Skocz do zawartości
omuss

Jestem Forumowym Spamerem! Amvo.exe

Przez omuss, w Centrum Bezpieczeństwa

Rekomendowane odpowiedzi

omuss Newbie

omuss

Opublikowano
Opublikowano (edytowane)

Witam

 

Niestety mój komputer został zarażony trojanem amvo.exe. Prosiłbym expertów o pomoc. Przesyłam loga z ComboFix-a :

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - ComboFix
ComboFix 08-06-10.1 - Tomek 2008-06-11 6:37:39.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2683 [GMT 2:00]

Running from: E:\dysk d\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\autorun.inf

C:\WINDOWS\system32\amvo.exe

C:\WINDOWS\system32\amvo0.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))

.

 

2008-06-10 20:41 . 2008-06-10 20:41 <DIR> d-------- C:\totalcmd

2008-06-10 20:41 . 2006-02-02 06:54 545 --a------ C:\WINDOWS\UC.PIF

2008-06-10 20:41 . 2006-02-02 06:54 545 --a------ C:\WINDOWS\RAR.PIF

2008-06-10 20:41 . 2006-02-02 06:54 545 --a------ C:\WINDOWS\PKZIP.PIF

2008-06-10 20:41 . 2006-02-02 06:54 545 --a------ C:\WINDOWS\PKUNZIP.PIF

2008-06-10 20:41 . 2006-02-02 06:54 545 --a------ C:\WINDOWS\NOCLOSE.PIF

2008-06-10 20:41 . 2006-02-02 06:54 545 --a------ C:\WINDOWS\LHA.PIF

2008-06-10 20:41 . 2006-02-02 06:54 545 --a------ C:\WINDOWS\ARJ.PIF

2008-06-10 20:41 . 2008-06-10 20:41 90 --a------ C:\WINDOWS\wincmd.ini

2008-06-10 20:08 . 2008-06-10 20:08 <DIR> d-------- C:\Program Files\Bonjour

2008-06-10 20:03 . 2008-06-10 20:03 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-06-10 20:00 . 2008-06-10 20:09 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-06-10 19:57 . 2008-06-10 19:59 <DIR> d-------- C:\Program Files\Common Files\Ahead

2008-06-10 19:57 . 2004-07-20 17:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2008-06-10 19:57 . 2004-07-20 17:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2008-06-10 19:57 . 2004-07-20 17:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2008-06-10 19:57 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll

2008-06-10 19:57 . 2004-07-20 17:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2008-06-10 19:57 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2008-06-10 19:57 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2008-06-10 19:57 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll

2008-06-10 18:06 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2008-06-10 18:05 . 2004-08-04 02:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2008-06-10 18:05 . 2001-08-17 23:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys

2008-06-10 18:03 . 2008-06-10 18:03 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne

2008-06-10 18:03 . 2008-06-10 18:03 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione

2008-06-10 18:03 . 2008-06-10 16:07 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony

2008-06-10 18:03 . 2008-06-10 18:03 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit

2008-06-10 18:03 . 2008-06-10 18:03 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty

2008-06-10 18:03 . 2008-06-10 18:03 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start

2008-06-10 18:03 . 2008-06-10 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione

2008-06-10 18:03 . 2008-06-10 18:03 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony

2008-06-10 18:03 . 2008-06-10 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit

2008-06-10 18:03 . 2008-06-10 16:12 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start

2008-06-10 18:03 . 2008-06-10 20:04 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty

2008-06-10 18:03 . 2001-10-26 21:29 176,157 --a--c--- C:\WINDOWS\system32\dllcache\dgrpsetu.dll

2008-06-10 18:02 . 2004-08-04 01:27 1,896,400 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT

2008-06-10 18:01 . 2008-06-11 06:29 <DIR> d-------- C:\WINDOWS\system32\CatRoot2

2008-06-10 18:01 . 2008-06-10 18:01 <DIR> d-------- C:\WINDOWS\system32\CatRoot

2008-06-10 18:01 . 2008-06-10 18:03 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji

2008-06-10 18:01 . 2008-06-10 16:10 <DIR> d--h----- C:\Documents and Settings\Default User

2008-06-10 18:01 . 2008-06-10 16:47 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji

2008-06-10 18:01 . 2008-06-10 16:09 <DIR> d-------- C:\Documents and Settings\All Users

2008-06-10 18:01 . 2008-06-10 16:13 <DIR> d-------- C:\Documents and Settings

2008-06-10 18:01 . 2004-08-04 01:27 1,086,058 -ra------ C:\WINDOWS\SET4.tmp

2008-06-10 18:01 . 2004-08-04 01:32 1,014,483 -ra------ C:\WINDOWS\SET3.tmp

2008-06-10 18:01 . 2004-08-04 01:26 14,043 -ra------ C:\WINDOWS\SET8.tmp

2008-06-10 18:00 . 2008-06-10 16:12 261 --a------ C:\WINDOWS\system32\$winnt$.inf

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-11 04:31 --------- d-----w C:\Program Files\neostrada tp

2008-06-10 15:10 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\Gadu-Gadu

2008-06-10 15:02 --------- d-----w C:\Program Files\Creative

2008-06-10 15:01 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2008-06-10 15:01 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2008-06-10 15:01 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-10 15:01 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\Creative

2008-06-10 14:47 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\ATI

2008-06-10 14:47 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ATI

2008-06-10 14:45 --------- d-----w C:\Program Files\ATI Technologies

2008-06-10 14:44 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-06-10 14:29 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg

2008-06-10 14:29 --------- d-----w C:\Program Files\SAGEM

2008-06-10 14:29 --------- d-----w C:\Program Files\Java

2008-06-10 14:21 --------- d-----w C:\Program Files\GIGABYTE

2008-06-10 14:16 --------- d-----w C:\Program Files\Intel

2008-06-10 14:10 --------- d-----w C:\Program Files\microsoft frontpage

2008-06-10 14:09 --------- d-----w C:\Program Files\Usługi online

2008-06-07 04:38 109,728 --sh--r C:\e.cmd

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GBB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-07-12 11:58 356352]

"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 14:49 20480]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"D:\\Program Files\\Gadu-Gadu\\gg.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

 

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 11:03]

R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2004-10-13 11:56]

S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 11:07]

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-11 06:38:22

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-06-11 6:38:38

ComboFix-quarantined-files.txt 2008-06-11 04:38:36

 

Pre-Run: 20,890,673,152 bajtów wolnych

Post-Run: 21,028,302,848 bajtów wolnych

 

128

Edytowane przez XaD_

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach
Gość
Ten temat został zamknięty. Brak możliwości dodania odpowiedzi.
Tematy
×
×
  • Dodaj nową pozycję...