Błagam o pomoc! amvo.exe podaje log z combofixa. Pomocy

bongkox · 18 Lipiec 2008 06:31

witam! jestem kompletnie w tym zielony #-o wiec prosze o jakas prosta możliwość pozbycia sie tego syfu . Podaje log z combofixa prosze o pomoc.

ComboFix 08-07-15.4 - Mateusz 2008-07-18 8:23:20.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.662 [GMT 2:00]

Running from: C:\Documents and Settings\Mateusz\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

C:\WINDOWS\system32\amvo.exe

C:\WINDOWS\system32\amvo0.dll

C:\WINDOWS\system32\explorer.exe

D:\Autorun.inf

E:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 )))))))))))))))))))))))))))))))

.

2008-07-14 19:33 . 2008-02-28 10:15 108,099 -r-hs---- C:\fppg1.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-17 18:39 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-07-17 18:25 --------- d-----w C:\Program Files\FlashGet

2008-07-17 18:20 --------- d-----w C:\Program Files\Google

2008-07-17 17:42 --------- d-----w C:\Program Files\JetAudio

2008-07-17 17:39 --------- d-----w C:\Program Files\Cartall

2008-07-17 17:38 --------- d-----w C:\Program Files\Samsung

2008-07-17 17:38 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\Samsung

2008-07-17 17:32 --------- d-----w C:\Program Files\Plato Video To 3GP Converter

2008-07-17 17:32 --------- d-----w C:\Program Files\PITy

2008-07-17 17:32 --------- d-----w C:\Program Files\Opera

2008-07-17 17:28 --------- d-----w C:\Documents and Settings\Mateusz\Dane aplikacji\COWON

2008-07-16 17:26 --------- d-----w C:\Program Files\Gadu-Gadu

2008-06-20 15:06 --------- d-----w C:\Program Files\AIMP2

2008-06-14 15:03 4,373 -c–a-w C:\Program Files\INSTALL.LOG

2008-05-19 10:08 --------- d-----w C:\Program Files\AV VCS 3.0

2006-10-20 21:53 97,325,678 -c–a-w C:\Program Files\OOo_2.0.2_2_windows_install_pl.exe

2003-07-31 09:53 147,456 -c–a-w C:\WINDOWS\inf\EL2K_XP.sys

2003-07-31 09:50 448,768 -c–a-w C:\WINDOWS\inf\EL2K_N64.sys

2003-07-31 09:43 147,456 -c–a-w C:\WINDOWS\inf\EL2K_2K.sys

1998-04-30 12:56 129,024 ----a-w C:\Program Files\UNWISE.EXE

.

((((((((((((((((((((((((((((( snapshot@2008-04-14_17.15.04,56 )))))))))))))))))))))))))))))))))))))))))

.

2000-08-31 06:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe

2000-08-31 06:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe

2008-01-24 13:24:36 14,184 -c–a-w C:\WINDOWS\mozver.dat

2008-06-03 13:19:51 14,863 -c–a-w C:\WINDOWS\mozver.dat

2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe

2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
2001-10-26 17:29:26 152,576 -c–a-w C:\WINDOWS\system32\dllcache\bnts.dll
2004-08-03 23:43:56 1,689,088 -c–a-w C:\WINDOWS\system32\dllcache\d3d9.dll
2004-08-03 23:44:34 695,296 -c–a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
2004-08-03 23:43:58 357,888 -c–a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2004-08-03 23:43:58 201,728 -c–a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2004-08-03 23:44:00 123,904 -c–a-w C:\WINDOWS\system32\dllcache\glu32.dll
2004-08-03 23:44:22 743,936 -c–a-w C:\WINDOWS\system32\dllcache\helpsvc.exe
2004-08-03 23:44:00 35,840 -c–a-w C:\WINDOWS\system32\dllcache\imgutil.dll
2004-08-03 21:59:24 7,424 -c–a-w C:\WINDOWS\system32\dllcache\kd1394.dll
2001-10-26 17:29:34 17,408 -c–a-w C:\WINDOWS\system32\dllcache\mcicda.dll
2004-08-03 23:44:04 310,272 -c–a-w C:\WINDOWS\system32\dllcache\mp43dmod.dll
2004-08-03 23:44:04 949,248 -c–a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
2004-08-03 21:58:40 5,376 -c–a-w C:\WINDOWS\system32\dllcache\mspclock.sys
2004-08-03 23:44:06 146,432 -c–a-w C:\WINDOWS\system32\dllcache\msrating.dll
2004-08-03 23:44:08 713,728 -c–a-w C:\WINDOWS\system32\dllcache\opengl32.dll
2004-08-03 23:44:10 39,424 -c–a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2004-08-03 23:44:10 279,040 -c–a-w C:\WINDOWS\system32\dllcache\qdv.dll
2004-08-03 22:10:18 11,136 -c–a-w C:\WINDOWS\system32\dllcache\slip.sys
2004-08-03 23:44:14 246,302 -c–a-w C:\WINDOWS\system32\dllcache\strmdll.dll
2004-08-03 23:44:14 279,040 -c–a-w C:\WINDOWS\system32\dllcache\tshoot.dll
2004-08-03 23:44:16 1,050,624 -c–a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
2004-08-03 23:44:16 759,296 -c–a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
2004-08-03 23:44:16 484,864 -c–a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
2004-08-03 23:44:16 809,984 -c–a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll

2007-02-25 14:36:44 383,238 ----a-w C:\WINDOWS\system32\libmp3lame-0.dll

2007-02-25 13:36:44 383,238 -c–a-w C:\WINDOWS\system32\libmp3lame-0.dll

2007-11-21 00:52:38 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

2008-03-24 18:21:00 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

2007-11-21 00:52:40 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

2008-03-24 18:21:00 218,496 -c–a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

2007-12-21 14:02:45 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

2008-06-03 09:45:55 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

2008-04-14 15:12:03 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat

2001-12-31 22:02:40 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat

2008-04-14 15:12:03 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat

2001-12-31 22:02:40 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat

2008-04-14 15:12:03 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat

2001-12-31 22:02:40 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat

2008-04-14 15:12:03 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat

2001-12-31 22:02:40 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat

2006-11-01 13:52:38 765,952 ----a-w C:\WINDOWS\system32\xvidcore.dll

2006-11-01 12:52:38 765,952 ----a-w C:\WINDOWS\system32\xvidcore.dll

2008-04-11 14:30:44 65,024 -c–a-w C:\WINDOWS\twain_32\ScanDrv5\ApInfo.dat

2008-07-09 16:44:17 65,024 -c–a-w C:\WINDOWS\twain_32\ScanDrv5\ApInfo.dat

2008-04-11 14:30:44 10,752 -c–a-w C:\WINDOWS\twain_32\ScanDrv5\HWInfo.dat

2008-07-09 16:44:17 10,752 -c–a-w C:\WINDOWS\twain_32\ScanDrv5\HWInfo.dat

2008-04-11 14:27:50 25,600 —ha-w C:\WINDOWS\twain_32\ScanDrv5\InApInfo.dat

2008-07-09 16:42:12 25,600 —ha-w C:\WINDOWS\twain_32\ScanDrv5\InApInfo.dat

2008-04-11 14:30:44 267,318 ----a-w C:\WINDOWS\twain_32\ScanDrv5\PrevImg4.Dat

2008-07-09 16:44:17 267,318 ----a-w C:\WINDOWS\twain_32\ScanDrv5\PrevImg4.Dat

.

– Snapshot reset to current date –

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44 15360]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-04 01:44 1667584]

“Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2007-10-23 23:18 443968]

“EXPLORER.EXE”=“EXPLORER.EXE” [2004-08-04 01:44 1033728 C:\WINDOWS\explorer.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SoundMAXPnP”=“C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe” [2003-05-29 17:28 790528]

“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2003-02-28 22:00 315392]

“WinFast Schedule”=“C:\Program Files\WinFast\WFTVFM\WFWIZ.exe” [2003-12-29 18:01 159744]

“DAEMON Tools-1033”=“C:\Program Files\D-Tools\daemon.exe” [2004-08-22 18:05 81920]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50 155648]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” [2006-10-12 04:10 49263]

“ABBYY Community Agent”=“c:\PROGRA~1\SPRINT~1.0OF\sprint\CAgent.exe” [2001-01-31 17:32 241664]

“WheelMouse”=“C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe” [2004-08-25 07:35 192512]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 01:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-05 22:52:52 113664]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.l3acm”= L3codecp.acm

“vidc.ffds”= C:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll

“VIDC.3iv2”= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL

“VIDC.VP60”= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll

“VIDC.VP61”= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll

“VIDC.VP62”= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll

“VIDC.VP70”= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll

“VIDC.VP31”= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll

“msacm.ac3acm”= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm

“msacm.l3fhg”= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm

“VIDC.AP41”= APmpg4v1.dll

“MSACM.CEGSM”= mobilev.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

“UpdatesDisableNotify”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\BearShare\BearShare.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“17982:TCP”= 17982:TCP:BitComet 17982 TCP

“17982:UDP”= 17982:UDP:BitComet 17982 UDP

R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2003-12-12 09:52]

R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2003-12-12 09:52]

R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2003-12-12 09:52]

R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2003-09-10 10:53]

S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-09 05:26]

S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{01917c42-c0ac-11db-94ff-000ea609eaaf}]

\Shell\AutoRun\command - H:\fppg1.exe

\Shell\explore\Command - H:\fppg1.exe

\Shell\open\Command - H:\fppg1.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{29c4d805-2c03-11dc-96bf-000ea609eaaf}]

\Shell\AutoRun\command - M:\fppg1.exe

\Shell\explore\Command - M:\fppg1.exe

\Shell\open\Command - M:\fppg1.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f71a18bd-ee0f-11dc-9915-000ea609eaaf}]

\Shell\AutoRun\command - H:\EXPLORER.EXE

\Shell\explore\Command - H:\EXPLORER.EXE

\Shell\open\Command - H:\EXPLORER.EXE

.

Contents of the ‘Scheduled Tasks’ folder

“2008-07-17 21:00:00 C:\WINDOWS\Tasks\AF45A78390DE2473.job”

c:\docume~1\mateusz\daneap~1\purehe~1\Mapireadmedelete.exe

.

- - - ORPHANS REMOVED - - - -

HKCU-Run-wsctf.exe - wsctf.exe

HKLM-Run-BearFlix - C:\Program Files\BearFlix\BearFlix.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-18 08:25:09

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-07-18 8:26:16

ComboFix-quarantined-files.txt 2008-07-18 06:26:12

Pre-Run: 4,873,289,728 bajtów wolnych

Post-Run: 4,872,323,072 bajtów wolnych

193

huber2t · 18 Lipiec 2008 06:35

Do wyleczenia pendrive z wirusów użyj

Perlovg Removal Tool

Flash Disinfector

lub format

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\fppg1.exe


Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EXPLORER.EXE"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01917c42-c0ac-11db-94ff-000ea609eaaf}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29c4d805-2c03-11dc-96bf-000ea609eaaf}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f71a18bd-ee0f-11dc-9915-000ea609eaaf}]

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://wklejto.pl a w poście dajesz tylko link

bongkox · 18 Lipiec 2008 06:55

HEj!oto log po tym co kazałeś zrobić. http://wklejto.pl/index.php?id=6055

huber2t · 18 Lipiec 2008 06:56

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!

bongkox · 18 Lipiec 2008 07:00

Wielkie dzieki!! Jestes wielki:) Świetne forum:):)

huber2t · 18 Lipiec 2008 07:01

Przesknauj antywirusem i daj z niego raport na forum