Amvo i pare innych (prośba o sprawdzenie loga)


(Marcin) #1

Jakis czas temu kupilem odtwarzacz mp3 i zaczely dziac mi sie cuda na komputerze. Komunikaty o amvo.exe, brak mozliwosci wyswietlania ukrytych plikow i folderow. Poczytalem troche na forum, sciagnalem combofix i udalo sie pokazac ukryte pliki, ale nadal martwi mnie kilka procesow i wpisow w logu. Podaje log z combofix i zgory dziekuje.

2007-12-04 18:38	550,912	----a-w	C:\WINDOWS\system32\oleaut32.dll

2007-09-20 15:28	81,920	----a-w	C:\Documents and Settings\Marcin\Application Data\ezpinst.exe

2007-09-20 15:28	47,360	----a-w	C:\Documents and Settings\Marcin\Application Data\pcouffin.sys

.


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:02 1204224]

"Amen Idol"="C:\DOCUME~1\Marcin\APPLIC~1\FINDMO~1\safeitch.exe" []

"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-01-04 12:02 265216]

"CTZDetec.exe"="C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 20:25 98304]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 07:22 94208]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 07:19 77824]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 07:23 114688]

"RTHDCPL"="RTHDCPL.EXE" [2005-05-04 10:28 14396416 C:\WINDOWS\RTHDCPL.EXE]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656]

"nwiz"="nwiz.exe" [2005-07-20 21:07 1519616 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="NvMCTray.dll" [2005-07-20 21:07 86016 C:\WINDOWS\system32\nvmctray.dll]

"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2005-09-30 09:18 319488]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 11:31 819712]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 15:29 176128]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-21 19:42 180269]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 20:43 331776]

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2008-01-31 23:13 385024]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]


C:\Documents and Settings\Marcin\Start Menu\Programs\Startup\

Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-06-02 22:56:55 882176]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\Gadu-Gadu\\gg.exe"=

"C:\\Program Files\\Spik\\Spik.exe"=

"C:\\Program Files\\uTorrent\\utorrent.exe"=

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"C:\\Program Files\\SopCast\\SopCast.exe"=

"C:\\Program Files\\NAPI-PROJEKT\\napisy.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"E:\\gry\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"E:\\gry\\Ghost Recon Advanced Warfighter\\GRAW.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"26675:UDP"= 26675:UDP:BitComet 26675 UDP

"26675:TCP"= 26675:TCP:BitComet 26675 TCP


R2 WFPVRENC;WinFast PVR2000 MPEG Encoder(PAL);C:\WINDOWS\system32\drivers\wfpvrenc.sys [2005-08-19 16:09]

R2 WFPVRTUNER;WinFast PVR2000 WDM Tuner;C:\WINDOWS\system32\drivers\wfpvrtun.sys [2005-08-19 16:09]

R2 WFPVRVIDEO;WinFast PVR2000 WDM Video Capture;C:\WINDOWS\system32\drivers\wfpvrcap.sys [2005-08-19 16:09]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]

R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 16:55]

R3 WFPVRBAR;WinFast PVR2000 WDM Crossbar;C:\WINDOWS\system32\drivers\WFPVRBAR.sys [2005-08-19 16:09]

S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\2A.tmp []

S3 pacdcacm;pacdcacm;C:\WINDOWS\system32\DRIVERS\pacdcacm.sys [2005-06-15 03:28]


.

Contents of the 'Scheduled Tasks' folder

"2008-02-14 15:51:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-02-25 09:00:00 C:\WINDOWS\Tasks\B1B24D0A98E9C246.job"

- c:\docume~1\marcin\applic~1\findmo~1\meta bold ford.exe

.

**************************************************************************


catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-25 10:52:57

Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ... 


scanning hidden autostart entries ...


scanning hidden files ... 


scan completed successfully 

hidden files: 0 


**************************************************************************

.

Completion time: 2008-02-25 10:53:47

ComboFix-quarantined-files.txt 2008-02-25 09:53:44

ComboFix2.txt 2008-02-25 09:46:18

.

2008-02-13 14:37:21	--- E O F ---

(Leon$) #2

To jest tylko połowa logu popraw

:slight_smile:


(Marcin) #3

fakt, nie zauważyłem, sorki. To jest cały log:

ComboFix 08-02-25.2 - Marcin 2008-02-25 10:51:25.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.568 [GMT 1:00]

Running from: C:\Documents and Settings\Marcin\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Marcin\Desktop\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE ::

C:\autorun.inf

C:\m1t8ta.com

C:\semo2x.exe

C:\WINDOWS\system32\wsctf.exe

I:\semo2x.exe

.

((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))

.

2008-02-25 09:47 . 2008-02-25 09:46 691,545 --a------ C:\WINDOWS\unins000.exe

2008-02-15 19:56 . 2008-02-15 19:55 103,461 -r-hs---- C:\d6fagcs8.cmd

2008-02-11 00:42 . 2008-02-25 10:52 11,355,936 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-02-11 00:42 . 2008-02-25 10:41 156,860 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-02-11 00:42 . 2008-02-11 00:51 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-02-11 00:42 . 2008-02-11 00:51 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-02-11 00:42 . 2008-02-25 10:52 48,928 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-02-11 00:42 . 2008-02-25 10:41 6,416 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-02-11 00:35 . 2008-02-11 00:35

2008-02-10 23:43 . 2008-02-10 23:43

2008-02-10 23:39 . 2008-02-10 23:39

2008-02-10 23:14 . 2008-02-10 23:14

2008-02-10 23:08 . 2008-02-10 23:08

2008-02-10 23:08 . 2008-02-25 10:21 2,440 --a------ C:\WINDOWS\wincmd.ini

2008-02-10 23:08 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF

2008-02-10 23:08 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF

2008-02-10 23:08 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF

2008-02-10 23:08 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF

2008-02-10 23:08 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF

2008-02-10 23:08 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF

2008-02-10 23:08 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF

2008-02-09 02:49 . 2008-02-25 09:47 5,550 --a------ C:\WINDOWS\unins000.dat

2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-01-28 03:43 . 2008-01-28 03:43

2008-01-28 02:24 . 2008-01-28 03:39

2008-01-28 02:24 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd

2008-01-28 02:23 . 2008-01-28 02:24

2008-01-28 02:23 . 2000-05-22 16:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx

2008-01-28 02:23 . 2006-10-06 14:17 53,248 --------- C:\WINDOWS\Ctregrun.exe

2008-01-28 02:23 . 1999-12-13 09:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE

2008-01-28 02:23 . 1999-11-18 09:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-25 09:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2008-02-25 09:40 --------- d-----w C:\Program Files\Kalendarz XP

2008-02-25 08:53 --------- d-----w C:\Program Files\Mozilla Thunderbird

2008-02-25 08:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search Destroy

2008-02-25 08:48 --------- d-----w C:\Program Files\Spybot - Search Destroy

2008-02-25 08:21 --------- d-----w C:\Documents and Settings\Marcin\Application Data\uTorrent

2008-02-25 02:34 --------- d-----w C:\Program Files\eMule

2008-02-14 22:04 --------- d-----w C:\Documents and Settings\Marcin\Application Data\OpenOffice.org2

2008-02-14 16:07 --------- d-----w C:\Program Files\QuickTime Alternative

2008-02-14 16:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-02-10 23:42 --------- d-----w C:\Program Files\Kaspersky Lab

2008-02-10 23:39 --------- d-----w C:\Program Files\Odkurzacz

2008-02-10 22:43 --------- d-----w C:\Program Files\Lavasoft

2008-02-10 22:42 --------- d-----w C:\Documents and Settings\Marcin\Application Data\Lavasoft

2008-02-05 16:09 --------- d-----w C:\Program Files\Microsoft ActiveSync

2008-01-28 21:44 --------- d-----w C:\Documents and Settings\Marcin\Application Data\Skype

2008-01-28 21:28 --------- d-----w C:\Documents and Settings\Marcin\Application Data\skypePM

2008-01-28 01:22 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-24 22:56 --------- d-----w C:\Program Files\BitComet

2008-01-20 01:49 --------- d-----w C:\Program Files\Apple Software Update

2008-01-20 01:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple

2008-01-16 21:42 --------- d-----w C:\Program Files\microsoft frontpage

2008-01-15 13:35 --------- d-----w C:\Program Files\NAPI-PROJEKT

2008-01-15 13:35 --------- d-----w C:\Program Files\IrfanView

2008-01-15 13:35 --------- d-----w C:\Documents and Settings\Marcin\Application Data\Temporary

2008-01-15 00:39 --------- d-----w C:\Program Files\AGEIA Technologies

2008-01-10 12:40 --------- d-----w C:\Program Files\Skype

2008-01-09 22:09 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2008-01-09 22:06 --------- d-----w C:\Program Files\Common Files\Skype

2008-01-09 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype

2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-09-20 15:28 81,920 ----a-w C:\Documents and Settings\Marcin\Application Data\ezpinst.exe

2007-09-20 15:28 47,360 ----a-w C:\Documents and Settings\Marcin\Application Data\pcouffin.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:02 1204224]

"Amen Idol"="C:\DOCUME~1\Marcin\APPLIC~1\FINDMO~1\safeitch.exe" []

"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-01-04 12:02 265216]

"CTZDetec.exe"="C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 20:25 98304]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 07:22 94208]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 07:19 77824]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 07:23 114688]

"RTHDCPL"="RTHDCPL.EXE" [2005-05-04 10:28 14396416 C:\WINDOWS\RTHDCPL.EXE]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656]

"nwiz"="nwiz.exe" [2005-07-20 21:07 1519616 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="NvMCTray.dll" [2005-07-20 21:07 86016 C:\WINDOWS\system32\nvmctray.dll]

"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2005-09-30 09:18 319488]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 11:31 819712]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 15:29 176128]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-21 19:42 180269]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 20:43 331776]

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]

"QuickTime Task"="C:\Program Files\QuickTime Alternative\QTTask.exe" [2008-01-31 23:13 385024]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]

C:\Documents and Settings\Marcin\Start Menu\Programs\Startup\

Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-06-02 22:56:55 882176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"C:\Program Files\Messenger\msmsgs.exe"=

"C:\Program Files\eMule\emule.exe"=

"C:\Program Files\Gadu-Gadu\gg.exe"=

"C:\Program Files\Spik\Spik.exe"=

"C:\Program Files\uTorrent\utorrent.exe"=

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"C:\Program Files\SopCast\SopCast.exe"=

"C:\Program Files\NAPI-PROJEKT\napisy.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"E:\gry\Call of Duty 4 - Modern Warfare\iw3mp.exe"=

"E:\gry\Ghost Recon Advanced Warfighter\GRAW.exe"=

"C:\Program Files\Skype\Phone\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"26675:UDP"= 26675:UDP:BitComet 26675 UDP

"26675:TCP"= 26675:TCP:BitComet 26675 TCP

R2 WFPVRENC;WinFast PVR2000 MPEG Encoder(PAL);C:\WINDOWS\system32\drivers\wfpvrenc.sys [2005-08-19 16:09]

R2 WFPVRTUNER;WinFast PVR2000 WDM Tuner;C:\WINDOWS\system32\drivers\wfpvrtun.sys [2005-08-19 16:09]

R2 WFPVRVIDEO;WinFast PVR2000 WDM Video Capture;C:\WINDOWS\system32\drivers\wfpvrcap.sys [2005-08-19 16:09]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]

R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 16:55]

R3 WFPVRBAR;WinFast PVR2000 WDM Crossbar;C:\WINDOWS\system32\drivers\WFPVRBAR.sys [2005-08-19 16:09]

S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\2A.tmp []

S3 pacdcacm;pacdcacm;C:\WINDOWS\system32\DRIVERS\pacdcacm.sys [2005-06-15 03:28]

.

Contents of the 'Scheduled Tasks' folder

"2008-02-14 15:51:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

  • C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-02-25 09:00:00 C:\WINDOWS\Tasks\B1B24D0A98E9C246.job"

  • c:\docume~1\marcin\applic~1\findmo~1\meta bold ford.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-25 10:52:57

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-02-25 10:53:47

ComboFix-quarantined-files.txt 2008-02-25 09:53:44

ComboFix2.txt 2008-02-25 09:46:18

.

2008-02-13 14:37:21 --- E O F ---

z hijackthis tez?


(Leon$) #4

dla m_k

otwórz notatnik i wklej

File::

C:\d6fagcs8.cmd


Folder::

C:\Recycled


Driver::

MEMSWEEP2


Registry:: 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Amen Idol"=-

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri ... iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania

dodatkowo log HijackThis http://forum.dobreprogramy.pl/viewtopic.php?f=16&t=36654

:slight_smile:

foxiol otwórz swój własny temat dołącz w nim log Combofix http://www.searchengines.pl/index.php?showtopic=86306&st=0&p=395642entry395642

[-X


(Gutek) #5

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350


(Marcin) #6

Log z usuwania combofix - http://wklej.org/id/baea7d6204

Log z hijackthis - http://www.wklej.org/id/5fd3ce9839


(Gutek) #7

Już powinno być Ok


(Leon$) #8

wpisy

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe

usuń HijackThisem >> Fix checked

usuń ręcznie folder C: \Qoobox

zrób sobie optymalizacje autostartu http://cybertrash.netarteria.pl/cyber/index.php/topic,378.0.html

u ciebie jest trochę za dużo

:slight_smile:


(Marcin) #9

Wielkie dzięki, muszę przyznać, że wszystko chodzi zauważalnie lepiej;)

Jak miło, że są jeszcze ludzie, którzy mogą bezinteresownie pomóc... Jeszcze raz dzięki =P~