Soubor atapi.sys přijatý 2009.11.21 20:22:52 (UTC)
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.41 2009.11.21 -
AhnLab-V3 5.0.0.2 2009.11.20 -
AntiVir 7.9.1.72 2009.11.20 -
Antiy-AVL 2.0.3.7 2009.11.20 -
Authentium 5.2.0.5 2009.11.21 -
Avast 4.8.1351.0 2009.11.21 -
AVG 8.5.0.425 2009.11.21 -
BitDefender 7.2 2009.11.21 -
CAT-QuickHeal 10.00 2009.11.21 -
ClamAV 0.94.1 2009.11.21 -
Comodo 2988 2009.11.21 -
DrWeb 5.0.0.12182 2009.11.21 -
eSafe 7.0.17.0 2009.11.19 Win32.Rootkit
eTrust-Vet 35.1.7133 2009.11.20 -
F-Prot 4.5.1.85 2009.11.21 -
F-Secure 9.0.15370.0 2009.11.20 -
Fortinet 3.120.0.0 2009.11.21 -
GData 19 2009.11.21 -
Ikarus T3.1.1.74.0 2009.11.21 -
Jiangmin 11.0.800 2009.11.21 -
K7AntiVirus 7.10.901 2009.11.20 -
Kaspersky 7.0.0.125 2009.11.21 -
McAfee 5809 2009.11.21 -
McAfee+Artemis 5809 2009.11.21 -
McAfee-GW-Edition 6.8.5 2009.11.21 -
Microsoft 1.5302 2009.11.21 -
NOD32 4627 2009.11.21 -
Norman 6.03.02 2009.11.21 -
nProtect 2009.1.8.0 2009.11.21 -
Panda 10.0.2.2 2009.11.21 -
PCTools 7.0.3.5 2009.11.21 -
Prevx 3.0 2009.11.21 -
Rising 22.22.05.04 2009.11.21 -
Sophos 4.47.0 2009.11.21 -
Sunbelt 3.2.1858.2 2009.11.21 -
Symantec 1.4.4.12 2009.11.21 -
TheHacker 6.5.0.2.075 2009.11.20 -
TrendMicro 9.0.0.1003 2009.11.21 -
VBA32 3.12.12.0 2009.11.20 -
ViRobot 2009.11.20.2047 2009.11.20 -
VirusBuster 5.0.21.0 2009.11.21 -
Rozšiřující informace
File size: 96512 bytes
MD5...: 9f3a2f5aa6875c72bf062c712cfa2674
SHA1..: a719156e8ad67456556a02c34e762944234e7a44
SHA256: b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9
ssdeep: 1536:MwXpkfV74F1D7yNEZIHRRJMohmus27G1j/XBoDQi7oaRMJfYHFktprll1Kb<br>DD0uu:MQ+N74vkEZIxMohjsimBoDTRMBwFktZu<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x159f7<br>timedatestamp.....: 0x4802539d (Sun Apr 13 18:40:29 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 9 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x380 0x97ba 0x9800 6.45 0d7d81391f33c6450a81be1e3ac8c7b7<br>NONPAGE 0x9b80 0x18e8 0x1900 6.48 c74a833abd81cc5d037de168e055ad29<br>.rdata 0xb480 0xa64 0xa80 4.31 8523651899e28819a14bf9415af25708<br>.data 0xbf00 0xd94 0xe00 0.45 3575b51634ae7a56f55f1ee0a6213834<br>PAGESCAN 0xcd00 0x157f 0x1580 6.20 dc4c309c4db9576daa752fdd125fccf9<br>PAGE 0xe280 0x61da 0x6200 6.46 40b83d4d552384e58a03517a98eb4863<br>INIT 0x14480 0x22be 0x2300 6.47 906462abc478368424ea462d5868d2e3<br>.rsrc 0x16780 0x3e0 0x400 3.36 8fd2d82e745b289c28bc056d3a0d62ab<br>.reloc 0x16b80 0xd20 0xd80 6.39 ce2b0898cc0e40b618e5df9099f6be45<br><br>( 3 imports ) <br>> ntoskrnl.exe: RtlInitUnicodeString, swprintf, KeSetEvent, IoCreateSymbolicLink, IoGetConfigurationInformation, IoDeleteSymbolicLink, MmFreeMappingAddress, IoFreeErrorLogEntry, IoDisconnectInterrupt, MmUnmapIoSpace, ObReferenceObjectByPointer, IofCompleteRequest, RtlCompareUnicodeString, IofCallDriver, MmAllocateMappingAddress, IoAllocateErrorLogEntry, IoConnectInterrupt, IoDetachDevice, KeWaitForSingleObject, KeInitializeEvent, KeCancelTimer, RtlAnsiStringToUnicodeString, RtlInitAnsiString, IoBuildDeviceIoControlRequest, IoQueueWorkItem, MmMapIoSpace, IoInvalidateDeviceRelations, IoReportDetectedDevice, IoReportResourceForDetection, RtlxAnsiStringToUnicodeSize, NlsMbCodePageTag, PoRequestPowerIrp, KeInsertByKeyDeviceQueue, PoRegisterDeviceForIdleDetection, sprintf, MmMapLockedPagesSpecifyCache, ObfDereferenceObject, IoGetAttachedDeviceReference, IoInvalidateDeviceState, ZwClose, ObReferenceObjectByHandle, ZwCreateDirectoryObject, IoBuildSynchronousFsdRequest, PoStartNextPowerIrp, IoCreateDevice, RtlCopyUnicodeString, IoAllocateDriverObjectExtension, RtlQueryRegistryValues, ZwOpenKey, RtlFreeUnicodeString, IoStartTimer, KeInitializeTimer, IoInitializeTimer, KeInitializeDpc, KeInitializeSpinLock, IoInitializeIrp, ZwCreateKey, RtlAppendUnicodeStringToString, RtlIntegerToUnicodeString, ZwSetValueKey, KeInsertQueueDpc, KefAcquireSpinLockAtDpcLevel, IoStartPacket, KefReleaseSpinLockFromDpcLevel, IoBuildAsynchronousFsdRequest, IoFreeMdl, MmUnlockPages, IoWriteErrorLogEntry, KeRemoveByKeyDeviceQueue, MmMapLockedPagesWithReservedMapping, MmUnmapReservedMapping, KeSynchronizeExecution, IoStartNextPacket, KeBugCheckEx, KeRemoveDeviceQueue, KeSetTimer, _allmul, MmProbeAndLockPages, _except_handler3, PoSetPowerState, IoOpenDeviceRegistryKey, RtlWriteRegistryValue, RtlDeleteRegistryValue, _aulldiv, strstr, _strupr, KeQuerySystemTime, IoWMIRegistrationControl, KeTickCount, IoAttachDeviceToDeviceStack, IoDeleteDevice, ExAllocatePoolWithTag, IoAllocateWorkItem, IoAllocateIrp, IoAllocateMdl, MmBuildMdlForNonPagedPool, MmLockPagableDataSection, IoGetDriverObjectExtension, MmUnlockPagableImageSection, ExFreePoolWithTag, IoFreeIrp, IoFreeWorkItem, InitSafeBootMode, RtlCompareMemory, PoCallDriver, memmove, MmHighestUserAddress<br>> HAL.dll: KfAcquireSpinLock, READ_PORT_UCHAR, KeGetCurrentIrql, KfRaiseIrql, KfLowerIrql, HalGetInterruptVector, HalTranslateBusAddress, KeStallExecutionProcessor, KfReleaseSpinLock, READ_PORT_BUFFER_USHORT, READ_PORT_USHORT, WRITE_PORT_BUFFER_USHORT, WRITE_PORT_UCHAR<br>> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) Microsoft Corporation. All rights reserved.<br>product......: Microsoft_ Windows_ Operating System<br>description..: IDE/ATAPI Port Driver<br>original name: atapi.sys<br>internal name: atapi.sys<br>file version.: 5.1.2600.5512 (xpsp.080413-2108)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
packers (Kaspersky): PE_Patch
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
zacalo to smtp Vyřešeno
Re: zacalo to smtp
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder c:\program files\Adobe\acrotray.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\DP\LOCALS~1\Temp\Rar$EX00.234\OTMoveIt\OTM.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\DP\LOCALS~1\Temp\~DF957B.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\DP\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_42c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
OTM by OldTimer - Version 2.1.0.1 log created on 11212009_213108
Files moved on Reboot...
C:\DOCUME~1\DP\LOCALS~1\Temp\Rar$EX00.234\OTMoveIt\OTM.exe moved successfully.
C:\DOCUME~1\DP\LOCALS~1\Temp\~DF957B.tmp moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_42c.dat moved successfully.
C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\XUL.mfl moved successfully.
Registry entries deleted on Reboot...
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder c:\program files\Adobe\acrotray.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\DP\LOCALS~1\Temp\Rar$EX00.234\OTMoveIt\OTM.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\DP\LOCALS~1\Temp\~DF957B.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\DP\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_42c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
OTM by OldTimer - Version 2.1.0.1 log created on 11212009_213108
Files moved on Reboot...
C:\DOCUME~1\DP\LOCALS~1\Temp\Rar$EX00.234\OTMoveIt\OTM.exe moved successfully.
C:\DOCUME~1\DP\LOCALS~1\Temp\~DF957B.tmp moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_42c.dat moved successfully.
C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\DP\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\XUL.mfl moved successfully.
Registry entries deleted on Reboot...
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43295
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: zacalo to smtp
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat
Stáhni si a spusť pod účtem administrátoraAvenger
Tlačítkem OK potvrď, že vše, co děláš v tomto programu, děláš na vlastní riziko
Zvol možnost "Load script from internet URL"
Do řádku pod tím zkopíruj následující adresu:
Klikni na Execute ke spuštění programu, nakonec klikni na OK a Tvůj počítač se restartuje
Poté sem vlož nový log z HijackThis ke kontrole.
Popiš chování PC , zítra.
Start-Spustit a zadej ComboFix[mezera]/u
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat
Stáhni si a spusť pod účtem administrátoraAvenger
Tlačítkem OK potvrď, že vše, co děláš v tomto programu, děláš na vlastní riziko
Zvol možnost "Load script from internet URL"
Do řádku pod tím zkopíruj následující adresu:
Kód: Vybrat vše
http://ne-e.eu/stration/script.txtKlikni na Execute ke spuštění programu, nakonec klikni na OK a Tvůj počítač se restartuje
Poté sem vlož nový log z HijackThis ke kontrole.
Popiš chování PC , zítra.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Majestic-12 [Bot] a 49 hostů