l3ol3a

Super... Windows dzialal, ale dlogo siec sie ladowala... a teraz nawet nie zdarze otworzyc jakiegos folderu bo juz sie zawiesza...? Gdzie szukac teraz pomocy!?

Teraz system się zawiesza na czystym pulpicie... W trybie awaryjnym też... Udało mi się odpalić livecd linuxa... ale nie wiem co mam teraz robić... nawet jak odpalę menadżera zadań to chwilkę pochodzi i zawiesza się całość z ikonką klepsydry...

Co robić?!

@up

VBA nie wykrył tego Rootkita, więc w tej chwili nie masz żadnej infekcji (o ile Twój Antivirus nic nie wykrywa!).

Miałem jakąś badziewną infekcje na pendrive... ale Zone Alarm skutecznie zablokował a NOD usuną.

system32\drivers\ctooygap.sys

Nie wiem czemu ale nie ma już takiego pliku - albo go nie widać :?


Nie wiem... może to coś z sterownikami karty sieciowej (chociaż przywróciłem sterownik), albo z Tym nieszczęsnym Hamachi?

ps... zauważyłem też że miałem otwarty DCOM RPC

Proszę...
http://ippx.ip.funpic.de/Vba32ArkitLog.html

Usuwanie:

All processes killed
========== OTL ==========
Service OMSI download service stopped successfully!
Service OMSI download service deleted successfully!
Service CesarFTP stopped successfully!
Service CesarFTP deleted successfully!
Service Bonjour Service stopped successfully!
Service Bonjour Service deleted successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nod32kui deleted successfully.
C:\Documents and Settings\All Users\Dane aplikacji\hpeDE.dll moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: Admin
->Flash cache emptied: 2128945 bytes
 
User: Administrator
->Flash cache emptied: 620 bytes
 
User: All Users
 
User: Ann
->Flash cache emptied: 1048 bytes
 
User: Default User
 
User: Gość
->Flash cache emptied: 516 bytes
 
User: LocalService
 
User: M2
->Flash cache emptied: 348 bytes
 
User: NetworkService
->Flash cache emptied: 875 bytes
 
User: Darek
->Flash cache emptied: 405 bytes
 
Total Flash Files Cleaned = 2,00 mb
 
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 90084792 bytes
->Temporary Internet Files folder emptied: 29124943 bytes
->Java cache emptied: 128942775 bytes
->FireFox cache emptied: 57176957 bytes
->Flash cache emptied: 0 bytes
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Ann
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gość
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: M2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes
 
User: Darek
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3430312 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66560 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 295,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04162011_134335

Files\Folders moved on Reboot...
C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\~DF1F49.tmp moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_278.dat moved successfully.
C:\WINDOWS\temp\ZLT05161.TMP moved successfully.

Registry entries deleted on Reboot...

Nowy Log:
http://wklej.org/id/513661/

http://wklej.org/id/513662/

Gmer się zawiesił po wciśnięciu Save... To co z niego zostało:

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-16 12:34:02
Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3 WDC_WD800JD-75MSA3 rev.10.01E04
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\pwldapog.sys


---- Devices - GMER 1.0.15 ----

Device          \Driver\atapi \Device\Ide\IdePort0                        875CC8E0
Device          \Driver\atapi \Device\Ide\IdePort1                        875CC8E0
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e               875CC8E0
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3               875CC8E0
Device          \Driver\VClone \Device\Scsi\VClone1                       871EA340
Device          \Driver\VClone \Device\Scsi\VClone1Port2Path0Target0Lun0  871EA340

AttachedDevice  \FileSystem\Ntfs \Ntfs                                    eamon.sys (Amon monitor/ESET)
AttachedDevice  \FileSystem\Fastfat \Fat                                  eamon.sys (Amon monitor/ESET)

Device          \Driver\Tcpip \Device\Ip                                  vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device          \Driver\Tcpip \Device\Tcp                                 vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device          \Driver\Tcpip \Device\Udp                                 vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device          \Driver\Tcpip \Device\RawIp                               vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- EOF - GMER 1.0.15 ----

Teraz system zamykał się około 30 minut po czym zrobił się czarny ekran i nic... - musiałem go zrestartować z przcisku... Po wykonaniu skryptu z OTL też tak było :?
Dodatkowo zainstalowałem najnowszą wersję przeglądarki i usunąłem wszystkie jej dodatki i pluginy...

ps... wykonałem jeszcze Silenrunners
http://wklej.org/id/513681/

Wydawało mi się, że usuwałem Hamachi2Svc ?!