PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

pls mam problem C:\PROGRA~1

https://pc-help.cnews.cz/viewtopic.php?f=47&t=22951

Stránka 1 z 2

pls mam problem C:\PROGRA~1

Napsal: 16 led 2008 23:30
od Dusan
Pravdepodobne mam virus v C:\PROGRA~1 ale neviem sa tam dostat.
Prosim pomoc, Dakujem

Napsal: 16 led 2008 23:47
od Myloš
progra~1 je totéž co „Program Files“.
Slova Pravdepodobne mam virus znamenají co? Jak pravděpodobně?
Máš antivirový program? Co ten na to?
Otestuj si počítač MWAV
Co HijackThis?

Napsal: 17 led 2008 00:30
od Baron Prášil
no,já bych to zformuloval do jedné věty:pošli log z hijackthis-návod najdeš v podpisu :wink:

Napsal: 17 led 2008 09:53
od Dusan
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:05, on 17.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\Dusan\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Task Catcher] C:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5174 bytes

Napsal: 17 led 2008 14:20
od Baron Prášil
log je v pořádku.předpokládám,že hlášku o viru máš s Aviri.kde ho avira hlásí?
nebo pošli log kterej by měla jako každej antivir generovat.

Napsal: 17 led 2008 14:24
od Dusan
Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "savenow Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\BitCometBHO.CIEClickCapture" odkazuje na neplatný objekt "{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\BitCometBHO.CIEClickCapture.1" odkazuje na neplatný objekt "{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\NBShell.NBShellHook.3" odkazuje na neplatný objekt "{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\NMUIEngin0.NMUIResourceLoaderHarddisk" odkazuje na neplatný objekt "{b35354ff-7e4a-46a4-bf69-4d92c3d7787b1}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".r47". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".srt". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "WgaNotify". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{D6938AFF-30C4-409C-B667-3F6503750BB8}". Provedené akce: Nic nebylo provedeno.
Soubor C:\Program Files\Webteh\BSplayer\URL3\MEADInst.exe/AdVantage.exe indentifikován jako "not-a-virus:AdTool.Win32.WhenU.r". Provedené akce: Nic nebylo provedeno.
Soubor C:\System Volume Information\_restore{0B7D4002-01F6-4C42-B6CE-41BD95271D1F}\RP53\A0004685.exe indentifikován jako "not-a-virus:AdTool.Win32.WhenU.s". Provedené akce: Nic nebylo provedeno.

Napsal: 17 led 2008 14:27
od Dusan
Wed Jan 16 09:03:26 2008 => Offending file found: C:\PROGRA~1\ADVANT~1\ADVANT~1.HTM
Wed Jan 16 09:03:26 2008 => System found infected with mediaadvantage Spyware/Adware (C:\PROGRA~1\ADVANT~1\ADVANT~1.HTM)! Action taken: Nic nebylo provedeno.

Wed Jan 16 09:03:26 2008 => Offending file found: C:\WINDOWS\system32\unrar.dll
Wed Jan 16 09:03:26 2008 => System found infected with savenow Adware (C:\WINDOWS\system32\unrar.dll)! Action taken: Nic nebylo provedeno.

Wed Jan 16 09:03:26 2008 => Offending file found: C:\PROGRA~1\ADVANT~1\ADVANT~1.EXE
Wed Jan 16 09:03:26 2008 => System found infected with mediaadvantage Spyware/Adware (C:\PROGRA~1\ADVANT~1\ADVANT~1.EXE)! Action taken: Nic nebylo provedeno.

Wed Jan 16 09:03:27 2008 => Offending file found: C:\PROGRA~1\ADVANT~1
Wed Jan 16 09:03:27 2008 => System found infected with mediaadvantage Spyware/Adware (C:\PROGRA~1\ADVANT~1)! Action taken: Nic nebylo provedeno.

Wed Jan 16 09:03:27 2008 => Offending file found: C:\PROGRA~1\ADVANT~1\ffext.mod
Wed Jan 16 09:03:27 2008 => System found infected with mediaadvantage Spyware/Adware (C:\PROGRA~1\ADVANT~1\ffext.m


Ten run.dll je v poriadku dal som to testovat na virustotal ale tei ostatne subory obsahuju virusi a ja sa k nim neviem dostat aby som ich zmazal :cry:

Napsal: 17 led 2008 14:44
od Baron Prášil
vypni obnovu systému
pravím na Tento počítač>vlastnosti>obnova systému a zaškrtni a ok a potvrdit
až budem hotoví,tak si jí zase zapni

použij Avenger http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=35

a tento skript

Files to delete:
C:\PROGRA~1\ADVANT~1\ADVANT~1.HTM
C:\PROGRA~1\ADVANT~1\ADVANT~1.EXE
C:\PROGRA~1\ADVANT~1
C:\PROGRA~1\ADVANT~1\ffext.mod

po restartu pošli log z Avengeru a pokud se problém nevyřeší tak přidej i COMBOFIX
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Napsal: 17 led 2008 15:11
od Dusan
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\lnsyjthp

*******************

Script file located at: \??\C:\WINDOWS\tyukqvuh.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C:\PROGRA~1\ADVANT~1\ADVANT~1.HTM for deletion
Deletion of file C:\PROGRA~1\ADVANT~1\ADVANT~1.HTM failed!

Could not process line:
C:\PROGRA~1\ADVANT~1\ADVANT~1.HTM
Status: 0xc000003a



Could not open file C:\PROGRA~1\ADVANT~1\ADVANT~1.EXE for deletion
Deletion of file C:\PROGRA~1\ADVANT~1\ADVANT~1.EXE failed!

Could not process line:
C:\PROGRA~1\ADVANT~1\ADVANT~1.EXE
Status: 0xc000003a



File C:\PROGRA~1\ADVANT~1 not found!
Deletion of file C:\PROGRA~1\ADVANT~1 failed!

Could not process line:
C:\PROGRA~1\ADVANT~1
Status: 0xc0000034



Could not open file C:\PROGRA~1\ADVANT~1\ffext.mod for deletion
Deletion of file C:\PROGRA~1\ADVANT~1\ffext.mod failed!

Could not process line:
C:\PROGRA~1\ADVANT~1\ffext.mod
Status: 0xc000003a


Completed script processing.

*******************

Finished! Terminate.

Napsal: 17 led 2008 15:30
od Dusan
A prepac predtym som zabudol vypnut tu obnovu systemu :? .
Alwe ked je vypnuta a spustim ten Awanger tak mi nevyhodi po restarte log ale ked som ho stustil druhykrat tak napisal ze tie subory nemoze najst tak su asi vymazane.
Ale radsej som stiahol aj ten combofix


ComboFix 08-01-17.5 - Dusan 2008-01-17 15:23:42.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.640 [GMT 1:00]
Running from: C:\Documents and Settings\Dusan\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\winsys.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.

2008-01-17 15:22 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-16 10:43 . 2008-01-17 00:11 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-16 10:31 . 2008-01-16 10:31 <DIR> d-------- C:\Documents and Settings\Dusan\Application Data\Nero
2008-01-16 10:28 . 2008-01-16 10:28 <DIR> d-------- C:\Program Files\Nero
2008-01-16 10:28 . 2008-01-16 10:29 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-01-16 10:28 . 2008-01-16 10:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-12 20:46 . 2008-01-12 20:46 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-12 20:46 . 2008-01-16 17:55 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-12 20:46 . 2008-01-12 20:46 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-12 20:46 . 2008-01-16 17:55 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-12 18:07 . 2008-01-12 18:07 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-01-12 18:07 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-01-12 18:07 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe
2008-01-12 18:07 . 2007-05-14 15:24 394,240 --a------ C:\WINDOWS\system32\Smab.dll
2008-01-12 18:07 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2008-01-12 18:07 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2008-01-12 18:07 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
2008-01-12 18:07 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-01-12 18:07 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2008-01-12 18:07 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
2008-01-12 18:07 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-01-12 18:06 . 2008-01-12 18:06 <DIR> d-------- C:\Program Files\eRightSoft
2008-01-12 14:42 . 2008-01-12 14:42 <DIR> d-------- C:\Documents and Settings\Dusan\Application Data\GlarySoft
2008-01-12 14:41 . 2008-01-12 14:41 <DIR> d-------- C:\Program Files\Absolute Uninstaller
2008-01-11 18:05 . 2008-01-11 18:06 <DIR> d-------- C:\Documents and Settings\Dusan\Application Data\RegClean
2008-01-11 16:12 . 2008-01-11 16:17 <DIR> d-------- C:\Program Files\AusLogics Registry Defrag
2008-01-11 09:56 . 2008-01-11 09:56 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-01-11 09:56 . 2008-01-11 09:56 <DIR> d-------- C:\Documents and Settings\Dusan\Application Data\TuneUp Software
2008-01-11 09:56 . 2008-01-11 09:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-01-11 09:56 . 2008-01-11 09:56 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-01-11 09:56 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-01-11 09:55 . 2008-01-11 09:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-10 00:48 . 2008-01-10 00:48 <DIR> d-------- C:\Program Files\Ashampoo
2008-01-09 18:21 . 2004-02-26 11:56 38,872 --------- C:\WINDOWS\hpomdl03.dat.temp
2008-01-09 18:21 . 2008-01-03 18:01 29,363 --------- C:\WINDOWS\hpoins03.dat.temp
2008-01-06 23:46 . 2008-01-06 23:46 <DIR> d-------- C:\Program Files\VentriloMIX
2008-01-06 23:22 . 2008-01-06 23:48 <DIR> d-------- C:\Documents and Settings\Dusan\Application Data\Ventrilo
2008-01-06 10:02 . 2008-01-07 09:55 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-01-06 09:56 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-06 09:56 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-06 09:56 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-05 19:10 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-01-05 19:09 . 2008-01-05 19:09 <DIR> d-------- C:\Program Files\MSBuild
2008-01-05 19:09 . 2008-01-05 19:09 <DIR> d-------- C:\Program Files\Microsoft Works
2008-01-05 19:08 . 2008-01-05 19:08 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-05 19:06 . 2008-01-05 19:09 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-01-05 19:05 . 2008-01-05 19:05 <DIR> d-------- C:\MSOCache
2008-01-05 19:05 . 2008-01-08 07:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-05 16:35 . 2008-01-05 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-05 02:29 . 2008-01-05 02:29 <DIR> d-------- C:\Program Files\Defraggler
2008-01-04 10:16 . 2008-01-04 10:16 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-03 21:21 . 2008-01-03 21:24 <DIR> d-------- C:\Program Files\ICQ6
2008-01-03 21:21 . 2008-01-03 21:24 <DIR> d-------- C:\Documents and Settings\Dusan\Application Data\ICQ
2008-01-03 18:00 . 2004-02-26 11:56 51,056 -ra------ C:\WINDOWS\system32\drivers\hpzid412.sys
2008-01-03 18:00 . 2004-02-26 11:56 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-01-03 17:59 . 2004-02-26 11:56 21,488 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-01-03 17:59 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-03 17:59 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-03 17:40 . 2008-01-03 17:40 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-01-03 17:40 . 2003-12-11 11:15 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2008-01-03 17:40 . 2003-12-11 11:15 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2008-01-03 17:40 . 2003-12-11 11:15 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2008-01-03 17:40 . 2003-12-11 11:15 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2008-01-03 17:35 . 2008-01-03 17:35 <DIR> d-------- C:\Program Files\Common Files\HP
2008-01-03 17:33 . 2008-01-03 17:34 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-01-03 17:28 . 2008-01-03 17:40 <DIR> d-------- C:\Program Files\HP
2008-01-03 17:26 . 2004-02-26 11:56 38,872 --------- C:\WINDOWS\hpomdl03.dat
2008-01-03 17:26 . 2008-01-03 18:01 29,363 --------- C:\WINDOWS\hpoins03.dat
2008-01-03 14:25 . 2008-01-03 14:25 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-03 14:25 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-01-03 14:25 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-03 14:25 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-03 14:25 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-03 14:25 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-03 14:25 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-03 14:25 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-03 14:25 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-03 14:25 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-02 22:18 . 2008-01-02 22:22 <DIR> d-------- C:\Program Files\ewido anti-malware
2008-01-02 19:18 . 2008-01-02 19:18 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-01-01 10:40 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-01 10:40 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-01 10:31 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-01 10:31 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-26 23:49 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-21 16:37 . 2007-12-21 16:37 <DIR> d-------- C:\Documents and Settings\Dusan\UserData
2007-12-21 15:51 . 2007-12-21 15:51 <DIR> d-------- C:\Documents and Settings\Dusan\Application Data\InstallShield
2007-12-21 15:04 . 2007-12-21 15:04 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-21 14:48 . 2007-12-21 14:48 <DIR> d-------- C:\Program Files\QuickTime
2007-12-21 14:48 . 2007-12-21 14:48 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-21 14:48 . 2007-12-21 14:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-21 14:45 . 2007-12-21 15:22 <DIR> d-------- C:\Documents and Settings\Dusan\Graphisoft
2007-12-21 14:45 . 2007-12-21 14:52 <DIR> d-------- C:\Documents and Settings\Dusan\Application Data\Graphisoft
2007-12-21 13:55 . 2007-12-21 13:55 <DIR> d-------- C:\WINDOWS\system32\xlive
2007-12-21 13:55 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-12-21 13:55 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-12-21 13:55 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-12-21 13:55 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-12-21 13:55 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-12-21 13:55 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 20:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 18:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-20 21:59 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-12-20 21:58 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-20 21:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-20 21:36 --------- d-----w C:\Program Files\Realtek
2007-12-20 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2007-12-20 21:13 --------- d-----w C:\Program Files\BillP Studios
2007-12-20 21:11 --------- d-----w C:\Documents and Settings\Dusan\Application Data\WinPatrol
2007-12-20 21:03 --------- d-----w C:\Documents and Settings\Dusan\Application Data\Avant Profiles
2007-12-20 21:02 --------- d-----w C:\Program Files\Avant Browser
2007-12-20 20:21 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-12-03 17:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2007-11-21 16:31 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-11-21 16:31 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 02:15 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 03:37 69632]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-10-26 17:06 292152]
"Task Catcher"="C:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe" [2005-11-14 13:05 136760]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 10:22 7618560]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 04:44 16262656 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

R0 tcdmeaan;tcdmeaan;C:\WINDOWS\system32\drivers\hocdralv.sys []
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-11 09:56]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - PROCEXP90
*Newly Created Service* - TCDMEAAN
.
Contents of the 'Scheduled Tasks' folder
"2008-01-11 16:15:49 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 15:25:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-17 15:26:23
ComboFix-quarantined-files.txt 2008-01-17 14:26:20
.
2008-01-17 08:03:58 --- E O F ---

Napsal: 17 led 2008 16:25
od Baron Prášil
stáhni si killbox ObrázekObrázek
rozbal,spust a do okýnka zkopíruj tučné
C:\WINDOWS\system32\Smab.dll
zaškrtni Delete on Reboot a Unregister .dll Before Deleting
a klikni na křížek.stroj pude do restartu

popiš jestli se komp chová nějak nestandardně,přípasně nepiš kde přesně avast hlásí nálezy.

Napsal: 17 led 2008 16:35
od Dusan
Pocitac strasne vela pracuje ked chcem nieco spravit a trva to dlhsie ako inokedy. :-(
Testujem to teraz MWAV ked skonci poslem log.
Časové pásmo: UTC+02:00
Stránka 1 z 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/