Witam. Bardzo proszę o zlokalizowanie Amvo.exe.
ComboFix 08-03-30.3 - mlogh 2008-03-31 10:07:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.130 [GMT 2:00]
Running from: C:\Documents and Settings\mlogh\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
.
2008-03-31 10:09 . 2008-03-31 10:09 53,248 --a------ C:\WINDOWS\PSEXESVC.EXE
2008-03-31 09:57 . 2008-03-31 09:57
2008-03-31 09:57 . 2008-03-31 09:59
2008-03-31 09:57 . 2008-03-31 09:57 10,880 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-03-31 09:49 . 2008-03-29 19:59 103,421 -r-hs---- C:\rthrw.com
2008-03-30 09:04 . 2008-03-29 19:59 103,421 -r-hs---- C:\jiwsxh39.exe
2008-03-29 09:32 . 2008-03-28 14:14 103,953 -r-hs---- C:\gjn2pjlw.exe
2008-03-08 10:21 . 2008-03-08 10:21
2008-03-08 10:21 . 1998-10-02 20:00 327,168 --a------ C:\WINDOWS\IsUninst.exe
2008-03-08 09:27 . 2008-03-08 09:27
2008-03-08 09:27 . 2008-03-08 09:27
2008-03-01 20:28 . 2008-03-31 09:57
2008-03-01 20:28 . 2008-03-01 20:28
2008-02-26 19:11 . 2008-02-26 19:11
2008-02-23 20:30 . 2008-02-23 20:30
2008-02-20 00:24 . 2008-03-31 10:02 88,768 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2008-02-20 00:23 . 2008-03-31 09:50 1,224 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2008-02-20 00:12 . 2008-02-23 17:25 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
2008-02-20 00:11 . 2008-03-31 09:50 13,880 --a------ C:\WINDOWS\system32\drivers\COMFiltr.sys
2008-02-20 00:10 . 2008-02-20 00:10
2008-02-20 00:08 . 2008-02-20 00:08
2008-02-20 00:07 . 2008-02-20 00:07
2008-02-20 00:05 . 2008-02-20 00:05
2008-02-20 00:05 . 2007-07-12 14:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-02-20 00:05 . 2007-05-23 16:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-02-19 17:58 . 2007-06-08 10:44 8,576 --a------ C:\WINDOWS\system32\drivers\odhoqhvohgxu.sys
2008-02-19 17:41 . 2007-06-08 10:44 8,576 --a------ C:\WINDOWS\system32\drivers\luyhpymgkpll.sys
2008-02-18 00:52 . 2008-02-18 00:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-18 00:52 . 2008-02-18 00:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-16 21:02 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-16 21:02 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-02-16 17:09 . 2008-02-16 17:09
2008-02-11 10:25 . 2008-03-30 18:20
2008-02-10 22:19 . 2007-06-08 10:44 8,576 --a------ C:\WINDOWS\system32\drivers\qpyjkokjpoyq.sys
2008-02-10 21:20 . 2007-06-08 10:44 8,576 --a------ C:\WINDOWS\system32\drivers\hsghbgiddifv.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 08:02 88,768 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-03-31 07:57 --------- d-----w C:\Program Files\Windows Desktop Search
2008-03-31 07:56 --------- d-----w C:\Program Files\Gadu-Gadu
2008-03-31 07:50 1,224 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-03-18 15:54 --------- d-----w C:\Documents and Settings\mlogh\Dane aplikacji\U3
2008-03-03 09:12 --------- d-----w C:\Program Files\Elaborate Bytes
2008-03-01 20:39 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-19 22:07 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-02-19 22:07 --------- d-----w C:\Program Files\Panda Security
2008-02-17 22:54 --------- d-----w C:\Program Files\MSN Toolbar Suite
2008-02-17 22:53 --------- d-----w C:\Program Files\QuickTime
2008-02-17 22:51 --------- d-----w C:\Program Files\Neostrada TP
2008-02-16 19:02 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-02-10 20:16 --------- d-----w C:\Program Files\SMAC
2007-12-07 00:48 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{ecdee021-0d17-467f-a1ff-c7a115230949}]
2007-12-04 14:53 1502232 --a------ C:\Program Files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{ECDEE021-0D17-467F-A1FF-C7A115230949}”= “C:\Program Files\free-downloads.net\tbfree.dll” [2007-12-04 14:53 1502232]
[HKEY_CLASSES_ROOT\clsid{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
“{ECDEE021-0D17-467F-A1FF-C7A115230949}”= C:\Program Files\free-downloads.net\tbfree.dll [2007-12-04 14:53 1502232]
[HKEY_CLASSES_ROOT\clsid{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“TOSCDSPD”=“C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe” [2005-04-12 12:04 65536]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36 2111176]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 12:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-12-11 21:05 344064]
“RTHDCPL”=“RTHDCPL.EXE” [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe]
“SkyTel”=“SkyTel.EXE” [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
“AGRSMMSG”=“AGRSMMSG.exe” [2006-03-18 08:22 89541 C:\WINDOWS\agrsmmsg.exe]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-04-07 16:48 761946]
“Toshiba Hotkey Utility”=“C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe” [2006-08-01 10:57 1773568]
“TPSMain”=“TPSMain.exe” [2005-08-04 14:16 266240 C:\WINDOWS\system32\TPSMain.exe]
“NDSTray.exe”=“NDSTray.exe” []
“SmoothView”=“C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe” [2005-05-13 11:03 118784]
“PadTouch”=“C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe” [2005-12-22 15:34 1077329]
“DDWMon”=“C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe” [2006-04-28 11:49 262144]
“SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 11:38 866816]
“AAWTray”=“C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe” []
“UnlockerAssistant”=“C:\Program Files\Unlocker\UnlockerAssistant.exe” []
“APVXDWIN”=“C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.exe” [2007-11-23 15:33 406832]
“SCANINICIO”=“C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe” [2007-07-11 15:17 27952]
“PrevxCSI”=“C:\Program Files\PrevxCSI\prevxcsi.exe” [2008-03-31 09:57 110080]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 12:00 15360]
C:\Documents and Settings\mlogh\Menu Start\Programy\Autostart\
Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 14:06:14 59080]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08 257752]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\Program Files\eMule\emule.exe”=
R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-03-31 09:57]
R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-09-28 14:05]
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 09:33]
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-11-14 18:48]
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 11:39]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-10-25 09:50]
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2005-11-09 17:07]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40]
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 09:33]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 09:33]
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 08:44]
R2 CSIScanner;CSIScanner;“C:\Program Files\PrevxCSI\PrevxCSI.exe” /service []
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 14:49]
R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-06-28 11:50]
R3 BoiHwsetup;Access 32bits INT15 routine;C:\WINDOWS\system32\drivers\BoiHwSetup.sys [2005-06-10 21:42]
R3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys [2008-03-31 09:50]
R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-11-19 14:01]
R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2006-01-12 16:21]
R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2005-05-05 14:27]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 19:49]
S3 39e2fede-9758-4702-9930-b6a8cbfd1bf5;39e2fede-9758-4702-9930-b6a8cbfd1bf5;D:\Player\cds300.dll []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{2e0fcee4-c142-11dc-96b8-0016369620ab}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b02eb486-a35f-11dc-9692-0016369620ab}]
\Shell\AutoRun\command - E:\1weicxa.com
\Shell\explore\Command - E:\1weicxa.com
\Shell\open\Command - E:\1weicxa.com
*Newly Created Service* - CSISCANNER
*Newly Created Service* - PXARK
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 10:09:59
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-31 10:11:33
ComboFix-quarantined-files.txt 2008-03-31 08:11:22
Pre-Run: 2,635,558,912 bajtów wolnych
Post-Run: 2,625,060,864 bajtów wolnych
.
2008-03-12 11:14:16 — E O F —