Wątki
C, D:\ji38j.exe


krzysieq - Sob Mar 20, 2010 9:05 pm
Witam dzisiejszego dnia pojawili mi się problem z avastem co chwile wykrywa mi wirusa ji83j.exe Win32:Rootkit-gen[Rtk] zamieszczam poniżej logi z OTL prosze o szybka pomoc.
OTL.txt http://www.wklej.eu/index.php?id=734e8a0e0c
Extras.txt http://www.wklej.eu/index.php?id=f0354eb598
http://wklej.org/id/301236/ < poprawka OTL



mati8898 - Nie Mar 21, 2010 8:03 am
Log OTL.txt ucięty, wrzuć go na http://wklej.org/


krzysieq - Nie Mar 21, 2010 3:44 pm

Log OTL.txt ucięty, wrzuć go na http://wklej.org/
http://wklej.org/id/301236/ < poprawka


mati8898 - Nie Mar 21, 2010 4:52 pm
Uruchom OTL w oknie Custom Scans/Fixes wklej:
:OTL
MOD - [2010-03-20 21:47:06 | 000,075,776 | RHS- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\cvasds0.dll
O4 - HKU\S-1-5-21-854245398-117609710-1417001333-500..\Run: [cdoosoft] C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\herss.exe ()
O32 - AutoRun File - [2010-03-20 21:54:23 | 000,000,057 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-03-20 21:54:26 | 000,000,057 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0759ba23-1a36-11df-ad49-001e8c0ec1e4}\Shell\AutoRun\command - "" = G:\ji83j.exe -- File not found
O33 - MountPoints2\{0759ba23-1a36-11df-ad49-001e8c0ec1e4}\Shell\open\Command - "" = G:\ji83j.exe -- File not found
O33 - MountPoints2\{b689fb54-1ac4-11df-ad4b-001e8c0ec1e4}\Shell\AutoRun\command - "" = G:\k1d.exe -- File not found
O33 - MountPoints2\{b689fb54-1ac4-11df-ad4b-001e8c0ec1e4}\Shell\open\Command - "" = G:\k1d.exe -- File not found

:Files
C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\cvasds0.dll
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=-
"KernelFaultCheck"=-
"nwiz"=-

:Commands
[emptytemp]



krzysieq - Pon Mar 22, 2010 6:11 pm
dzieki


mati8898 - Pon Mar 22, 2010 6:15 pm
A gdzie logi???
  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • szpetal.keep.pl
  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • funlifepok.htw.pl
    		•
    Sitedesign by AltusUmbrae.