problem a s Avast-om???

[mato555]

vcera rano som zapol PC, pripojil sa na net po chvili prace mi avast vyhodil tabulku s upzornenim ze potrebuje restart, vravim si ok co som chcel pozriet som mal takmer hotove tak som povypinal prehliadac atd a klikol na ikonku restart, a odisiel prec. Po navrate na monitore obrazovka s kontami winov, ktora za mi nezobrazovala kedze mam len jedno konto a bez hesla. na prvy pokus som sa tam dostal a avast zacal sprsku virov (vacsinou .exe subory cize na ktorykolvek program som klikol sa ukazal vir, nasledovalo presunutie do truhly a konecna. tak restart a znova konto. Po kliknuti napisalo ze sa prihlasije do systemu ale nestalo sa. hned po prihlaseni sa totiz aj odhlasilo a to bez toho aby som sa dostal trebars co i len na plochu, a odvtedy uz len prihlasil odhlasil.....skusil som safe mode 0bodov skusil som posledne funkne nastavenie 0bodov. do druhej som sa babral s reinstalom winov dnes som si doinstaloval zbytok ako winamp modem vga spyware terminator a aj avast ten som dal hned aktualizovat opat si vyziadal restart tak bol restart a bol som znova na prihlaseni odhlaseni tak som to skusil ces nudzovy rezim kde som vsetok obsah priecinku avast vymazal taktiez aj z registrov som vymazal avast a odvtedy ide vsetko ok akurat bez antiviru. mate niekto podobnu skusenost alebo nejaky navrh co by mi pomohlo??? uz vyse roka som fungoval bez problemovo a teraz toto

[BUBINO]

Dajte sem log z HijackThis .
http://www.trendsecure.com/portal/en-US ... hijackthis

Stiahnite , nainstalujte a spustite ikonu . Pokracujte "DO A SYSTEM SCAN AND SAVE A LOGFILE"
Zacne skenovanie a naskoci vam log v poznamkovom bloku. Jeho obsah skopirujte sem

[mato555]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:54, on 9. 11. 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
E:\programy\winamp\winampa.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
E:\programy\everest\everest.bin
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [WinampAgent] E:\programy\winamp\winampa.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{53862066-2B69-46CF-8E31-12A08BDCB8D5}: NameServer = 213.151.200.30 213.151.208.161
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)

--
End of file - 4128 bytes

[BUBINO]

Toto fixnete :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy

Jen zbytocnosti . V logu nic krkolomne, ako ste popisoval situaciu, nie je .

Mate este probemy s AVASTEM?

[mato555]

po preinstale winov som ho nainstaloval znova, aktualizoval chclel restart tak bol retsart znovu prihlasenie odhlasenie tak som ho v nudzovom rezime zmazal z priecinku aj s registrov a odvtedy som bez a zatial ziadny problem

[BUBINO]

Precistite pocitac este s ccleanerom http://www.viry.cz/forum/viewtopic.php?t=7478/

[mato555]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:26, on 16. 11. 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\Ati2evxx.exe
E:\programy\winamp\winampa.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org1.0.2\program\soffice.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
E:\programy\winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/sk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [WinampAgent] E:\programy\winamp\winampa.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1957994488-1580436667-1343024091-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1957994488-1580436667-1343024091-1004\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1957994488-1580436667-1343024091-1004 Startup: OpenOffice.org 1.0.2.lnk = C:\Program Files\OpenOffice.org1.0.2\program\quickstart.exe (User '?')
O4 - Startup: OpenOffice.org 1.0.2.lnk = C:\Program Files\OpenOffice.org1.0.2\program\quickstart.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{53862066-2B69-46CF-8E31-12A08BDCB8D5}: NameServer = 213.151.200.30 213.151.208.161
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Zařazování tisku (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6335 bytes


Je v tomto nejaky rozdiel oproti tomu predchadzajucemu??? nainstaloval som totiz nod32 a okamzite po instalacii mi zacal zobrazovat infiltracie 99% virus Win32/virut.AQ virus a medzi napadnutimy programammi boli aj .exe aj .dll subory ktore nod nedokazal liecit a presuval ich do karanteny takze je mozne ze po restarte PC sa uz do systemu nedostanem. Chcem preto vediet odkial moze tento virus byt a kde zvykne byt ulozeny a odkial sa siri do systemu??? toto iste sa mi stalo aj s avastom ze nasiel .exe a .dll infikovane subory presunul ich do truhly a preto nemohli byt spustene, vlastne boli z priecinka toho ktoreho programu fyzicky odstranene, cize po kliknuti na odkaz na ploche sa mi objavila len infomacia o chybajucom odkaze na ten ktory program a po restartew systemu nemohli bys .dll ani nacitane preto som sa do winow dostal len raz aj to po pouziti poslednych funcnych nastaveny z ponuky F8 pri bootovani win. od restartu mi to spravilo znova po instalacii avastu, potom som sa uz do nudzoveho dostal jednoduchsie tak som avast deletol odvtedy som bol bez az dodnes kedy mi uz DUmeter udieral do oci a uploadovanie bolo takmer neustale aj pri vypnuti vsetkych prehliadacov IM a vsetkeho ostatneho co to mohlo sposobovat. a ked citam tie subory tak po restarte mozem rovno do CD-ROM ky vkladad cdcko XP

[BUBINO]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/sk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [WinampAgent] E:\programy\winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32\NeroCheck.exe

Toto v HJT fixnite.

Nemate firewall!

Urobte log z ComboFix
Stiahnite si ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Restartuje pocitac do nudzoveho rezimu.
Behom skenu bude vas pocitac restartovany.
Po restartu vytvori log, uložený v C:/Combofix.txt .
Jeho obsah vlozte sem.

[BUBINO]

Este jednu vec . Mate 2 antiviry !Viete aku sarapatu to narobi? Ked si jeden antivir stiahne aktualizacie , alebo zachyti smejdy do karanteny tak druhy ich povazuje za virusy a zoberie si ich a takto navzajom . Ja sa ani nedivim , ze vam to tak robi.

[mato555]

k firewallu: mam len ten windowsacky
k anti viru: avast momentalne nemam nainstalovane mam len NOD32 a spyware terminator neviem ci sa dokazu "bit" aj tieto dva medzi sebou alebo nie ak hej tak jeden terminatora odinstalujem to nieje problem
idem stiahnut ten combofix tak to sem potom hodim

[BUBINO]

Nod a terminator na nerusia , ale ten firevol je ako dierava siet s ktorou chcete chytat ryby. Ak mate virus , tak ho znicime .

[mato555]

pocitac nebol pocas skanu restartovany.
tu je log:

ComboFix 07-11-08.1 - martin 2007-11-17 22:54:48.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.433 [GMT 1:00]
Running from: C:\Documents and Settings\martin\Plocha\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-17 22:53 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-16 03:16 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ESET
2007-11-16 02:24 <DIR> d-------- C:\Program Files\Ahead
2007-11-15 15:50 <DIR> d-------- C:\Program Files\FreeRIP2
2007-11-14 22:08 <DIR> d-------- C:\Program Files\OpenOffice.org1.0.2
2007-11-14 22:06 36,864 --a------ C:\WINDOWS\uinst001.exe
2007-11-14 17:35 17,664 --a------ C:\WINDOWS\system32\drivers\sermouse.sys
2007-11-13 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Documents
2007-11-13 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Sony Ericsson
2007-11-13 23:01 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2007-11-13 23:01 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Teleca
2007-11-13 22:48 90,800 -ra------ C:\WINDOWS\system32\drivers\se2Eunic.sys
2007-11-13 22:48 18,704 -ra------ C:\WINDOWS\system32\drivers\se2End5.sys
2007-11-13 22:48 4,128 -ra------ C:\WINDOWS\system32\drivers\se2Ecr.sys
2007-11-13 22:47 88,688 -ra------ C:\WINDOWS\system32\drivers\SE2Emgmt.sys
2007-11-13 22:47 86,560 -ra------ C:\WINDOWS\system32\drivers\SE2Eobex.sys
2007-11-13 22:46 97,184 -ra------ C:\WINDOWS\system32\drivers\SE2Emdm.sys
2007-11-13 22:46 9,360 -ra------ C:\WINDOWS\system32\drivers\SE2Emdfl.sys
2007-11-13 22:46 6,240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecmnt.sys
2007-11-13 22:46 6,240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecm.sys
2007-11-13 22:45 61,600 -ra------ C:\WINDOWS\system32\drivers\SE2Ebus.sys
2007-11-13 22:45 5,872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewhnt.sys
2007-11-13 22:45 5,872 -ra------ C:\WINDOWS\system32\drivers\se2Ewh.sys
2007-11-13 22:35 <DIR> d-------- C:\Documents and Settings\martin\Data aplikací\Teleca
2007-11-13 22:31 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-13 22:30 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-11-13 22:29 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-11-12 22:56 <DIR> d-------- C:\Documents and Settings\martin\Data aplikací\ICQ Toolbar
2007-11-12 22:54 <DIR> d-------- C:\Documents and Settings\martin\Data aplikací\BearShare
2007-11-12 22:52 <DIR> d-------- C:\Program Files\BearShare Applications
2007-11-12 01:38 <DIR> d-------- C:\Program Files\QuickTime
2007-11-12 01:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2007-11-12 01:26 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-11-10 13:52 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-11-10 11:00 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-11-09 12:17 516,096 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-11-09 12:13 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-09 11:57 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-11-09 11:57 95,617 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2007-11-08 20:48 <DIR> d-------- C:\Documents and Settings\martin\Data aplikací\CyberLink
2007-11-08 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\CyberLink
2007-11-08 20:47 <DIR> d-------- C:\Program Files\CyberLink
2007-11-08 20:34 <DIR> d-------- C:\Documents and Settings\martin\Data aplikací\COWON
2007-11-08 20:32 <DIR> d-------- C:\Program Files\directx
2007-11-08 20:22 <DIR> d-------- C:\Program Files\Activision
2007-11-08 19:07 <DIR> d-------- C:\Program Files\ICQToolbar
2007-11-08 16:19 <DIR> d-------- C:\Temp
2007-11-08 15:22 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\Talkback
2007-11-08 15:12 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-08 15:12 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-11-08 15:12 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-11-08 15:12 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-11-08 15:12 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-11-08 15:12 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-11-08 15:12 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-08 15:12 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-11-08 14:43 <DIR> d-------- C:\Documents and Settings\NetworkService\Nabídka Start
2007-11-08 14:13 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-11-08 14:13 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2007-11-08 12:55 <DIR> d-------- C:\Documents and Settings\martin\Data aplikací\Talkback
2007-11-08 12:55 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Hagel Technologies
2007-11-08 12:54 107,008 --a------ C:\WINDOWS\UninstallFirefox.exe
2007-11-08 12:54 3,441 --a------ C:\WINDOWS\mozver.dat
2007-11-08 12:54 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-08 12:41 57,404 -ra------ C:\WINDOWS\system32\drivers\ftser2k.sys
2007-11-08 12:41 51,821 -ra------ C:\WINDOWS\system32\ftserui2.dll
2007-11-08 12:41 36,864 -ra------ C:\WINDOWS\system32\FTLang.dll
2007-11-08 12:40 422,400 -ra------ C:\WINDOWS\system32\ftdiunin.exe
2007-11-08 12:40 24,209 -ra------ C:\WINDOWS\system32\drivers\ftdibus.sys
2007-10-30 10:29 30,728 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-10-30 10:27 33,800 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-10-30 10:27 27,144 --a------ C:\WINDOWS\system32\drivers\easdrv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 00:29 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2007-11-16 02:50 9,728 ----a-w C:\WINDOWS\system32\reset.exe
2007-11-16 02:50 9,216 ----a-w C:\WINDOWS\system32\subst.exe
2007-11-16 02:50 9,216 ----a-w C:\WINDOWS\system32\scrnsave.scr
2007-11-16 02:50 8,192 ----a-w C:\WINDOWS\system32\winhlp32.exe
2007-11-16 02:50 8,192 ----a-w C:\WINDOWS\system32\smbinst.exe
2007-11-16 02:50 77,824 ----a-w C:\WINDOWS\system32\usrmlnka.exe
2007-11-16 02:50 77,824 ----a-w C:\WINDOWS\system32\shrpubw.exe
2007-11-16 02:50 77,824 ----a-w C:\WINDOWS\system32\sdbinst.exe
2007-11-16 02:50 77,312 ----a-w C:\WINDOWS\system32\telnet.exe
2007-11-16 02:50 77,312 ----a-w C:\WINDOWS\system32\rtcshare.exe
2007-11-16 02:50 708,608 ----a-w C:\WINDOWS\system32\ss3dfo.scr
2007-11-16 02:50 70,656 ----a-w C:\WINDOWS\system32\sigverif.exe
2007-11-16 02:50 7,168 ----a-w C:\WINDOWS\system32\recover.exe
2007-11-16 02:50 69,632 ----a-w C:\WINDOWS\system32\usrshuta.exe
2007-11-16 02:50 679,936 ----a-w C:\WINDOWS\system32\sstext3d.scr
2007-11-16 02:50 67,072 ----a-w C:\WINDOWS\system32\rdshost.exe
2007-11-16 02:50 65,024 ----a-w C:\WINDOWS\system32\wextract.exe
2007-11-16 02:50 62,464 ----a-w C:\WINDOWS\system32\rdpclip.exe
2007-11-16 02:50 610,304 ----a-w C:\WINDOWS\system32\sspipes.scr
2007-11-16 02:50 61,440 ----a-w C:\WINDOWS\system32\usrprbda.exe
2007-11-16 02:50 56,832 ----a-w C:\WINDOWS\system32\sol.exe
2007-11-16 02:50 56,832 ----a-w C:\WINDOWS\system32\rasphone.exe
2007-11-16 02:50 55,296 ----a-w C:\WINDOWS\system32\reg.exe
2007-11-16 02:50 538,624 ----a-w C:\WINDOWS\system32\spider.exe
2007-11-16 02:50 51,200 ----a-w C:\WINDOWS\system32\syncapp.exe
2007-11-16 02:50 51,200 ----a-w C:\WINDOWS\system32\rsm.exe
2007-11-16 02:50 50,176 ----a-w C:\WINDOWS\system32\w32tm.exe
2007-11-16 02:50 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
2007-11-16 02:50 5,632 ----a-w C:\WINDOWS\system32\write.exe
2007-11-16 02:50 5,632 ----a-w C:\WINDOWS\system32\winver.exe
2007-11-16 02:50 49,152 ----a-w C:\WINDOWS\system32\rsmui.exe
2007-11-16 02:50 47,104 ----a-w C:\WINDOWS\system32\ssmypics.scr
2007-11-16 02:50 44,544 ----a-w C:\WINDOWS\system32\tscupgrd.exe
2007-11-16 02:50 433,664 ----a-w C:\WINDOWS\system32\wiaacmgr.exe
2007-11-16 02:50 4,608 ----a-w C:\WINDOWS\system32\regwiz.exe
2007-11-16 02:50 4,096 ----a-w C:\WINDOWS\system32\unlodctr.exe
2007-11-16 02:50 393,216 ----a-w C:\WINDOWS\system32\ssflwbox.scr
2007-11-16 02:50 36,864 ----a-w C:\WINDOWS\system32\syskey.exe
2007-11-16 02:50 35,840 ----a-w C:\WINDOWS\system32\rcimlby.exe
2007-11-16 02:50 33,792 ----a-w C:\WINDOWS\system32\vssadmin.exe
2007-11-16 02:50 33,792 ----a-w C:\WINDOWS\system32\regini.exe
2007-11-16 02:50 32,768 ----a-w C:\WINDOWS\system32\wpnpinst.exe
2007-11-16 02:50 32,768 ----a-w C:\WINDOWS\system32\sethc.exe
2007-11-16 02:50 32,256 ----a-w C:\WINDOWS\system32\wupdmgr.exe
2007-11-16 02:50 32,256 ----a-w C:\WINDOWS\system32\wpabaln.exe
2007-11-16 02:50 32,256 ----a-w C:\WINDOWS\system32\tracert6.exe
2007-11-16 02:50 31,232 ----a-w C:\WINDOWS\system32\sc.exe
2007-11-16 02:50 30,720 ----a-w C:\WINDOWS\system32\xcopy.exe
2007-11-16 02:50 3,584 ----a-w C:\WINDOWS\system32\regedt32.exe
2007-11-16 02:50 3,072 ----a-w C:\WINDOWS\system32\systray.exe
2007-11-16 02:50 26,112 ----a-w C:\WINDOWS\system32\skeys.exe
2007-11-16 02:50 25,600 ----a-w C:\WINDOWS\system32\routemon.exe
2007-11-16 02:50 24,576 ----a-w C:\WINDOWS\system32\sort.exe
2007-11-16 02:50 24,576 ----a-w C:\WINDOWS\system32\rsmsink.exe
2007-11-16 02:50 23,040 ----a-w C:\WINDOWS\system32\setup.exe
2007-11-16 02:50 22,528 ----a-w C:\WINDOWS\system32\rcp.exe
2007-11-16 02:50 22,528 ----a-w C:\WINDOWS\system32\qwinsta.exe
2007-11-16 02:50 20,992 ----a-w C:\WINDOWS\system32\ssmarque.scr
2007-11-16 02:50 20,480 ----a-w C:\WINDOWS\system32\qprocess.exe
2007-11-16 02:50 19,968 ----a-w C:\WINDOWS\system32\ssbezier.scr
2007-11-16 02:50 19,968 ----a-w C:\WINDOWS\system32\shutdown.exe
2007-11-16 02:50 19,968 ----a-w C:\WINDOWS\system32\route.exe
2007-11-16 02:50 19,456 ----a-w C:\WINDOWS\system32\tcpsvcs.exe
2007-11-16 02:50 18,944 ----a-w C:\WINDOWS\system32\ssmyst.scr
2007-11-16 02:50 17,408 ----a-w C:\WINDOWS\system32\qappsrv.exe
2007-11-16 02:50 166,912 ----a-w C:\WINDOWS\system32\wuauclt1.exe
2007-11-16 02:50 16,896 ----a-w C:\WINDOWS\system32\upnpcont.exe
2007-11-16 02:50 16,896 ----a-w C:\WINDOWS\system32\tsshutdn.exe
2007-11-16 02:50 16,896 ----a-w C:\WINDOWS\system32\tftp.exe
2007-11-16 02:50 16,896 ----a-w C:\WINDOWS\system32\runas.exe
2007-11-16 02:50 16,384 ----a-w C:\WINDOWS\system32\tskill.exe
2007-11-16 02:50 15,872 ----a-w C:\WINDOWS\system32\rwinsta.exe
2007-11-16 02:50 15,360 ----a-w C:\WINDOWS\system32\tscon.exe
2007-11-16 02:50 15,360 ----a-w C:\WINDOWS\system32\taskman.exe
2007-11-16 02:50 15,360 ----a-w C:\WINDOWS\system32\shadow.exe
2007-11-16 02:50 15,360 ----a-w C:\WINDOWS\system32\rsh.exe
2007-11-16 02:50 14,848 ----a-w C:\WINDOWS\system32\tsdiscon.exe
2007-11-16 02:50 14,848 ----a-w C:\WINDOWS\system32\stimon.exe
2007-11-16 02:50 14,336 ----a-w C:\WINDOWS\system32\ssstars.scr
2007-11-16 02:50 14,336 ----a-w C:\WINDOWS\system32\runonce.exe
2007-11-16 02:50 14,336 ----a-w C:\WINDOWS\system32\rexec.exe
2007-11-16 02:50 138,752 ----a-w C:\WINDOWS\system32\sndvol32.exe
2007-11-16 02:50 137,216 ----a-w C:\WINDOWS\system32\taskmgr.exe
2007-11-16 02:50 131,584 ----a-w C:\WINDOWS\system32\sndrec32.exe
2007-11-16 02:50 13,824 ----a-w C:\WINDOWS\system32\wscntfy.exe
2007-11-16 02:50 13,824 ----a-w C:\WINDOWS\system32\rdsaddin.exe
2007-11-16 02:50 13,312 ----a-w C:\WINDOWS\system32\savedump.exe
2007-11-16 02:50 12,800 ----a-w C:\WINDOWS\system32\tracert.exe
2007-11-16 02:50 12,800 ----a-w C:\WINDOWS\system32\tcmsetup.exe
2007-11-16 02:50 12,800 ----a-w C:\WINDOWS\system32\replace.exe
2007-11-16 02:50 119,808 ----a-w C:\WINDOWS\system32\winmine.exe
2007-11-16 02:50 114,688 ----a-w C:\WINDOWS\system32\wscript.exe
2007-11-16 02:50 11,776 ----a-w C:\WINDOWS\system32\winmsd.exe
2007-11-16 02:50 11,776 ----a-w C:\WINDOWS\system32\spnpinst.exe
2007-11-16 02:50 11,776 ----a-w C:\WINDOWS\system32\rasdial.exe
2007-11-16 02:50 11,776 ----a-w C:\WINDOWS\system32\rasautou.exe
2007-11-16 02:50 106,496 ----a-w C:\WINDOWS\system32\sysocmgr.exe
2007-11-16 02:50 100,864 ----a-w C:\WINDOWS\system32\verifier.exe
2007-11-16 02:50 10,240 ----a-w C:\WINDOWS\system32\sfc.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-16 00:41]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-11-13 11:00]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-11-17 01:29]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2007-11-17 01:29]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-10-30 10:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-11-17 01:29]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-11-16 03:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot

R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 22:56:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-17 22:57:08
.
--- E O F ---

[mato555]

no na vsetky zachytene subory mi pise virus Virut.AQ

[BUBINO]

Mohol by ste sem dat este logz MWAV?

Aplikujte program podla navodu : http://www.viry.cz/forum/viewtopic.php?t=4097

Nechajte spustene skenovanie a po skenu sem vlozte log z dolneho okna . Vypnete body obnovenia.

[mato555]

ok, urobim, ale nechame to uz na zajtra

[BUBINO]

Ano aj ja som uz unaveny . Zajtra budeme pokracovat.

[mato555]

tu je log


Soubor C:\WINDOWS\system32\msiexec.exe je infikovaný virem Type_Win32 !! Provedené akce: Nic nebylo provedeno.
Objekt "myway Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "myway Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "my way speedbar Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "savenow Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\ComPlusMetaData.MsCorHost" odkazuje na neplatný objekt "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\ComPlusMetaData.MsCorHost.2" odkazuje na neplatný objekt "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\ICQPhone.SipxPhoneManager" odkazuje na neplatný objekt "{82308D15-1A2C-416A-A5BE-21DAF85DDB75}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\SymWriter.pdb" odkazuje na neplatný objekt "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\system32\pxwma.dll". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\system32\pxsfs.dll". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\system32\pxinsi64.exe". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\system32\pxcpyi64.exe". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ISO". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".jar". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".rar". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Mozilla Firefox (1.5)". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Tony Hawk's Pro Skater 3®". Provedené akce: Nic nebylo provedeno.
Soubor C:\WINDOWS\system32\msiexec.exe je infikovaný virem Type_Win32 !! Provedené akce: Nic nebylo provedeno.

[BUBINO]

Warezov /Stration. Pouzite tento navod : http://www.viry.cz/forum/viewtopic.php?t=21484

Logy, ktore naskocia sem dajte + urobte novy ComboFix a HijackThis.

[mato555]

ok
mam jednu otazku. je uz z tychto logov co som sem vkladal mozne nieco zistit???

[BUBINO]

Warezova strationa .To je virus co sa rozosiela v ICQ kontaktov , spomaluje net , zhadzuje firewally a niektore antiviry.