Jakis czas temu kupilem odtwarzacz mp3 i zaczely dziac mi sie cuda na komputerze. Komunikaty o amvo.exe, brak mozliwosci wyswietlania ukrytych plikow i folderow. Poczytalem troche na forum, sciagnalem combofix i udalo sie pokazac ukryte pliki, ale nadal martwi mnie kilka procesow i wpisow w logu. Podaje log z combofix i zgory dziekuje.
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-09-20 15:28 81,920 ----a-w C:\Documents and Settings\Marcin\Application Data\ezpinst.exe
2007-09-20 15:28 47,360 ----a-w C:\Documents and Settings\Marcin\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:02 1204224]
"Amen Idol"="C:\DOCUME~1\Marcin\APPLIC~1\FINDMO~1\safeitch.exe" []
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-01-04 12:02 265216]
"CTZDetec.exe"="C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 20:25 98304]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 07:22 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 07:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 07:23 114688]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-04 10:28 14396416 C:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656]
"nwiz"="nwiz.exe" [2005-07-20 21:07 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2005-07-20 21:07 86016 C:\WINDOWS\system32\nvmctray.dll]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2005-09-30 09:18 319488]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 11:31 819712]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 15:29 176128]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-21 19:42 180269]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 20:43 331776]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2008-01-31 23:13 385024]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]
C:\Documents and Settings\Marcin\Start Menu\Programs\Startup\
Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-06-02 22:56:55 882176]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Spik\\Spik.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\NAPI-PROJEKT\\napisy.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\gry\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"E:\\gry\\Ghost Recon Advanced Warfighter\\GRAW.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:UDP"= 26675:UDP:BitComet 26675 UDP
"26675:TCP"= 26675:TCP:BitComet 26675 TCP
R2 WFPVRENC;WinFast PVR2000 MPEG Encoder(PAL);C:\WINDOWS\system32\drivers\wfpvrenc.sys [2005-08-19 16:09]
R2 WFPVRTUNER;WinFast PVR2000 WDM Tuner;C:\WINDOWS\system32\drivers\wfpvrtun.sys [2005-08-19 16:09]
R2 WFPVRVIDEO;WinFast PVR2000 WDM Video Capture;C:\WINDOWS\system32\drivers\wfpvrcap.sys [2005-08-19 16:09]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 16:55]
R3 WFPVRBAR;WinFast PVR2000 WDM Crossbar;C:\WINDOWS\system32\drivers\WFPVRBAR.sys [2005-08-19 16:09]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\2A.tmp []
S3 pacdcacm;pacdcacm;C:\WINDOWS\system32\DRIVERS\pacdcacm.sys [2005-06-15 03:28]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-14 15:51:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-25 09:00:00 C:\WINDOWS\Tasks\B1B24D0A98E9C246.job"
- c:\docume~1\marcin\applic~1\findmo~1\meta bold ford.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 10:52:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-25 10:53:47
ComboFix-quarantined-files.txt 2008-02-25 09:53:44
ComboFix2.txt 2008-02-25 09:46:18
.
2008-02-13 14:37:21 --- E O F ---