banjalukaforum.com https://banjalukaforum.com/ |
|
ComboFix https://banjalukaforum.com/viewtopic.php?f=14&t=46579 |
Stranica 1 od 1 |
Autoru: | Neox [ 09 Dec 2009, 08:53 ] |
Tema posta: | ComboFix |
Pozz Jucer na poslu odjenom mi se aktivira ESET i detektova par virusa,, TROJAN...napao neki atapi.sys fajlove... I tako ne moze da ih dezifinkuje...samo ih stavio u kranatin nakon toga. Elem tada se sistem usporio. Nece aurtocad ni da sei digne niti druga aplikacije... I tamo vamo skinem ComboFix tako najdem na forumu nekom. On odradi svoje i prije toga dinstaliram ESET. Instaliram COMODO antivirus. Kazu dobar a jeftin. E sada COMODO sam iskljucio za vrijem skeniranja COmboFixa...tako kazu. I sada mi je izbacio LOG fajl u .txt gdjke pise sta je uaradio i sta je dalje ciniti. E ja tu nista ne kontam. Pa na osnovu ovoga vljada treba dati dijagnostiku i lijek. Eto i log fajla pa ko zna... Nemanja ***************************************************************************** ComboFix 09-12-07.07 - LINIJA 08/12/2009 15:12.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.680 [GMT 1:00] Running from: c:\documents and settings\LINIJA\Desktop\ComboFix.exe AV: COMODO Antivirus *On-access scanning enabled* (Outdated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LINIJA\Start Menu\Programs\Startup\siszyd32.exe c:\windows\system32\av_md.exe c:\windows\system32\config\systemprofile\av_md.exe c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected Restored copy from - c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys . ((((((((((((((((((((((((( Files Created from 2009-11-08 to 2009-12-08 ))))))))))))))))))))))))))))))) . 2009-12-08 10:48 . 2009-12-08 12:10 98528 ----a-w- c:\windows\system32\drivers\sfi.dat 2009-12-08 10:44 . 2009-12-08 12:26 -------- d-----w- c:\documents and settings\LINIJA\Application Data\Comodo 2009-12-08 10:43 . 2009-12-08 12:27 -------- d-----w- c:\program files\COMODO 2009-12-08 10:00 . 2009-12-08 10:00 -------- d-----w- c:\documents and settings\LINIJA\Application Data\Apple Computer 2009-12-08 09:39 . 2009-12-08 09:39 -------- d-----w- c:\documents and settings\LINIJA\Application Data\Registry Mechanic 2009-12-08 09:28 . 2009-12-08 09:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-12-08 07:33 . 2009-12-08 07:32 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-08 07:32 . 2009-12-08 07:32 152576 ----a-w- c:\documents and settings\LINIJA\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-08 07:29 . 2009-12-08 07:29 79488 ----a-w- c:\documents and settings\LINIJA\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-12 10:09 . 2009-11-12 10:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2009-11-12 10:04 . 2009-12-07 08:12 -------- d-----w- c:\documents and settings\LINIJA\Local Settings\Application Data\Temp 2009-11-12 10:04 . 2009-11-12 10:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2009-11-12 10:04 . 2009-12-07 08:15 -------- d-----w- c:\program files\Google 2009-11-12 10:04 . 2009-11-17 10:09 -------- d-----w- c:\documents and settings\LINIJA\Local Settings\Application Data\Google 2009-11-12 09:48 . 2009-11-12 09:48 -------- d-----w- c:\program files\Microsoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-08 12:24 . 2009-12-08 12:24 16 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat 2009-12-08 08:42 . 2009-12-08 08:42 16 ----a-w- c:\documents and settings\Default User\Application Data\fvgqad.dat 2009-12-08 08:42 . 2009-07-19 21:24 2175072 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-12-08 08:39 . 2009-12-08 08:38 12 ----a-w- c:\documents and settings\LINIJA\Application Data\fvgqad.dat 2009-12-08 08:38 . 2009-12-08 08:38 4 ----a-w- c:\documents and settings\LINIJA\Application Data\avdrn.dat 2009-12-08 07:32 . 2009-07-31 07:11 -------- d-----w- c:\program files\Java 2009-11-20 08:24 . 2009-09-17 09:12 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-11-20 08:24 . 2009-09-17 09:12 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-11-06 14:07 . 2009-09-10 12:54 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-10-12 06:39 . 2009-07-19 20:43 168768 ----a-w- c:\documents and settings\LINIJA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-12 06:32 . 2009-10-12 06:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems 2009-10-12 06:22 . 2009-07-19 21:01 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-12 06:21 . 2009-10-12 06:21 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared 2009-10-02 06:51 . 2009-09-17 09:12 88 --sh--r- c:\documents and settings\All Users\Application Data\1E50C617FE.sys 2009-10-02 06:51 . 2009-09-17 09:12 88 --sh--r- c:\documents and settings\All Users\Application Data\1E50C617FE.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784] "SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-08 149280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] c:\documents and settings\LINIJA\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-7-31 557568] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [20/07/2009 07:50 14336] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/11/2009 11:04 135664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\LINIJA\Application Data\Mozilla\Firefox\Profiles\a0q643ur.default\ FF - component: c:\documents and settings\LINIJA\Application Data\Mozilla\Firefox\Profiles\a0q643ur.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\components\FFExternalAlert.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-08 15:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2756) c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\SOUNDMAN.EXE c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-12-08 15:44 - machine was rebooted ComboFix-quarantined-files.txt 2009-12-08 14:44 Pre-Run: 31,052,132,352 bytes free Post-Run: 32,095,760,384 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 292BA229E7F095B28E60B930DBD0E859 ******************************************************************* |
Autoru: | Frenki [ 20 Feb 2010, 18:22 ] |
Tema posta: | Re: ComboFix |
Mislim da na ovom forumu nema niko dovoljno kopetentan da ti odgovori, pogledaj na nekim stranim forumima kao computing.net |
Autoru: | mickey84 [ 20 Feb 2010, 18:42 ] |
Tema posta: | Re: ComboFix |
ne trebas nista raditi, ovo ti je cisto log file kao i svaki drugi, u kojem imas pojedinosti, sta je obrisano, stavljeno u quarantin, sta nije skenirano i slicno |
Stranica 1 od 1 | Sva vremena su u UTC [ DST ] |
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |