Witam!
Mam problem z amvo.exe Byłbym wdzieczny jesli ktos pomogł by mi usunąc to cholerstwo. Przepraszam za początkowy bład. Log znajduje sie równiez pod linkiem: http://wklej.org/id/db362155de
Oto log z combofix:
ComboFix 08-05-01.3 - Piotr Fater 2008-05-04 11:57:35.1 - FAT32 x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.168 [GMT 2:00]
Running from: C:\Documents and Settings\Piotr Fater\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\setup.exe
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
I:\Autorun.inf
J:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.
2008-05-04 11:52 . 2008-05-04 11:52
2008-05-04 11:52 . 2008-05-04 11:52
2008-05-04 11:52 . 2008-05-04 11:52 10,880 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-05-03 16:44 . 2008-05-03 16:44
2008-05-01 18:21 . 2008-04-28 09:04 105,128 -r-hs---- C:\oq.cmd
2008-05-01 18:19 . 2008-05-01 18:19
2008-04-22 21:46 . 2008-04-29 16:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-22 21:46 . 2008-04-22 21:46 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-11 18:43 . 2008-04-11 18:43
2008-04-08 07:56 . 2008-04-08 07:56
2008-04-07 17:54 . 2008-04-05 20:05 26,986 --a------ C:\WINDOWS_detmp.1
2008-04-05 20:04 . 2008-04-05 20:04
2008-04-05 20:04 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 18:15 1,112 ----a-w C:\Documents and Settings\Piotr Fater\Dane aplikacji\ViewerApp.dat
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,504 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-05 21:44 --------- d-----w C:\Program Files\NetMeter
2008-03-01 16:32 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:59 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:38 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:38 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-26 14:23 40,776 ----a-w C:\Documents and Settings\Piotr Fater\Dane aplikacji\GDIPFONTCACHEV1.DAT
2007-01-25 01:52 65,536 ----a-w C:\Program Files\Common Files\NMSAccessU.exe
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2007-06-11 12:48 8 --sh–r C:\WINDOWS\system32\AA0EF28E1C.sys
2007-08-23 16:45 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-23 16:45 56 --sh–r C:\WINDOWS\system32\1C8EF20EAA.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]
“MSMSGS”=":C:\Program Files\Messenger\msmsgs.exe" []
“Malware Sweeper”=":C:\Program Files\MalwareSweeper.com\Malware Sweeper\MalSwep.exe" []
“PowerBar”="" []
“BitTorrent”=":I:\Program Files\BitTorrent\bittorrent.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“WheelMouse”=“C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe” [2003-07-18 00:53 147456]
“UpdReg”=":C:\WINDOWS\Updreg.exe" []
“Disc Detector”=":C:\Program Files\Creative\ShareDLL\CtNotify.exe" []
“AHQInit”=":C:\Program Files\Creative\SBLive\Program\AHQInit.exe" []
“AudioHQ”=“C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE” [2001-08-17 17:01 180224]
“NeroFilterCheck”=":C:\WINDOWS\system32\NeroCheck.exe" []
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-03-29 19:37 79224]
“HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe” [2002-03-28 11:20 188416]
“ATICCC”=":C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" []
“InCD”=":E:\Program Files\ahead\InCD\InCD.exe" []
“PWRISOVM.EXE”=":E:\Program Files\PowerISO\PWRISOVM.EXE" []
“PCSuiteTrayApplication”=":C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" []
“RemoteControl”=":I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" []
“Adobe Photo Downloader”=":I:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
“hffsrv”=“c:\windows\hffext\hffsrv.exe” [2007-02-03 01:17 83968]
“ISUSPM Startup”=":C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
“ISUSScheduler”=":C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" []
“Sony Ericsson PC Suite”=":I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" []
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44 15360]
“Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-06-19 10:17 1241088]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-03 12:25:03 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“aux”= ctwdm32.dll
“msacm.ctmp3”= C:\WINDOWS\system32\ctmp3.acm
“aux1”= ctwdm32.dll
“vidc.yv12”= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCENT.SYS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HideFilesAndFolders_S]
@=""
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“C:\Program Files\Gadu-Gadu\GG.EXE”=
“E:\Program Files\eMule\emule.exe”=
“E:\Program Files\BearShare\BearShare.exe”=
“C:\Program Files\Tlen.pl\TLEN.EXE”=
“C:\Program Files\DC++\DCPlusPlus.exe”=
“I:\Program Files\Opera\Opera.exe”=
“I:\Program Files\SopCast\SopCast.exe”=
“C:\Documents and Settings\Piotr Fater\Dane aplikacji\SopCast\adv\SopAdver.exe”=
“C:\Program Files\uTorrent\uTorrent.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“I:\Program Files\KONAMI\Pro Evolution Soccer 6\PES6.exe”=
“E:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“5100:TCP”= 5100:TCP:wp.pl
“5000:TCP”= 5000:TCP:gryonline.wp.pl
“20225:TCP”= 20225:TCP:BitComet 20225 TCP
“20225:UDP”= 20225:UDP:BitComet 20225 UDP
“21678:TCP”= 21678:TCP:BitComet 21678 TCP
“21678:UDP”= 21678:UDP:BitComet 21678 UDP
R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-05-04 11:52]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 FDCENT;FDCENT;C:\WINDOWS\system32\drivers\FDCENT.SYS [2007-01-27 19:28]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 CSIScanner;CSIScanner;“C:\Program Files\PrevxCSI\PrevxCSI.exe” /service []
R2 NMSAccessU;NMSAccessU;C:\Program Files\Common Files\NMSAccessU.exe [2007-01-25 03:52]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2003-02-26 18:28]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 09:51]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 09:51]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 09:51]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 09:51]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 09:51]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 09:51]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 09:51]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{1667f988-26a8-11da-9eeb-000ce584221f}]
\Shell\AutoRun\command - K:\oq.cmd
\Shell\explore\Command - K:\oq.cmd
\Shell\open\Command - K:\oq.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a96a34e2-b173-11dc-a86a-000ce584221f}]
\Shell\AutoRun\command - L:\oq.cmd
\Shell\explore\Command - L:\oq.cmd
\Shell\open\Command - L:\oq.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c6a7cae2-bae3-11dc-a87a-000ce584221f}]
\Shell\AutoRun\command - L:\start.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - CSISCANNER
*Newly Created Service* - PXARK
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 11:59:44
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes …
scanning hidden autostart entries …
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ???D??sh???6~???h???Z?6~(???*?6~t?@?l?@???d???6~???6~???W?9~0?6~???*?6~??6~???D??s ???6~???l?@???6~???t?@??Yb???l?@?l?@???Q?7~???t?@???l?@?8?@?l?@?3??s???8?@?_??s8?@?8?@
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-04 12:00:32
ComboFix-quarantined-files.txt 2008-05-04 10:00:28
Pre-Run: 1,888,215,040 bajtów wolnych
Post-Run: 1,985,724,416 bajtów wolnych
172 — E O F — 2008-04-11 16:41:55