prosím o kontrolu logu !

[Rajnoch]

Dobrý den, mám jeden dobře zasekaný stroj na stole ( od kamaráda) aprosím o kontrolu logu, MWavu a Hijacku:

MWAV hlásí:

Objekt "funwebproducts Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "istbar Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "smitfraud Browser Hijacker" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "smitfraud Browser Hijacker" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "ace club casino Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "2antispyware Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "ezula Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.



a HiJackThis hlásí:


Logfile of HijackThis v1.99.1
Scan saved at 16:26:35, on 21.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\totalcmd\TOTALCMD.EXE
D:\Program Files\totalcmd\TOTALCMD.EXE
D:\instalace\ochrany\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - (no file)
O2 - BHO: (no name) - {3656C6D8-816A-4EB5-9B39-40BC1CA7C633} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - (no file)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Spy Watcher] "D:\PROGRA~1\FREESP~1\SpyWatcher.exe" -S
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ6\ICQ.exe" silent
O4 - Startup: OpenOffice.org 2.0.lnk = D:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = D:\Program Files\PIXELA\ImageMixer for HDD Camcorder\IMx3Launcher.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\Rockstar Games\Záloha\BitSpirit\bsurl.htm
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/784af55 ... 8c2_35.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/ ... 2D2D2D.exe
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RadClock - Unknown owner - D:\WINDOWS\system32\RadClock.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - D:\WINDOWS\system32\UAService7.exe

testy jsou po mnoha čisticích procesech (adaware, ccleaner, registry mechanic, něco ručně) v nouzovém režimu a už nevím co stím. V normálním režimu to včil poněkud padá.

Děkuji

[Reklama]

[Baron Prášil]

MVAW nestojí za řeč.
v hijackthis fixni
O2 - BHO: (no name) - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - (no file)
O2 - BHO: (no name) - {3656C6D8-816A-4EB5-9B39-40BC1CA7C633} - (no file)
O3 - Toolbar: (no name) - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - (no file)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)

vidím 2x antispyware.nechal bych si jenom Spy Terminator

nevidím firewall
vyber si tady,doporučuju Comodo

vyčisti systém CCleanerem a RegCleanerem

defragmentuj,pokud to bude třeba
třeba tímto O&O Defrag 2000

a když tyto více,méně hygienické úkony provedeš a nic se nezmění
udělej log z Combofixu
- po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem celý jeho obsah

[Rajnoch]

Díky, regcleanr nejde spustit, ale ani na mém compu, visí ve spuštěných procesech a jinak nikde nic nevidím.
psílám log z combofixu:

ComboFix 07-06-21.3 - D:\instalace\ochrany\1\ComboFix.exe
"Jirka Doma" - 2007-06-21 21:04:49 - Service Pack 2 NTFS

[i] ADS removed - svchost.exe: deleted 68 bytes in 1 streams. [/i]

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\DOCUME~1\JIRKAD~1\Plocha\internet.lnk
D:\Program Files\Common Files\Companion Wizard
D:\Program Files\Common Files\Companion Wizard\WapCHK.dll
D:\WINDOWS\regedit.com
D:\WINDOWS\system32\msxml3a.dll
D:\WINDOWS\system32\taskmgr.com


((((((((((((((((((((((((( Files Created from 2007-05-21 to 2007-06-21 )))))))))))))))))))))))))))))))


2007-06-21 21:04 49,152 --a------ D:\WINDOWS\nircmd.exe
2007-06-21 20:55 <DIR> d-------- D:\Program Files\RegCleaner
2007-06-21 12:48 138,368 --a------ D:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-06-21 12:46 <DIR> d-------- D:\Program Files\Spyware Terminator
2007-06-21 12:46 <DIR> d-------- D:\Program Files\Crawler
2007-06-21 12:46 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DATAAP~1\Spyware Terminator
2007-06-21 11:59 <DIR> d-------- D:\Program Files\CCleaner
2007-06-20 19:51 95,872 --a------ D:\WINDOWS\system32\AvastSS.scr
2007-06-20 19:51 94,552 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-20 19:51 85,952 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2007-06-20 19:51 43,176 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-20 19:51 26,888 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-20 19:51 23,416 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-20 19:50 745,600 --a------ D:\WINDOWS\system32\aswBoot.exe
2007-06-19 20:22 368,912 --a------ D:\WINDOWS\system32\vbar332.dll
2007-06-19 20:22 147,456 --a------ D:\WINDOWS\system32\Vbzip11.dll
2007-06-19 20:22 143,360 --a------ D:\WINDOWS\system32\vbuzip10.dll
2007-06-19 20:22 10,752 --a------ D:\WINDOWS\system32\aamd532.dll
2007-06-19 20:22 <DIR> d-------- D:\Program Files\Free Spyware Scanner
2007-06-19 13:20 <DIR> d-a------ D:\WINDOWS\zts2.exe
2007-06-19 13:20 <DIR> d-a------ D:\WINDOWS\system32\vcmgcd32.dll
2007-06-19 13:20 <DIR> d-a------ D:\WINDOWS\system32\iifgfgf.dll
2007-06-19 13:20 <DIR> d-a------ D:\WINDOWS\rundll16.exe
2007-06-19 13:20 <DIR> d-a------ D:\WINDOWS\rundl132.dll
2007-06-19 13:20 <DIR> d-a------ D:\WINDOWS\logo1_.exe
2007-06-19 13:17 147,968 --a------ D:\WINDOWS\R.COM
2007-06-19 13:17 137,216 --a------ D:\WINDOWS\system32\T.COM
2007-06-19 12:46 31,252 --a------ D:\WINDOWS\system32\4689842ld.exe
2007-06-19 12:46 31,252 --a------ D:\WINDOWS\system32\46217812ld.exe
2007-06-19 12:44 31,252 --a------ D:\WINDOWS\system32\44326092ld.exe
2007-06-19 12:44 31,252 --a------ D:\WINDOWS\system32\44245622ld.exe
2007-06-19 12:37 31,252 --a------ D:\WINDOWS\system32\3734062ld.exe
2007-06-19 12:37 31,252 --a------ D:\WINDOWS\system32\3711872ld.exe
2007-06-19 12:35 31,252 --a------ D:\WINDOWS\system32\35211402ld.exe
2007-06-19 12:35 31,252 --a------ D:\WINDOWS\system32\3516622ld.exe
2007-06-19 12:29 31,252 --a------ D:\WINDOWS\system32\29435462ld.exe
2007-06-19 12:29 31,252 --a------ D:\WINDOWS\system32\29412502ld.exe
2007-06-19 12:27 31,252 --a------ D:\WINDOWS\system32\27315782ld.exe
2007-06-19 12:27 31,252 --a------ D:\WINDOWS\system32\27291092ld.exe
2007-06-19 12:25 31,252 --a------ D:\WINDOWS\system32\25245312ld.exe
2007-06-19 12:25 31,252 --a------ D:\WINDOWS\system32\25216092ld.exe
2007-06-19 12:23 59,104 --a------ D:\WINDOWS\system32\drivers\asc3550i.sys
2007-06-19 12:23 31,252 --a------ D:\WINDOWS\system32\23232502ld.exe
2007-06-19 12:23 31,252 --a------ D:\WINDOWS\system32\23119532ld.exe
2007-06-19 12:04 31,252 --a------ D:\WINDOWS\system32\464212ld.exe
2007-06-19 12:04 31,252 --a------ D:\WINDOWS\system32\438432ld.exe
2007-06-19 10:59 31,252 --a------ D:\WINDOWS\system32\59295002ld.exe
2007-06-19 10:59 31,252 --a------ D:\WINDOWS\system32\59274372ld.exe
2007-06-19 10:54 31,252 --a------ D:\WINDOWS\system32\5419152ld.exe
2007-06-18 23:17 31,252 --a------ D:\WINDOWS\system32\17284212ld.exe
2007-06-18 23:15 31,252 --a------ D:\WINDOWS\system32\15482182ld.exe
2007-06-18 23:15 31,252 --a------ D:\WINDOWS\system32\15428592ld.exe
2007-06-18 23:14 31,252 --a------ D:\WINDOWS\system32\1358152ld.exe
2007-06-18 23:12 31,252 --a------ D:\WINDOWS\system32\1216152ld.exe
2007-06-18 23:12 31,252 --a------ D:\WINDOWS\system32\12136402ld.exe
2007-06-18 23:10 31,252 --a------ D:\WINDOWS\system32\10315462ld.exe
2007-06-18 23:10 31,252 --a------ D:\WINDOWS\system32\10292962ld.exe
2007-06-18 23:08 31,252 --a------ D:\WINDOWS\system32\8472342ld.exe
2007-06-18 23:08 31,252 --a------ D:\WINDOWS\system32\8448432ld.exe
2007-06-18 23:07 31,252 --a------ D:\WINDOWS\system32\716252ld.exe
2007-06-18 23:07 31,252 --a------ D:\WINDOWS\system32\6593122ld.exe
2007-06-18 23:03 31,252 --a------ D:\WINDOWS\system32\3287342ld.exe
2007-06-18 23:01 31,252 --a------ D:\WINDOWS\system32\1482182ld.exe
2007-06-18 23:01 31,252 --a------ D:\WINDOWS\system32\14302ld.exe
2007-06-18 22:59 31,252 --a------ D:\WINDOWS\system32\59492342ld.exe
2007-06-18 22:59 31,252 --a------ D:\WINDOWS\system32\59439212ld.exe
2007-06-18 22:56 31,252 --a------ D:\WINDOWS\system32\56174532ld.exe
2007-06-18 22:56 31,252 --a------ D:\WINDOWS\system32\56121872ld.exe
2007-06-18 22:50 31,252 --a------ D:\WINDOWS\system32\50307502ld.exe
2007-06-18 22:45 31,252 --a------ D:\WINDOWS\system32\4554312ld.exe
2007-06-18 22:45 31,252 --a------ D:\WINDOWS\system32\4549932ld.exe
2007-06-18 22:42 31,252 --a------ D:\WINDOWS\system32\42521872ld.exe
2007-06-18 22:42 31,252 --a------ D:\WINDOWS\system32\42499372ld.exe
2007-06-18 22:41 31,252 --a------ D:\WINDOWS\system32\4114212ld.exe
2007-06-18 22:41 31,252 --a------ D:\WINDOWS\system32\41101092ld.exe
2007-06-18 22:37 31,252 --a------ D:\WINDOWS\system32\37183282ld.exe
2007-06-18 22:35 31,252 --a------ D:\WINDOWS\system32\35246712ld.exe
2007-06-18 22:35 31,252 --a------ D:\WINDOWS\system32\35225622ld.exe
2007-06-18 22:33 31,252 --a------ D:\WINDOWS\system32\33358752ld.exe
2007-06-18 22:33 31,252 --a------ D:\WINDOWS\system32\33336562ld.exe
2007-06-18 22:31 31,252 --a------ D:\WINDOWS\system32\31535622ld.exe
2007-06-18 22:31 31,252 --a------ D:\WINDOWS\system32\31511402ld.exe
2007-06-18 22:30 31,252 --a------ D:\WINDOWS\system32\3056092ld.exe
2007-06-18 22:30 31,252 --a------ D:\WINDOWS\system32\3034212ld.exe
2007-06-18 22:28 31,252 --a------ D:\WINDOWS\system32\28196872ld.exe
2007-06-18 22:28 31,252 --a------ D:\WINDOWS\system32\28174062ld.exe
2007-06-18 22:26 31,252 --a------ D:\WINDOWS\system32\26335782ld.exe
2007-06-18 22:26 31,252 --a------ D:\WINDOWS\system32\26312962ld.exe
2007-06-18 22:24 31,252 --a------ D:\WINDOWS\system32\24482652ld.exe
2007-06-18 22:24 31,252 --a------ D:\WINDOWS\system32\24461092ld.exe
2007-06-18 22:23 31,252 --a------ D:\WINDOWS\system32\23402ld.exe
2007-06-18 22:23 31,252 --a------ D:\WINDOWS\system32\2318752ld.exe
2007-06-18 22:21 31,252 --a------ D:\WINDOWS\system32\21188282ld.exe
2007-06-18 22:21 31,252 --a------ D:\WINDOWS\system32\21165622ld.exe
2007-06-18 22:19 31,252 --a------ D:\WINDOWS\system32\19333592ld.exe
2007-06-18 22:19 31,252 --a------ D:\WINDOWS\system32\19309682ld.exe
2007-06-18 22:17 31,252 --a------ D:\WINDOWS\system32\1748932ld.exe
2007-06-18 22:17 31,252 --a------ D:\WINDOWS\system32\17459372ld.exe
2007-06-18 22:16 31,252 --a------ D:\WINDOWS\system32\1624062ld.exe
2007-06-18 22:16 31,252 --a------ D:\WINDOWS\system32\160152ld.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-21 19:00:20 -------- d-----w D:\DOCUME~1\JIRKAD~1\DATAAP~1\OpenOffice.org2
2007-06-18 19:05:30 -------- d-----w D:\DOCUME~1\JIRKAD~1\DATAAP~1\Glory of the Roman Empire
2007-06-15 15:37:40 98,304 ----a-w D:\WINDOWS\system32\CmdLineExt.dll
2007-06-14 13:33:39 -------- d-----w D:\Program Files\Mozilla Thunderbird
2007-06-11 17:49:09 -------- d--h--w D:\Program Files\InstallShield Installation Information
2007-05-20 15:12:43 -------- d-----w D:\Program Files\Call of Duty
2007-05-16 15:18:40 683,520 ----a-w D:\WINDOWS\system32\inetcomm.dll
2007-05-02 22:06:54 533,805 --sha-w D:\WINDOWS\system32\nmllm.ini2
2007-05-02 16:12:57 526,264 --sha-w D:\WINDOWS\system32\nmllm.bak2
2007-05-02 16:08:58 -------- d-----w D:\DOCUME~1\JIRKAD~1\DATAAP~1\uTorrent
2007-04-27 08:43:19 590,057 --sha-w D:\WINDOWS\system32\nmllm.bak1
2007-04-25 14:22:50 144,896 ----a-w D:\WINDOWS\system32\schannel.dll
2007-04-18 16:15:25 2,854,400 ----a-w D:\WINDOWS\system32\msi.dll
2007-03-29 17:17:16 7,288 -c--a-w D:\WINDOWS\mozver.dat
2007-03-25 09:07:08 73,236 ----a-w D:\WINDOWS\system32\perfc005.dat
2007-03-25 09:07:08 398,472 ----a-w D:\WINDOWS\system32\perfh005.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-01-05 12:30]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 07:12]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"SoundMAXPnP"="D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28]
"SoundMAX"="D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 09:42]
"ATICCC"="D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45]
"PWRISOVM.EXE"="D:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-18 04:24]
"PCSuiteTrayApplication"="D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]
"ISUSPM Startup"="D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 12:41]
"ISUSScheduler"="D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]
"LanguageShortcut"="D:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"SpywareTerminator"="D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-06-21 12:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-18 14:00]
"PcSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]
"ICQ"="D:\Program Files\ICQ6\ICQ.exe" [2007-04-25 12:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"="D:\WINDOWS\system32\RadExe.dll" [2005-04-27 03:49]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34f56f9e-5867-11db-bb43-00304f373d90}]
AutoRun\command- I:\setupSNK.exe


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-21 21:13:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-21 21:16:21 - machine was rebooted
D:\ComboFix-quarantined-files.txt ... 2007-06-21 21:15

--- E O F ---

teď už muím jít, dopoledne budu pokračovat

[sakiri]

No fíha tolik neznámých souborů co jsou viry jsem dlouho neviděl.

stáhni si Avenger a spusť ho pod účtem administrátora.

Zaškrtni volbu - Input script manually a klikni na ikonku lupy vyskočí prázdné okno kam zkopíruj ten tučně označený text:
Files to delete:
D:\WINDOWS\system32\4689842ld.exe
D:\WINDOWS\system32\46217812ld.exe
D:\WINDOWS\system32\44326092ld.exe
D:\WINDOWS\system32\44245622ld.exe
D:\WINDOWS\system32\3734062ld.exe
D:\WINDOWS\system32\3711872ld.exe
D:\WINDOWS\system32\35211402ld.exe
D:\WINDOWS\system32\3516622ld.exe
D:\WINDOWS\system32\29435462ld.exe
D:\WINDOWS\system32\29412502ld.exe
D:\WINDOWS\system32\27315782ld.exe
D:\WINDOWS\system32\27291092ld.exe
D:\WINDOWS\system32\25245312ld.exe
D:\WINDOWS\system32\25216092ld.exe
D:\WINDOWS\system32\23232502ld.exe
D:\WINDOWS\system32\23119532ld.exe
D:\WINDOWS\system32\464212ld.exe
D:\WINDOWS\system32\438432ld.exe
D:\WINDOWS\system32\59295002ld.exe
D:\WINDOWS\system32\59274372ld.exe
D:\WINDOWS\system32\5419152ld.exe
D:\WINDOWS\system32\17284212ld.exe
D:\WINDOWS\system32\15482182ld.exe
D:\WINDOWS\system32\15428592ld.exe
D:\WINDOWS\system32\1358152ld.exe
D:\WINDOWS\system32\1216152ld.exe
D:\WINDOWS\system32\12136402ld.exe
D:\WINDOWS\system32\10315462ld.exe
D:\WINDOWS\system32\10292962ld.exe
D:\WINDOWS\system32\8472342ld.exe
D:\WINDOWS\system32\8448432ld.exe
D:\WINDOWS\system32\716252ld.exe
D:\WINDOWS\system32\6593122ld.exe
D:\WINDOWS\system32\3287342ld.exe
D:\WINDOWS\system32\1482182ld.exe
D:\WINDOWS\system32\14302ld.exe
D:\WINDOWS\system32\59492342ld.exe
D:\WINDOWS\system32\59439212ld.exe
D:\WINDOWS\system32\56174532ld.exe
D:\WINDOWS\system32\56121872ld.exe
D:\WINDOWS\system32\50307502ld.exe
D:\WINDOWS\system32\4554312ld.exe
D:\WINDOWS\system32\4549932ld.exe
D:\WINDOWS\system32\42521872ld.exe
D:\WINDOWS\system32\42499372ld.exe
D:\WINDOWS\system32\4114212ld.exe
D:\WINDOWS\system32\41101092ld.exe
D:\WINDOWS\system32\37183282ld.exe
D:\WINDOWS\system32\35246712ld.exe
D:\WINDOWS\system32\35225622ld.exe
D:\WINDOWS\system32\33358752ld.exe
D:\WINDOWS\system32\33336562ld.exe
D:\WINDOWS\system32\31535622ld.exe
D:\WINDOWS\system32\31511402ld.exe
D:\WINDOWS\system32\3056092ld.exe
D:\WINDOWS\system32\3034212ld.exe
D:\WINDOWS\system32\28196872ld.exe
D:\WINDOWS\system32\28174062ld.exe
D:\WINDOWS\system32\26335782ld.exe
D:\WINDOWS\system32\26312962ld.exe
D:\WINDOWS\system32\24482652ld.exe
D:\WINDOWS\system32\24461092ld.exe
D:\WINDOWS\system32\23402ld.exe
D:\WINDOWS\system32\2318752ld.exe
D:\WINDOWS\system32\21188282ld.exe
D:\WINDOWS\system32\21165622ld.exe
D:\WINDOWS\system32\19333592ld.exe
D:\WINDOWS\system32\19309682ld.exe
D:\WINDOWS\system32\1748932ld.exe
D:\WINDOWS\system32\17459372ld.exe
D:\WINDOWS\system32\1624062ld.exe
D:\WINDOWS\system32\160152ld.exe
D:\WINDOWS\system32\nmllm.ini2
D:\WINDOWS\system32\nmllm.bak2
D:\WINDOWS\system32\nmllm.bak1

A klikni na Done.
Poté klikni na ikonku Semafory.

Vyskočí hláška kde odklikni Yes poté další hláška kde odklikni Yes.
PC se restartuje.Po restartu by ti měl "vyběhnout" log z Avengeru tak ho sem zkopíruj.

Tyto soubory nech zkontrolovat na Virustotalu:
D:\WINDOWS\system32\aamd532.dll
D:\WINDOWS\system32\drivers\asc3550i.sys

Pro lepší nalezení si zapni- zobrazovat skryté a systémové soubory.

Poté nám sem zkopíruj výsledky.

+ nový log z ComboFixu.

[Rajnoch]

po akci jsem našel ve W...\system32\ ještě nějaké fujsoubory a zopakoval jsem akci:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cvskmpuj

*******************

Script file located at: \??\D:\WINDOWS\glpvdgib.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at D:\Avenger

*******************

Beginning to process script file:

File D:\WINDOWS\system32\14181562ld.exe deleted successfully.
File D:\WINDOWS\system32\14158902ld.exe deleted successfully.
File D:\WINDOWS\system32\1232932ld.exe deleted successfully.
File D:\WINDOWS\system32\12298752ld.exe deleted successfully.
File D:\WINDOWS\system32\10477812ld.exe deleted successfully.
File D:\WINDOWS\system32\10455002ld.exe deleted successfully.
File D:\WINDOWS\system32\8497962ld.exe deleted successfully.
File D:\WINDOWS\system32\8476712ld.exe deleted successfully.
File D:\WINDOWS\system32\758432ld.exe deleted successfully.
File D:\WINDOWS\system32\734372ld.exe deleted successfully.
File D:\WINDOWS\system32\52002ld.exe deleted successfully.
File D:\WINDOWS\system32\5177032ld.exe deleted successfully.
File D:\WINDOWS\system32\3352032ld.exe deleted successfully.
File D:\WINDOWS\system32\333152ld.exe deleted successfully.
File D:\WINDOWS\system32\1496872ld.exe deleted successfully.
File D:\WINDOWS\system32\1476092ld.exe deleted successfully.
File D:\WINDOWS\system32\024372ld.exe deleted successfully.
File D:\WINDOWS\system32\003282ld.exe deleted successfully.
File D:\WINDOWS\system32\58189212ld.exe deleted successfully.
File D:\WINDOWS\system32\58168432ld.exe deleted successfully.
File D:\WINDOWS\system32\56339842ld.exe deleted successfully.
File D:\WINDOWS\system32\56319682ld.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cvskmpuj

*******************

Script file located at: \??\D:\WINDOWS\glpvdgib.txt

Script file not found! Error

Could not open script file! Status: 0xc0000034 Abort!
//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cvskmpuj

*******************

Script file located at: \??\D:\WINDOWS\glpvdgib.txt

Script file not found! Error

Could not open script file! Status: 0xc0000034 Abort!


ComboFix 07-06-21.3 - D:\instalace\ochrany\1\ComboFix.exe
"Jirka Doma" - 2007-06-22 12:08:08 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-22 to 2007-06-22 )))))))))))))))))))))))))))))))


2007-06-21 21:04 49,152 --a------ D:\WINDOWS\nircmd.exe
2007-06-21 20:55 <DIR> d-------- D:\Program Files\RegCleaner
2007-06-21 12:48 138,368 --a------ D:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-06-21 12:46 <DIR> d-------- D:\Program Files\Spyware Terminator
2007-06-21 12:46 <DIR> d-------- D:\Program Files\Crawler
2007-06-21 12:46 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DATAAP~1\Spyware Terminator
2007-06-21 11:59 <DIR> d-------- D:\Program Files\CCleaner
2007-06-20 19:51 95,872 --a------ D:\WINDOWS\system32\AvastSS.scr
2007-06-20 19:51 94,552 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-20 19:51 85,952 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2007-06-20 19:51 43,176 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-20 19:51 26,888 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-20 19:51 23,416 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-20 19:50 745,600 --a------ D:\WINDOWS\system32\aswBoot.exe
2007-06-19 20:22 368,912 --a------ D:\WINDOWS\system32\vbar332.dll
2007-06-19 20:22 147,456 --a------ D:\WINDOWS\system32\Vbzip11.dll
2007-06-19 20:22 143,360 --a------ D:\WINDOWS\system32\vbuzip10.dll
2007-06-19 20:22 10,752 --a------ D:\WINDOWS\system32\aamd532.dll
2007-06-19 20:22 <DIR> d-------- D:\Program Files\Free Spyware Scanner
2007-06-19 13:20 <DIR> d-a------ D:\WINDOWS\zts2.exe
2007-06-19 13:20 <DIR> d-a------ D:\WINDOWS\system32\vcmgcd32.dll
2007-06-19 13:20 <DIR> d-a------ D:\WINDOWS\system32\iifgfgf.dll
2007-06-19 13:20 <DIR> d-a------ D:\WINDOWS\rundll16.exe
2007-06-19 13:20 <DIR> d-a------ D:\WINDOWS\rundl132.dll
2007-06-19 13:20 <DIR> d-a------ D:\WINDOWS\logo1_.exe
2007-06-19 13:17 147,968 --a------ D:\WINDOWS\R.COM
2007-06-19 13:17 137,216 --a------ D:\WINDOWS\system32\T.COM
2007-06-19 12:23 59,104 --a------ D:\WINDOWS\system32\drivers\asc3550i.sys
2007-06-15 17:44 5,169,152 --a------ D:\DOCUME~1\JIRKAD~1\ntuser.dat
2007-06-15 17:44 233,472 --a------ D:\DOCUME~1\LOCALS~1\ntuser.dat
2007-06-15 15:34 <DIR> d-------- D:\DOCUME~1\JIRKAD~1\Data aplikacĆđ
2007-06-11 19:47 <DIR> d-------- D:\Program Files\ICQ6
2007-06-11 19:29 <DIR> d-------- D:\Temp
2007-06-11 19:23 <DIR> d-------- D:\Program Files\ICQLite
2007-06-11 19:23 <DIR> d-------- D:\DOCUME~1\JIRKAD~1\DATAAP~1\ICQLite
2007-06-11 17:21 <DIR> d-------- D:\DOCUME~1\JIRKAD~1\DATAAP~1\ICQ


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-22 09:06:24 -------- d-----w D:\DOCUME~1\JIRKAD~1\DATAAP~1\OpenOffice.org2
2007-06-18 19:05:30 -------- d-----w D:\DOCUME~1\JIRKAD~1\DATAAP~1\Glory of the Roman Empire
2007-06-15 15:37:40 98,304 ----a-w D:\WINDOWS\system32\CmdLineExt.dll
2007-06-14 13:33:39 -------- d-----w D:\Program Files\Mozilla Thunderbird
2007-06-11 17:49:09 -------- d--h--w D:\Program Files\InstallShield Installation Information
2007-05-20 15:12:43 -------- d-----w D:\Program Files\Call of Duty
2007-05-16 15:18:40 683,520 ----a-w D:\WINDOWS\system32\inetcomm.dll
2007-05-02 16:08:58 -------- d-----w D:\DOCUME~1\JIRKAD~1\DATAAP~1\uTorrent
2007-04-25 14:22:50 144,896 ----a-w D:\WINDOWS\system32\schannel.dll
2007-04-18 16:15:25 2,854,400 ----a-w D:\WINDOWS\system32\msi.dll
2007-03-29 17:17:16 7,288 -c--a-w D:\WINDOWS\mozver.dat
2007-03-25 09:07:08 73,236 ----a-w D:\WINDOWS\system32\perfc005.dat
2007-03-25 09:07:08 398,472 ----a-w D:\WINDOWS\system32\perfh005.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-01-05 12:30]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 07:12]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"SoundMAXPnP"="D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28]
"SoundMAX"="D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 09:42]
"ATICCC"="D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45]
"PWRISOVM.EXE"="D:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-18 04:24]
"PCSuiteTrayApplication"="D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]
"ISUSPM Startup"="D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 12:41]
"ISUSScheduler"="D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]
"LanguageShortcut"="D:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"SpywareTerminator"="D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-06-21 12:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-18 14:00]
"PcSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]
"ICQ"="D:\Program Files\ICQ6\ICQ.exe" [2007-04-25 12:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"="D:\WINDOWS\system32\RadExe.dll" [2005-04-27 03:49]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34f56f9e-5867-11db-bb43-00304f373d90}]
AutoRun\command- I:\setupSNK.exe


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-22 12:30:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-22 12:33:17 - machine was rebooted
D:\ComboFix-quarantined-files.txt ... 2007-06-22 12:33

--- E O F ---
a ještě virustotal , jeden soubor vypadá ok, druhý tedy moc ne

STATUS: FINISHEDComplete scanning result of "aamd532.dll", received in VirusTotal at 06.22.2007, 12:48:49 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.6.21.1 06.22.2007 no virus found
AntiVir 7.4.0.34 06.22.2007 no virus found
Authentium 4.93.8 06.22.2007 no virus found
Avast 4.7.997.0 06.21.2007 no virus found
AVG 7.5.0.476 06.22.2007 no virus found
BitDefender 7.2 06.22.2007 no virus found
CAT-QuickHeal 9.00 06.21.2007 no virus found
ClamAV devel-20070416 06.22.2007 no virus found
DrWeb 4.33 06.22.2007 no virus found
eSafe 7.0.15.0 06.21.2007 no virus found
eTrust-Vet 30.8.3735 06.22.2007 no virus found
Ewido 4.0 06.22.2007 no virus found
FileAdvisor 1 06.22.2007 No threat detected
Fortinet 2.91.0.0 06.22.2007 no virus found
F-Prot 4.3.2.48 06.21.2007 no virus found
F-Secure 6.70.13030.0 06.22.2007 no virus found
Ikarus T3.1.1.8 06.22.2007 no virus found
Kaspersky 4.0.2.24 06.22.2007 no virus found
McAfee 5058 06.21.2007 no virus found
Microsoft 1.2701 06.22.2007 no virus found
NOD32v2 2344 06.22.2007 no virus found
Norman 5.80.02 06.21.2007 no virus found
Panda 9.0.0.4 06.22.2007 no virus found
Prevx1 V2 06.22.2007 no virus found
Sophos 4.18.0 06.21.2007 no virus found
Sunbelt 2.2.907.0 06.21.2007 no virus found
Symantec 10 06.22.2007 no virus found
TheHacker 6.1.6.136 06.20.2007 no virus found
VBA32 3.12.0.2 06.21.2007 no virus found
VirusBuster 4.3.23:9 06.21.2007 no virus found
Webwasher-Gateway 6.0.1 06.22.2007 no virus found


Aditional Information
File size: 10752 bytes
MD5: cefd956a1ef122cda4d53007bab6c694
SHA1: b3e34e6b0c8beac8874d0b6414c5cfb5e0fb0b9f
Bit9 info: http://fileadvisor.bit9.com/services/ex ... 07bab6c694


STATUS: FINISHEDComplete scanning result of "asc3550i.sys", received in VirusTotal at 06.22.2007, 12:54:44 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.6.21.1 06.22.2007 Win-Trojan/Agent.59104
AntiVir 7.4.0.34 06.22.2007 no virus found
Authentium 4.93.8 06.22.2007 no virus found
Avast 4.7.997.0 06.21.2007 no virus found
AVG 7.5.0.476 06.22.2007 Proxy.OZX
BitDefender 7.2 06.22.2007 Trojan.Proxy.MQH
CAT-QuickHeal 9.00 06.21.2007 no virus found
ClamAV devel-20070416 06.22.2007 no virus found
DrWeb 4.33 06.22.2007 DLOADER.Trojan
eSafe 7.0.15.0 06.21.2007 no virus found
eTrust-Vet 30.8.3735 06.22.2007 no virus found
Ewido 4.0 06.22.2007 Proxy.Agent.mx
FileAdvisor 1 06.22.2007 no virus found
Fortinet 2.91.0.0 06.22.2007 no virus found
F-Prot 4.3.2.48 06.21.2007 no virus found
F-Secure 6.70.13030.0 06.22.2007 Trojan-Proxy.Win32.Agent.mx
Ikarus T3.1.1.8 06.22.2007 no virus found
Kaspersky 4.0.2.24 06.22.2007 Trojan-Proxy.Win32.Agent.mx
McAfee 5058 06.21.2007 no virus found
Microsoft 1.2701 06.22.2007 no virus found
NOD32v2 2344 06.22.2007 no virus found
Norman 5.80.02 06.21.2007 no virus found
Panda 9.0.0.4 06.22.2007 no virus found
Sophos 4.18.0 06.21.2007 no virus found
Sunbelt 2.2.907.0 06.21.2007 no virus found
Symantec 10 06.22.2007 no virus found
TheHacker 6.1.6.136 06.20.2007 no virus found
VBA32 3.12.0.2 06.21.2007 suspected of Backdoor.xBot.1 (paranoid heuristics)
VirusBuster 4.3.23:9 06.21.2007 no virus found
Webwasher-Gateway 6.0.1 06.22.2007 no virus found


Aditional Information
File size: 59104 bytes
MD5: 1a3e5c3fb9ac174d10435f1a375ba784
SHA1: 041c836dfcb8dc8478293f80b02f4d597024cc65
packers: embedded
packers: BINARYRES

[sakiri]

Aplikuj znovu Avengera a zkopíruj do něj ten tučně označený text:
Drivers to unload:
asc3550i

Files to delete:
D:\WINDOWS\system32\drivers\asc3550i.sys

PC se restartuje 2krát. Po těch dvou restartech by ti měl "vyběhnout" log tak ho sem zkopíruj + sem dej nový log z ComboFixu

[Rajnoch]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cofmvfig

*******************

Script file located at: \??\D:\Program Files\vrvlikil.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at D:\Avenger

*******************

Beginning to process script file:

Driver asc3550i unloaded successfully.
File D:\WINDOWS\system32\drivers\asc3550i.sys deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


ComboFix 07-06-21.3 - D:\instalace\ochrany\1\ComboFix.exe
"Jirka Doma" - 2007-06-22 14:25:21 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\WINDOWS\regedit.com
D:\WINDOWS\system32\taskmgr.com


((((((((((((((((((((((((( Files Created from 2007-05-22 to 2007-06-22 )))))))))))))))))))))))))))))))


2007-06-21 21:04 49,152 --a------ D:\WINDOWS\nircmd.exe
2007-06-21 20:55 <DIR> d-------- D:\Program Files\RegCleaner
2007-06-21 12:48 138,368 --a------ D:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-06-21 12:46 <DIR> d-------- D:\Program Files\Spyware Terminator
2007-06-21 12:46 <DIR> d-------- D:\Program Files\Crawler
2007-06-21 12:46 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DATAAP~1\Spyware Terminator
2007-06-21 11:59 <DIR> d-------- D:\Program Files\CCleaner
2007-06-20 19:51 95,872 --a------ D:\WINDOWS\system32\AvastSS.scr
2007-06-20 19:51 94,552 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-20 19:51 85,952 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
2007-06-20 19:51 43,176 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-20 19:51 26,888 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-20 19:51 23,416 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-20 19:50 745,600 --a------ D:\WINDOWS\system32\aswBoot.exe
2007-06-19 20:22 368,912 --a------ D:\WINDOWS\system32\vbar332.dll
2007-06-19 20:22 147,456 --a------ D:\WINDOWS\system32\Vbzip11.dll
2007-06-19 20:22 143,360 --a------ D:\WINDOWS\system32\vbuzip10.dll
2007-06-19 20:22 10,752 --a------ D:\WINDOWS\system32\aamd532.dll
2007-06-19 20:22 <DIR> d-------- D:\Program Files\Free Spyware Scanner
2007-06-19 13:20 <DIR> d-a------ D:\WINDOWS\zts2.exe
2007-06-19 13:20 <DIR> d-a------ D:\WINDOWS\system32\vcmgcd32.dll
2007-06-19 13:20 <DIR> d-a------ D:\WINDOWS\system32\iifgfgf.dll
2007-06-19 13:20 <DIR> d-a------ D:\WINDOWS\rundll16.exe
2007-06-19 13:20 <DIR> d-a------ D:\WINDOWS\rundl132.dll
2007-06-19 13:20 <DIR> d-a------ D:\WINDOWS\logo1_.exe
2007-06-19 13:17 147,968 --a------ D:\WINDOWS\R.COM
2007-06-19 13:17 137,216 --a------ D:\WINDOWS\system32\T.COM
2007-06-15 17:44 5,169,152 --a------ D:\DOCUME~1\JIRKAD~1\ntuser.dat
2007-06-15 17:44 233,472 --a------ D:\DOCUME~1\LOCALS~1\ntuser.dat
2007-06-15 15:34 <DIR> d-------- D:\DOCUME~1\JIRKAD~1\Data aplikacĆđ
2007-06-11 19:47 <DIR> d-------- D:\Program Files\ICQ6
2007-06-11 19:29 <DIR> d-------- D:\Temp
2007-06-11 19:23 <DIR> d-------- D:\Program Files\ICQLite
2007-06-11 19:23 <DIR> d-------- D:\DOCUME~1\JIRKAD~1\DATAAP~1\ICQLite
2007-06-11 17:21 <DIR> d-------- D:\DOCUME~1\JIRKAD~1\DATAAP~1\ICQ


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-22 12:24:09 -------- d-----w D:\DOCUME~1\JIRKAD~1\DATAAP~1\OpenOffice.org2
2007-06-18 19:05:30 -------- d-----w D:\DOCUME~1\JIRKAD~1\DATAAP~1\Glory of the Roman Empire
2007-06-15 15:37:40 98,304 ----a-w D:\WINDOWS\system32\CmdLineExt.dll
2007-06-14 13:33:39 -------- d-----w D:\Program Files\Mozilla Thunderbird
2007-06-11 17:49:09 -------- d--h--w D:\Program Files\InstallShield Installation Information
2007-05-20 15:12:43 -------- d-----w D:\Program Files\Call of Duty
2007-05-16 15:18:40 683,520 ----a-w D:\WINDOWS\system32\inetcomm.dll
2007-05-02 16:08:58 -------- d-----w D:\DOCUME~1\JIRKAD~1\DATAAP~1\uTorrent
2007-04-25 14:22:50 144,896 ----a-w D:\WINDOWS\system32\schannel.dll
2007-04-18 16:15:25 2,854,400 ----a-w D:\WINDOWS\system32\msi.dll
2007-03-29 17:17:16 7,288 -c--a-w D:\WINDOWS\mozver.dat
2007-03-25 09:07:08 73,236 ----a-w D:\WINDOWS\system32\perfc005.dat
2007-03-25 09:07:08 398,472 ----a-w D:\WINDOWS\system32\perfh005.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-01-05 12:30]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 07:12]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"SoundMAXPnP"="D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28]
"SoundMAX"="D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 09:42]
"ATICCC"="D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45]
"PWRISOVM.EXE"="D:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-18 04:24]
"PCSuiteTrayApplication"="D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]
"ISUSPM Startup"="D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 12:41]
"ISUSScheduler"="D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]
"LanguageShortcut"="D:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"SpywareTerminator"="D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-06-21 12:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-18 14:00]
"PcSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]
"ICQ"="D:\Program Files\ICQ6\ICQ.exe" [2007-04-25 12:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"="D:\WINDOWS\system32\RadExe.dll" [2005-04-27 03:49]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34f56f9e-5867-11db-bb43-00304f373d90}]
AutoRun\command- I:\setupSNK.exe


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-22 14:32:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-22 14:35:31 - machine was rebooted
D:\ComboFix-quarantined-files.txt ... 2007-06-22 14:35

--- E O F ---
no, začíná to být jako pěkná detektivka

[sakiri]

No log z ComboFixu je čistý.

Jinak odinstaluj přes přidat/odebrat programy:
Crawler Toolbar

A poté se podívej jestli nezůstala po něm tato složka:
D:\Program Files\Crawler
Pokud tam bude tak ji smaž.

A jinak ještě máš problémy s PC?

[Rajnoch]

vypadá to sice dobře ale co s tím MWAVem ?

Objekt "smitfraud Browser Hijacker" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "smitfraud Browser Hijacker" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "ace club casino Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "2antispyware Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "D:\WINDOWS\system32\msxml3a.dll". Provedené akce: Nic nebylo provedeno.

to jsou zbytky či co ?

[Baron Prášil]

to jsou zbytky či co ?

jo.

[Rajnoch]

Takže vám touto cestou velice děkuji za vydatnou pomoc. Myslím, že ty postupy využiju při příštích potížích.

[Baron Prášil]

hlavně za kouzelníka sakiriho-nemáš zač