PC-HELP.CZ

MWAV mi vyjel toto. nevíte,jestli je to něco závažnějšího a jak se toho zbavit?

chybička se vloudí

File C:\WINDOWS\SYSTEM32\NODANTIVIR.SYS infected by "Trojan-Spy.Win32.Goldun.gq" Virus! Action Taken: No Action Taken.
Object "minibug Adware" found in File System! Action Taken: No Action Taken.
Object "searchexe Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "spyware Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "spyware Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bridge Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bridge Spyware/Adware" found in File System! Action Taken: No Action Taken.
File C:\WINDOWS\system32\mdfpro.dll infected by "Trojan-Spy.Win32.Goldun.fp" Virus! Action Taken: No Action Taken.

MWAV je důkladný sken systému a nezdá se mi, že by se ti ve výsledku objevilo jen tohle. Ty řádky o virech, spyware, adware a podobných šmejdech bývají takhle:

File C:\WINDOWS\SYSTEM32\NODANTIVIR.SYS infected by "Trojan-Spy.Win32.Goldun.gq" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\mdfpro.dll infected by "Trojan-Spy.Win32.Goldun.fp" Virus! Action Taken: No Action Taken.

- Čili vždy 2 řádky s úplnou cestou k nakaženému souboru. V tom co jsi sem dal, tam právě chybí ty cesty a názvy těch souborů. V pořádku jsou jen ten první a poslední záznam.
Udělej ho znovu. I když pro začátek by byl lepší log z Hijackthisu.

tak tady je zatím HJT. MWAV zkusím ještě jednou.

Logfile of HijackThis v1.99.1
Scan saved at 11:31:51, on 20.2.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mirek\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Stáhnout Star Downloaderem - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB005C4D-1AA8-433B-80D4-BB689F22923C}: NameServer = 84.16.96.2
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

Máš nainstalovaný FlashGet a Star Downloader na stahování. Se Star Downloaderem bývají dost problémy, takže ten bych raději odinstaloval - mimo jiné mohou být problémy se spuštěním stahování (otázka piority procesů). Nechej si jen FlashGet.

V HJT fixni akorát toto:
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O8 - Extra context menu item: Stáhnout Star Downloaderem - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL - Alexu nepoužíváš, takže je to zbytečné

Aktivního šmejda tam není vidět, takže počkáme na log z MWAVu.

Díky .MWAV mi vyjel stejný log,ale pracuji s ním poprvé,takže to bude asi chyba ve mě.

Trochu si s tím pohrej, ať je vidět, co tam je. Tam jsou šmejdi (už podle toho prvního příspěvku cos poslal) neaktivní, ale musí se smazat, aby se náhodou neaktivovali.

tak jsem si s tím trochu pohrál.



File C:\WINDOWS\SYSTEM32\NODANTIVIR.SYS infected by "Trojan-Spy.Win32.Goldun.gq" Virus! Action Taken: No Action Taken.
Object "minibug Adware" found in File System! Action Taken: No Action Taken.
Object "searchexe Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "spyware Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "spyware Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bridge Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bridge Spyware/Adware" found in File System! Action Taken: No Action Taken.
File C:\WINDOWS\system32\mdfpro.dll infected by "Trojan-Spy.Win32.Goldun.fp" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Mirek\.jpi_cache\jar\1.0\count.jar-2dcfcc1e-4aeae45a.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Mirek\.jpi_cache\jar\1.0\count.jar-38b5a303-710dac32.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Mirek\.jpi_cache\jar\1.0\javainstaller.jar-2cb7cc7f-7e2b2adf.zip infected by "Trojan-Downloader.Java.OpenStream.w" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Mirek\.jpi_cache\jar\1.0\jrl.jar-46a38335-3c726540.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Profiles\Nepojmenovaný\eyxjuous.slt\Cache\D9FC2727d01 infected by "Trojan-Clicker.JS.Linker.j" Virus! Action Taken: No Action Taken.
File C:\Download\eCodec-v4.143(1).exe infected by "Trojan.Win32.Zapchast.ax" Virus! Action Taken: No Action Taken.
File C:\Download\eCodec-v4.143.exe infected by "Trojan.Win32.Zapchast.ax" Virus! Action Taken: No Action Taken.
File C:\Program Files\EMCO Malware Bouncer\Quarantine\M-YDDCHEQVSG3GY\NMC.NDOTNET\Files\Program Files\NewDotNet\newdotnet7_22(2).dll tagged as "not-a-virus:AdWare.Win32.NewDotNet.i". Action Taken: No Action Taken.
File C:\WINDOWS\system32\mdfpro.dll infected by "Trojan-Spy.Win32.Goldun.fp" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\mdfpro.dll infected by "Trojan-Spy.Win32.Goldun.fp" Virus! Action Taken: No Action Taken.

Takže si nastav zobrazování skrytých a systémových souborů a najdi na disku tyto soubory:

C:\WINDOWS\SYSTEM32\NODANTIVIR.SYS - Troj/Haxdoor-AK
C:\WINDOWS\system32\mdfpro.dll - Trojan-Spy.Win32.Goldun.fp
C:\Documents and Settings\Mirek\.jpi_cache\jar\1.0\count.jar-2dcfcc1e-4aeae45a.zip - Exploit.Java.ByteVerify
C:\Documents and Settings\Mirek\.jpi_cache\jar\1.0\count.jar-38b5a303-710dac32.zip - to samé
C:\Documents and Settings\Mirek\.jpi_cache\jar\1.0\javainstaller.jar-2cb7cc7f-7e2b2adf.zip - Trojan-Downloader.Java.OpenStream.w
C:\Documents and Settings\Mirek\.jpi_cache\jar\1.0\jrl.jar-46a38335-3c726540.zip - Trojan-Downloader.Java.OpenConnection.aj
C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Profiles\Nepojmenovaný\eyxjuous.slt\Cache\D9FC2727d01 - Trojan-Clicker.JS.Linker.j
C:\Download\eCodec-v4.143(1).exe - Trojan.Win32.Zapchast.ax
C:\Download\eCodec-v4.143.exe - to samé
C:\Program Files\EMCO Malware Bouncer\Quarantine\M-YDDCHEQVSG3GY\NMC.NDOTNET\Files\Program Files\NewDotNet\newdotnet7_22(2).dll - AdWare.Win32.NewDotNet

Nejdříve si stáhni CCleaner (návod)- odpoj se od internetu a vypni všechny okna prohlížečů (IE, FF, Operu) a spusť CCleaner - dej všechno vyčistit včetně Java Cache. Potom najdi ty červeně označené soubory a všechny smaž. Adresář C:\Program Files\EMCO Malware Bouncer smaž celý!!! Potom nezapomeň vysypat koš!

Vypadá to jako žákovská knížka, ale mělo by to jít dobře, protože šmejdi nejsou momentálně aktivní.
Napiš, jak jsi dopadl.