Conficker

[stell]

Co s videom?/trha?/

[graupel]

Co s videom?/trha?/

Pomaly ho načítava.

[stell]

1:Skontrolujeme pevný disk ci nám nebeží v PIO-móde:
2. Kliknite na tlačidlo Štart,pravý klik na tento počítač, klikneme na položku vlastnosti hardware,správca zariadenia.
3. Rozbaľte položku Radiče IDE ATA/ATAPI.
4. Kliknite na radič, primárny aj sekundárny kanál.
5. Kliknite na kartu upresniť.
6:Aktuálny režim prenosu by mal byť čokoľvek,čo obsahuje DMA,len nie Režim PIO.

Ak je v režime PIO-mod
Riešenie:
1:Vo správcovi zariadení vyberte najprv na primárnom aj sekundárnom kanála voľbu Odinštalovať a následne toto potvrďte tlačidlom OK.
2:Pozor, ak bude sa systém následne dožadovať reštartu,vyberte Nie.Týmto spôsobom odinštalujte všetko,čo je vo vetve Radiče IDE ATA/ATAPI.
3:Zmeny nadobudnú účinnosť až po reštarte.
4:Po reštarte systém automaticky prevedie detekciu IDE radičov a inštaláciu ovládačov a potom by už malo ísť DMA normálne.

vymaz flash cache

spust G-Mer
http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

[graupel]

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-02-04 20:34:56
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 SAMSUNG_HD322HJ rev.1AC01113
Running: gmer.exe; Driver: C:\DOCUME~1\miro\LOCALS~1\Temp\kwlyrfoc.sys


---- System - GMER 1.0.15 ----

SSDT sppq.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT sppq.sys ZwEnumerateValueKey [0xB9ECE132]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device 8A9471F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

[stell]

ak mas tam disk Emulator Daemon, alebo alcohol, docasne zakazeme
a sprav aj druhy log z G-Mer
http://www.jpshortstuff.247fixes.com/Defogger.exe
Dvojitým kliknutím DeFogger spustiť nástroj.
objaví sa okno
kliknite na tlačidlo Zakázať zakázať vaše CD emulácia ovládače
Kliknutím na tlačidlo Áno, abyste pokračovali
'Hotovo!' 'Finished!' zobrazí sa správa
Kliknite na tlačidlo OK
DeFogger môže požiadať vás o reštart, keď to urobí - kliknite na tlačidlo OK

[graupel]

Na logu sa pracuje. Potom ešte môžem použiť T-Cleaner, OTC a TFC?

[stell]

No, mozes, ale dal som ti tam aj odkaz na vycistenie Flash cache. takze ked vlozis sem log z G-Mer, tak to sprav, a odskusaj video, pocitac, a napis ze co a ako.

[graupel]

Cache vyčistené. Použil som aj CCleaner. Do 30 - 60 min tu dám 2. log z Gmer, potom použijem T-Cleaner a pod. a dám vedieť info o PC.

[stell]

ok

[graupel]

Už je to OK s PC aj videami. Použil som OTC a TFC. T-Cleaneru som sa radšej vyhol, lebo vraj poškodzuje systém. Takže hotovo? Ak áno, ďakujem.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-04 21:11:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 SAMSUNG_HD322HJ rev.1AC01113
Running: gmer.exe; Driver: C:\DOCUME~1\miro\LOCALS~1\Temp\kwlyrfoc.sys


---- System - GMER 1.0.15 ----

SSDT sppq.sys ZwCreateKey [0xB9EB50E0]
SSDT sppq.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT sppq.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT sppq.sys ZwOpenKey [0xB9EB50C0]
SSDT sppq.sys ZwQueryKey [0xB9ECE20A]
SSDT sppq.sys ZwQueryValueKey [0xB9ECE08A]
SSDT sppq.sys ZwSetValueKey [0xB9ECE29C]

INT 0x63 ? 8A948BF8
INT 0x63 ? 8A948BF8
INT 0x63 ? 8A74FBF8
INT 0x63 ? 8A948BF8
INT 0x94 ? 8A74FBF8
INT 0xA4 ? 8A74FBF8

---- Kernel code sections - GMER 1.0.15 ----

? sppq.sys Systém nemôže nájsť zadaný súbor. !
.text USBPORT.SYS!DllUnload B97218AC 5 Bytes JMP 8A74F1D8
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8FFF360, 0x32B2AD, 0xE8000020]
init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xB64C7280]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2548] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10402342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3948] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] sppq.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] sppq.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] sppq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] sppq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] sppq.sys

---- Devices - GMER 1.0.15 ----

Device 8A9471F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBPDO-0 8A7E21F8
Device \Driver\usbehci \Device\USBPDO-1 8A7DE1F8
Device \Driver\usbohci \Device\USBPDO-2 8A7E21F8
Device \Driver\usbehci \Device\USBPDO-3 8A7DE1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A8DA1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A8DA1F8
Device \Driver\Cdrom \Device\CdRom0 8A7271F8
Device \Driver\atapi \Device\Ide\IdePort0 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A5DC1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0CA76E0E-8769-472E-AEF2-2623480B51BB} 8A5DC1F8
Device \Driver\NetBT \Device\NetbiosSmb 8A5DC1F8
Device \Driver\usbohci \Device\USBFDO-0 8A7E21F8
Device \Driver\usbehci \Device\USBFDO-1 8A7DE1F8
Device \Driver\usbohci \Device\USBFDO-2 8A7E21F8
Device \Driver\usbehci \Device\USBFDO-3 8A7DE1F8
Device \Driver\Ftdisk \Device\FtControl 8A8DA1F8
Device \FileSystem\Cdfs \Cdfs 893A91F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA6 0x5D 0xC0 0x06 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA6 0x5D 0xC0 0x06 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

---- EOF - GMER 1.0.15 ----

[stell]

Nemas Rootkita, je tam hak od Daemona, ale to inak nebude, nakolko Daemon a Alcohol, pouzivaju Rootkit techniku, ak to nepotrebujes doporucujem odinstalovat.

Mozes precistit pocitac, a spust aj OTM>>klikni na cleanup>>yes>>yes, a odskusaj pc.

[graupel]

Už je všetko OK. Ešte raz ďakujem.

[stell]

Nemas zaco.