Witam. Mialem jakiegos wira, poczytalem troche o nim na forach i sciagnalem combofixa. Zrobilem co trzeba i teraz wszystko jest juz ok(twarde dyski widzial mi jako programy i pytal czym otworzyc,a teraz juz jest git) i nie wiem czy musze robic cos jeszcze? Wszedzie pisza o jakims zapisywaniu w notatniku i kopiowaniu na ikonke combofixa, nie wiem kompletnie o co chodzi prosze o pomoc…
to moj raport
ComboFix 08-07-01.3 - Rotrans 2008-07-02 15:02:48.2 - NTFSx86
Running from: C:\Documents and Settings\Rotrans\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\autorun.inf
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 )))))))))))))))))))))))))))))))
.
2100-02-23 14:35 . 2001-02-22 09:54 768 --a------ C:\WINDOWS\x73_lut.dat
2100-02-08 15:53 . 2008-01-06 14:05 1,440 --a------ C:\WINDOWS\GtX73.ini
2008-07-01 16:10 . 2008-05-11 11:54 104,253 -r-hs---- C:\r6r.exe
2008-06-11 10:45 . 2008-06-11 10:45 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-11 09:42 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 09:42 . 2008-06-14 20:01 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 12:18 --------- d-----w C:\Program Files\IrfanView
2008-07-02 12:17 --------- d-----w C:\Program Files\Google
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-28 07:59 104,269 --sh–r C:\jfvkcsy.bat
2008-04-27 16:48 105,128 --sh–r C:\oq.cmd
2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-09-22 14:11 793,536 ----a-w C:\Program Files\wmpcdcs8.exe
2007-09-22 14:10 23,769,896 ----a-w C:\Program Files\DivXInstaller.exe
2007-09-18 18:31 1,508,232 ----a-w C:\Program Files\winamp535_lite.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00 15360]
“Gadu-Gadu”=“D:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 09:39 2119104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SiSUSBRG”=“C:\WINDOWS\SiSUSBrg.exe” [2002-04-26 11:17 102400]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-03-29 19:37 79224]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00 132496]
“PrinTray”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe” [2001-10-12 09:40 36864]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 23:16 39792]
“ISDN Monitor”=“Linksts.exe” [2001-07-03 11:26 229376 C:\WINDOWS\system32\linksts.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-03-27 15:58 1744896]
C:\Documents and Settings\Rotrans\Menu Start\Programy\Autostart\
Reboot.exe [2002-03-21 06:40:42 382464]
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Manager]
–a------ 2001-06-11 11:42 53248 C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X73 Button Monitor]
–a------ 2001-10-08 16:21 53248 C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
–a------ 2007-03-23 13:20 227328 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Common SM]
--------- 2004-05-17 07:34 360448 C:\WINDOWS\Samsung\ComSMMgr\SSMMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“D:\Program Files\Gadu-Gadu\gg.exe”=
“C:\WINDOWS\system32\sessmgr.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
“AllowInboundEchoRequest”= 1 (0x1)
R0 isdnlink;isdnlink;C:\WINDOWS\system32\DRIVERS\linkisdn.sys [2001-07-03 11:23]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 rvsport;RVS Virtual COM Port;C:\WINDOWS\system32\drivers\rvsport.sys [2000-11-14 01:00]
R3 SiS7012;Service for AC’97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2002-04-23 09:02]
R3 wanlink;wanlink;C:\WINDOWS\system32\DRIVERS\wanlink.sys [2001-07-03 11:23]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f10d2c42-143b-11dd-b688-00600849fd52}]
\Shell\AutoRun\command - H:\mvxm.cmd
\Shell\explore\Command - H:\mvxm.cmd
\Shell\open\Command - H:\mvxm.cmd
.
-
-
-
- ORPHANS REMOVED - - - -
-
-
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 15:05:45
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-02 15:09:42
ComboFix-quarantined-files.txt 2008-07-02 13:09:35
Pre-Run: 4,765,237,248 bajtów wolnych
Post-Run: 4,757,696,512 bajtów wolnych
104 — E O F — 2008-06-20 08:36:43