Prosím o kontrolu logu Vyřešeno

[jaro3]

Toto otestuj na Virustotal
c:\program files\hhtlpbtlwtft
c:\windows\system32\4DE33A8182.sys
c:\program files\Cyberlink\Shared Files\brs.exe
Vlož sem pak výsledky.

[Reklama]

[Mous]

ta složka je Wowko jenom jse mi to něchctělo psát ale můžu to skusit

[jaro3]

Zkus to , ať to uzavřem.

[Mous]

c:\windows\system32\4DE33A8182.sys -- nic

c:\program files\Cyberlink\Shared Files\brs.exe
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.73 2009.01.07 -
AhnLab-V3 2009.1.8.0 2009.01.07 -
AntiVir 7.9.0.45 2009.01.07 -
Authentium 5.1.0.4 2009.01.07 -
Avast 4.8.1281.0 2009.01.07 -
AVG 8.0.0.199 2009.01.07 -
BitDefender 7.2 2009.01.07 -
CAT-QuickHeal 10.00 2009.01.06 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.01.07 -
Comodo 891 2009.01.07 -
DrWeb 4.44.0.09170 2009.01.07 -
eSafe 7.0.17.0 2009.01.06 Suspicious File
eTrust-Vet 31.6.6296 2009.01.07 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.07 -
F-Secure 8.0.14470.0 2009.01.07 -
Fortinet 3.117.0.0 2009.01.07 -
GData 19 2009.01.07 -
Ikarus T3.1.1.45.0 2009.01.07 -
K7AntiVirus 7.10.581 2009.01.07 -
Kaspersky 7.0.0.125 2009.01.07 -
McAfee 5488 2009.01.07 -
McAfee+Artemis 5487 2009.01.06 -
Microsoft 1.4205 2009.01.07 -
NOD32 3747 2009.01.07 -
Norman 5.99.02 2009.01.07 -
Panda 9.0.0.4 2009.01.07 -
PCTools 4.4.2.0 2009.01.07 -
Prevx1 V2 2009.01.07 -
Rising 21.11.22.00 2009.01.07 -
SecureWeb-Gateway 6.7.6 2009.01.07 Virus.Win32.FileInfector.gen (suspicious)
Sophos 4.37.0 2009.01.07 -
Sunbelt 3.2.1809.2 2008.12.22 VIPRE.Suspicious

[Mous]

ale to je zložka jak to mam udělat

[jaro3]

Teď nevím k čemu to patří, zkopíruj to celý.
to je výsledek té složky: hhtlpbtlwtft ?

[Mous]

už jsem editoval ten s tim logem

[Mous]

ne nevim jak ji tam mam napsat a ta složka má 8GB

[jaro3]

OK, co je v té složce ,jen pošli screen. nemusí být celý.
//pokud je to Tvoje vytvořená složka , nic neposílej, jen napiš.
Další EDIT:
START-spustit-napiš=cmd.exe-dej OK- v dosovém okně vlož toto:

Kód: Vybrat vše

sc stop Aasnunsns
sc delete Aasnunsns
exit

Restartuj PC.
Potom:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
C:\SDFix

File::
c:\program files\Cyberlink\Shared Files\brs.exe

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
+info o tom souboru , budu zítra.

[Mous]

tady je screen složku vytvořilo WoW a ja ji přejmenoval http://uloz.to/1138253/slozka-hhtpblwtft.bmp

/hergot to neumíte ukládat obrázky do jpeg? kdo má pořád stahovat ty 5Mb bmp . memphisto
edit: tak já se polepším (dělám to přes malování)

[jaro3]

Je to OK.Takže proveď , co jsem napsal výše a zítra to dokončíme.

[Mous]

ComboFix log:
ComboFix 09-01-06.02 - Mous 2009-01-07 22:38:08.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.2047.1506 [GMT 1:00]
Spuštěný z: c:\documents and settings\Mous\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Mous\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení

FILE ::
c:\program files\Cyberlink\Shared Files\brs.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Cyberlink\Shared Files\brs.exe
C:\SDFix
c:\sdfix\Add_DBFix_RunOnce_key.inf
c:\sdfix\AdminCheck2.txt
c:\sdfix\apps\assosfix.reg
c:\sdfix\apps\Cghtme.exe
c:\sdfix\apps\cliptext.exe
c:\sdfix\apps\CSweg.exe
c:\sdfix\apps\DBFix.inf
c:\sdfix\apps\download.exe
c:\sdfix\apps\dummy.sys
c:\sdfix\apps\Enable_Command_Prompt.inf
c:\sdfix\apps\Enable_Command_Prompt.reg
c:\sdfix\apps\ERDNT.E_E
c:\sdfix\apps\ERDNTDOS.LOC
c:\sdfix\apps\ERDNTWIN.LOC
c:\sdfix\apps\ERUNT.EXE
c:\sdfix\apps\ERUNT.LOC
c:\sdfix\apps\fix.reg
c:\sdfix\apps\FixBeep.reg
c:\sdfix\apps\FixBH.reg
c:\sdfix\apps\FixComponents.reg
c:\sdfix\apps\FIXCU.reg
c:\sdfix\apps\FIXLM.reg
c:\sdfix\apps\FixPath.exe
c:\sdfix\apps\FixRedir.reg
c:\sdfix\apps\FixSchedule.reg
c:\sdfix\apps\FixWebCheck.reg
c:\sdfix\apps\fixXP.reg
c:\sdfix\apps\FixXPsp2.reg
c:\sdfix\apps\grep.exe
c:\sdfix\apps\HaxdFix.reg
c:\sdfix\apps\HPFix.reg
c:\sdfix\apps\HPFix2.reg
c:\sdfix\apps\HPFix3.reg
c:\sdfix\apps\HPFix4.reg
c:\sdfix\apps\HPFix5.reg
c:\sdfix\apps\HPFix6.reg
c:\sdfix\apps\HPFix7.reg
c:\sdfix\apps\HPFix8.reg
c:\sdfix\apps\HPFix9.reg
c:\sdfix\apps\Installed.txt
c:\sdfix\apps\isadmin.exe
c:\sdfix\apps\leg2.txt
c:\sdfix\apps\legacy.txt
c:\sdfix\apps\legacybk.txt
c:\sdfix\apps\locate.com
c:\sdfix\apps\LS.exe
c:\sdfix\apps\MD5File.exe
c:\sdfix\apps\moveex.exe
c:\sdfix\apps\MyGcpvFix.reg
c:\sdfix\apps\MyGkFix2.reg
c:\sdfix\apps\Process.exe
c:\sdfix\apps\procs.exe
c:\sdfix\apps\psservice.exe
c:\sdfix\apps\Rem.txt
c:\sdfix\apps\Rem2.txt
c:\sdfix\apps\Replace\regedit.exe
c:\sdfix\apps\Replace\w2k\AUTOEXEC.NT
c:\sdfix\apps\Replace\w2k\beep.sys
c:\sdfix\apps\Replace\w2k\command.com
c:\sdfix\apps\Replace\w2k\command.PIF
c:\sdfix\apps\Replace\w2k\CONFIG.NT
c:\sdfix\apps\Replace\w2k\null.sys
c:\sdfix\apps\Replace\xp\AUTOEXEC.NT
c:\sdfix\apps\Replace\xp\beep.sys
c:\sdfix\apps\Replace\xp\command.com
c:\sdfix\apps\Replace\xp\command.PIF
c:\sdfix\apps\Replace\xp\CONFIG.NT
c:\sdfix\apps\Replace\xp\null.sys
c:\sdfix\apps\Reset_AppInit_DLLs.reg
c:\sdfix\apps\RestartIt!.exe
c:\sdfix\apps\Restore_SafeBoot_Windows2000.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
c:\sdfix\apps\Restore_SecurityCenter.reg
c:\sdfix\apps\Restore_SharedAccess.reg
c:\sdfix\apps\sc.exe
c:\sdfix\apps\sed.exe
c:\sdfix\apps\SF.exe
c:\sdfix\apps\shutdown.exe
c:\sdfix\apps\srv2.txt
c:\sdfix\apps\srv2bk.txt
c:\sdfix\apps\svc.txt
c:\sdfix\apps\svcbk.txt
c:\sdfix\apps\Swreg.exe
c:\sdfix\apps\swsc.exe
c:\sdfix\apps\UnRAR.exe
c:\sdfix\apps\unzip.exe
c:\sdfix\apps\vfind.exe
c:\sdfix\apps\WINMSG.EXE
c:\sdfix\apps\winsec.reg
c:\sdfix\apps\zip.exe
c:\sdfix\catchme.exe
c:\sdfix\DBFix.bat
c:\sdfix\dummy.sys
c:\sdfix\RunThis.bat
c:\sdfix\SDFIX_ReadMe_Online.url
c:\sdfix\SystemReport.txt
c:\sdfix\W2K_VirusAlert_Repair.inf
c:\sdfix\XP_VirusAlert_Repair.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-07 do 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-07 14:40 . 2009-01-07 14:40 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-01-07 14:39 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2009-01-07 14:38 . 2009-01-07 14:38 <DIR> d-------- c:\program files\PC Connectivity Solution
2009-01-07 14:37 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2009-01-07 14:37 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2009-01-07 14:37 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2009-01-07 14:37 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2009-01-07 14:37 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-01-07 14:37 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2009-01-06 20:40 . 2009-01-06 20:48 <DIR> d-------- C:\VerTer
2009-01-06 20:32 . 2009-01-06 20:33 <DIR> d-------- C:\rsit
2009-01-06 16:57 . 2009-01-06 16:57 <DIR> d-------- c:\windows\ERUNT
2009-01-06 15:08 . 2009-01-06 15:08 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-06 15:08 . 2009-01-06 15:08 <DIR> d-------- c:\documents and settings\Mous\Data aplikací\Malwarebytes
2009-01-06 15:08 . 2009-01-06 15:08 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-01-06 15:08 . 2009-01-04 18:41 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-06 15:08 . 2009-01-04 18:41 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-05 16:01 . 2009-01-05 16:01 <DIR> dr------- c:\documents and settings\NetworkService\Oblíbené položky
2009-01-05 16:01 . 2009-01-05 16:01 <DIR> d-------- c:\documents and settings\NetworkService\Data aplikací\LangSoft
2009-01-05 14:56 . 2004-08-17 15:49 61,440 --a------ c:\windows\system32\svchost.exe
2008-12-25 21:05 . 2008-12-25 21:05 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Blizzard
2008-12-20 16:31 . 2004-08-17 15:49 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-20 16:31 . 2004-08-17 15:49 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-12-20 16:31 . 2004-08-17 15:45 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-12-20 16:31 . 2004-08-17 15:45 14,848 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2008-12-20 16:21 . 2003-01-01 00:06 <DIR> d-------- c:\temp\Plocha zastup
2008-12-16 19:43 . 2008-11-18 16:52 <DIR> dr------- c:\program files\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]
2008-12-16 18:09 . 2008-12-16 18:09 <DIR> d-------- c:\program files\ProxyShell
2008-12-15 16:15 . 2009-01-06 21:25 <DIR> d-------- c:\program files\Metin2_TESTER
2008-12-11 21:37 . 2008-12-11 21:37 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-12-10 17:51 . 2008-12-10 17:51 <DIR> d-------- c:\program files\Windows Journal Viewer
2008-12-10 17:42 . 2008-12-10 17:43 <DIR> d-------- c:\program files\VAIOXP
2008-12-10 17:42 . 2008-12-10 17:42 <DIR> d-------- c:\program files\Data

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 21:40 --------- d-----w c:\documents and settings\Mous\Data aplikací\Hamachi
2009-01-07 21:33 --------- d-----w c:\documents and settings\Mous\Data aplikací\Xfire
2009-01-07 21:33 --------- d-----w c:\documents and settings\Mous\Data aplikací\Free Download Manager
2009-01-07 21:32 22,528 ----a-w c:\windows\system32\drivers\nhcDriver.sys
2009-01-07 14:01 --------- d-----w c:\program files\Fallout 3
2009-01-07 13:40 --------- d-----w c:\program files\Nokia
2009-01-07 13:39 --------- d-----w c:\program files\Common Files\Nokia
2009-01-07 13:36 --------- d-----w c:\documents and settings\All Users\Data aplikací\Installations
2009-01-05 18:46 --------- d-----w c:\program files\Warcraft III
2009-01-05 14:32 --------- d-----w c:\program files\Kopie - WoW
2009-01-02 17:03 --------- d-----w c:\documents and settings\Mous\Data aplikací\Skype
2009-01-02 17:01 --------- d-----w c:\documents and settings\Mous\Data aplikací\skypePM
2009-01-01 19:22 --------- d-----w c:\program files\Knytt Stories
2008-12-29 08:50 --------- d-----w c:\program files\hhtlpbtlwtft
2008-12-24 14:25 --------- d-----w c:\program files\Scorpions WinCheater
2008-12-22 15:09 --------- d-----w c:\program files\Pět kouzelných amuletů
2008-12-21 14:17 --------- d-----w c:\program files\Fraps
2008-12-17 14:58 --------- d-----w c:\documents and settings\Mous\Data aplikací\teamspeak2
2008-12-17 13:13 --------- d-----w c:\program files\Xfire
2008-12-10 16:45 --------- d-----w c:\program files\Microsoft Games
2008-12-06 22:36 --------- d-----w c:\program files\Common Files\Skype
2008-12-06 22:36 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2008-12-01 16:34 --------- d-----w c:\program files\Bethesda Softworks
2008-12-01 16:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-01 16:12 --------- d-----w c:\documents and settings\All Users\Data aplikací\Fallout3
2008-12-01 16:08 --------- d-----w c:\program files\Diablo II
2008-12-01 15:50 --------- d-----w c:\program files\Electronic Arts
2008-11-27 22:02 --------- d-----w c:\program files\7-Zip
2008-11-26 14:09 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-11-22 14:07 --------- d-----w c:\documents and settings\Mous\Data aplikací\Red Alert 3
2008-11-22 13:57 --------- d-----w c:\program files\PoxNora
2008-11-15 15:33 --------- d-----w c:\program files\Any Audio Converter
2008-11-12 20:56 --------- d-----w c:\program files\Common Files\Adobe
2008-11-12 20:16 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-11-12 20:16 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-11-12 20:13 --------- d-----w c:\documents and settings\All Users\Data aplikací\Nokia
2008-11-12 14:06 --------- d-----w c:\documents and settings\Mous\Data aplikací\PC Suite
2008-11-12 14:05 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-12 14:05 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-11-12 14:05 --------- d-----w c:\documents and settings\Mous\Data aplikací\Nokia
2008-11-12 14:05 --------- d-----w c:\documents and settings\All Users\Data aplikací\PC Suite
2008-11-12 14:01 --------- d-----w c:\program files\DIFX
2008-11-08 21:22 --------- d-----w c:\program files\RADVideo
2008-10-29 10:24 831,048 ----a-w c:\windows\system32\WudfUpdate_01005.dll
2008-10-27 09:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2008-10-27 09:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
2008-10-27 09:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-27 09:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-10-10 03:52 452,440 ----a-w c:\windows\system32\d3dx10_40.dll
2008-10-10 03:52 4,379,984 ----a-w c:\windows\system32\D3DX9_40.dll
2008-10-10 03:52 2,036,576 ----a-w c:\windows\system32\D3DCompiler_40.dll
2008-09-01 22:32 1,935,872 ----a-w c:\program files\tvsetup.msi
2008-01-26 10:48 32 ----a-r c:\documents and settings\All Users\hash.dat
2007-11-25 19:02 22,328 ----a-w c:\documents and settings\Mous\Data aplikací\PnkBstrK.sys
2007-10-13 22:36 47,360 ----a-w c:\documents and settings\Mous\Data aplikací\pcouffin.sys
1999-04-23 22:22 12 --sha-w c:\windows\system\WININETICMP32.drv
2007-06-04 12:37 56 --sha-r c:\windows\system32\4DE33A8182.sys
2007-06-04 12:37 1,890 -csha-w c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2007-10-19 2445359]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2008-02-27 26624]
"Google Update"="c:\documents and settings\Mous\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-10-23 133104]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"WifiMon"="c:\program files\Manison Softworks\WifiMon\wifimon.exe" [2005-02-07 108544]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2008-02-22 1115728]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"mspwr"="c:\windows\system32\PuXpMan2.exe" [2005-09-29 110592]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Mous\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-13 113664]
Hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-08-27 625952]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-04-04 3450608]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
Xfire.lnk - c:\program files\Xfire\xfire.exe [2008-12-11 2990416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0crcnat.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Avant Browser\\avant.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\STRONG+\\StrongDC.exe"=
"c:\\Program Files\\STRONG (Mous)\\StrongDC.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Doom 3\\Doom3.exe"=
"c:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\EasyPHP 2.0b1\\EasyPHP.exe"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\ICQ6 cz\\ICQ.exe"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:80
"80:UDP"= 80:UDP:127.0.0.1
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3306:TCP"= 3306:TCP:MySQL Server

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;c:\windows\system32\drivers\ncfvsbus.sys [2008-09-03 25088]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\drivers\Video3D.sys [2004-07-06 44544]
R4 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 16:24:04 41456]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
S3 WLAN; Wireless LAN Driver;c:\windows\system32\DRIVERS\wlanNDS.sys --> c:\windows\system32\DRIVERS\wlanNDS.sys [?]
S4 FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe;FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe;c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart --> c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart [?]
S4 FAH@C:+Program Files+Fallout 3+FAH.exe;FAH@C:+Program Files+Fallout 3+FAH.exe;c:\program files\Fallout 3\FAH.exe -svcstart --> c:\program files\Fallout 3\FAH.exe -svcstart [?]
S4 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc --> c:\windows\system32\sfrem02.exe svc [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{559456ce-4bcc-11dc-9ed9-806d6172696f}]
\Shell\AutoRun\command - H:\install.exe
.
Obsah adresáře 'Naplánované úlohy'

2008-09-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2009-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-179605362-839522115-1003.job
- c:\documents and settings\Mous\Local Settings\Data aplikac []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-BDRegion - c:\program files\Cyberlink\Shared Files\brs.exe
HKLM-Run-SDFix - c:\sdfix\RunThis.bat


.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
FF - ProfilePath - c:\documents and settings\Mous\Data aplikací\Mozilla\Firefox\Profiles\q5s4rbic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.tiscali.cz/home/
FF - plugin: c:\documents and settings\Mous\Local Settings\Data aplikacĂ­\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

ATTENTION: FIREFOX POLICIES ARE IN FORCE
FF - user.js: network.proxy.type - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 22:40:43
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe]
"ImagePath"="c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+Program Files+Fallout 3+FAH.exe]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
Celkový čas: 2009-01-07 22:42:53
ComboFix-quarantined-files.txt 2009-01-07 21:42:09
ComboFix2.txt 2009-01-07 14:12:41

Před spuštěním: Volných bajtů: 21 643 694 080
Po spuštění: Volných bajtů: 21,627,707,392

372 --- E O F --- 2008-09-20 08:09:01