| Author |
Message
|
slimik
Poziom 8
Joined: 31 Mar 2009
Posts: 28
|
 #1
 08 Apr 2009 14:01 Wirusy(usunięte Rootkit.Win32.Agent, trojan Win32.Generic |
|
|
|
Komputer nie odpala się w normalnym trybie pracy startuje tylko w trybie awaryjny, udało mi się pousuwać wiekszość szkodników, i odpalić ComboFix-a. prosiłbym o sprawdzenie loga:
http://wklej.org/id/75835/
|
|
| Back to top |
|
 |
Google
|
| #
08 Apr 2009 14:01 |
|
|
|
|
|
| Back to top |
|
|
Kolobos
Poziom 26
Joined: 13 Jun 2003
Posts: 26223
Location: Warszawa
|
#2
08 Apr 2009 14:22 Re: Wirusy(usunięte Rootkit.Win32.Agent, trojan Win32.Generi |
|
|
|
Odinstaluj ArcaVir oraz F-Secure, zainstaluj tylko Avire.
Usun z dysku:
2009-04-08 06:14 90,112 ----a-w c:\windows\DUMP665b.tmp
2009-04-08 06:13 90,112 ----a-w c:\windows\DUMP5544.tmp
2009-04-08 05:48 90,112 ----a-w c:\windows\DUMP53ae.tmp
2009-04-08 05:47 90,112 ----a-w c:\windows\DUMP5275.tmp
2009-04-08 05:46 90,112 ----a-w c:\windows\DUMP5265.tmp
2009-04-08 05:45 90,112 ----a-w c:\windows\DUMP53ad.tmp
2009-04-08 05:45 90,112 ----a-w c:\windows\DUMP52d4.tmp
2009-04-08 05:43 90,112 ----a-w c:\windows\DUMP53ed.tmp
2009-04-08 05:43 90,112 ----a-w c:\windows\DUMP53bd.tmp
2009-04-08 05:42 90,112 ----a-w c:\windows\DUMP52c3.tmp
2009-04-08 05:41 90,112 ----a-w c:\windows\DUMP53ec.tmp
2009-04-08 05:40 90,112 ----a-w c:\windows\DUMP540b.tmp
2009-04-08 05:38 90,112 ----a-w c:\windows\DUMP52d3.tmp
2009-04-08 05:37 90,112 ----a-w c:\windows\DUMP53cd.tmp
2009-04-08 05:05 90,112 ----a-w c:\windows\DUMP5553.tmp
Usun te wszystkie uslugi:
S0 Winae04;Winae04;c:\windows\system32\Drivers\Winae04.sys --> c:\windows\system32\Drivers\Winae04.sys [?]
S0 Winae61;Winae61;c:\windows\system32\Drivers\Winae61.sys --> c:\windows\system32\Drivers\Winae61.sys [?]
S0 Winbf48;Winbf48;c:\windows\system32\Drivers\Winbf48.sys --> c:\windows\system32\Drivers\Winbf48.sys [?]
S0 Wincg72;Wincg72;c:\windows\system32\Drivers\Wincg72.sys --> c:\windows\system32\Drivers\Wincg72.sys [?]
S0 Winch51;Winch51;c:\windows\system32\Drivers\Winch51.sys --> c:\windows\system32\Drivers\Winch51.sys [?]
S0 Windi72;Windi72;c:\windows\system32\Drivers\Windi72.sys --> c:\windows\system32\Drivers\Windi72.sys [?]
S0 Winei04;Winei04;c:\windows\system32\Drivers\Winei04.sys --> c:\windows\system32\Drivers\Winei04.sys [?]
S0 Winfk37;Winfk37;c:\windows\system32\Drivers\Winfk37.sys --> c:\windows\system32\Drivers\Winfk37.sys [?]
S0 Winhm15;Winhm15;c:\windows\system32\Drivers\Winhm15.sys --> c:\windows\system32\Drivers\Winhm15.sys [?]
S0 Winio40;Winio40;c:\windows\system32\Drivers\Winio40.sys --> c:\windows\system32\Drivers\Winio40.sys [?]
S0 Winjn15;Winjn15;c:\windows\system32\Drivers\Winjn15.sys --> c:\windows\system32\Drivers\Winjn15.sys [?]
S0 Winlp04;Winlp04;c:\windows\system32\Drivers\Winlp04.sys --> c:\windows\system32\Drivers\Winlp04.sys [?]
S0 Winlq50;Winlq50;c:\windows\system32\Drivers\Winlq50.sys --> c:\windows\system32\Drivers\Winlq50.sys [?]
S0 Winmq83;Winmq83;c:\windows\system32\Drivers\Winmq83.sys --> c:\windows\system32\Drivers\Winmq83.sys [?]
S0 Winns72;Winns72;c:\windows\system32\Drivers\Winns72.sys --> c:\windows\system32\Drivers\Winns72.sys [?]
S0 Winnt04;Winnt04;c:\windows\system32\Drivers\Winnt04.sys --> c:\windows\system32\Drivers\Winnt04.sys [?]
S0 Winot50;Winot50;c:\windows\system32\Drivers\Winot50.sys --> c:\windows\system32\Drivers\Winot50.sys [?]
S0 Winpu48;Winpu48;c:\windows\system32\Drivers\Winpu48.sys --> c:\windows\system32\Drivers\Winpu48.sys [?]
S0 Winqv48;Winqv48;c:\windows\system32\Drivers\Winqv48.sys --> c:\windows\system32\Drivers\Winqv48.sys [?]
S0 Winqv61;Winqv61;c:\windows\system32\Drivers\Winqv61.sys --> c:\windows\system32\Drivers\Winqv61.sys [?]
S0 Winsw61;Winsw61;c:\windows\system32\Drivers\Winsw61.sys --> c:\windows\system32\Drivers\Winsw61.sys [?]
S0 Wintx83;Wintx83;c:\windows\system32\Drivers\Wintx83.sys --> c:\windows\system32\Drivers\Wintx83.sys [?]
S0 Winwc83;Winwc83;c:\windows\system32\Drivers\Winwc83.sys --> c:\windows\system32\Drivers\Winwc83.sys [?]
S0 Winxd04;Winxd04;c:\windows\system32\Drivers\Winxd04.sys --> c:\windows\system32\Drivers\Winxd04.sys [?]
S0 Winxd15;Winxd15;c:\windows\system32\Drivers\Winxd15.sys --> c:\windows\system32\Drivers\Winxd15.sys [?]
S0 Winxd50;Winxd50;c:\windows\system32\Drivers\Winxd50.sys --> c:\windows\system32\Drivers\Winxd50.sys [?]
S0 Winyd61;Winyd61;c:\windows\system32\Drivers\Winyd61.sys --> c:\windows\system32\Drivers\Winyd61.sys [?]
S0 Winye25;Winye25;c:\windows\system32\Drivers\Winye25.sys --> c:\windows\system32\Drivers\Winye25.sys [?]
S1 e2f91752;e2f91752;c:\windows\system32\drivers\e2f91752.sys --> c:\windows\system32\drivers\e2f91752.sys [?]
S2 ArcaVirMonitor;ArcaVir Antivirus Monitor Service;c:\program files\ArcaBit\ArcaVir\AvMon.exe --> c:\program files\ArcaBit\ArcaVir\AvMon.exe [?]
S2 aspnet_stateAudioSrvPolicyAgent;ASP.NET State Service aspnet_stateAudioSrvPolicyAgent;đ%€|x� srv --> đ%€|x� srv [?]
S2 AudioSrvPolicyAgent;Windows Audio AudioSrvPolicyAgent;đ%€|x� srv --> đ%€|x� srv [?]
S2 avast!Schedule;avast! Mail Scanner avast!Schedule;đ%€|x� srv --> đ%€|x� srv [?]
S2 avast!ScheduleHTTPFilter;avast! Mail Scanner avast!Schedule avast!ScheduleHTTPFilter;đ%€|x� srv --> đ%€|x� srv [?]
S2 avast!ScheduleRpcSs;avast! Mail Scanner avast!Schedule avast!ScheduleRpcSs;đ%€|x� srv --> đ%€|x� srv [?]
S2 BthServMSDTC;Bluetooth Support Service BthServMSDTC;đ%€|x� srv --> đ%€|x� srv [?]
S2 DcomLaunchTermService;Program uruchamiający proces serwera DCOM DcomLaunchTermService;đ%€|x� srv --> đ%€|x� srv [?]
S2 dmadminNetlogon;Usługa administracyjna Menedżera dysków logicznych dmadminNetlogon;đ%€|x� srv --> đ%€|x� srv [?]
S2 dmserverSharedAccess;Menedżer dysków logicznych dmserverSharedAccess;đ%€|x� srv --> đ%€|x� srv [?]
S2 DnscacheHTTPFilter;Klient DNS DnscacheHTTPFilter;đ%€|x� srv --> đ%€|x� srv [?]
S2 HidServPlugPlayALG;Dostęp do urządzeń interfejsu HID HidServPlugPlayALG;đ%€|x� srv --> đ%€|x� srv [?]
S2 LmHostsavast!ScheduleHTTPFilter;Pomoc TCP/IP NetBIOS LmHostsavast!ScheduleHTTPFilter;đ%€|x� srv --> đ%€|x� srv [?]
S2 MSDTCAcrSch2Svc;Distributed Transaction Coordinator MSDTCAcrSch2Svc;đ%€|x� srv --> đ%€|x� srv [?]
S2 MSDTCRasAuto;Distributed Transaction Coordinator MSDTCRasAuto;đ%€|x� srv --> đ%€|x� srv [?]
S2 MSIServerAudioSrvPolicyAgent;Instalator Windows MSIServerAudioSrvPolicyAgent;đ%€|x� srv --> đ%€|x� srv [?]
S2 MSSQL$INSERTGTTrkWks;MSSQL$INSERTGT MSSQL$INSERTGTTrkWks;đ%€|x� srv --> đ%€|x� srv [?]
S2 NetDDEdsdmArcaVirMonitor;DSDM DDE sieci NetDDEdsdmArcaVirMonitor;đ%€|x� srv --> đ%€|x� srv [?]
S2 NtmsSvcavast!Schedule;Magazyn wymienny NtmsSvcavast!Schedule;đ%€|x� srv --> đ%€|x� srv [?]
S2 NVSvcEventlog;NVIDIA Driver Helper Service NVSvcEventlog;đ%€|x� srv --> đ%€|x� srv [?]
S2 NVSvcNetman;NVIDIA Driver Helper Service NVSvcNetman;đ%€|x� srv --> đ%€|x� srv [?]
S2 PlugPlayALG;Plug and Play PlugPlayALG;đ%€|x� srv --> đ%€|x� srv [?]
S2 PlugPlayALGAlerter;Plug and Play PlugPlayALG PlugPlayALGAlerter;đ%€|x� srv --> đ%€|x� srv [?]
S2 ProtectedStorageBrowser;Magazyn chroniony ProtectedStorageBrowser;đ%€|x� srv --> đ%€|x� srv [?]
S2 ProtectedStorageVSS;Magazyn chroniony ProtectedStorageVSS;đ%€|x� srv --> đ%€|x� srv [?]
S2 RasAutoCOMSysApp;Menedżer autopołączenia dostępu zdalnego RasAutoCOMSysApp;đ%€|x� srv --> đ%€|x� srv [?]
S2 RasManSLService;Menedżer połączeń usługi Dostęp zdalny RasManSLService;đ%€|x� srv --> đ%€|x� srv [?]
S2 SENSxmlprov;Zawiadomienie o zdarzeniu systemowym SENSxmlprov;đ%€|x� srv --> đ%€|x� srv [?]
S2 SSDPSRVlanmanserver;Usługa odnajdywania SSDP SSDPSRVlanmanserver;đ%€|x� srv --> đ%€|x� srv [?]
S2 stisvcPolicyAgent;Windows Image Acquisition (WIA) stisvcPolicyAgent;đ%€|x� srv --> đ%€|x� srv [?]
S2 VSSAlerter;Kopiowanie woluminów w tle VSSAlerter;đ%€|x� srv --> đ%€|x� srv [?]
S2 W32TimeERSvc;Usługa Czas systemu Windows W32TimeERSvc;đ%€|x� srv --> đ%€|x� srv [?]
S2 winmgmtlanmanserver;Instrumentacja zarządzania Windows winmgmtlanmanserver;đ%€|x� srv --> đ%€|x� srv [?]
S2 WmdmPmSNBrowser;Usługa numeru seryjnego multimediów przenośnych WmdmPmSNBrowser;đ%€|x� srv --> đ%€|x� srv [?]
S2 WmdmPmSNThemes;Usługa numeru seryjnego multimediów przenośnych WmdmPmSNThemes;đ%€|x� srv --> đ%€|x� srv [?]
S2 WMPNetworkSvcBITS;Usługa udostępniania w sieci programu Windows Media Player WMPNetworkSvcBITS;đ%€|x� srv --> đ%€|x� srv [?]
S2 wscsvcProtectedStorage;Centrum zabezpieczeń wscsvcProtectedStorage;đ%€|x� srv --> đ%€|x� srv [?]
S3 arcaen;ArcaVir Monitor Kernel Engine Driver;\??\c:\program files\ArcaBit\ArcaVir\arcaen.sys --> c:\program files\ArcaBit\ArcaVir\arcaen.sys [?]
S3 arcaev;ArcaVir Monitor Kernel Events Driver;\??\c:\program files\ArcaBit\ArcaVir\arcaev.sys --> c:\program files\ArcaBit\ArcaVir\arcaev.sys [?]
S3 arcafd;ArcaVir Monitor Kernel Filter Driver;\??\c:\program files\ArcaBit\ArcaVir\arcafd.sys --> c:\program files\ArcaBit\ArcaVir\arcafd.sys [?]
Daj log z SDFix oraz nowy z combofix po wykonaniu tego co napisalem.
|
|
| Back to top |
|
|
slimik
Poziom 8
Joined: 31 Mar 2009
Posts: 28
|
#3
09 Apr 2009 09:41 Re: Wirusy(usunięte Rootkit.Win32.Agent, trojan Win32.Generi |
|
|
|
witam ponownie co do wczesniejszych zalecen wydaje mi sie ze odinstalowalem juz wysztko poza f-secure na ktorego mam licencje i chcialbym go zostawic
Ponizel log z Combofix-a
http://wklej.org/id/76120/
a Tu z SDfix-a
http://wklej.org/id/76122/
|
|
| Back to top |
|
|
Kolobos
Poziom 26
Joined: 13 Jun 2003
Posts: 26223
Location: Warszawa
|
#4
09 Apr 2009 10:29 Re: Wirusy(usunięte Rootkit.Win32.Agent, trojan Win32.Generi |
|
|
|
SDfix nalezy uzyc w trybie awaryjnym, wykonaj to i daj nowy log.
Wpisz w uruchom:
sc delete e2f91752
sc delete ArcaVirMonitor
sc delete arcaen
sc delete arcaev
sc delete arcafd
|
|
| Back to top |
|
|
slimik
Poziom 8
Joined: 31 Mar 2009
Posts: 28
|
|
| Back to top |
|
|
Google
|
| #
09 Apr 2009 11:45 |
|
|
|
|
|
| Back to top |
|
|
Kolobos
Poziom 26
Joined: 13 Jun 2003
Posts: 26223
Location: Warszawa
|
#6
09 Apr 2009 11:51 Re: Wirusy(usunięte Rootkit.Win32.Agent, trojan Win32.Generi |
|
|
|
To jest log z SDFix uruchomionego w trybie zwyklym. Musisz uruchomic system w trybie awaryjnym i dopiero tam uzyc SDFix.
|
|
| Back to top |
|
|
slimik
Poziom 8
Joined: 31 Mar 2009
Posts: 28
|
|
| Back to top |
|
|
Google
|
| #
09 Apr 2009 12:13 |
|
|
|
|
|
| Back to top |
|
|
Kolobos
Poziom 26
Joined: 13 Jun 2003
Posts: 26223
Location: Warszawa
|
#8
09 Apr 2009 12:14 Re: Wirusy(usunięte Rootkit.Win32.Agent, trojan Win32.Generi |
|
|
|
Juz wszystko wyglada ok.
|
|
| Back to top |
|
|
slimik
Poziom 8
Joined: 31 Mar 2009
Posts: 28
|
#9
09 Apr 2009 12:19 Re: Wirusy(usunięte Rootkit.Win32.Agent, trojan Win32.Generi |
|
|
|
dzieki za pomoc
|
|
| Back to top |
|
|
