r e k l a m a
Zaloguj się, aby obserwować  
Obserwujący 0
tula111

Win32:Rootkit-gen [Rtk]

Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

:OTL

MOD - [2002-01-01 07:24:22 | 00,086,016 | RHS- | M] () -- C:\Documents and Settings\user\Ustawienia lokalne\Temp\cvasds0.dll

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKCU..\Run: [cdoosoft] C:\Documents and Settings\user\Ustawienia lokalne\Temp\herss.exe ()

O4 - Startup: C:\Documents and Settings\user\Menu Start\Programy\Autostart\PowerReg Scheduler.exe ()

O32 - AutoRun File - [2002-01-01 08:13:52 | 00,000,055 | RHS- | M] () - C:\autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2002-01-01 08:13:52 | 00,000,055 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{3946a700-494b-11de-b35e-000c6ecaacff}\Shell - "" = AutoRun

O33 - MountPoints2\{442833b9-9703-11de-b558-000c6ecaacff}\Shell - "" = AutoRun

O33 - MountPoints2\{442833b9-9703-11de-b558-000c6ecaacff}\Shell\Auto\command - "" = C:\WINDOWS\System32\wupdmgr.exe -- [2001-10-26 15:30:06 | 00,032,256 | ---- | M] (Microsoft Corporation)

O33 - MountPoints2\{697ba1ad-0cc1-11de-804c-806d6172696f}\Shell\AutoRun\command - "" = C:\9xf8.exe -- [2010-01-17 22:00:02 | 00,115,712 | RHS- | M] ()

O33 - MountPoints2\{697ba1ad-0cc1-11de-804c-806d6172696f}\Shell\open\Command - "" = C:\9xf8.exe -- [2010-01-17 22:00:02 | 00,115,712 | RHS- | M] ()

O33 - MountPoints2\{697ba1ae-0cc1-11de-804c-806d6172696f}\Shell\AutoRun\command - "" = 9xf8.exe

O33 - MountPoints2\{697ba1ae-0cc1-11de-804c-806d6172696f}\Shell\open\Command - "" = 9xf8.exe

O33 - MountPoints2\{735a5ad2-ff20-11de-b764-000c6ecaacff}\Shell\AutoRun\command - "" = F:\9xf8.exe -- File not found

O33 - MountPoints2\{735a5ad2-ff20-11de-b764-000c6ecaacff}\Shell\open\Command - "" = F:\9xf8.exe -- File not found

[2010-01-17 16:27:36 | 00,000,000 | -HSD | C] -- C:\FOUND.035

[2009-12-02 04:53:58 | 00,000,000 | -HSD | C] -- C:\FOUND.032

[2009-11-22 17:40:00 | 00,000,000 | -HSD | C] -- C:\FOUND.031

[2009-10-18 01:22:54 | 00,000,000 | -HSD | C] -- C:\FOUND.030

[2009-09-18 21:11:12 | 00,000,000 | -HSD | C] -- C:\FOUND.029

[2009-09-10 01:36:46 | 00,000,000 | -HSD | C] -- C:\FOUND.028

[2009-09-01 20:05:46 | 00,000,000 | -HSD | C] -- C:\FOUND.027

[2009-08-29 08:46:02 | 00,000,000 | -HSD | C] -- C:\FOUND.026

[2009-08-21 13:21:12 | 00,000,000 | -HSD | C] -- C:\FOUND.025

[2009-08-14 07:23:16 | 00,000,000 | -HSD | C] -- C:\FOUND.024

[2009-07-25 09:16:22 | 00,000,000 | -HSD | C] -- C:\FOUND.023

[2009-07-05 10:11:10 | 00,000,000 | -HSD | C] -- C:\FOUND.022

[2009-07-04 10:54:10 | 00,000,000 | -HSD | C] -- C:\FOUND.021

[2009-06-25 20:57:20 | 00,000,000 | -HSD | C] -- C:\FOUND.020

[2009-06-24 20:30:06 | 00,000,000 | -HSD | C] -- C:\FOUND.019

[2009-06-16 10:21:08 | 00,000,000 | -HSD | C] -- C:\FOUND.018

[2009-06-14 09:07:08 | 00,000,000 | -HSD | C] -- C:\FOUND.017

[2009-06-11 17:20:10 | 00,000,000 | -HSD | C] -- C:\FOUND.016

[2009-06-09 23:35:24 | 00,000,000 | -HSD | C] -- C:\FOUND.015

[2009-06-09 06:50:00 | 00,000,000 | -HSD | C] -- C:\FOUND.014

[2009-06-08 20:51:58 | 00,000,000 | -HSD | C] -- C:\FOUND.013

[2009-06-08 07:06:50 | 00,000,000 | -HSD | C] -- C:\FOUND.012

[2009-06-07 09:23:52 | 00,000,000 | -HSD | C] -- C:\FOUND.011

[2009-06-06 17:21:28 | 00,000,000 | -HSD | C] -- C:\FOUND.010

[2009-06-06 16:13:02 | 00,000,000 | -HSD | C] -- C:\FOUND.009

[2009-06-05 13:48:26 | 00,000,000 | -HSD | C] -- C:\FOUND.008

[2009-05-18 06:54:52 | 00,000,000 | -HSD | C] -- C:\FOUND.007

[2009-05-17 12:13:54 | 00,000,000 | -HSD | C] -- C:\FOUND.006

[2009-05-16 09:49:50 | 00,000,000 | -HSD | C] -- C:\FOUND.005

[2009-05-15 19:01:34 | 00,000,000 | -HSD | C] -- C:\FOUND.004

[2009-05-10 14:17:38 | 00,000,000 | -HSD | C] -- C:\FOUND.003

[2009-05-04 10:38:44 | 00,000,000 | -HSD | C] -- C:\FOUND.002

[2009-04-11 18:11:20 | 00,000,000 | -HSD | C] -- C:\FOUND.001

[2009-03-10 09:51:39 | 00,000,000 | -HSD | C] -- C:\Recycled

[2009-03-09 16:10:40 | 00,000,000 | -HSD | C] -- C:\FOUND.000

[2002-01-01 08:15:08 | 00,000,055 | RHS- | M] () -- C:\autorun.inf

[2002-01-01 08:08:01 | 00,115,712 | RHS- | C] () -- C:\9xf8.exe

:Files

C:\FOUND.034

D:\9xf8.exe

:Reg

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]

"SuperHidden"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]

"Hidden"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]

"ShowSuperHidden"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]

"CheckedValue"=dword:00000001

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]

@=""

:Commands

[emptytemp]

[Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera.

Następnie uruchom OTL ponownie, tym razem kliknij "Run Scan".

Pokaż nowy log OTL.txt oraz log z usuwania.

jessi

Udostępnij ten post


Link to postu
Udostępnij na innych stronach
r e k l a m a

Zaloguj się, aby skomentować

Będziesz mógł dodać komentarz po zalogowaniu się



Zaloguj się
Zaloguj się, aby obserwować  
Obserwujący 0