MWAV log - prosim o kontrolu Vyřešeno

[Apl]

Dole je můj log, potřeboval bych radu jakym program se toho svinstva zbavit, diky moc

Fri Feb 15 11:53:17 2008 => ***** Testování registrů a souborů na přítomnost Adware/Spyware *****
Fri Feb 15 11:53:19 2008 => Loading Spyware Signatures from new External Database [Name: C:\DOCUME~1\Family\LOCALS~1\Temp\spydb.avs, Size: 343537].
Fri Feb 15 11:53:20 2008 => Indexed Spyware Databases Successfully Created...

Fri Feb 15 11:53:25 2008 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Fri Feb 15 11:53:27 2008 => Objekt "gain.gator Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.

Fri Feb 15 11:53:27 2008 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Fri Feb 15 11:53:27 2008 => Objekt "gain.gator Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.

Fri Feb 15 11:53:27 2008 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\anti-virus&trojan !!!
Fri Feb 15 11:53:27 2008 => Objekt "antivirusandtrojan Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.

Fri Feb 15 11:53:28 2008 => Offending Key found: HKCR\magnet !!!
Fri Feb 15 11:53:28 2008 => Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.

Fri Feb 15 11:53:32 2008 => Offending file found: C:\WINDOWS\system32\moveex.exe
Fri Feb 15 11:53:32 2008 => System found infected with trojan-downloader.bat.ftp.ab Trojan-Downloader (moveex.exe)! Action taken: Nic nebylo provedeno.

Fri Feb 15 11:53:33 2008 => Offending Folder found: C:\Documents and Settings\Family\Data aplikací\icq\bart\1024
Fri Feb 15 11:53:33 2008 => Objekt "smitfraud Browser Hijacker" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.

Fri Feb 15 11:53:43 2008 => Offending file found: C:\Documents and Settings\Family\Plocha\my files\rapiduploader\update.exe
Fri Feb 15 11:53:43 2008 => System found infected with winsecure Corrupted Adware/Spyware (update.exe)! Action taken: Nic nebylo provedeno.

Fri Feb 15 11:53:59 2008 => Offending file found: C:\Documents and Settings\All Users\Plocha\internet.lnk
Fri Feb 15 11:53:59 2008 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: Nic nebylo provedeno.

Fri Feb 15 11:54:06 2008 => Offending Registry Entry found: hkey_local_machine\software\microsoft\windows\currentversion\internet settings\zonemap\domains\net-nucleus.com
Fri Feb 15 11:54:06 2008 => System found infected with mirar Spyware/Adware (hkey_local_machine\software\microsoft\windows\currentversion\internet settings\zonemap\domains\net-nucleus.com)! Action taken: Nic nebylo provedeno.

Fri Feb 15 11:54:10 2008 => Offending file found: C:\WINDOWS\system32\unrar.dll
Fri Feb 15 11:54:10 2008 => System found infected with savenow Adware (C:\WINDOWS\system32\unrar.dll)! Action taken: Nic nebylo provedeno.

Fri Feb 15 11:54:10 2008 => Offending Registry Entry found: hkey_local_machine\software\microsoft\windows\currentversion\explorer\alwaysunloaddll
Fri Feb 15 11:54:10 2008 => System found infected with regsort Corrupted Adware/Spyware (hkey_local_machine\software\microsoft\windows\currentversion\explorer\alwaysunloaddll)! Action taken: Nic nebylo provedeno.

Fri Feb 15 11:54:11 2008 => Offending file found: C:\WINDOWS\system32\pskill.exe
Fri Feb 15 11:54:11 2008 => System found infected with rohbot Worm (C:\WINDOWS\system32\pskill.exe)! Action taken: Nic nebylo provedeno.

Fri Feb 15 11:54:12 2008 => Offending file found: C:\WINDOWS\iun6002.exe
Fri Feb 15 11:54:12 2008 => System found infected with remacc.multiwebsurv Generic Malware (C:\WINDOWS\iun6002.exe)! Action taken: Nic nebylo provedeno.

[Reklama]

[memphisto]

vlož jsem log z HijackThis ať víme, co je aktuální a co jen zbytky

[Apl]

Tady

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\My\Programy\Alwil Software\Avast4\aswUpdSv.exe
C:\My\Programy\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LClock\LClock.exe
C:\My\Programy\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\My\Programy\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\My\Programy\IVT Corporation\BlueSoleil\BTNtService.exe
C:\My\Programy\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\My\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\My\Programy\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\My\Programy\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\My\Programy\QIP\qip.exe
C:\My\Programy\Xfire\Xfire.exe
C:\Documents and Settings\Family\Plocha\d2-questy-v0.2_beta.exe
D:\Games\Diablo II\Game.exe
C:\My\Programy\MediaMonkey\MediaMonkey\MediaMonkey.exe
C:\My\Programy\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Family\Plocha\Programs\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 http://www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\My\Programy\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\My\Programy\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [avast!] C:\My\Programy\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\My\Programy\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download with GetRight - C:\My\Programy\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\My\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\My\Programy\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\My\Programy\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\My\Programy\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\My\Programy\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{22FC0302-B2CB-4683-9FE9-E5614E6A78A9}: NameServer = 212.158.128.2 212.158.128.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\My\Programy\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\My\Programy\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\My\Programy\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\My\Programy\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\My\Programy\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\My\Programy\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\My\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[memphisto]

celý prosím včetně hlavičky

[Apl]

Tak dole je celej log Ještě bych chtěl poprosit o pomoc s jednim problemem, připojím se na net (adsl od č. radiokomunikací) vše ok a někdy se stane, že mi vypadne icq a ani stranky se nenačítají, prostě nic, ale připojený jsem, dřív jsem to řešil tím, že jsem se odpojil a připojil, stavalo se opravdu výjmečně, ale ted to několikrát denně a po odpojení se už nepřipojim, musim restartovat pc :/ Pak net zase jde.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:42, on 16.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\My\Programy\Alwil Software\Avast4\aswUpdSv.exe
C:\My\Programy\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LClock\LClock.exe
C:\My\Programy\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\My\Programy\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\My\Programy\IVT Corporation\BlueSoleil\BTNtService.exe
C:\My\Programy\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\My\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\My\Programy\Alwil Software\Avast4\ashMaiSv.exe
C:\My\Programy\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\My\Programy\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Family\Plocha\Programs\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 http://www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\My\Programy\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\My\Programy\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [avast!] C:\My\Programy\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\My\Programy\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download with GetRight - C:\My\Programy\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\My\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\My\Programy\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\My\Programy\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\My\Programy\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\My\Programy\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{22FC0302-B2CB-4683-9FE9-E5614E6A78A9}: NameServer = 212.158.128.2 212.158.128.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\My\Programy\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\My\Programy\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\My\Programy\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\My\Programy\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\My\Programy\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\My\Programy\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\My\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 6888 bytes

[Baron Prášil]

log z hjt je v pořádku.nálezy mwavu nejsou aktivní šmejdi.

použij Avenger
V hlavním dialogu je potřeba zvolit "Input script manually" a dále stisknout tlačítko s lupou. Otevře se editor, do kterého se již vkládají samotné "skripty".Skript se uvede do chodu stisknutím tlačítka se semaforem. Program se ještě zeptá, zda to myslíme vážně a následně nabídne okamžitý restart celého systému (doporučeno).

Kód: Vybrat vše

Files to delete:
C:\WINDOWS\system32\moveex.exe
C:\WINDOWS\system32\unrar.dll
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\iun6002.exe
C:\Documents and Settings\All Users\Plocha\internet.lnk
C:\Documents and Settings\Family\Plocha\my files\rapiduploader\update.exe

Registry keys to delete:
hkey_local_machine\software\microsoft\windows\currentversion\internet settings\zonemap\domains\net-nucleus.com
hkey_local_machine\software\microsoft\windows\currentversion\explorer\alwaysunloaddll
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com


Po restartu pošli z avengera log co na tebe vybafne

[Apl]

Vše jsem udělal, po restartu naběhl příkazový řádek s tím, že nemůže najít nějaký soubor a pak se to vyplo, ani jsem to nestih přečíst. Pak se spustil poznamkový blog a vypadla hláška, že program nemůže najít soubor avenger.txt a jestli ho chci vytvořit, dal jsem OK, na C:\ se mi vytvořil prázdnej soubor avenger.txt

[Baron Prášil]

no,nebudem chodit kolem horké kaše.jestli potíže trvají

připojím se na net (adsl od č. radiokomunikací) vše ok a někdy se stane, že mi vypadne icq a ani stranky se nenačítají, prostě nic, ale připojený jsem,

udělej log z combofixu
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Apl]

Tak tady to je, moc díky za pomoc

ComboFix 08-02-17.2 - Family 2008-02-17 2:48:35.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.215 [GMT 1:00]
Running from: C:\Documents and Settings\Family\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-16 08:59 . 2008-02-16 08:59 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-02-15 11:30 . 2008-02-15 11:30 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-02-15 11:30 . 2008-02-15 11:30 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-02-15 11:30 . 2008-02-15 11:30 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-02-15 11:30 . 2008-02-15 11:30 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-02-15 11:30 . 2008-02-15 11:30 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-02-15 11:30 . 2008-02-15 11:30 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-02-15 10:57 . 2008-02-15 11:42 26 --a------ C:\WINDOWS\Lic.xxx
2008-02-15 10:56 . 2004-08-17 15:49 226,304 --a------ C:\WINDOWS\R.COM
2008-02-15 10:56 . 2004-08-17 15:49 223,232 --a------ C:\WINDOWS\system32\T.COM
2008-02-04 14:10 . 2008-02-04 14:10 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-02-04 14:10 . 2008-02-04 14:51 31,020 --a------ C:\WINDOWS\DIIUnin.dat
2008-02-04 14:10 . 2008-02-04 14:10 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-02-02 13:27 . 2008-02-02 13:27 <DIR> d-------- C:\Documents and Settings\Family\.Nokia
2008-02-02 13:26 . 2008-02-02 13:26 <DIR> d-------- C:\Nokia
2008-02-01 12:37 . 2008-02-01 12:39 <DIR> d-------- C:\Documents and Settings\Family\Data aplikací\Jpeg Resampler
2008-02-01 01:28 . 2008-02-01 01:28 39 --a------ C:\WINDOWS\adwareagent.ini
2008-01-31 03:02 . 2008-01-31 03:02 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-30 23:51 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-01-30 23:51 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-01-30 23:51 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-01-30 23:51 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-01-30 23:51 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-01-30 23:51 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-01-30 23:51 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-01-30 23:51 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-01-30 23:50 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-01-30 23:47 . 2008-01-30 23:47 <DIR> d-------- C:\Program Files\OpenAL
2008-01-30 23:47 . 2008-01-30 23:47 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-01-30 23:47 . 2008-01-30 23:47 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-01-26 15:25 . 2008-01-26 17:06 <DIR> d-------- C:\Documents and Settings\Family\Data aplikací\Sudeki
2008-01-23 08:01 . 2008-01-30 23:57 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-22 21:04 . 2008-01-22 21:04 46,080 --a------ C:\WINDOWS\system32\amdpcom32.dll
2008-01-20 12:44 . 2008-01-20 12:44 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-01-20 12:41 . 2008-01-20 12:41 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-01-20 09:49 . 2008-02-16 16:07 <DIR> d-------- C:\rms
2008-01-18 17:48 . 2008-02-16 11:34 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-01-18 17:48 . 2008-01-28 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 01:35 --------- d-----w C:\Documents and Settings\Family\Data aplikací\Xfire
2008-02-15 10:04 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-02-14 05:30 --------- d-----w C:\Documents and Settings\Family\Data aplikací\Azureus
2008-02-12 23:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-11 14:34 --------- d-----w C:\Documents and Settings\Family\Data aplikací\Skype
2008-02-08 07:26 --------- d-----w C:\Documents and Settings\Family\Data aplikací\Hamachi
2008-02-01 11:37 --------- d-----w C:\Documents and Settings\Family\Data aplikací\MegauploadToolbar
2008-01-22 21:38 2,845,696 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-01-22 20:44 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-01-22 20:43 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-01-22 20:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-01-22 20:36 9,949,184 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-01-22 20:35 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-01-22 20:35 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-01-22 20:35 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-01-22 20:34 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-01-22 20:33 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-01-22 20:25 3,121,920 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-01-22 20:14 1,664,256 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-01-22 20:01 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-01-22 19:59 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-01-22 19:58 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-01-22 19:58 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-01-22 19:57 163,840 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-01-22 19:53 503,808 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-01-22 13:42 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-01-20 11:44 --------- d-----w C:\Program Files\Common Files\Nokia
2008-01-20 11:25 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Installations
2008-01-20 10:43 --------- d-----w C:\Documents and Settings\Family\Data aplikací\PC Suite
2008-01-13 00:40 --------- d-----w C:\Program Files\ATI Technologies
2008-01-12 23:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-09 20:30 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-08 06:52 --------- d-----w C:\Documents and Settings\Family\Data aplikací\Nokia Multimedia Player
2008-01-04 16:10 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Last.fm
2008-01-01 13:56 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Nokia
2008-01-01 13:55 --------- d-----w C:\Program Files\Nokia
2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-24 12:21 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\PC Suite
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 02:14 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"FreeRAM XP"="C:\My\Programy\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 00:13 1591808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdslTaskBar"="stmctrl.dll" [2003-12-03 18:18 155648 C:\WINDOWS\system32\stmctrl.dll]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27 65536]
"avast!"="C:\My\Programy\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
"Nokia.PCSync"="C:\My\Programy\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ :\WINDOWS\syste

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LClock"=C:\Program Files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VisualTooltip"=C:\Program Files\VisualTooltip\VisualToolTip.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 713xTVCard;SAA7134 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2004-11-30 05:00]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R2 WDMTVTuner;Universal WDM TV Tuner;C:\WINDOWS\system32\drivers\WDMTuner.sys [2004-11-30 05:00]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 13:51]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-12-23 20:23]
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\My\Programy\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 02:53:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-17 2:55:18
ComboFix-quarantined-files.txt 2008-02-17 01:55:11
.
2008-02-13 14:11:28 --- E O F ---

[Baron Prášil]

C:\WINDOWS\system32\wininet.dll
toto nech pro jistotu zkontrolovat tady
http://www.virustotal.com/flash/index_en.html

[Apl]

čistý :) ještě jedno díky