Pozz
Jucer na poslu odjenom mi se aktivira ESET i detektova par virusa,, TROJAN...napao neki atapi.sys fajlove...
I tako ne moze da ih dezifinkuje...samo ih stavio u kranatin nakon toga.
Elem tada se sistem usporio. Nece aurtocad ni da sei digne niti druga aplikacije...
I tamo vamo skinem ComboFix tako najdem na forumu nekom. On odradi svoje i prije toga dinstaliram ESET. Instaliram COMODO antivirus.
Kazu dobar a jeftin. E sada COMODO sam iskljucio za vrijem skeniranja COmboFixa...tako kazu.
I sada mi je izbacio LOG fajl u .txt gdjke pise sta je uaradio i sta je dalje ciniti.
E ja tu nista ne kontam.
Pa na osnovu ovoga vljada treba dati dijagnostiku i lijek.
Eto i log fajla pa ko zna...
Nemanja
*****************************************************************************
ComboFix 09-12-07.07 - LINIJA 08/12/2009 15:12.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.680 [GMT 1:00]
Running from: c:\documents and settings\LINIJA\Desktop\ComboFix.exe
AV: COMODO Antivirus *On-access scanning enabled* (Outdated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LINIJA\Start Menu\Programs\Startup\siszyd32.exe
c:\windows\system32\av_md.exe
c:\windows\system32\config\systemprofile\av_md.exe
c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2009-11-08 to 2009-12-08 )))))))))))))))))))))))))))))))
.
2009-12-08 10:48 . 2009-12-08 12:10 98528 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-12-08 10:44 . 2009-12-08 12:26 -------- d-----w- c:\documents and settings\LINIJA\Application Data\Comodo
2009-12-08 10:43 . 2009-12-08 12:27 -------- d-----w- c:\program files\COMODO
2009-12-08 10:00 . 2009-12-08 10:00 -------- d-----w- c:\documents and settings\LINIJA\Application Data\Apple Computer
2009-12-08 09:39 . 2009-12-08 09:39 -------- d-----w- c:\documents and settings\LINIJA\Application Data\Registry Mechanic
2009-12-08 09:28 . 2009-12-08 09:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-08 07:33 . 2009-12-08 07:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-08 07:32 . 2009-12-08 07:32 152576 ----a-w- c:\documents and settings\LINIJA\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-08 07:29 . 2009-12-08 07:29 79488 ----a-w- c:\documents and settings\LINIJA\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-12 10:09 . 2009-11-12 10:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-11-12 10:04 . 2009-12-07 08:12 -------- d-----w- c:\documents and settings\LINIJA\Local Settings\Application Data\Temp
2009-11-12 10:04 . 2009-11-12 10:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-11-12 10:04 . 2009-12-07 08:15 -------- d-----w- c:\program files\Google
2009-11-12 10:04 . 2009-11-17 10:09 -------- d-----w- c:\documents and settings\LINIJA\Local Settings\Application Data\Google
2009-11-12 09:48 . 2009-11-12 09:48 -------- d-----w- c:\program files\Microsoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 12:24 . 2009-12-08 12:24 16 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat
2009-12-08 08:42 . 2009-12-08 08:42 16 ----a-w- c:\documents and settings\Default User\Application Data\fvgqad.dat
2009-12-08 08:42 . 2009-07-19 21:24 2175072 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-08 08:39 . 2009-12-08 08:38 12 ----a-w- c:\documents and settings\LINIJA\Application Data\fvgqad.dat
2009-12-08 08:38 . 2009-12-08 08:38 4 ----a-w- c:\documents and settings\LINIJA\Application Data\avdrn.dat
2009-12-08 07:32 . 2009-07-31 07:11 -------- d-----w- c:\program files\Java
2009-11-20 08:24 . 2009-09-17 09:12 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-11-20 08:24 . 2009-09-17 09:12 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-11-06 14:07 . 2009-09-10 12:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-12 06:39 . 2009-07-19 20:43 168768 ----a-w- c:\documents and settings\LINIJA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-12 06:32 . 2009-10-12 06:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2009-10-12 06:22 . 2009-07-19 21:01 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-12 06:21 . 2009-10-12 06:21 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-10-02 06:51 . 2009-09-17 09:12 88 --sh--r- c:\documents and settings\All Users\Application Data\1E50C617FE.sys
2009-10-02 06:51 . 2009-09-17 09:12 88 --sh--r- c:\documents and settings\All Users\Application Data\1E50C617FE.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-08 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
c:\documents and settings\LINIJA\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-7-31 557568]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [20/07/2009 07:50 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/11/2009 11:04 135664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://google.com/IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\LINIJA\Application Data\Mozilla\Firefox\Profiles\a0q643ur.default\
FF - component: c:\documents and settings\LINIJA\Application Data\Mozilla\Firefox\Profiles\a0q643ur.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-12-08 15:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2756)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-08 15:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-08 14:44
Pre-Run: 31,052,132,352 bytes free
Post-Run: 32,095,760,384 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 292BA229E7F095B28E60B930DBD0E859
*******************************************************************
Prijavite se
Registruj se
FAQ
Pretraga
