Skocz do zawartości

r   e   k   l   a   m   a

Zdjęcie

Win32:Rootkit-gen [Rtk]


  • Zaloguj się, aby dodać odpowiedź
2 odpowiedzi w tym temacie

#1 tula111

tula111
  • Użytkownicy
  • 1 postów

Napisano 21.01.2010 - 19:38

witam, również mam problem z Win32:Rootkit-gen [Rtk]
byłabym wdzięczna za pomoc z pozbyciem się go.
oto logi z OTL:
http://wklej.org/id/266129/
http://wklej.org/id/266137/

#2 Magik

Magik

    Uczestnik HotZlotu

  • Użytkownicy
  • 2693 postów

Napisano 21.01.2010 - 21:16

Nie podpinamy się pod cudze wątki.
Siłę przyjaźni mierz tym, co potrafisz dla niej poświęcić.
Tadeusz Hipolit Czeżowski

#3 jessica

jessica
  • Użytkownicy
  • 7064 postów

Napisano 21.01.2010 - 22:28

Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

:OTL
MOD - [2002-01-01 07:24:22 | 00,086,016 | RHS- | M] () -- C:\Documents and Settings\user\Ustawienia lokalne\Temp\cvasds0.dll
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [cdoosoft] C:\Documents and Settings\user\Ustawienia lokalne\Temp\herss.exe ()
O4 - Startup: C:\Documents and Settings\user\Menu Start\Programy\Autostart\PowerReg Scheduler.exe ()
O32 - AutoRun File - [2002-01-01 08:13:52 | 00,000,055 | RHS- | M] () - C:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2002-01-01 08:13:52 | 00,000,055 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{3946a700-494b-11de-b35e-000c6ecaacff}\Shell - "" = AutoRun
O33 - MountPoints2\{442833b9-9703-11de-b558-000c6ecaacff}\Shell - "" = AutoRun
O33 - MountPoints2\{442833b9-9703-11de-b558-000c6ecaacff}\Shell\Auto\command - "" = C:\WINDOWS\System32\wupdmgr.exe -- [2001-10-26 15:30:06 | 00,032,256 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{697ba1ad-0cc1-11de-804c-806d6172696f}\Shell\AutoRun\command - "" = C:\9xf8.exe -- [2010-01-17 22:00:02 | 00,115,712 | RHS- | M] ()
O33 - MountPoints2\{697ba1ad-0cc1-11de-804c-806d6172696f}\Shell\open\Command - "" = C:\9xf8.exe -- [2010-01-17 22:00:02 | 00,115,712 | RHS- | M] ()
O33 - MountPoints2\{697ba1ae-0cc1-11de-804c-806d6172696f}\Shell\AutoRun\command - "" = 9xf8.exe
O33 - MountPoints2\{697ba1ae-0cc1-11de-804c-806d6172696f}\Shell\open\Command - "" = 9xf8.exe
O33 - MountPoints2\{735a5ad2-ff20-11de-b764-000c6ecaacff}\Shell\AutoRun\command - "" = F:\9xf8.exe -- File not found
O33 - MountPoints2\{735a5ad2-ff20-11de-b764-000c6ecaacff}\Shell\open\Command - "" = F:\9xf8.exe -- File not found
[2010-01-17 16:27:36 | 00,000,000 | -HSD | C] -- C:\FOUND.035
[2009-12-02 04:53:58 | 00,000,000 | -HSD | C] -- C:\FOUND.032
[2009-11-22 17:40:00 | 00,000,000 | -HSD | C] -- C:\FOUND.031
[2009-10-18 01:22:54 | 00,000,000 | -HSD | C] -- C:\FOUND.030
[2009-09-18 21:11:12 | 00,000,000 | -HSD | C] -- C:\FOUND.029
[2009-09-10 01:36:46 | 00,000,000 | -HSD | C] -- C:\FOUND.028
[2009-09-01 20:05:46 | 00,000,000 | -HSD | C] -- C:\FOUND.027
[2009-08-29 08:46:02 | 00,000,000 | -HSD | C] -- C:\FOUND.026
[2009-08-21 13:21:12 | 00,000,000 | -HSD | C] -- C:\FOUND.025
[2009-08-14 07:23:16 | 00,000,000 | -HSD | C] -- C:\FOUND.024
[2009-07-25 09:16:22 | 00,000,000 | -HSD | C] -- C:\FOUND.023
[2009-07-05 10:11:10 | 00,000,000 | -HSD | C] -- C:\FOUND.022
[2009-07-04 10:54:10 | 00,000,000 | -HSD | C] -- C:\FOUND.021
[2009-06-25 20:57:20 | 00,000,000 | -HSD | C] -- C:\FOUND.020
[2009-06-24 20:30:06 | 00,000,000 | -HSD | C] -- C:\FOUND.019
[2009-06-16 10:21:08 | 00,000,000 | -HSD | C] -- C:\FOUND.018
[2009-06-14 09:07:08 | 00,000,000 | -HSD | C] -- C:\FOUND.017
[2009-06-11 17:20:10 | 00,000,000 | -HSD | C] -- C:\FOUND.016
[2009-06-09 23:35:24 | 00,000,000 | -HSD | C] -- C:\FOUND.015
[2009-06-09 06:50:00 | 00,000,000 | -HSD | C] -- C:\FOUND.014
[2009-06-08 20:51:58 | 00,000,000 | -HSD | C] -- C:\FOUND.013
[2009-06-08 07:06:50 | 00,000,000 | -HSD | C] -- C:\FOUND.012
[2009-06-07 09:23:52 | 00,000,000 | -HSD | C] -- C:\FOUND.011
[2009-06-06 17:21:28 | 00,000,000 | -HSD | C] -- C:\FOUND.010
[2009-06-06 16:13:02 | 00,000,000 | -HSD | C] -- C:\FOUND.009
[2009-06-05 13:48:26 | 00,000,000 | -HSD | C] -- C:\FOUND.008
[2009-05-18 06:54:52 | 00,000,000 | -HSD | C] -- C:\FOUND.007
[2009-05-17 12:13:54 | 00,000,000 | -HSD | C] -- C:\FOUND.006
[2009-05-16 09:49:50 | 00,000,000 | -HSD | C] -- C:\FOUND.005
[2009-05-15 19:01:34 | 00,000,000 | -HSD | C] -- C:\FOUND.004
[2009-05-10 14:17:38 | 00,000,000 | -HSD | C] -- C:\FOUND.003
[2009-05-04 10:38:44 | 00,000,000 | -HSD | C] -- C:\FOUND.002
[2009-04-11 18:11:20 | 00,000,000 | -HSD | C] -- C:\FOUND.001
[2009-03-10 09:51:39 | 00,000,000 | -HSD | C] -- C:\Recycled
[2009-03-09 16:10:40 | 00,000,000 | -HSD | C] -- C:\FOUND.000
[2002-01-01 08:15:08 | 00,000,055 | RHS- | M] () -- C:\autorun.inf
[2002-01-01 08:08:01 | 00,115,712 | RHS- | C] () -- C:\9xf8.exe

:Files
C:\FOUND.034
D:\9xf8.exe

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]
[Reboot]


Kliknij w Run Fix. Zatwierdź restart komputera.

Następnie uruchom OTL ponownie, tym razem kliknij "Run Scan".
Pokaż nowy log OTL.txt oraz log z usuwania.

jessi