Witam. Od dluzszego czas mialem problem z kavo i autorun.inf . Na pewnej stronie znalazlem instrukcje jak zwalczyc te pasozyty przez program ComboFix i bylo rowniez napisane aby raport z tej operacji zamiescic na forum np. tutaj. Tak wiec postepuje wedle instrukcji… czy moze ktos mi powiedziec czy pozbylem sie juz tego swinstwa??
ComboFix 08-06-16.5 - a 2008-06-18 12:32:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1234 [GMT 2:00]
Running from: D:\Instalki\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll
C:\WINDOWS\system32\kavo1.dll
D:\Autorun.inf
E:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.
2008-06-18 11:58 . 2008-06-18 11:58
2008-06-18 11:27 . 2008-06-18 11:36
2008-06-18 11:27 . 2008-06-18 11:27
2008-06-18 11:27 . 2006-08-24 11:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-06-18 11:27 . 2006-07-10 16:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2008-06-18 11:07 . 2008-06-18 11:07
2008-06-18 11:07 . 2008-06-18 11:11 644 --a------ C:\WINDOWS\wincmd.ini
2008-06-18 11:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF
2008-06-18 11:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF
2008-06-18 11:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-06-18 11:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-06-18 11:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-06-18 11:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF
2008-06-18 11:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF
2008-06-17 20:42 . 2008-06-17 20:42
2008-06-17 20:30 . 2008-06-17 20:30
2008-06-17 20:30 . 2008-06-17 20:30
2008-06-17 20:24 . 2008-06-17 20:24
2008-06-17 20:24 . 2008-06-17 20:24 335 --a------ C:\WINDOWS\nsreg.dat
2008-06-17 20:23 . 2008-06-17 20:23
2008-06-17 20:23 . 2008-06-17 20:23
2008-06-17 20:23 . 2006-04-14 23:09 99,024 --a------ C:\WINDOWS\MozillaUninstall.exe
2008-06-17 20:23 . 2008-06-17 20:23 98,512 --a------ C:\WINDOWS\GREUninstall.exe
2008-06-17 20:23 . 2008-06-17 20:23 8,956 --a------ C:\WINDOWS\mozver.dat
2008-06-17 19:14 . 2008-06-17 19:14 128,882 -r-hs---- C:\n.com
2008-06-15 11:45 . 2008-06-15 11:45
2008-06-15 11:30 . 2008-06-15 11:30
2008-06-10 08:09 . 2008-06-10 08:09
2008-06-10 08:09 . 2007-07-25 19:19 209,312 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2008-06-10 08:09 . 2007-07-25 19:19 196,608 --a------ C:\WINDOWS\system32\SynCtrl.dll
2008-06-10 08:09 . 2007-07-25 19:19 163,840 --a------ C:\WINDOWS\system32\SynCOM.dll
2008-06-10 08:09 . 2007-07-25 19:19 147,456 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2008-06-10 08:09 . 2007-07-25 19:19 110,592 --a------ C:\WINDOWS\system32\SynTPCo4.dll
2008-06-09 20:53 . 2008-06-09 20:53 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-06-09 20:50 . 2007-12-13 11:14 98,944 --a------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-06-09 20:49 . 2004-08-03 23:08 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-09 20:12 . 2008-06-09 20:12
2008-06-09 20:09 . 2008-06-09 20:10
2008-06-09 20:09 . 2008-06-09 20:09
2008-06-09 20:09 . 2006-12-12 11:13 32,768 --a------ C:\WINDOWS\system32\EBLib.DLL
2008-06-09 20:09 . 2006-06-22 16:27 11,264 --a------ C:\WINDOWS\system32\drivers\TPwSav.sys
2008-06-09 20:07 . 2008-06-09 20:07
2008-06-09 20:07 . 2006-10-18 16:39 487,424 --a------ C:\WINDOWS\system32\cselect.exe
2008-06-09 20:07 . 2003-02-25 15:42 128,113 --a------ C:\WINDOWS\system32\csellang.ini
2008-06-09 20:07 . 2003-12-05 09:48 77,824 --a------ C:\WINDOWS\system32\tosmreg.exe
2008-06-09 20:07 . 2003-11-01 03:59 45,056 --a------ C:\WINDOWS\system32\csellang.dll
2008-06-09 20:07 . 2007-02-02 11:17 10,150 --a------ C:\WINDOWS\system32\tosmreg.ini
2008-06-09 20:07 . 2003-02-25 16:01 7,671 --a------ C:\WINDOWS\system32\cseltbl.ini
2008-06-09 20:03 . 2008-06-09 20:03
2008-06-09 20:00 . 2007-09-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-06-09 19:54 . 2008-06-09 19:54
2008-06-09 19:48 . 2008-06-09 19:48
2008-06-09 19:48 . 2008-06-09 19:58 10 --a------ C:\WINDOWS\WININIT.INI
2008-06-09 19:46 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-06-09 19:42 . 2008-06-09 19:42
2008-06-09 19:42 . 2008-06-09 19:42
2008-06-09 19:42 . 2008-06-09 19:42
2008-06-09 19:42 . 2008-06-09 19:42
2008-06-09 19:42 . 2007-04-05 07:19 546,112 --a------ C:\WINDOWS\system32\drivers\ar5211.sys
2008-06-09 19:42 . 2007-04-16 10:19 11,776 --a------ C:\WINDOWS\system32\drivers\UVCFTR_S.SYS
2008-06-09 19:41 . 2008-06-09 19:41
2008-06-09 19:41 . 2008-06-09 19:42
2008-06-09 19:41 . 2007-11-09 19:55 290,304 --a------ C:\WINDOWS\system32\drivers\tifm21.sys
2008-06-09 19:40 . 2008-06-09 19:40
2008-06-09 19:40 . 2008-06-09 19:40 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-06-09 19:40 . 2008-06-09 19:40 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-06-09 19:38 . 2008-06-09 20:50
2008-06-09 19:36 . 2008-06-09 19:36
2008-06-09 19:36 . 2007-09-29 04:21 9,854,976 --a------ C:\WINDOWS\system32\atioglx2.dll
2008-06-09 19:34 . 2008-06-09 20:50
2008-06-09 19:34 . 2008-06-09 20:08
2008-06-05 23:01 . 2008-06-06 00:44
2008-06-05 23:01 . 2008-06-05 23:02
2008-06-05 23:01 . 2008-06-05 22:52
2008-06-05 23:01 . 2008-06-18 11:07
2008-06-05 23:01 . 2008-06-05 23:02
2008-06-05 23:01 . 2008-06-17 20:30
2008-06-05 23:01 . 2008-06-18 11:27
2008-06-05 23:01 . 2008-06-18 11:58
2008-06-05 23:00 . 2008-06-05 23:00
2008-06-05 23:00 . 2008-06-18 12:32
2008-06-05 23:00 . 2008-06-05 23:00
2008-06-05 23:00 . 2008-06-05 23:00
2008-06-05 23:00 . 2008-06-18 12:32
2008-06-05 23:00 . 2008-06-05 23:00
2008-06-05 23:00 . 2008-06-05 23:00
2008-06-05 23:00 . 2008-06-05 23:00 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 18:00 17,408 ----a-w C:\psapi.dll
2008-06-09 17:38 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-06-05 20:57 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-05 20:55 --------- d-----w C:\Program Files\Usługi online
2006-12-12 09:13 32,768 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\EBLib.dll
2006-07-28 14:25 19,456 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\LPCFilter.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 14:00 15360]
“LtMoh”=“C:\Program Files\ltmoh\Ltmoh.exe” [2007-01-09 14:23 191552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Camera Assistant Software”=“C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe” [2007-05-22 10:50 413696]
“RTHDCPL”=“RTHDCPL.EXE” [2007-09-11 16:54 16844800 C:\WINDOWS\RTHDCPL.exe]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2007-07-25 19:19 888832]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-05-16 01:19 79224]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 14:00 15360]
“Spyware Doctor”="" []
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{992f2d7e-3abd-11dd-a6fe-001b9e3358bf}]
\Shell\AutoRun\command - G:\x.bat
\Shell\explore\Command - G:\x.bat
\Shell\open\Command - G:\x.bat
*Newly Created Service* - CATCHME
*Newly Created Service* - IKHFILE
*Newly Created Service* - IKHLAYER
*Newly Created Service* - MCHINJDRV
*Newly Created Service* - SDHELPER
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 12:33:09
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
“ImagePath”="??\C:\WINDOWS\TEMP\mc25.tmp"
.
Completion time: 2008-06-18 12:33:37
ComboFix-quarantined-files.txt 2008-06-18 10:33:35
Pre-Run: 18,067,832,832 bajtów wolnych
Post-Run: 18,135,719,936 bajtów wolnych
161
Z gory dziekuje za wszelkie zainteresowanie tematem. Aha jeszcze jedno pytanie: czy przy uzyciu tego programu “ComboFix” moge sie rowniez naprawic dyski przenosne ( pen drive, karta pamieci do aparatu itp itd)???