PC-HELP.CZ

Zdravím, přikládám log z malwarebytes anti-malware a prosím a kontrolu případně co s tím mám dál dělat:

Malwarebytes' Anti-Malware 1.30
Verze databáze: 1306
Windows 5.1.2600 Service Pack 3

27.10.2008 13:01:30
mbam-log-2008-10-27 (13-01-14).txt

Typ skenu: Rychlý sken
Objektu skenováno: 50051
Uplynulý cas: 6 minute(s), 49 second(s)

Infikované procesy pameti: 2
Infikované pametové moduly: 2
Infikované klíce registru: 7
Infikované hodnoty registru: 3
Infikované položky dat registru: 14
Infikované složky: 3
Infikované soubory: 17

Infikované procesy pameti:
C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus2008) -> No action taken.
C:\Program Files\Applications\wcs.exe (Trojan.Zlob) -> No action taken.

Infikované pametové moduly:
C:\WINDOWS\system32\rgubftfo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tuvUOEvU.dll (Trojan.Vundo.H) -> No action taken.

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3aadd5c-8b83-4c71-9d0b-52b64eb5cfda} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a3aadd5c-8b83-4c71-9d0b-52b64eb5cfda} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b44b299f (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\32449076910666290701020290823364 (Rogue.Antivirus2008) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\quicktimetask (Trojan.Zlob) -> No action taken.

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvuoevu -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdfvo.exe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvuoevu -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{45989193-243c-4f1d-8623-692e8904028f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.150,85.255.112.148 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{45989193-243c-4f1d-8623-692e8904028f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.150,85.255.112.148 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cdb3f7f6-fe7d-42d5-8c2b-13865ea19aec}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.150,85.255.112.148 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cdb3f7f6-fe7d-42d5-8c2b-13865ea19aec}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.150,85.255.112.148 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{45989193-243c-4f1d-8623-692e8904028f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.150,85.255.112.148 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{45989193-243c-4f1d-8623-692e8904028f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.150,85.255.112.148 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cdb3f7f6-fe7d-42d5-8c2b-13865ea19aec}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.150,85.255.112.148 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cdb3f7f6-fe7d-42d5-8c2b-13865ea19aec}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.150,85.255.112.148 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{45989193-243c-4f1d-8623-692e8904028f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.150,85.255.112.148 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{cdb3f7f6-fe7d-42d5-8c2b-13865ea19aec}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.150,85.255.112.148 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{cdb3f7f6-fe7d-42d5-8c2b-13865ea19aec}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.150,85.255.112.148 -> No action taken.

Infikované složky:
C:\resycled (Trojan.DNSChanger) -> No action taken.
C:\Program Files\Antivirus 2009 (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\Pavel\Nabídka Start\Antivirus 2009 (Rogue.Antivirus2008) -> No action taken.

Infikované soubory:
C:\WINDOWS\system32\tuvUOEvU.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\UvEOUvut.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\UvEOUvut.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\rgubftfo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\oftfbugr.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kdfvo.exe (Rootkit.DNSChanger.H) -> No action taken.
C:\WINDOWS\system32\scui.cpl (Rogue.XPantivirus) -> No action taken.
C:\Documents and Settings\Pavel\Local Settings\Temp\_tc\keygen.exe (Trojan.Downloader) -> No action taken.
C:\resycled\boot.com (Trojan.DNSChanger) -> No action taken.
C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\Pavel\Nabídka Start\Antivirus 2009\Antivirus 2009.lnk (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\Pavel\Nabídka Start\Antivirus 2009\Uninstall Antivirus 2009.lnk (Rogue.Antivirus2008) -> No action taken.
C:\Program Files\Applications\wcs.exe (Trojan.Zlob) -> No action taken.
C:\Program Files\Applications\wcu.exe (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\Pavel\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.Antivirus2008) -> No action taken.
C:\WINDOWS\Temp\tempo-655.tmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Temp\tempo-67D.tmp (Trojan.FakeAlert) -> No action taken.

/antivirus 2009 přidán do názvu topicu. mem.

zapoměl sem napsat že se potřebuju zbavit Antiviru 2009 a podle jineho topicu sem použil malwarebytes anti-malware

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log + nový log z HJT.
viewtopic.php?f=70&t=5119

Jinak vítej na fóru PC-HELP!

Takže tady je log z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:06, on 27.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Arquivos de programas\Warcraft III\w3dr.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.grisoft.cz/register/index.php?lng=cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {302D49CA-575B-4262-9B8C-2F26C2D9F83A} - C:\WINDOWS\system32\nnnoLDVP.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [w3dr.exe] C:\Arquivos de programas\Warcraft III\w3dr.exe
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdfvo.exe] C:\WINDOWS\system32\kdfvo.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Device Detection] C:\Program Files\HappyFoto\HF Designer\dd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: The Matrix_ Path of Neo Registration.lnk = C:\Documents and Settings\Pavel\Local Settings\Temp\{2904061E-44FF-41B0-A06C-92DAAB8AA54F}\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\ATR1.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: nnnoLDVP - C:\WINDOWS\SYSTEM32\nnnoLDVP.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 7255 bytes


jinak po vymazání MbAMem a restaru PC už Antivirus 2009 nenabíhá takže to vypadá že sem se ho zbavil. Dík moc ze radu.

Obávám se , že to není všechno....
Máš tam dva antiviry, jeden odinstaluj AVG7 ( spíše) a NOD32.
Toto nech otestovat na virustotal:
C:\WINDOWS\SYSTEM32\nnnoLDVP.dll
C:\WINDOWS\system32\kdfvo.exe

viewtopic.php?f=70&t=5121

Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + mrkni se jestli ti pod Startem nechybí nějaké ikony, zobrazují se ti disky pod Tento počítač....

VirusTotal - C:\WINDOWS\SYSTEM32\nnnoLDVP.dll:

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.10.27.3 2008.10.27 -
AntiVir 7.9.0.9 2008.10.27 TR/Vundo.Gen
Authentium 5.1.0.4 2008.10.27 -
Avast 4.8.1248.0 2008.10.27 -
AVG 8.0.0.161 2008.10.27 -
BitDefender 7.2 2008.10.27 -
CAT-QuickHeal 9.50 2008.10.27 -
ClamAV 0.93.1 2008.10.27 -
DrWeb 4.44.0.09170 2008.10.27 -
eSafe 7.0.17.0 2008.10.26 Suspicious File
eTrust-Vet 31.6.6168 2008.10.25 -
Ewido 4.0 2008.10.27 -
F-Prot 4.4.4.56 2008.10.27 W32/Virtumonde.P.gen!Eldorado
F-Secure 8.0.14332.0 2008.10.27 Trojan.Win32.Monderb.vwc
Fortinet 3.113.0.0 2008.10.27 -
GData 19 2008.10.27 -
Ikarus T3.1.1.44.0 2008.10.27 Trojan.Vundo
K7AntiVirus 7.10.509 2008.10.27 -
Kaspersky 7.0.0.125 2008.10.27 Trojan.Win32.Monderb.vwc
McAfee 5415 2008.10.25 Vundo.gen.m
Microsoft 1.4005 2008.10.27 -
NOD32 3559 2008.10.27 -
Norman 5.80.02 2008.10.24 -
Panda 9.0.0.4 2008.10.27 -
PCTools 4.4.2.0 2008.10.27 -
Prevx1 V2 2008.10.27 -
Rising 21.01.02.00 2008.10.27 -
SecureWeb-Gateway 6.7.6 2008.10.27 Trojan.Vundo.Gen
Sophos 4.35.0 2008.10.27 -
Sunbelt 3.1.1753.1 2008.10.25 -
Symantec 10 2008.10.27 -
TheHacker 6.3.1.1.131 2008.10.27 -
TrendMicro 8.700.0.1004 2008.10.27 -
VBA32 3.12.8.8 2008.10.27 -
ViRobot 2008.10.27.1438 2008.10.27 -
VirusBuster 4.5.11.0 2008.10.27 -

C:\WINDOWS\system32\kdfvo.exe tam není

ještě du na ten SDfix

Obsah SDfixu:


SDFix: Version 1.238
Run by Administrator on po 27.10.2008 at 17:33

Microsoft Windows XP [Verze 5.1.2600]
Running From: c:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\nnnoLDVP.dll - Deleted
C:\autorun.inf - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 17:43:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\rptr\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\rptr\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Miranda IM\\miranda32.exe"="C:\\Program Files\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\WIP Miranda IM 1.7.1\\miranda32.exe"="C:\\Program Files\\WIP Miranda IM 1.7.1\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\rptr\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\rptr\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Games\\Valve\\hl.exe"="C:\\Games\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Games\\Call of Duty\\CoDMP.exe"="C:\\Games\\Call of Duty\\CoDMP.exe:*:Enabled:CoDMP"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Games\\Heroes of Might and Magic IV\\heroes4c.exe"="C:\\Games\\Heroes of Might and Magic IV\\heroes4c.exe:*:Enabled:Heroes of Might and MagicR IV: Winds of Wart"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Games\\Battlefield 1942\\BF1942.exe"="C:\\Games\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Games\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="C:\\Games\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\\Games\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="C:\\Games\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\\Games\\Quake3 1.32\\quake3.exe"="C:\\Games\\Quake3 1.32\\quake3.exe:*:Enabled:quake3"
"C:\\Games\\STARCRAFT\\starcraft.exe"="C:\\Games\\STARCRAFT\\starcraft.exe:*:Enabled:Starcraft"
"C:\\Games\\Counter-Strike Source\\hl2.exe"="C:\\Games\\Counter-Strike Source\\hl2.exe:*:Enabled:hl2"
"C:\\Games\\SpellForce\\SpellForce.exe"="C:\\Games\\SpellForce\\SpellForce.exe:*:Enabled:SpellForce"
"C:\\Games\\Battlefield 2\\BF2.exe"="C:\\Games\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Games\\Dark Messiah of Might and Magic\\mm.exe"="C:\\Games\\Dark Messiah of Might and Magic\\mm.exe:*:Enabled:mm"
"C:\\Games\\lf2\\lf2.exe"="C:\\Games\\lf2\\lf2.exe:*:Enabled:lf2"
"C:\\Games\\Diablo II\\Diablo II.exe"="C:\\Games\\Diablo II\\Diablo II.exe:*:Enabled:Diablo II"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Games\\GarenaClient\\Garena.exe"="C:\\Games\\GarenaClient\\Garena.exe:*:Enabled:Garena"
"C:\\Games\\wow\\WoW-2.4.1.8125-to-2.4.2.8278-enUS-downloader.exe"="C:\\Games\\wow\\WoW-2.4.1.8125-to-2.4.2.8278-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Games\\Warcraft III\\war3.exe"="C:\\Games\\Warcraft III\\war3.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Opera\\opera.exe"="C:\\Program Files\\Opera\\opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Arquivos de programas\\Warcraft III\\war3.exe"="C:\\Arquivos de programas\\Warcraft III\\war3.exe:*:Enabled:Warcraft III"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"="C:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:uTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 28 Feb 2008 24 ..SH. --- "C:\WINDOWS\S3EBA72F6.tmp"
Sun 22 Jun 2008 70,144 ..SHR --- "C:\Program Files\01-mp3search\Setup.exe"
Tue 8 Mar 2005 15,872 A.SHR --- "C:\Program Files\01-mp3search\_Setup.dll"
Sun 9 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 7 Dec 2007 197,120 A..H. --- "C:\Documents and Settings\Pavel\Local Settings\Temp\~3E.tmp"
Thu 17 Apr 2008 211,968 A..H. --- "C:\Documents and Settings\Pavel\Local Settings\Temp\~7.tmp"
Sun 18 Nov 2007 0 A.SH. --- "C:\Program Files\WIP Miranda IM 1.7.1\resources\profiles\resources\profiles\Pýijat‚ soubory\311573562\SIV14.tmp"
Sun 18 Nov 2007 0 A.SH. --- "C:\Program Files\WIP Miranda IM 1.7.1\resources\profiles\resources\profiles\Pýijat‚ soubory\311573562\SIV2A.tmp"

Finished!

Takže pokračujeme:Najdi a smaž: C:\SDFix.
Vypni rez. ochranu u zbývajícího antiviru.
Stáhni si ComboFix (by sUBs)

a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

ComboFix 08-10-26.01 - Pavel 2008-10-27 19:10:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.681 [GMT 1:00]
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Pavel\Data aplikací\inst.exe
C:\WINDOWS\system32\GgfhQqss.ini
C:\WINDOWS\system32\GgfhQqss.ini2
C:\WINDOWS\system32\ieupdates.exe.tmp
C:\WINDOWS\system32\kxgicakf.ini
C:\WINDOWS\system32\pmnmkjkh.dll
C:\WINDOWS\system32\risercqv.ini
C:\WINDOWS\system32\ssqQhfgG.dll
C:\WINDOWS\system32\vqcresir.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Soubory vytvořené od 2008-09-27 do 2008-10-27 )))))))))))))))))))))))))))))))
.

2008-10-27 17:32 . 2008-10-27 17:32 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-10-27 17:31 . 2008-10-27 17:31 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-27 17:30 . 2008-10-27 17:38 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-10-27 17:30 . 2007-11-11 20:58 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2008-10-27 17:30 . 2007-11-11 20:58 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2008-10-27 17:30 . 2007-11-11 20:58 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2008-10-27 17:30 . 2007-11-11 20:22 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2008-10-27 17:30 . 2007-11-11 20:58 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2008-10-27 17:30 . 2007-11-11 20:58 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-10-27 17:30 . 2007-11-11 20:58 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2008-10-27 17:30 . 2008-10-27 17:30 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-27 16:19 . 2008-10-27 16:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-27 13:07 . 2008-10-27 13:07 9,123 --a------ C:\ResetTeaTimer.bat
2008-10-27 12:41 . 2008-10-27 12:41 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 12:41 . 2008-10-27 12:41 <DIR> d-------- C:\Documents and Settings\Pavel\Data aplikací\Malwarebytes
2008-10-27 12:41 . 2008-10-27 12:41 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2008-10-27 12:41 . 2008-10-22 16:34 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-27 12:41 . 2008-10-22 16:34 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-27 00:14 . 2008-10-27 00:14 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ESET
2008-10-26 21:51 . 2008-10-27 16:13 <DIR> d-------- C:\Program Files\Applications
2008-10-26 21:51 . 2008-10-26 21:51 27,904 --a------ C:\WINDOWS\system32\drivers\ndisprot.sys
2008-10-24 10:36 . 2008-10-15 17:38 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-22 16:56 . 2008-10-25 20:08 13,231 --a------ C:\Documents and Settings\Pavel\Data aplikací\mdbu.bin
2008-10-22 16:30 . 2008-10-22 16:30 <DIR> d-------- C:\Program Files\HappyFoto
2008-10-19 17:01 . 2008-10-19 17:02 4,927 --a------ C:\raptor.jpg
2008-10-15 13:14 . 2008-09-15 16:27 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 13:14 . 2008-09-08 11:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 13:13 . 2008-08-14 14:26 2,191,360 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 13:13 . 2008-08-14 14:26 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 13:13 . 2008-08-14 14:26 2,068,224 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 13:13 . 2008-08-14 14:26 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-12 15:53 . 2008-10-12 15:59 <DIR> d-------- C:\Documents and Settings\Pavel\Data aplikací\My Battle for Middle-earth(tm) II Files
2008-10-10 13:19 . 2008-10-10 13:20 <DIR> d-------- C:\asdasd

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 14:32 --------- d-----w C:\Program Files\AIMP2
2008-10-26 07:58 --------- d-----w C:\Documents and Settings\Pavel\Data aplikací\AVG7
2008-10-05 15:40 --------- d-----w C:\Documents and Settings\Pavel\Data aplikací\OpenOffice.org2
2008-10-02 14:02 --------- d-----w C:\Documents and Settings\Pavel\Data aplikací\uTorrent
2008-09-21 18:53 --------- d-----w C:\Documents and Settings\Guest\Data aplikací\AVG7
2008-09-21 18:42 --------- d-----w C:\Documents and Settings\Unknown\Data aplikací\AVG7
2008-09-20 15:24 --------- d-----w C:\Program Files\The KMPlayer
2008-09-19 17:06 --------- d-----w C:\Program Files\uTorrent
2008-09-19 16:30 --------- d-----w C:\Documents and Settings\Pavel\Data aplikací\Motive
2008-09-19 16:23 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Motive
2008-09-19 16:01 --------- d-----w C:\Program Files\TO2SSM
2008-09-19 16:01 --------- d-----w C:\Program Files\Common Files\Motive
2008-09-19 15:55 --------- d-----w C:\Program Files\TO2SAM
2008-09-18 20:12 --------- d-----w C:\Documents and Settings\Pavel\Data aplikací\Media Player Classic
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-07 15:16 --------- d-----w C:\Program Files\EA GAMES
2008-09-07 09:40 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Avg7
2008-09-05 18:41 --------- d-----w C:\Documents and Settings\Pavel\Data aplikací\EmailNotifier
2008-09-05 18:41 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Megaupload
2008-09-05 18:41 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\EmailNotifier
2008-09-05 17:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-05 17:42 --------- d-----w C:\Program Files\GOA
2008-08-30 15:52 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-08-30 12:39 --------- d-----w C:\Documents and Settings\Pavel\Data aplikací\dvdcss
2008-08-27 09:28 --------- d-----w C:\Program Files\Lineage II
2008-04-23 17:11 47,360 ----a-w C:\Documents and Settings\Pavel\Data aplikací\pcouffin.sys
2007-12-03 17:03 22,328 ----a-w C:\Documents and Settings\Pavel\Data aplikací\PnkBstrK.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-07 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 81920]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-10-16 590848]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-18 1838592]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"w3dr.exe"="C:\Arquivos de programas\Warcraft III\w3dr.exe" [2008-08-03 61440]
"TO2SSM_McciTrayApp"="C:\Program Files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-13 219136]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GetRight.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\GetRight.lnk
backup=C:\WINDOWS\pss\GetRight.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-09-13 13:31 22880040 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-28 14:20 1271032 C:\Program Files\Valve\Steam\Steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\rptr\\condition zero\\hl.exe"=
"C:\\Program Files\\WIP Miranda IM 1.7.1\\miranda32.exe"=
"C:\\Program Files\\Valve\\Steam\\SteamApps\\rptr\\counter-strike\\hl.exe"=
"C:\\Games\\Valve\\hl.exe"=
"C:\\Games\\Call of Duty\\CoDMP.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Games\\Battlefield 1942\\BF1942.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Games\\Quake3 1.32\\quake3.exe"=
"C:\\Games\\STARCRAFT\\starcraft.exe"=
"C:\\Games\\Counter-Strike Source\\hl2.exe"=
"C:\\Games\\SpellForce\\SpellForce.exe"=
"C:\\Games\\Battlefield 2\\BF2.exe"=
"C:\\Games\\lf2\\lf2.exe"=
"C:\\Games\\Diablo II\\Diablo II.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Games\\GarenaClient\\Garena.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Arquivos de programas\\Warcraft III\\war3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 71096]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-13 69120]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-03-29 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [ ]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-03-29 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [ ]
S3 Ndisprot;ArcNet NDIS Protocol Driver;C:\WINDOWS\system32\drivers\Ndisprot.sys [2008-10-26 27904]
S3 pohci13F;pohci13F;C:\DOCUME~1\Pavel\LOCALS~1\Temp\pohci13F.sys [ ]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{698fe2c1-9090-11dc-8642-806d6172696f}]
\Shell\AutoRun\command - D:\Setup.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{9B3239E6-FC57-44D4-8060-DDA47EA2D45B} - C:\WINDOWS\system32\ssqQhfgG.dll
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKCU-Run-Device Detection - C:\Program Files\HappyFoto\HF Designer\dd.exe
HKLM-Run-C:\WINDOWS\system32\kdfvo.exe - C:\WINDOWS\system32\kdfvo.exe


.
------- Doplňkový sken -------
.
FireFox -: Profile - C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\j67mz8iu.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 19:14:31
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Celkový čas: 2008-10-27 19:19:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-10-27 18:19:34

Před spuštěním: 8,868,757,504
Po spuštění: 9,559,556,096

209 --- E O F --- 2008-10-24 22:23:25

Čisto..
Vlož ještě nový log z HJT.

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:06:24, on 27.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WIP Miranda IM 1.7.1\miranda32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.grisoft.cz/register/index.php?lng=cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [w3dr.exe] C:\Arquivos de programas\Warcraft III\w3dr.exe
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: The Matrix_ Path of Neo Registration.lnk = C:\Documents and Settings\Pavel\Local Settings\Temp\{2904061E-44FF-41B0-A06C-92DAAB8AA54F}\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\ATR1.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDB3F7F6-FE7D-42D5-8C2B-13865EA19AEC}: NameServer = 62.204.255.250,62.204.224.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6536 bytes

Log OK.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Doinstaluj javu:
Java SE Runtime Environment 6u10

Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u10-windows-i586-p.exe
Je to vše.