Witam!
prosze o pomoc…
mam ten sam problem (amvo0.dll)… a jesli chodzi ogolnie walke z wirusami to jestem kompletny laik…
zainstalowalem combofix i mam loga:
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\AutoRun.inf
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://h20264.www2.hp.com
.
((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.
2008-02-10 21:06 . 2008-02-10 21:51 544 --ah----- C:\WINDOWS\system32\ws783973.ocx
2008-02-10 21:06 . 2008-02-10 21:51 544 --ah----- C:\os582744.bin
2008-02-10 20:52 . 2008-02-10 20:52
2008-02-10 20:52 . 2008-02-10 20:52
2008-02-06 16:47 . 2008-02-06 16:49 104,770 --a------ C:\WINDOWS\hpqins13.dat
2008-02-05 19:24 . 2008-02-06 16:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-05 19:24 . 2008-02-05 19:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-04 16:12 . 2008-02-04 10:48 103,870 -r-hs---- C:\2ifetri.cmd
2008-02-02 04:10 . 2008-02-02 04:10
2008-02-02 04:09 . 2008-02-02 04:09
2008-02-02 04:07 . 2008-02-02 04:07
2008-02-02 04:07 . 2007-03-30 16:29 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-02-02 04:07 . 2007-03-28 14:01 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll
2008-02-02 04:07 . 2007-03-08 05:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-02-02 04:07 . 2007-03-08 05:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-02-02 04:06 . 2007-03-08 05:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-02-02 03:38 . 2008-02-02 03:38
2008-02-02 03:38 . 2008-02-02 03:38
2008-02-02 03:37 . 2008-02-02 03:37
2008-02-02 03:37 . 2008-02-02 03:37
2008-02-02 03:37 . 2008-02-02 03:37
2008-02-02 03:36 . 2008-02-02 03:38
2008-02-02 03:36 . 2008-02-02 03:36
2008-02-02 03:36 . 2008-02-02 03:36
2008-02-02 03:34 . 2007-03-17 07:39 958,464 -ra------ C:\WINDOWS\system32\hpotiop4.dll
2008-02-02 03:34 . 2007-03-17 07:39 675,840 -ra------ C:\WINDOWS\system32\hpowiax4.dll
2008-02-02 03:34 . 2007-03-08 05:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-02-02 03:34 . 2007-03-08 05:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-02-02 03:34 . 2007-03-17 07:39 303,104 -ra------ C:\WINDOWS\system32\hpovst11.dll
2008-02-02 03:34 . 2008-02-02 04:08 152,124 --a------ C:\WINDOWS\hpoins15.dat
2008-02-02 03:34 . 2007-06-06 00:04 1,039 --------- C:\WINDOWS\hpomdl15.dat
2008-01-30 09:05 . 2008-01-31 20:05 104,080 -r-hs---- C:\h.cmd
2008-01-28 18:44 . 2008-01-29 21:05 103,683 -r-hs---- C:\ylr.exe
2008-01-26 14:25 . 2008-01-26 14:24 103,511 -r-hs---- C:\xo8wr9.exe
2008-01-17 23:20 . 2008-01-17 23:20
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 20:55 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\BitTorrent DNA
2008-02-07 00:31 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Skype
2008-01-21 13:09 --------- d-----w C:\Program Files\ESET
2008-01-14 23:53 --------- d-----w C:\Program Files\DC++
2007-12-31 19:38 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ZoomBrowser
2007-12-31 19:38 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\ZoomBrowser EX
2007-12-25 23:09 --------- d-----w C:\Program Files\BitComet
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 08:39 2119104]
“PcSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2006-06-27 15:21 1449984]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-08-16 23:58 68856]
“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-04-03 23:29 165784]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44 15360]
“BitTorrent DNA”=“C:\Program Files\BitTorrent_DNA\dna.exe” [2007-10-12 16:11 286016]
“LDM”=“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe” []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IMJPMIG8.1”=“C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe” [2004-08-03 21:32 208952]
“PHIME2002ASync”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [2004-08-03 21:32 455168]
“PHIME2002A”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [2004-08-03 21:32 455168]
“High Definition Audio Property Page Shortcut”=“HDAShCut.exe” [2005-01-07 16:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
“RTHDCPL”=“RTHDCPL.EXE” [2005-11-10 10:14 15473664 C:\WINDOWS\RTHDCPL.exe]
“SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 10:38 866816]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11 132496]
“PCSuiteTrayApplication”=“C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe” [2006-06-15 11:36 229376]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-08-11 12:26 98304]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00 79224]
“StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 11:35 90112]
“ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2005-08-12 13:43 45056]
“WinampAgent”=“C:\Program Files\Winamp\wianmpa.exe” []
“zBrowser Launcher”=“C:\Program Files\Logitech\iTouch\iTouch.exe” [2002-11-23 01:15 631362]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2007-03-11 21:34 49152]
“hpqSRMon”=“C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe” [2007-08-22 16:31 80896]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-08 11:53:23 67128]
Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 16:18:22 10872]
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\drivers\lccfltr.sys [2002-11-08 10:50]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7c01deda-4816-11dc-8270-000e50ae56f6}]
\Shell\AutoRun\command - J:\xo8wr9.exe
\Shell\explore\Command - J:\xo8wr9.exe
\Shell\open\Command - J:\xo8wr9.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{982899d5-d3ec-11dc-9a38-001c1063ce01}]
\Shell\AutoRun\command - J:\2ifetri.cmd
\Shell\explore\Command - J:\2ifetri.cmd
\Shell\open\Command - J:\2ifetri.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ab01065c-4758-11dc-8a32-001485c866e9}]
\Shell\AutoRun\command - K:\h.cmd
\Shell\explore\Command - K:\h.cmd
\Shell\open\Command - K:\h.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b867974f-4761-11dc-a404-806d6172696f}]
\Shell\AutoRun\command - G:\setup.exe
*Newly Created Service* - GTNDIS5
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 21:58:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-10 21:58:51
ComboFix-quarantined-files.txt 2008-02-10 20:58:43
.
2008-01-24 03:52:19 — E O F —