mwav log-poradte co smáznout

Příspěvekod **jaro3** » 10 pro 2008 08:28

Je nejspíše používán, ale viděl jsem , že ho mazali..
Tedy ještě jeden script v CF:

File::
c:\winnt\system32\drivers\nicsk32.sys

Driver::
nicsk32

Pak znovu log z CF a HJT.
Toto tam přibylo:
S2 vwussqyqv;vwussqyqv;c:\winnt\system32\svchost.exe -k netsvcs [2001-10-25 14336]
To netuším , o co se jedná..
Zkusím se podívat, či požádat o radu, jinak by měl být comp v naprostém pořádku.

Reklama

lugr · Příspěvekod **lugr** » 10 pro 2008 16:50

tak tady je ten log

ComboFix 08-12-07.04 - grebi 2008-12-10 16:10:11.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1580 [GMT 1:00]
Spuštěný z: c:\documents and settings\grebi\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\grebi\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení

FILE ::
c:\winnt\system32\drivers\nicsk32.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\system32\Dvbpws.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NICSK32
-------\Service_nicsk32

((((((((((((((((((((((((( Soubory vytvořené od 2008-11-10 do 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-09 14:05 . 2008-12-09 14:05 <DIR> d-------- c:\winnt\ERUNT
2008-12-09 14:00 . 2008-12-09 14:12 <DIR> d-------- C:\SDFix
2008-12-08 12:39 . 2008-12-08 12:39 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-08 12:39 . 2008-12-08 12:39 <DIR> d-------- c:\documents and settings\grebi\Data aplikací\Malwarebytes
2008-12-08 12:39 . 2008-12-08 12:39 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-12-08 12:39 . 2008-12-03 19:59 38,496 --a------ c:\winnt\system32\drivers\mbamswissarmy.sys
2008-12-08 12:39 . 2008-12-03 19:59 15,504 --a------ c:\winnt\system32\drivers\mbam.sys
2008-12-05 16:26 . 2008-12-05 16:26 0 --a------ C:\23990098.$$$
2008-12-02 21:21 . 2008-12-02 21:21 <DIR> d-------- c:\program files\oZone3D
2008-12-02 17:39 . 2008-12-02 17:39 <DIR> d-------- c:\winnt\system32\xlive
2008-12-01 22:00 . 2001-09-19 06:47 765,952 -ra------ c:\winnt\system\crlds3d.dll
2008-12-01 22:00 . 2006-03-17 11:18 392,960 -ra------ c:\winnt\system32\drivers\senfilt.sys
2008-12-01 22:00 . 2006-09-08 03:08 247,296 -ra------ c:\winnt\system32\drivers\ADIHdAud.sys
2008-12-01 22:00 . 2006-08-29 14:21 94,080 -ra------ c:\winnt\system32\drivers\aeaudio.sys
2008-12-01 22:00 . 2006-02-06 08:54 24,064 -ra------ c:\winnt\system32\PostProc.dll
2008-12-01 21:57 . 2008-12-01 21:58 23,701 --a------ c:\winnt\Ascd_tmp.ini
2008-11-24 15:04 . 2008-12-04 20:36 <DIR> d-------- c:\program files\Java
2008-11-24 15:04 . 2008-11-10 03:39 73,728 --a------ c:\winnt\system32\javacpl.cpl
2008-11-24 15:02 . 2008-11-10 05:43 410,984 --a------ c:\winnt\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 21:00 --------- d-----w c:\program files\Analog Devices
2008-12-01 20:44 --------- d-----w c:\program files\přehrávače
2008-11-26 20:16 --------- d-----w c:\documents and settings\grebi\Data aplikací\DivX
2008-11-07 18:08 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 18:08 --------- d-----w c:\documents and settings\All Users\Data aplikací\Fallout3
2008-11-07 18:06 --------- d-----w c:\program files\MSBuild
2008-11-07 18:03 --------- d-----w c:\program files\Reference Assemblies
2008-11-07 17:49 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-07 17:45 717,296 ----a-w c:\winnt\system32\drivers\sptd.sys
2008-11-07 17:45 --------- d-----w c:\documents and settings\grebi\Data aplikací\DAEMON Tools
2008-11-07 16:33 --------- d-----w c:\program files\GetRight
2008-11-06 04:52 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-04 19:43 --------- d-----w c:\program files\7-Zip
2008-10-28 15:38 --------- d-----w c:\documents and settings\grebi\Data aplikací\XnView
2008-10-21 16:08 --------- d-----w c:\program files\ICQ6
2008-08-17 09:54 20,500 ----a-w c:\documents and settings\grebi\FMCodec.dat
2007-10-26 15:01 271 --sh--w c:\program files\desktop.ini
2007-10-26 15:01 22,034 ---h--w c:\program files\folder.htt
.

((((((((((((((((((((((((((((( snapshot@2008-12-09_16.11.21.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-16 15:54:40 60,928 ----a-w c:\winnt\system32\lalmapib.dll
- 2008-12-09 15:09:58 16,384 ----atw c:\winnt\Temp\Perflib_Perfdata_404.dat
+ 2008-12-10 15:12:43 16,384 ----atw c:\winnt\Temp\Perflib_Perfdata_404.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winnt\system32\ctfmon.exe" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\winnt\system32\dumprep 0 -u" [X]
"JMB36X Configure"="c:\winnt\System32\JMRaidTool.exe" [2006-08-14 352256]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-10-01 413696]
"amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-10-09 90112]
"FLMOFFICE4DMOUSE"="c:\program files\Labtec\Mouse\V3.0\moffice.exe" [2008-09-11 958464]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-09-26 872448]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2003-07-25 c:\winnt\system32\internat.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2004-08-17 215552]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-17 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"Launch Ai Booster"="c:\program files\ASUS\AI Booster\OverClk.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3999:TCP"= 3999:TCP:WWW

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\winnt\system32\drivers\aswSP.sys [2008-04-04 111184]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\winnt\system32\DRIVERS\wfcxacap.sys [2007-09-19 9856]
R2 aswFsBlk;aswFsBlk;c:\winnt\system32\DRIVERS\aswFsBlk.sys [2008-04-04 20560]
R2 nxsIO32;NextSensor Kernel I/O Driver;\??\c:\winnt\System32\DRIVERS\nxsIO32.sys [2008-01-25 2208]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\winnt\system32\drivers\wfcxatun.sys [2007-09-19 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\winnt\system32\drivers\wfcxvcap.sys [2007-09-19 167040]
R3 AmdTools;AMD Special Tools Driver;c:\winnt\system32\DRIVERS\AmdTools.sys [2008-03-07 31744]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\winnt\system32\drivers\wfcxdtun.sys [2007-09-19 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\winnt\system32\drivers\wfcxtcap.sys [2007-09-19 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\winnt\system32\drivers\wfcxxbar.sys [2007-09-19 10496]
R3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS [2008-01-29 9446]
S2 vwussqyqv;vwussqyqv;c:\winnt\system32\svchost.exe -k netsvcs [2001-10-25 14336]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\grebi\LOCALS~1\Temp\ALSysIO.sys []
S3 atidgllk;atidgllk;\??\c:\documents and settings\grebi\Plocha\Downloads\Nová složka\Nová složka\atidgllk.sys []
S3 usbhub20;Podpora kořenového rozbočovač rozbočovače sběrnice USB 2.0;c:\winnt\system32\DRIVERS\usbhub20.sys [2007-10-26 49776]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vwussqyqv
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm

O16 -: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
c:\winnt\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
c:\winnt\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\grebi\Data aplikací\Mozilla\Firefox\Profiles\p0p9lccu.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.seznam.cz
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 16:12:49
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(480)
c:\winnt\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\winnt\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\winnt\system32\ati2evxx.exe
c:\combofix\hidec.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Labtec\Mouse\V3.0\mouse32a.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\winnt\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\winnt\system32\wscntfy.exe
c:\combofix\Catchme.tmp
.
**************************************************************************
.
Celkový čas: 2008-12-10 16:15:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-12-10 15:14:20
ComboFix2.txt 2008-12-09 19:27:35
ComboFix3.txt 2008-12-09 15:11:48

Před spuštěním: Volných bajtů: 11 690 070 016
Po spuštění: Volných bajtů: 11,680,751,616

174

a tady z hijaku

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:28, on 10.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\explorer.exe
D:\luboš\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINNT\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6192133406
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FB91352-197D-4C9D-AAA2-443CEFF416C1}: NameServer = 217.112.162.34 217.112.160.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6426 bytes

stěma virama to vypadá dobře

ale jeden problém se oběvil možná že je to staronový problém

před tím než jsem si všim že tam (V kompu)mám nejakou havět
mi počítač ,teda net, po zhruba 10-20 minutách spadl -začalo to vzdy hlásit nelze se připojit ,atd...
a ni se nešlo odpojit -sítové pripojení nešlo zrušit

ted mi to delá trochu něco jiného
ze začátku (po zapnutí kompu,nebo po restartu) mi jede net vcelku v pohode ale po chvíli se mi začne "zpomalovat" velice dlouho trvá načtení stránky ,někdy to hlásí že stránku nelze zobrazit...,a potom musím zmáčknout několikrát F5 aby to vůbec něco začalo načítat

tak jestli to není problém virů nebo jiné havěti tak bych to videl na ovladače nebo nejaký jiný software,,,,

tak nevim jestli mi i stímto pomůžeš či jestli mám založit jinou "diskuzi"
.

Příspěvekod **jaro3** » 10 pro 2008 18:15

Zatím do jiné sekce nechoď.
Je tam jeden problém , po každém scriptu máš ve výmazech stále stejného trojana:
c:\winnt\system32\Dvbpws.dll
Ten se nějak stále obnovuje...

Zkus toto:
F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
Follow the Instruction on the F-Secure page for proper installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

Příspěvekod **jaro3** » 10 pro 2008 21:17

Po konzultaci ještě jeden script v CF:

Kód: Vybrat vše

Driver::
vwussqyqv

NetSvc::
vwussqyqv

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000

Postupuj stejně jako předtím, na závěr sem dej log z CF.

lugr · Příspěvekod **lugr** » 11 pro 2008 14:02

tak jsem dal zas ten CF
tady je log:

ComboFix 08-12-09.03 - grebi 2008-12-11 12:32:30.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1597 [GMT 1:00]
Spuštěný z: c:\documents and settings\grebi\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\grebi\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\system32\Dvbpws.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VWUSSQYQV
-------\Service_vwussqyqv

((((((((((((((((((((((((( Soubory vytvořené od 2008-11-11 do 2008-12-11 )))))))))))))))))))))))))))))))
.

2008-12-09 14:05 . 2008-12-09 14:05 <DIR> d-------- c:\winnt\ERUNT
2008-12-09 14:00 . 2008-12-09 14:12 <DIR> d-------- C:\SDFix
2008-12-08 12:39 . 2008-12-08 12:39 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-08 12:39 . 2008-12-08 12:39 <DIR> d-------- c:\documents and settings\grebi\Data aplikací\Malwarebytes
2008-12-08 12:39 . 2008-12-08 12:39 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-12-08 12:39 . 2008-12-03 19:59 38,496 --a------ c:\winnt\system32\drivers\mbamswissarmy.sys
2008-12-08 12:39 . 2008-12-03 19:59 15,504 --a------ c:\winnt\system32\drivers\mbam.sys
2008-12-05 16:26 . 2008-12-05 16:26 0 --a------ C:\23990098.$$$
2008-12-02 21:21 . 2008-12-02 21:21 <DIR> d-------- c:\program files\oZone3D
2008-12-02 17:39 . 2008-12-02 17:39 <DIR> d-------- c:\winnt\system32\xlive
2008-12-01 22:00 . 2001-09-19 06:47 765,952 -ra------ c:\winnt\system\crlds3d.dll
2008-12-01 22:00 . 2006-03-17 11:18 392,960 -ra------ c:\winnt\system32\drivers\senfilt.sys
2008-12-01 22:00 . 2006-09-08 03:08 247,296 -ra------ c:\winnt\system32\drivers\ADIHdAud.sys
2008-12-01 22:00 . 2006-08-29 14:21 94,080 -ra------ c:\winnt\system32\drivers\aeaudio.sys
2008-12-01 22:00 . 2006-02-06 08:54 24,064 -ra------ c:\winnt\system32\PostProc.dll
2008-12-01 21:57 . 2008-12-01 21:58 23,701 --a------ c:\winnt\Ascd_tmp.ini
2008-11-24 15:04 . 2008-12-04 20:36 <DIR> d-------- c:\program files\Java
2008-11-24 15:04 . 2008-11-10 03:39 73,728 --a------ c:\winnt\system32\javacpl.cpl
2008-11-24 15:02 . 2008-11-10 05:43 410,984 --a------ c:\winnt\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 21:00 --------- d-----w c:\program files\Analog Devices
2008-12-01 20:44 --------- d-----w c:\program files\přehrávače
2008-11-26 20:16 --------- d-----w c:\documents and settings\grebi\Data aplikací\DivX
2008-11-07 18:08 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 18:08 --------- d-----w c:\documents and settings\All Users\Data aplikací\Fallout3
2008-11-07 18:06 --------- d-----w c:\program files\MSBuild
2008-11-07 18:03 --------- d-----w c:\program files\Reference Assemblies
2008-11-07 17:49 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-07 17:45 717,296 ----a-w c:\winnt\system32\drivers\sptd.sys
2008-11-07 17:45 --------- d-----w c:\documents and settings\grebi\Data aplikací\DAEMON Tools
2008-11-07 16:33 --------- d-----w c:\program files\GetRight
2008-11-06 04:52 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-04 19:43 --------- d-----w c:\program files\7-Zip
2008-10-28 15:38 --------- d-----w c:\documents and settings\grebi\Data aplikací\XnView
2008-10-21 16:08 --------- d-----w c:\program files\ICQ6
2008-08-17 09:54 20,500 ----a-w c:\documents and settings\grebi\FMCodec.dat
2007-10-26 15:01 271 --sh--w c:\program files\desktop.ini
2007-10-26 15:01 22,034 ---h--w c:\program files\folder.htt
.

((((((((((((((((((((((((((((( snapshot@2008-12-09_16.11.21.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-16 15:54:40 60,928 ----a-w c:\winnt\system32\lalmapib.dll
- 2008-12-09 15:09:58 16,384 ----atw c:\winnt\Temp\Perflib_Perfdata_404.dat
+ 2008-12-11 11:34:56 16,384 ----atw c:\winnt\Temp\Perflib_Perfdata_404.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winnt\system32\ctfmon.exe" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\winnt\system32\dumprep 0 -u" [X]
"JMB36X Configure"="c:\winnt\System32\JMRaidTool.exe" [2006-08-14 352256]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-10-01 413696]
"amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-10-09 90112]
"FLMOFFICE4DMOUSE"="c:\program files\Labtec\Mouse\V3.0\moffice.exe" [2008-09-11 958464]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-09-26 872448]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2003-07-25 c:\winnt\system32\internat.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2004-08-17 215552]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-17 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"Launch Ai Booster"="c:\program files\ASUS\AI Booster\OverClk.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3999:TCP"= 3999:TCP:WWW

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\winnt\system32\drivers\aswSP.sys [2008-04-04 111184]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\winnt\system32\DRIVERS\wfcxacap.sys [2007-09-19 9856]
R2 aswFsBlk;aswFsBlk;c:\winnt\system32\DRIVERS\aswFsBlk.sys [2008-04-04 20560]
R2 nxsIO32;NextSensor Kernel I/O Driver;\??\c:\winnt\System32\DRIVERS\nxsIO32.sys [2008-01-25 2208]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\winnt\system32\drivers\wfcxatun.sys [2007-09-19 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\winnt\system32\drivers\wfcxvcap.sys [2007-09-19 167040]
R3 AmdTools;AMD Special Tools Driver;c:\winnt\system32\DRIVERS\AmdTools.sys [2008-03-07 31744]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\winnt\system32\drivers\wfcxdtun.sys [2007-09-19 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\winnt\system32\drivers\wfcxtcap.sys [2007-09-19 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\winnt\system32\drivers\wfcxxbar.sys [2007-09-19 10496]
R3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS [2008-01-29 9446]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\grebi\LOCALS~1\Temp\ALSysIO.sys []
S3 atidgllk;atidgllk;\??\c:\documents and settings\grebi\Plocha\Downloads\Nová složka\Nová složka\atidgllk.sys []
S3 usbhub20;Podpora kořenového rozbočovač rozbočovače sběrnice USB 2.0;c:\winnt\system32\DRIVERS\usbhub20.sys [2007-10-26 49776]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm

O16 -: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
c:\winnt\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
c:\winnt\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\grebi\Data aplikací\Mozilla\Firefox\Profiles\p0p9lccu.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.seznam.cz
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 12:35:01
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(480)
c:\winnt\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\winnt\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\winnt\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Labtec\Mouse\V3.0\mouse32a.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\winnt\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\winnt\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2008-12-11 12:36:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-12-11 11:36:38
ComboFix2.txt 2008-12-10 15:15:38
ComboFix3.txt 2008-12-09 19:27:35
ComboFix4.txt 2008-12-09 15:11:48

Před spuštěním: Volných bajtů: 11 658 559 488
Po spuštění: Volných bajtů: 11,649,265,664

169

potom jsem to ješte projel na tom netu tím F-Secure Online Scanner
a tady je "log"
(cosi to našlo a odstranilo)

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<html>
<font style="COLOR: black; FONT: 10pt verdana">
<head>
<title>F-Secure Online Scanner 3.3.1 - Scanning Report - Thursday, December 11, 2008 13:35:31</title>
</head>

<body>
<h1><font face="Arial">Scanning Report</font></h1>
<h2><font face="Arial">Thursday, December 11, 2008 12:56:46 - 13:35:31</font></h2>
<p>
Computer name: SKRCEK
<br>Scanning type: Scan system for malware, rootkits
<br>Target: C:\ D:\ E:\
</p>
<hr noshade>
<h2><font face="Arial" color="#5A6ED2">Result: 2 malware found</font></h2>
<a href="http://cgi.f-secure.com/cgi-bin/websearch/vsearch.cgi?q=Worm:W32/Downadup.M&orig='disk'" target="_blank"><nobr>Worm:W32/Downadup.M</nobr></a> (virus)
<ul>
<li>
System
<li>
C:\WINNT\SYSTEM32\LALMAPIB.DLL
</ul>
<hr noshade>
<h2><font face="Arial" color="#5A6ED2">Statistics</font></h2>
Scanned:<ul>
<li>Files: 32200
<li>System: 3357
<li>Not scanned: 8
</ul>
Actions:<ul>
<li>Disinfected: 0
<li>Renamed: 0
<li>Deleted: 0
<li>None: 2
<li>Submitted: 0
</ul>
Files not scanned:<ul>
<li>C:\HIBERFIL.SYS
<li>C:\PAGEFILE.SYS
<li>C:\WINNT\SYSTEM32\DRIVERS\SPTD.SYS
<li>C:\WINNT\SYSTEM32\CONFIG\DEFAULT
<li>C:\WINNT\SYSTEM32\CONFIG\SAM
<li>C:\WINNT\SYSTEM32\CONFIG\SECURITY
<li>C:\WINNT\SYSTEM32\CONFIG\SOFTWARE
<li>C:\WINNT\SYSTEM32\CONFIG\SYSTEM

</ul>
<hr noshade>
<h2><font face="Arial" color="#5A6ED2">Options</font></h2>
Scanning engines:<ul>
<li>F-Secure USS: 2.40.0
<li>F-Secure Blacklight: 2.4.1093
<li>F-Secure Hydra: 2.8.8110, 2008-12-11
<li>F-Secure Pegasus: 1.20.0, 2008-11-10
<li>F-Secure AVP: 7.0.171, 2008-12-11

</ul>
Scanning options:<ul>
<li>Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
<li>
Use Advanced heuristics
</ul>
<hr noshade>
<ul><h6>Copyright © 1998-2007 <a href="http://support.f-secure.com/">Product support</a> |<a href="http://support.f-secure.com/enu/home/virusproblem/sample/">Send virus sample to F-Secure</a></h6><h6>F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.</h6></ul>
</body>
</font>
</html>

no a potom jsem to projel hijakem
tady je log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:38:17, on 11.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\explorer.exe
D:\luboš\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINNT\System32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6192133406
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FB91352-197D-4C9D-AAA2-443CEFF416C1}: NameServer = 217.112.162.34 217.112.160.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6551 bytes

ináč se zdá že už je to dobrý zatím se net nespomaluje ješte to přes den poskouším :wink:

Příspěvekod **jaro3** » 11 pro 2008 14:11

Prozkoušej to , log z HJT je O.K.
Pro kontrolu:

Stáhni si GMER
Po stažení aplikaci rozbal a spusť, probehne rychlý sken a otevře se hlavní okno programu:
pokud klikneš na tlačítko Save vpravo dole, muzeš vyexportovat první log, ktery vloziš sem.

lugr · Příspěvekod **lugr** » 11 pro 2008 16:54

takže jsem to projel tím GMER
a tady je log
toto vyjelo po startu, ale o tento ti asi nešlo

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-11 16:05:43
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT spuz.sys ZwEnumerateKey [0xBA6C6CA2]
SSDT spuz.sys ZwEnumerateValueKey [0xBA6C7030]

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 89E3E1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.14 ----

a tento po skenu systémového disku

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-11 16:13:17
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA4BC576]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA4BC432]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA4BC910]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA4BC00A]
SSDT spuz.sys ZwEnumerateKey [0xBA6C6CA2]
SSDT spuz.sys ZwEnumerateValueKey [0xBA6C7030]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA4BC50C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAA4BBF4A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAA4BBFAE]
SSDT spuz.sys ZwQueryKey [0xBA6C7108]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA4BC62C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA4BC5EC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA4BC76C]

INT 0x63 ? 89DD2BF8
INT 0x63 ? 89B23BF8
INT 0x63 ? 89B23BF8
INT 0x63 ? 89DD2BF8
INT 0x73 ? 89DCFBF8
INT 0x73 ? 89DCFBF8
INT 0x73 ? 89DCFBF8
INT 0x84 ? 89B23BF8
INT 0xA4 ? 89B23BF8

---- Kernel code sections - GMER 1.0.14 ----

? spuz.sys Systém nemůže nalézt uvedený soubor. !
? Combo-Fix.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload B9A2C62C 5 Bytes JMP 89B231D8
.text afpzb6v6.SYS B9977386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]
.text afpzb6v6.SYS B99773AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text afpzb6v6.SYS B99773C4 3 Bytes [ 00, 70, 02 ]
.text afpzb6v6.SYS B99773C9 1 Byte [ 2E ]
.text afpzb6v6.SYS B99773CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ]
.text ...
? C:\ComboFix\catchme.sys Systém nemůže nalézt uvedenou cestu. !
? C:\WINNT\system32\Drivers\PROCEXP90.SYS Systém nemůže nalézt uvedený soubor. !

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spuz.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spuz.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spuz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spuz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spuz.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B9048] spuz.sys
IAT \SystemRoot\System32\Drivers\afpzb6v6.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\afpzb6v6.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\afpzb6v6.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\afpzb6v6.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\afpzb6v6.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\afpzb6v6.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\afpzb6v6.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\afpzb6v6.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\afpzb6v6.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\afpzb6v6.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\afpzb6v6.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\afpzb6v6.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\afpzb6v6.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\afpzb6v6.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\afpzb6v6.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINNT\system32\services.exe[524] @ C:\WINNT\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002
IAT C:\WINNT\system32\services.exe[524] @ C:\WINNT\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 89E3E1F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBPDO-0 89A571F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89E401F8
Device \Driver\dmio \Device\DmControl\DmConfig 89E401F8
Device \Driver\dmio \Device\DmControl\DmPnP 89E401F8
Device \Driver\dmio \Device\DmControl\DmInfo 89E401F8
Device \Driver\usbohci \Device\USBPDO-1 89A571F8
Device \Driver\usbohci \Device\USBPDO-2 89A571F8
Device \Driver\usbohci \Device\USBPDO-3 89A571F8
Device \Driver\PCI_PNP3270 \Device\00000047 spuz.sys
Device \Driver\usbohci \Device\USBPDO-4 89A571F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbehci \Device\USBPDO-5 89A3D1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 89DD01F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89DD01F8
Device \Driver\Cdrom \Device\CdRom0 89A601F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 89DD01F8
Device \Driver\Cdrom \Device\CdRom1 89A601F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 89DCF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89DCF1F8
Device \Driver\atapi \Device\Ide\IdePort0 89DCF1F8
Device \Driver\atapi \Device\Ide\IdePort1 89DCF1F8
Device \Driver\atapi \Device\Ide\IdePort2 89DCF1F8
Device \Driver\atapi \Device\Ide\IdePort3 89DCF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 89DCF1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 898181F8
Device \Driver\sptd \Device\1865200770 spuz.sys
Device \Driver\NetBT \Device\NetbiosSmb 898181F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B925370D-181F-4727-9D8C-4D0603605E3E} 898181F8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBFDO-0 89A571F8
Device \Driver\usbohci \Device\USBFDO-1 89A571F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89AFD1F8
Device \Driver\usbohci \Device\USBFDO-2 89A571F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89AFD1F8
Device \Driver\usbohci \Device\USBFDO-3 89A571F8
Device \Driver\usbohci \Device\USBFDO-4 89A571F8
Device \Driver\Ftdisk \Device\FtControl 89DD01F8
Device \Driver\usbehci \Device\USBFDO-5 89A3D1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1FB91352-197D-4C9D-AAA2-443CEFF416C1} 898181F8
Device \Driver\afpzb6v6 \Device\Scsi\afpzb6v61Port5Path0Target0Lun0 89A301F8
Device \Driver\afpzb6v6 \Device\Scsi\afpzb6v61 89A301F8
Device \Driver\JRAID \Device\Scsi\JRAID1 89E3F1F8
Device \FileSystem\Cdfs \Cdfs 897F2500

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7E 0x9C 0x02 0xE7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0xDF 0x4E 0xC3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x59 0xDB 0x8D 0xF0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7E 0x9C 0x02 0xE7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0xDF 0x4E 0xC3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x59 0xDB 0x8D 0xF0 ...

---- EOF - GMER 1.0.14 ----

ináč se zdá že netík funguje jak má žádné spomalení nejde vidět

Příspěvekod **jaro3** » 11 pro 2008 17:03

Zapomněl jsem napsat log č.2, ale už to nech, když je to v pořádku.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Je to vše.

lugr · Příspěvekod **lugr** » 11 pro 2008 17:42

takže zdá se že vše funguje
moc díky za pomoc
majsa :wink:

mwav log-poradte co smáznout Vyřešeno

Re: mwav log-poradte co smáznout

Re: mwav log-poradte co smáznout

Re: mwav log-poradte co smáznout

Re: mwav log-poradte co smáznout

Re: mwav log-poradte co smáznout

Re: mwav log-poradte co smáznout

Re: mwav log-poradte co smáznout

Re: mwav log-poradte co smáznout

Re: mwav log-poradte co smáznout Vyřešeno

Kdo je online