Problem s Avast!

Mam antivir Avast a ked dam skontrolovat disk tak mi nasiel Trojskeho kona. Vsetko som zmazal takze uz nenasiel nic, ale ked idem cez Tento Pocitac na ten disk kde bol virus tak sa mi ten disk neda otvorit na dvojklik musim dat prave tlacidlo mysi a Preskumat. Neviete ako to dat do normalu. Vdaka

Poprosím log z HJT, návod je tu:
http://www.pcforum.sk/postup-pri-cisteni-napadnuteho-pc-vt17087.html

Pokusim sa to vyzistit...

My log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:36, on 21. 9. 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

--
End of file - 2952 bytes

Log je v poriadku.



Stiahni ComboFix –->
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Riaď sa inštrukciami na obrazovke, neklikaj, počítač môže byť reštartovaný.

Dik. skusim v piatok sa ozvem

Stiahol som ComboFix ,vyriesilo vec, restartujem , na disk sa da dostat, ale USB kluc robi stale po restarte, alebo po novom pripojeny to iste. Tak neviem. Ale dik zatim

Daj sem log z ComboFixa. Je na C:\ComboFix.txt

tu je:
ComboFix 07-08-17.2 - "Doma" 2007-09-26 8:10:36.1 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.159 [GMT 2:00]
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-08-26 to 2007-09-26 )))))))))))))))))))))))))))))))


2007-09-26 08:06 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-21 20:25 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-21 14:23 <DIR> d-------- C:\Program Files\CCleaner
2007-09-21 13:43 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-21 13:43 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-21 13:43 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-21 13:43 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-21 13:43 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-21 13:43 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-21 13:43 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-21 13:43 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-09-21 13:42 <DIR> d-------- C:\Program Files\Alwil Software
2007-09-21 13:29 299,008 --a------ C:\WINDOWS\uninst.exe
2007-09-21 13:29 <DIR> d-------- C:\Program Files\alsound
2007-09-21 13:27 39,928 -ra------ C:\WINDOWS\system32\drivers\alswdm.sys
2007-09-21 13:27 14,168 -ra------ C:\WINDOWS\system32\drivers\alsfm.sys
2007-09-21 13:12 20,976 --a------ C:\WINDOWS\system\CTL3D.DLL
2007-09-21 13:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Installations
2007-09-19 11:05 <DIR> d-------- C:\Program Files\Valve
2007-09-18 19:56 16,532 -ra------ C:\WINDOWS\system32\drivers\fmjoy.sys
2007-09-18 19:55 48,128 -ra------ C:\WINDOWS\system32\Ftdll32.dll
2007-09-18 19:55 238,592 -ra------ C:\WINDOWS\system32\fmctrl.exe
2007-09-18 19:31 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-09-18 19:31 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-09-18 19:31 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-09-18 19:31 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-09-18 19:31 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-09-18 19:31 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-09-18 19:31 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-09-18 19:31 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-09-18 19:31 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-09-18 19:30 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-09-18 19:30 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-09-18 19:30 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-09-18 19:30 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-09-18 19:30 334,208 --a------ C:\WINDOWS\system32\drivers\ds1wdm.sys
2007-09-18 19:30 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-09-16 21:37 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-09-16 21:37 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Data aplikacˇ
2007-09-16 21:37 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Nabˇdka Start
2007-09-16 21:37 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\ćablony
2007-09-16 21:37 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Okolnˇ tisk rny
2007-09-16 21:37 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Okolnˇ sˇś
2007-09-16 21:37 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Plocha
2007-09-16 21:37 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Oblˇben‚ polo§ky
2007-09-16 21:37 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Dokumenty
2007-09-16 21:14 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2007-09-16 13:36 <DIR> d-------- C:\Program Files\audiograbber
2007-09-16 13:33 9,472 --a------ C:\WINDOWS\system32\drivers\NtApm.sys
2007-09-16 13:33 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-09-16 13:32 852,343 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-09-16 13:32 580,245 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-09-16 13:32 58,240 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-09-16 13:32 516,768 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-09-16 13:32 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-16 13:32 456,064 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-16 13:32 229,376 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-09-16 13:32 215,424 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-09-16 13:32 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-16 13:31 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2007-09-16 13:31 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2007-09-16 13:31 685,056 --a------ C:\WINDOWS\system32\drivers\HSFCXTS2.sys
2007-09-16 13:31 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-09-16 13:31 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-09-16 13:31 42,240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2007-09-16 13:31 32,285 --a------ C:\WINDOWS\system32\HSFCISP2.dll
2007-09-16 13:31 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-09-16 13:31 220,032 --a------ C:\WINDOWS\system32\drivers\HSFBS2S2.sys
2007-09-16 13:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-09-16 13:31 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-09-16 13:31 11,868 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-09-16 13:31 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-09-16 13:31 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-09-16 13:31 1,041,536 --a------ C:\WINDOWS\system32\drivers\HSFDPSP2.sys
2007-09-16 13:31 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-09-16 13:31 <DIR> d-------- C:\Program Files\Ahead
2007-09-16 13:28 <DIR> d--hs---- C:\WINDOWS\Installer
2007-09-16 13:28 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-09-16 13:27 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-09-16 13:27 9,291 --a------ C:\WINDOWS\system\VER.DLL
2007-09-16 13:27 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-09-16 13:27 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-09-16 13:27 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-09-16 13:27 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-09-16 13:27 75,264 --a------ C:\WINDOWS\system32\storprop.dll
2007-09-16 13:27 70,272 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-09-16 13:27 69,632 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-09-16 13:27 69,008 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-09-16 13:27 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-09-16 13:27 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll
2007-09-16 13:27 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll
2007-09-16 13:27 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll
2007-09-16 13:27 6,656 --a------ C:\WINDOWS\system32\kbdpl.dll
2007-09-16 13:27 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll
2007-09-16 13:27 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll
2007-09-16 13:27 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL
2007-09-16 13:27 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-09-16 13:27 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-09-16 13:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-09-16 13:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-18 19:35 2426 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2007-09-18 19:33 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe" [2001-10-25 13:00 C:\WINDOWS\system32\systray.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49]

R3 als_fm;Avance FM Synthesis Miniport Driver (WDM);C:\WINDOWS\system32\drivers\alsfm.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 wdmals;Avance Wave Audio Miniport Driver (WDM);C:\WINDOWS\system32\drivers\alswdm.sys
S3 gameport;SF256-PCP PCI Joystick;C:\WINDOWS\system32\DRIVERS\fmjoy.sys
S3 NtApm;Ovladač rozhraní služby NT Apm/Legacy;C:\WINDOWS\system32\DRIVERS\NtApm.sys
S3 SANDRA;SANDRA;\??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\Sandra.sys
S3 wdm_fm801;SF256-PCP PCI Audio (WDM);C:\WINDOWS\system32\drivers\fm801.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e40d6640-643c-11dc-b292-00a1b0013afb}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- F:\Recycled\ctfmon.exe


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-26 08:13:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-26 8:15:15

--- E O F ---

Stiahnite Avenger -–>
http://swandog46.geekstogo.com/avenger.exe

Spustiť – „Input script manually“ – Lupa – Skopírovať kód – „Done“ – Semafor – Potvrdiť – Nasleduje reštart PC – Vložte nový log


Otestuj na http://www.virustotal.com a výsledok vlož sem:


Mohli by ste mi zaslať na mail zálohu avengeru, ktorá bude na disku C v priečinku Avenger ---> backup.zip

Zabaľte súbor do archívu RAR s heslom "infected" (menu možnosti - nastaviť heslo) a pošlite ho na adresu threat.samples@gmail.com

Tak som ti poslal ten backup, ale to otestovanie nebude mozne lebo na tom kompe nemam net

Súbor prenes na iný PC s netom.

OK