Komunikat o braku możliwości uruchomienia amvo.exe

wichu · 24 Kwiecień 2008 21:09

witam mam ten sam problem co zoa moj log:

ComboFix 08-04-22.5 - Anka 2008-04-24 22:44:36.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.170 [GMT 2:00]

Running from: F:\TORRENT\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Previous Run -------

.

C:\Autorun.inf

C:\WINDOWS\system32\amvo.exe

C:\WINDOWS\system32\amvo0.dll

D:\Autorun.inf

E:\Autorun.inf

F:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))

.

2008-04-24 22:23 . 2008-04-24 22:23

2008-04-24 22:23 . 2008-04-24 22:44 10,880 --a------ C:\WINDOWS\system32\drivers\pxark.sys

2008-04-24 22:22 . 2008-04-24 22:45

2008-04-24 22:04 . 2008-04-24 22:43 3,374,301 --a------ C:\WINDOWS{00000000-00000000-00000006-00001102-00000002-80651102}.BAK

2008-04-24 13:41 . 2005-02-25 05:36 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-04-24 13:39 . 2008-04-24 21:32 102,822 -r-hs---- C:\lkxcqdb.bat

2008-04-23 15:08 . 2008-04-24 13:57

2008-04-22 21:18 . 2008-04-24 21:51

2008-04-22 21:17 . 2008-04-24 22:45

2008-04-22 20:28 . 2008-04-21 14:16 104,925 -r-hs---- C:\dwvo.cmd

2008-04-19 13:12 . 2008-04-19 13:12

2008-04-10 13:00 . 2008-04-10 13:00

2008-04-10 12:59 . 2008-04-10 12:59

2008-04-10 12:45 . 2008-04-10 12:53

2008-04-10 12:45 . 2008-04-10 15:33

2008-04-10 12:34 . 2008-04-10 12:34 103 --a------ C:\WINDOWS\CTRec.INI

2008-04-08 16:56 . 2008-04-08 16:56

2008-04-06 20:08 . 2008-04-20 18:16

2008-04-06 20:08 . 2008-04-06 20:08 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

2008-04-06 20:05 . 2008-04-20 20:06

2008-04-06 20:04 . 2008-04-08 15:13

2008-04-06 20:04 . 2008-04-06 20:04

2008-04-02 21:52 . 2008-04-02 21:52

2008-04-02 21:50 . 2008-04-02 21:50 703 --a------ C:\WINDOWS\unins000.dat

2008-03-30 14:21 . 2008-04-02 21:51

2008-03-30 14:21 . 2008-04-02 11:37

2008-03-29 22:39 . 2008-03-29 22:39 483 --a------ C:\WINDOWS\eReg.dat

2008-03-29 19:47 . 2008-04-16 21:22

2008-03-29 19:46 . 2008-03-29 19:46

2008-03-29 19:44 . 2008-03-29 19:44

2008-03-29 19:43 . 2008-03-29 19:43

2008-03-29 19:42 . 2008-03-29 19:44

2008-03-29 19:42 . 2008-03-29 19:43

2008-03-29 19:42 . 2008-03-29 19:42

2008-03-29 19:42 . 2008-03-29 19:44

2008-03-29 19:42 . 2006-05-29 09:26 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys

2008-03-29 19:42 . 2006-05-29 09:26 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-03-29 19:42 . 2006-05-29 09:26 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-03-29 19:42 . 2006-05-29 09:26 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys

2008-03-29 19:42 . 2006-05-29 09:26 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys

2008-03-29 19:42 . 2006-05-29 09:26 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

2008-03-29 19:42 . 2006-05-29 09:26 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll

2008-03-29 19:41 . 2008-03-29 19:41

2008-03-27 18:07 . 2006-05-08 23:04 430,080 -ra------ C:\WINDOWS\system32\hp4370co.dll

2008-03-27 18:07 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-03-27 18:07 . 2004-08-03 23:58 15,104 --a–c— C:\WINDOWS\system32\dllcache\usbscan.sys

2008-03-27 18:06 . 2008-03-27 18:07

2008-03-27 18:02 . 2008-03-27 18:02

2008-03-27 18:01 . 2008-03-27 18:01

2008-03-27 17:58 . 2008-03-27 17:59

2008-03-27 17:56 . 2008-03-27 17:56

2008-03-27 17:54 . 2008-03-27 17:56

2008-03-27 17:51 . 2008-03-27 18:06 104,577 --a------ C:\WINDOWS\hpgins15.dat

2008-03-27 17:51 . 2006-05-18 20:09 282 --------- C:\WINDOWS\hpgmdl15.dat

2008-03-27 12:17 . 2008-03-27 12:18

2008-03-27 00:56 . 2008-03-27 00:56

2008-03-27 00:53 . 2008-03-27 00:53

2008-03-26 23:50 . 2008-04-12 21:06

2008-03-26 14:46 . 2008-03-26 14:46

2008-03-26 14:45 . 2008-03-26 14:45

2008-03-26 14:45 . 2008-03-26 14:46

2008-03-26 04:00 . 2008-04-24 21:57

2008-03-26 03:38 . 2008-03-26 03:43

2008-03-26 03:38 . 2008-04-17 13:05

2008-03-26 03:30 . 2008-03-26 03:30

2008-03-26 03:30 . 2008-04-17 12:48

2008-03-26 03:29 . 2008-03-26 21:50

2008-03-26 03:27 . 2008-03-26 03:27

2008-03-26 03:27 . 2008-03-26 03:28

2008-03-26 03:25 . 2008-03-26 03:25

2008-03-26 03:25 . 2006-05-14 00:16 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm

2008-03-26 03:24 . 2008-03-26 03:24

2008-03-26 03:24 . 2007-04-23 03:15 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-03-26 03:24 . 2007-05-31 09:44 740,442 --a------ C:\WINDOWS\system32\divx.dll

2008-03-26 03:24 . 2007-04-28 15:54 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-03-26 03:24 . 2004-01-12 01:00 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-03-26 03:24 . 2004-01-25 19:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2008-03-26 03:24 . 2006-11-01 15:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-03-26 03:24 . 2007-04-23 03:02 73,728 --a------ C:\WINDOWS\system32\dpl100.dll

2008-03-26 03:24 . 2007-06-03 15:31 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-03-26 03:24 . 2005-02-24 19:56 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-03-26 03:23 . 2008-03-26 03:23

2008-03-26 03:09 . 2008-03-26 03:09

2008-03-26 03:07 . 2004-03-22 16:17 24,816 --a------ C:\WINDOWS\system32\mdimon.dll

2008-03-26 03:05 . 2008-03-26 03:05

2008-03-26 03:03 . 2008-03-26 03:05

2008-03-26 03:02 . 2008-04-21 22:32 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-03-26 02:30 . 2008-03-26 02:30

2008-03-26 02:28 . 2008-03-26 02:38

2008-03-26 02:26 . 2008-03-26 02:26

2008-03-26 02:21 . 2008-03-26 02:24

2008-03-26 02:19 . 2008-03-26 02:38

2008-03-26 02:19 . 2008-03-26 02:23

2008-03-26 02:08 . 2008-03-26 02:32

2008-03-26 02:08 . 2008-03-26 02:09

2008-03-26 01:28 . 2008-03-26 01:28

2008-03-26 01:23 . 2008-03-26 03:55

2008-03-26 01:23 . 2008-04-24 22:43 88,566 --a------ C:\WINDOWS\system32\nvapps.xml

2008-03-26 01:23 . 2008-03-26 01:23 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2008-03-26 01:22 . 2008-03-26 01:27

2008-03-26 01:22 . 2008-03-26 01:35

2008-03-26 01:22 . 2006-10-22 16:06 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-03-26 01:22 . 2006-10-22 13:22 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-03-26 01:22 . 2006-10-22 13:22 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-03-26 01:21 . 2008-03-26 01:21

2008-03-26 00:56 . 2008-03-26 00:56

2008-03-26 00:50 . 2008-03-26 00:50 1,158 --a------ C:\WINDOWS\mozver.dat

2008-03-26 00:49 . 2008-03-26 00:49 0 --a------ C:\WINDOWS\nsreg.dat

2008-03-26 00:46 . 2004-08-04 00:08 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys

2008-03-26 00:41 . 2008-03-26 00:41

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-24 20:43 --------- d-----w C:\Program Files\ESET

2008-04-13 22:15 90,112 ----a-w C:\WINDOWS\DUMP3846.tmp

2008-03-29 20:50 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2008-03-25 23:21 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-03-25 20:52 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-03-25 20:52 --------- d-----w C:\Program Files\Creative

2008-03-25 20:52 --------- d-----w C:\Documents and Settings\Anka\Dane aplikacji\Creative

2008-03-25 20:48 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Creative

2008-03-25 20:36 --------- d-----w C:\Program Files\microsoft frontpage

2008-03-25 20:34 --------- d-----w C:\Program Files\Usługi online

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 02:44 15360]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2006-04-21 18:03 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“WINDVDPatch”=“CTHELPER.EXE” [2002-07-02 11:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]

“UpdReg”=“C:\WINDOWS\UpdReg.EXE” [2000-05-11 02:00 90112]

“CTStartup”=“C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe” [2001-12-20 02:00 28672]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-10-22 13:22 7700480]

“nwiz”=“nwiz.exe” [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2006-10-22 13:22 86016]

“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 03:41 49152]

“PCSuiteTrayApplication”=“C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe” [2006-06-15 13:36 229376]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 02:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

HP Photosmart Premier - Szybkie uruchomienie.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.ctmp3”= C:\WINDOWS\system32\ctmp3.acm

“vidc.yv12”= yv12vfw.dll

“msacm.divxa32”= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

–a------ 2008-02-01 09:20 2194744 C:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

–a------ 2001-11-29 02:00 28672 C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

–a------ 2006-01-12 17:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

“UpdatesDisableNotify”=dword:00000001

“FirewallOverride”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\WapSter\AQQ\AQQ.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“27312:TCP”= 27312:TCP:BitComet 27312 TCP

“27312:UDP”= 27312:UDP:BitComet 27312 UDP

“30635:TCP”= 30635:TCP:BitComet 30635 TCP

“30635:UDP”= 30635:UDP:BitComet 30635 UDP

R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-04-24 22:44]

R2 CSIScanner;CSIScanner;“C:\Program Files\PrevxCSI\PrevxCSI.exe” /service []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{171daa67-1099-11dd-9887-00e04c017af5}]

\Shell\AutoRun\command - G:\dwvo.cmd

\Shell\explore\Command - G:\dwvo.cmd

\Shell\open\Command - G:\dwvo.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4d3a0e06-fabd-11dc-9845-00e04c017af5}]

\Shell\AutoRun\command - J:\USBNB.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-24 22:46:23

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h???s???w? ?w???w???w4???.??w4???4???TA?s4???97???wd??w???w-??w?????????C@?\???\??????s????\??????s\????97?A??s?97??C@?x???|?w???@

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-24 22:47:46

ComboFix-quarantined-files.txt 2008-04-24 20:47:44

Pre-Run: 5,055,561,728 bajtów wolnych

Post-Run: 5,044,342,784 bajtów wolnych

230 — E O F — 2008-04-24 11:42:53

bardzo proszę o pomoc

Gutek · 24 Kwiecień 2008 21:16

Nie podpinaj się pod cudzy temat - wydzielam!

Wklej do Notatnika:

File::

C:\lkxcqdb.bat

G:\dwvo.cmd


Driver::

CSIScanner


Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo oraz skan http://www.kaspersky.pl/virusscanner.html

wichu · 24 Kwiecień 2008 22:11

Przepraszam za podpięcie się pod cudzy temat i bardzo dziękuję za pomoc komputer śmiga aż miło

Jeszcze raz wielkie dzięki za pomoc Gutek2222

Leon1 · 25 Kwiecień 2008 15:01

a gdzie log Combo i Kasperskiego

chyba o to Gutek prosił