-06 16:46 . 2007-12-06 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Nero
2007-12-05 22:25 . 2007-12-06 16:46 <DIR> d-------- C:\Program Files\Nero
2007-12-02 09:52 . 2007-12-02 09:52 <DIR> d-------- C:\Documents and Settings\pc\Data aplikací\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 16:49 --------- d-----w C:\Program Files\7-Zip
2008-01-29 17:11 --------- d-----w C:\Documents and Settings\pc\Data aplikací\Lavasoft
2008-01-27 07:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 07:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-22 15:47 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-01-18 15:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-18 15:13 --------- d-----w C:\Documents and Settings\pc\Data aplikací\Creative
2008-01-17 19:07 --------- d-----w C:\Program Files\Creative
2008-01-07 16:15 505,392 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-01-07 15:58 --------- d-----w C:\Documents and Settings\pc\Data aplikací\uTorrent
2007-12-23 10:11 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-23 06:44 --------- d-----w C:\Program Files\Opera
2007-12-16 08:24 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-12-08 10:24 --------- d-----w C:\Documents and Settings\pc\Data aplikací\ICQ
2007-11-22 18:19 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-11-19 09:01 81,920 ----a-w C:\Documents and Settings\pc\Data aplikací\ezpinst.exe
2007-11-19 09:01 47,360 ----a-w C:\Documents and Settings\pc\Data aplikací\pcouffin.sys
2007-11-04 08:00 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-04 07:18 491,520 ----a-w C:\WINDOWS\WebIE.dll
2007-11-04 07:18 45,056 ----a-w C:\WINDOWS\TRNOEH.DLL
2007-11-04 07:18 356,352 ----a-w C:\WINDOWS\TrnOutl.dll
2007-11-04 07:18 294,912 ----a-w C:\WINDOWS\TrnWord.dll
2007-11-04 07:18 26,624 ----a-w C:\WINDOWS\OETRN.EXE
2007-11-04 07:18 200,704 ----a-w C:\WINDOWS\TRNOET.DLL
2007-11-04 07:17 516,096 ----a-w C:\WINDOWS\UN32.EXE
2007-10-23 13:20 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-10-22 07:51 972,072 ----a-w C:\WINDOWS\UNRecode.exe
.

Kód: Vybrat vše

<pre>
----a-w           204,800 2008-01-18 15:11:37  C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU .exe
----a-w            57,344 2008-01-18 15:11:36  C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol .exe
----a-w            71,216 2008-01-08 15:21:24  C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w            54,832 2008-01-08 15:21:24  C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
----a-w         1,443,072 2008-01-30 16:46:14  C:\Program Files\ESET\ESET NOD32 Antivirus\egui .exe
----a-w           132,496 2008-01-06 12:43:24  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w           474,704 2008-01-30 16:46:14  C:\Program Files\Trojan Remover\Trjscan .exe
----a-w            90,112 2008-01-21 20:28:54  C:\WINDOWS\UpdReg .EXE
----a-w            15,360 2008-01-07 17:09:10  C:\WINDOWS\system32\ctfmon .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [2005-05-03 12:38 64512 C:\WINDOWS\system32\P17.DLL]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-02-23 04:25 7774208]
"nwiz"="nwiz.exe" [2007-02-23 04:25 1622016 C:\WINDOWS\system32\nwiz.exe]
"egui"="c:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]

C:\Documents and Settings\pc\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Vyroci.lnk - C:\Program Files\Vyroci\Vyroci.exe [2007-11-03 19:57:59 342528]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
SlimStar 250.lnk - C:\Program Files\SlimStar 250\MagicKey.exe [2007-11-04 10:32:56 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cgoojkeh]
cgoojkeh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurrrp]
wvurrrp.dll

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2006-04-21 09:54]
R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys [2006-04-21 09:54]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-17 16:49]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 18:07:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-30 18:07:45
ComboFix-quarantined-files.txt 2008-01-30 17:07:44
ComboFix2.txt 2008-01-30 17:01:12
.
2007-11-21 06:38:05 --- E O F ---

[BUBINO]

Ahoj "Ambruz". Poprosil by som ta, keby si si zalozil vlastne tema.Toto je obsadene a dojde k neprehladnosti.

Diky.