Rootkity - jak usunąć?


(Jakub K8) #1

Używam antywirusa NOD3. Przy pomocy jednej z jego funkcji (mianowicie SysInspector) wykryłem że mam na komputerze 2 rootkity. Przeskanowałem komputer programem Rootkit Revealer i dał mi on następujący wynik :

HKU.DEFAULT\Control Panel\International 2008-03-22 18:30 0 bytes Security mismatch.

HKU.DEFAULT\Control Panel\International\Geo 2008-03-22 18:30 0 bytes Security mismatch.

HKU.DEFAULT\Control Panel\international_combofixbackup 2008-03-22 18:29 0 bytes Security mismatch.

HKU.DEFAULT\Control Panel\international_combofixbackup\Geo 2008-03-22 18:29 0 bytes Security mismatch.

HKU\S-1-5-21-436374069-1214440339-725345543-1003\Control Panel\International 2008-03-22 18:30 0 bytes Security mismatch.

HKU\S-1-5-21-436374069-1214440339-725345543-1003\Control Panel\International\Geo 2008-03-22 18:30 0 bytes Security mismatch.

HKU\S-1-5-21-436374069-1214440339-725345543-1003\Control Panel\international_combofixbackup 2008-03-22 18:29 0 bytes Security mismatch.

HKU\S-1-5-21-436374069-1214440339-725345543-1003\Control Panel\international_combofixbackup\Geo 2008-03-22 18:29 0 bytes Security mismatch.

HKU\S-1-5-18\Control Panel\International 2008-03-22 18:30 0 bytes Security mismatch.

HKU\S-1-5-18\Control Panel\International\Geo 2008-03-22 18:30 0 bytes Security mismatch.

HKU\S-1-5-18\Control Panel\international_combofixbackup 2008-03-22 18:29 0 bytes Security mismatch.

HKU\S-1-5-18\Control Panel\international_combofixbackup\Geo 2008-03-22 18:29 0 bytes Security mismatch.

HKLM\SECURITY\Policy\Secrets\SAC* 2007-07-11 20:22 0 bytes Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 2007-07-11 20:22 0 bytes Key name contains embedded nulls (*)

HKLM\SYSTEM\ControlSet001\Services\a347scsi\Config\jdgg40 2009-06-08 14:49 0 bytes Hidden from Windows API.

HKLM\SYSTEM\ControlSet001\Services\d347prt\Cfg\0Jf40 2007-12-01 14:56 0 bytes Hidden from Windows API.

C:\Documents and Settings\All Users\Dane aplikacji\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod0D0B.nup 2009-06-08 15:56 7.81 KB Visible in Windows API, but not in MFT or directory index.

C:\Documents and Settings\All Users\Dane aplikacji\ESET\ESET NOD32 Antivirus\Updfiles\continuous\nod675C.nup 2009-06-08 22:56 22.65 KB Hidden from Windows API.

C:\Documents and Settings\All Users\Dane aplikacji\ESET\ESET NOD32 Antivirus\Updfiles\oldfiles\em002_32.dat 2009-06-08 15:59 18.03 MB Hidden from Windows API.

C:\Documents and Settings\All Users\Dane aplikacji\ESET\ESET NOD32 Antivirus\Updfiles\temp\em002_32.dat 2009-06-08 22:57 18.03 MB Hidden from Windows API.

C:\WINDOWS\Temp\STS5CD2.tmp 2009-06-08 22:30 123 bytes Visible in Windows API, but not in MFT or directory index.

C:\WINDOWS\Temp\STS5FBE.tmp 2009-06-08 22:58 129 bytes Hidden from Windows API.

może to ktoś dla mnie rozszyfrować i pomóc mi usunąć rootkity ??

-- Dodane 26.08.2009 (Śr) 11:40 --

Czy jest ktoś w stanie mi pomóc ???

Wygląda na to że nie ....