Skocz do zawartości
WAŻNE - Użytkownicy uprawnieni do pomocy
WAŻNE - Zakładanie tematu: obowiązkowe logi
Nadchodzące zmiany w logowaniu

Resztki WIN32.VIRUT.5

komar1993

Przez komar1993
w Dział pomocy doraźnej

Rekomendowane odpowiedzi

komar1993

komar1993

Opublikowano
Opublikowano (edytowane)

Witam

 

 

Proszę o pomoc w usunięciu resztek wirusa wymienionego w temacie.System został już przeskanowany programem

Dr.Web który wykrył około 1400 zainfekowanych plików tym wirusem i wyleczył je.Nie mniej jednak podejrzewam że nie wszystko

zostało wyleczone/usunięte ponieważ za każdym razem gdy uruchomi się system muszę ręcznie za pomocą menadżera zadań

odpalać proces explorer.exe gdyż automatycznie wraz ze startem systemu się nie uruchamia

 

Załączam tylko log z gmer gdyż w programie OTL przy skanowaniu pliku rejestru o nazwie winsock2 settings wyskakuje błąd.

Mogę dodać również log z combofix jeśli zajdzie taka potrzeba.

 

EDIT: Udało mi się zrobić log w OTLU który teraz dodaję

log.txt

OTL.Txt

Extras.Txt

Edytowane przez picasso
Posty połączone, zbędne logi usunięte. //picasso
Odnośnik do komentarza
Pomoc jest darmowa, ale proszę rozważ przekazanie dotacji na utrzymanie serwisu: klik.
picasso

picasso

Opublikowano
Opublikowano

Log z GMER został zrobiony w złych warunkach, przy czynnym emulatorze napędów wirtualnych.

 

 

Dr.Web który wykrył około 1400 zainfekowanych plików tym wirusem i wyleczył je.Nie mniej jednak podejrzewam że nie wszystko

zostało wyleczone/usunięte ponieważ za każdym razem gdy uruchomi się system muszę ręcznie za pomocą menadżera zadań

odpalać proces explorer.exe gdyż automatycznie wraz ze startem systemu się nie uruchamia

 

Leczenie Virut w określonych warunkach skutkuje uszkodzeniem plików wykonywalnych. I tak może się okazać konieczne nadpisanie plików Windows i przeinstalowanie programów ... W Twoim logu z OTL widać w sekcji Files - Modified Within 30 Days, że explorer.exe i wiele innych plików systemowych (a nie wiadomo jak wiele, gdyż logi są bardzo ograniczone) są co dopiero odświeżone, a niektóre nawet nie mają sygnatury MS:

 

 

========== Files - Modified Within 30 Days ==========

 

[2012-07-01 15:21:38 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logon.scr

[2012-07-01 14:31:47 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\findstr.exe

[2012-07-01 13:57:54 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvr32.exe

[2012-07-01 13:47:01 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

[2012-07-01 13:39:34 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe

[2012-06-30 12:20:28 | 000,286,208 | ---- | M] () -- C:\WINDOWS\winhlp32.exe

[2012-06-30 12:20:27 | 000,398,336 | ---- | M] () -- C:\WINDOWS\unflash.exe

[2012-06-30 12:20:25 | 000,015,872 | ---- | M] () -- C:\WINDOWS\taskman.exe

[2012-06-30 12:20:23 | 000,036,352 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\qfecheck.exe

[2012-06-30 12:20:20 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe

[2012-06-30 12:20:20 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0260Cfg.exe

[2012-06-30 12:20:18 | 000,090,112 | ---- | M] (Software Design) -- C:\WINDOWS\SDUnInst.exe

[2012-06-30 12:20:18 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE

[2012-06-30 12:20:16 | 000,306,688 | ---- | M] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe

[2012-06-30 12:20:15 | 000,090,112 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\CtDrvIns.exe

[2012-06-30 12:20:15 | 000,041,984 | ---- | M] (Creative Technology Ltd ) -- C:\WINDOWS\Ctregrun.exe

[2012-06-30 12:20:14 | 000,278,528 | ---- | M] (C-Media Corporation) -- C:\WINDOWS\CmiPCIUninstall.exe

[2012-06-28 15:42:50 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xcopy.exe

[2012-06-28 15:42:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\System32\wupdmgr.exe

[2012-06-28 15:42:42 | 000,169,472 | ---- | M] () -- C:\WINDOWS\System32\wuauclt1.exe

[2012-06-28 15:42:35 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpnpinst.exe

[2012-06-28 15:42:32 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpdshextautoplay.exe

[2012-06-28 15:42:30 | 000,032,768 | ---- | M] () -- C:\WINDOWS\System32\wpabaln.exe

[2012-06-28 15:42:20 | 000,006,144 | ---- | M] () -- C:\WINDOWS\System32\winver.exe

[2012-06-28 15:42:18 | 000,012,288 | ---- | M] () -- C:\WINDOWS\System32\winmsd.exe

[2012-06-28 15:42:15 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WinFXDocObj.exe

[2012-06-28 15:42:13 | 000,436,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wiaacmgr.exe

[2012-06-28 15:42:12 | 000,066,560 | ---- | M] () -- C:\WINDOWS\System32\wextract.exe

[2012-06-28 15:42:08 | 000,051,712 | ---- | M] () -- C:\WINDOWS\System32\w32tm.exe

[2012-06-28 15:42:07 | 000,292,352 | ---- | M] () -- C:\WINDOWS\System32\vssvc.exe

[2012-06-28 15:42:06 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vssadmin.exe

[2012-06-28 15:42:05 | 000,102,912 | ---- | M] () -- C:\WINDOWS\System32\verifier.exe

[2012-06-28 15:42:02 | 000,020,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\V0260Srv.exe

[2012-06-28 15:42:00 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uwdf.exe

[2012-06-28 15:41:58 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\utilman.exe

[2012-06-28 15:41:56 | 000,069,632 | ---- | M] ( U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrshuta.exe

[2012-06-28 15:41:55 | 000,061,440 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrprbda.exe

[2012-06-28 15:41:54 | 000,077,824 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrmlnka.exe

[2012-06-28 15:41:53 | 000,027,136 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe

[2012-06-28 15:41:51 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\upnpcont.exe

[2012-06-28 15:41:50 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\unlodctr.exe

[2012-06-28 15:41:49 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\typeperf.exe

[2012-06-28 15:41:48 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe

[2012-06-28 15:41:47 | 000,016,896 | ---- | M] () -- C:\WINDOWS\System32\tskill.exe

[2012-06-28 15:41:47 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe

[2012-06-28 15:41:47 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe

[2012-06-28 15:41:46 | 000,032,768 | ---- | M] () -- C:\WINDOWS\System32\tracert6.exe

[2012-06-28 15:41:46 | 000,013,312 | ---- | M] () -- C:\WINDOWS\System32\tracert.exe

[2012-06-28 15:41:45 | 000,347,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tourstart.exe

[2012-06-28 15:41:45 | 000,260,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tracerpt.exe

[2012-06-28 15:41:44 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntsess.exe

[2012-06-28 15:41:44 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntadmn.exe

[2012-06-28 15:41:43 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tftp.exe

[2012-06-28 15:41:42 | 000,078,848 | ---- | M] () -- C:\WINDOWS\System32\telnet.exe

[2012-06-28 15:41:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcmsetup.exe

[2012-06-28 15:41:40 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tasklist.exe

[2012-06-28 15:41:39 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskkill.exe

[2012-06-28 15:41:38 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\systeminfo.exe

[2012-06-28 15:41:38 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\systray.exe

[2012-06-28 15:41:36 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\syskey.exe

[2012-06-28 15:41:35 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\syncapp.exe

[2012-06-28 15:41:34 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\subst.exe

[2012-06-28 15:41:33 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\stimon.exe

[2012-06-28 15:41:32 | 000,679,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sstext3d.scr

[2012-06-28 15:41:31 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sspipes.scr

[2012-06-28 15:41:31 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssstars.scr

[2012-06-28 15:41:30 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmyst.scr

[2012-06-28 15:41:28 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmypics.scr

[2012-06-28 15:41:27 | 000,393,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssflwbox.scr

[2012-06-28 15:41:27 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmarque.scr

[2012-06-28 15:41:26 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssbezier.scr

[2012-06-28 15:41:25 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ss3dfo.scr

[2012-06-28 15:41:22 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spiisupd.exe

[2012-06-28 15:41:22 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spnpinst.exe

[2012-06-28 15:41:21 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sort.exe

[2012-06-28 15:41:20 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\smbinst.exe

[2012-06-28 15:41:19 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\skeys.exe

[2012-06-28 15:41:17 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sigverif.exe

[2012-06-28 15:41:16 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shrpubw.exe

[2012-06-28 15:41:16 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shutdown.exe

[2012-06-28 15:41:15 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shmgrate.exe

[2012-06-28 15:41:13 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe

[2012-06-28 15:41:11 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe

[2012-06-28 15:41:09 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\setup.exe

[2012-06-28 15:41:08 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sethc.exe

[2012-06-28 15:41:04 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\secedit.exe

[2012-06-28 15:41:02 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\schtasks.exe

[2012-06-28 15:41:02 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\scrnsave.scr

[2012-06-28 15:41:01 | 000,098,816 | ---- | M] () -- C:\WINDOWS\System32\scardsvr.exe

[2012-06-28 15:41:00 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sc.exe

[2012-06-28 15:41:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe

[2012-06-28 15:40:59 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe

[2012-06-28 15:40:58 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\runas.exe

[2012-06-28 15:40:58 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\runonce.exe

[2012-06-28 15:40:57 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rtcshare.exe

[2012-06-28 15:40:56 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsnotify.exe

[2012-06-28 15:40:56 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsopprov.exe

[2012-06-28 15:40:55 | 000,049,664 | ---- | M] () -- C:\WINDOWS\System32\rsmui.exe

[2012-06-28 15:40:54 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsmsink.exe

[2012-06-28 15:40:53 | 000,054,784 | ---- | M] () -- C:\WINDOWS\System32\rsm.exe

[2012-06-28 15:40:53 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsh.exe

[2012-06-28 15:40:52 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\routemon.exe

[2012-06-28 15:40:52 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\route.exe

[2012-06-28 15:40:51 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rexec.exe

[2012-06-28 15:40:50 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\relog.exe

[2012-06-28 15:40:50 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\replace.exe

[2012-06-28 15:40:50 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe

[2012-06-28 15:40:49 | 000,004,608 | ---- | M] (Microsoft) -- C:\WINDOWS\System32\regwiz.exe

[2012-06-28 15:40:48 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\reg.exe

[2012-06-28 15:40:48 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe

[2012-06-28 15:40:48 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regedt32.exe

[2012-06-28 15:40:47 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe

[2012-06-28 15:40:47 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe

[2012-06-28 15:40:47 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\recover.exe

[2012-06-28 15:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe

[2012-06-28 15:40:45 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rcimlby.exe

[2012-06-28 15:40:45 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rcp.exe

[2012-06-28 15:40:43 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasphone.exe

[2012-06-28 15:40:42 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasdial.exe

[2012-06-28 15:40:42 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasautou.exe

[2012-06-28 15:40:41 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe

[2012-06-28 15:40:40 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe

[2012-06-28 15:40:39 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe

[2012-06-28 15:40:37 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe

[2012-06-28 15:40:37 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\proxycfg.exe

[2012-06-28 15:40:36 | 000,109,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\progman.exe

[2012-06-28 15:40:35 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\print.exe

[2012-06-28 15:40:34 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\powercfg.exe

[2012-06-28 15:40:31 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ping6.exe

[2012-06-28 15:40:31 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ping.exe

[2012-06-28 15:40:30 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\perfmon.exe

[2012-06-28 15:40:29 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pathping.exe

[2012-06-28 15:40:29 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pentnt.exe

[2012-06-28 15:40:28 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\packager.exe

[2012-06-28 15:40:27 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\osk.exe

[2012-06-28 15:40:27 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\osuninst.exe

[2012-06-28 15:40:26 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\openfiles.exe

[2012-06-28 15:40:20 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nwscript.exe

[2012-06-28 15:40:19 | 000,442,368 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvusmu.exe

[2012-06-28 15:40:18 | 000,442,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvunrm.exe

[2012-06-28 15:40:03 | 000,421,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe

[2012-06-28 15:39:59 | 001,222,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntbackup.exe

[2012-06-28 15:39:59 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe

[2012-06-28 15:39:56 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netsh.exe

[2012-06-28 15:39:56 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netstat.exe

[2012-06-28 15:39:55 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netsetup.exe

[2012-06-28 15:39:53 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\net1.exe

[2012-06-28 15:39:53 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\net.exe

[2012-06-28 15:39:52 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nddeapir.exe

[2012-06-28 15:39:50 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nbtstat.exe

[2012-06-28 15:39:49 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe

[2012-06-28 15:39:49 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\narrator.exe

[2012-06-28 15:39:38 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe

[2012-06-28 15:39:37 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msswchx.exe

[2012-06-28 15:39:33 | 000,345,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe

[2012-06-28 15:39:25 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe

[2012-06-28 15:39:25 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe

[2012-06-28 15:39:14 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mrinfo.exe

[2012-06-28 15:39:12 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqbkup.exe

[2012-06-28 15:39:11 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mpnotify.exe

[2012-06-28 15:39:10 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mountvol.exe

[2012-06-28 15:39:09 | 000,144,384 | ---- | M] () -- C:\WINDOWS\System32\mobsync.exe

[2012-06-28 15:39:07 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe

[2012-06-28 15:39:04 | 001,415,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mmc.exe

[2012-06-28 15:38:55 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\magnify.exe

[2012-06-28 15:38:55 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\makecab.exe

[2012-06-28 15:38:54 | 000,008,704 | ---- | M] () -- C:\WINDOWS\System32\lpr.exe

[2012-06-28 15:38:54 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lpq.exe

[2012-06-28 15:38:52 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logman.exe

[2012-06-28 15:38:52 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe

[2012-06-28 15:38:51 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lodctr.exe

[2012-06-28 15:38:50 | 000,027,136 | ---- | M] () -- C:\WINDOWS\System32\lnkstub.exe

[2012-06-28 15:38:48 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\label.exe

[2012-06-28 15:38:38 | 000,053,760 | ---- | M] () -- C:\WINDOWS\System32\ipv6.exe

[2012-06-28 15:38:38 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\ipxroute.exe

[2012-06-28 15:38:37 | 000,045,568 | ---- | M] () -- C:\WINDOWS\System32\ipsec6.exe

[2012-06-28 15:38:36 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipconfig.exe

[2012-06-28 15:38:31 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iexpress.exe

[2012-06-28 15:38:30 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe

[2012-06-28 15:38:27 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe

[2012-06-28 15:38:22 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe

[2012-06-28 15:38:20 | 000,061,440 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZinw12.exe

[2012-06-28 15:38:17 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\hostname.exe

[2012-06-28 15:38:16 | 000,016,384 | ---- | M] () -- C:\WINDOWS\System32\help.exe

[2012-06-28 15:38:14 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gpupdate.exe

[2012-06-28 15:38:14 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\grpconv.exe

[2012-06-28 15:38:13 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gpresult.exe

[2012-06-28 15:38:12 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\getmac.exe

[2012-06-28 15:38:10 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe

[2012-06-28 15:38:09 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fsquirt.exe

[2012-06-28 15:38:09 | 000,063,488 | ---- | M] () -- C:\WINDOWS\System32\fsutil.exe

[2012-06-28 15:38:08 | 000,022,016 | ---- | M] () -- C:\WINDOWS\System32\fontview.exe

[2012-06-28 15:38:08 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\forcedos.exe

[2012-06-28 15:38:06 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe

[2012-06-28 15:38:06 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fixmapi.exe

[2012-06-28 15:38:05 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\finger.exe

[2012-06-28 15:38:05 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\find.exe

[2012-06-28 15:38:04 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fc.exe

[2012-06-28 15:38:03 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\extrac32.exe

[2012-06-28 15:38:02 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\expand.exe

[2012-06-28 15:38:01 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventvwr.exe

[2012-06-28 15:38:00 | 000,086,528 | ---- | M] () -- C:\WINDOWS\System32\eventtriggers.exe

[2012-06-28 15:38:00 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventcreate.exe

[2012-06-28 15:37:59 | 000,194,560 | ---- | M] () -- C:\WINDOWS\System32\eudcedit.exe

[2012-06-28 15:37:59 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\esentutl.exe

[2012-06-28 15:37:55 | 001,302,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdiag.exe

[2012-06-28 15:37:54 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dwwin.exe

[2012-06-28 15:37:53 | 000,018,432 | ---- | M] () -- C:\WINDOWS\System32\dvdupgrd.exe

[2012-06-28 15:37:49 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drwtsn32.exe

[2012-06-28 15:37:48 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drmupgds.exe

[2012-06-28 15:37:47 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\driverquery.exe

[2012-06-28 15:37:46 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvsetup.exe

[2012-06-28 15:37:45 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnsvr.exe

[2012-06-28 15:37:44 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dplaysvr.exe

[2012-06-28 15:37:42 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\doskey.exe

[2012-06-28 15:37:40 | 000,016,384 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\System32\dmremote.exe

[2012-06-28 15:37:39 | 000,225,792 | ---- | M] () -- C:\WINDOWS\System32\dmadmin.exe

[2012-06-28 15:37:38 | 000,018,944 | ---- | M] () -- C:\WINDOWS\System32\diskperf.exe

[2012-06-28 15:37:38 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllhst3g.exe

[2012-06-28 15:37:37 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\diskpart.exe

[2012-06-28 15:37:36 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\diantz.exe

[2012-06-28 15:37:34 | 000,105,984 | ---- | M] (Microsoft Corp. i Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgntfs.exe

[2012-06-28 15:37:33 | 000,082,944 | ---- | M] (Microsoft Corp. i Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgfat.exe

[2012-06-28 15:37:30 | 000,031,232 | ---- | M] () -- C:\WINDOWS\System32\ddeshare.exe

[2012-06-28 15:37:30 | 000,025,088 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\defrag.exe

[2012-06-28 15:37:29 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe

[2012-06-28 15:37:00 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cscript.exe

[2012-06-28 15:36:59 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\convert.exe

[2012-06-28 15:36:59 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\control.exe

[2012-06-28 15:36:58 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe

[2012-06-28 15:36:57 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\compact.exe

[2012-06-28 15:36:56 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\comp.exe

[2012-06-28 15:36:54 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmstp.exe

[2012-06-28 15:36:53 | 000,039,936 | ---- | M] () -- C:\WINDOWS\System32\cmmon32.exe

[2012-06-28 15:36:52 | 000,548,864 | R--- | M] () -- C:\WINDOWS\System32\Cmeaupci.exe

[2012-06-28 15:36:51 | 000,026,112 | ---- | M] () -- C:\WINDOWS\System32\cmdl32.exe

[2012-06-28 15:36:50 | 000,396,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe

[2012-06-28 15:36:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cleanmgr.exe

[2012-06-28 15:36:47 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ckcnv.exe

[2012-06-28 15:36:46 | 000,057,344 | ---- | M] () -- C:\WINDOWS\System32\cipher.exe

[2012-06-28 15:36:46 | 000,008,704 | ---- | M] () -- C:\WINDOWS\System32\cidaemon.exe

[2012-06-28 15:36:45 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\chkdsk.exe

[2012-06-28 15:36:45 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\chkntfs.exe

[2012-06-28 15:36:42 | 000,021,504 | ---- | M] () -- C:\WINDOWS\System32\cacls.exe

[2012-06-28 15:36:39 | 000,155,136 | ---- | M] () -- C:\WINDOWS\System32\bootcfg.exe

[2012-06-28 15:36:39 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\blastcln.exe

[2012-06-28 15:36:39 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\bootvrfy.exe

[2012-06-28 15:36:39 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\bootok.exe

[2012-06-28 15:36:35 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\auditusr.exe

[2012-06-28 15:36:34 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\attrib.exe

[2012-06-28 15:36:34 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\atmadm.exe

 

 

 

Skoro jest problem ze startem powłoki = conajmniej explorer.exe jest uszkodzony, z pewnością kilka innych plików (brak sygnatur) i nie wiadomo co jeszcze. Przy tego typu infekcji, mimo pozornego wyleczenie, sugeruję mimo wszystko format i reinstalację Windows, gdyż nie jest tu i tak znany zakres naruszeń i podmiany uszkodzonych plików Windows + reinstalacje mogą się okazać czasochłonne i nieopłacalne, a wynikowa postać Windows daleka od pożądanej i w pełni sprawnej.

 

 

 

.

Odnośnik do komentarza
Gość
Ten temat został zamknięty. Brak możliwości dodania odpowiedzi.
Tematy

  • Ostatnio przeglądający   0 użytkowników

    • Brak zarejestrowanych użytkowników przeglądających tę stronę.
×
×
  • Dodaj nową pozycję...