Trojan C:\a.bat

Lunatic · 9 Listopad 2007 08:39

Witam, poszukałam na forum podobny problem z trojanem REG/Zapchast trojan wykrytym przez NOD32. Niestety, w moim logu z HijackThis nie potrafię odszukać wpisu który należy usunąć. Nie wiem może popełniam błąd w skanowaniu (skan przy włączonym NOD32). Zapchast jest cały czas w kwarantannie. Bardzo proszę o pomoc.

Pozdrawiam

Log z HijackThis

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:34:23, on 2007-11-09 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\V0220Mon.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\verify.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM…\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [Windows 32-bit DLL Integrity Verifier] verify.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM…\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM…\Run: [egui] “C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice O4 - HKLM…\RunServices: [Windows 32-bit DLL Integrity Verifier] verify.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe – End of file - 5440 bytes

Gutek · 9 Listopad 2007 19:55

przeskanuj plik C:\Windows\System32\ verify.exe na http://virusscan.jotti.org/

Daj log z ComboFix

Lunatic · 9 Listopad 2007 22:25

log z ComboFix

ComboFix 07-11-08.1 - My 2007-11-09 23:11:21.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.281 [GMT 1:00] Running from: C:\Documents and Settings\My\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-10-09 to 2007-11-09 ))))))))))))))))))))))))))))))) . 2007-11-09 23:10 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-09 17:05 2007-11-09 17:04 2007-11-09 12:07 2007-11-08 23:01 2007-11-08 23:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-11-08 09:14 2007-11-07 21:22 2007-11-07 21:22 2007-11-07 21:22 2007-11-07 11:37 2007-11-07 11:35 1,985,024 --a------ C:\WINDOWS\system32\verify.exe 2007-11-07 11:19 2007-11-06 10:17 2007-11-05 21:45 2007-11-05 21:32 2007-11-05 21:08 2007-11-05 21:02 2007-11-05 21:01 2007-11-05 20:59 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:19 2007-11-05 19:53 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:47 2007-11-05 19:47 2007-11-05 19:06 2007-11-05 18:59 2007-11-05 18:59 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-11-05 18:59 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-11-05 18:59 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2007-11-05 18:59 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-11-05 18:34 2007-11-05 18:31 2007-11-05 18:31 2007-11-05 18:26 2007-11-05 18:26 2007-11-05 18:18 2007-11-05 18:17 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-11-05 18:01 2007-11-05 18:01 2007-11-05 17:50 1,156 --a------ C:\WINDOWS\mozver.dat 2007-11-05 17:37 2007-11-05 17:37 2007-11-05 17:37 2007-11-05 17:37 2007-11-05 17:35 2007-11-05 17:35 2007-11-05 17:33 2007-11-05 17:15 73,601 -ra------ C:\WINDOWS\system32\MSMD4W.dll 2007-11-05 17:15 30,030 -ra------ C:\WINDOWS\system32\MSMWUD7.DLL 2007-11-05 17:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-11-05 17:15 15,104 --a–c— C:\WINDOWS\system32\dllcache\usbscan.sys 2007-11-05 17:11 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-11-05 17:09 2007-11-05 17:09 2007-11-05 17:09 2007-11-05 16:56 0 --a------ C:\WINDOWS\nsreg.dat 2007-11-05 16:41 2007-11-05 16:41 545 --a------ C:\WINDOWS\UC.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\RAR.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\LHA.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\ARJ.PIF 2007-11-05 16:36 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys 2007-11-05 16:25 1,416 --a------ C:\WINDOWS\unins000.dat 2007-11-05 16:20 2007-11-05 16:19 2007-11-05 16:19 2007-11-05 15:49 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-05 15:49 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-05 15:49 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-11-05 15:48 6,058,496 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-05 15:48 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-05 15:48 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-11-05 15:48 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-05 15:48 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-11-05 15:27 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-05 17:44 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2007-11-05 12:54 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-11-05 11:49 --------- d-----w C:\Program Files\hp deskjet 3320 series 2007-11-05 11:49 --------- d-----w C:\Program Files\Hewlett-Packard 2007-11-05 11:35 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-05 11:33 --------- d-----w C:\Program Files\Usługi online 2007-09-21 10:24 43,520 ----a-w C:\WINDOWS\system32\drivers\fetnd5bv.sys 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-13 17:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll 2007-08-13 17:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll 2007-08-13 17:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll 2007-08-13 17:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll 2007-08-13 17:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll 2007-08-13 17:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll 2007-08-13 17:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll 2007-08-13 17:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe 2007-08-13 17:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe” [2002-11-04 20:11] “V0220Mon.exe”=“C:\WINDOWS\V0220Mon.exe” [2006-06-28 18:01] “Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 19:51] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] “Windows 32-bit DLL Integrity Verifier”=“verify.exe” [2007-11-06 22:13 C:\WINDOWS\system32\verify.exe] “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 15:57] “SecurDisc”=“C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe” [2007-06-25 08:47] “InCD”=“C:\Program Files\Nero\Nero 7\InCD\InCD.exe” [2007-06-25 08:47] “egui”=“C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” [2007-10-25 09:26] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-06-27 19:03] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “Windows 32-bit DLL Integrity Verifier”=verify.exe R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys R2 ekrn;Eset Service;“C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe” R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys R3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys S3 EhttpSrv;Eset HTTP Server;“C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe” *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-09 23:12:38 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-09 23:13:13 . — E O F —

a skan verify.exe prześlę jutro, ponieważ dzisiaj serwer virusscan.jotti jest zbyt obciążony

Złączono Posta : 10.11.2007 (Sob) 0:02

No w końcu udało się

File: verify.exe

Status: INFECTED/MALWARE (Note: this file has been scanned before.

                  Therefore, this file's scan results will not be stored in the database)

MD5: d81cf5a8c7bd48b8b90144d53a70e2b0

Packers detected: -

Bit9 reports: File not found



A-Squared Found nothing

AntiVir Found HEUR/Crypted

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found IRC/BackDoor.SdBot3.UYT

BitDefender Found nothing

ClamAV Found PUA.Packed.Themida

CPsecure Found Packed.W32.Themida.x.a

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found SDBot.gen9

Panda Antivirus Found nothing

Rising Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

Gutek · 10 Listopad 2007 00:30

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

Lunatic · 10 Listopad 2007 13:20

Teraz NOD32 już nie wyświetla komunikatu, a oto nowy log z Combo

ComboFix 07-11-08.1 - My 2007-11-10 14:13:25.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.227 [GMT 1:00] Running from: C:\Documents and Settings\My\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 ))))))))))))))))))))))))))))))) . 2007-11-09 23:10 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-09 17:05 2007-11-09 17:04 2007-11-09 12:07 2007-11-08 23:01 2007-11-08 23:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-11-08 09:14 2007-11-07 21:22 2007-11-07 21:22 2007-11-07 21:22 2007-11-07 11:37 2007-11-07 11:19 2007-11-06 10:17 2007-11-05 21:45 2007-11-05 21:32 2007-11-05 21:08 2007-11-05 21:02 2007-11-05 21:01 2007-11-05 20:59 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:19 2007-11-05 19:53 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:47 2007-11-05 19:47 2007-11-05 19:06 2007-11-05 18:59 2007-11-05 18:59 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-11-05 18:59 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-11-05 18:59 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2007-11-05 18:59 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-11-05 18:34 2007-11-05 18:31 2007-11-05 18:31 2007-11-05 18:26 2007-11-05 18:26 2007-11-05 18:18 2007-11-05 18:17 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-11-05 18:01 2007-11-05 18:01 2007-11-05 17:50 1,156 --a------ C:\WINDOWS\mozver.dat 2007-11-05 17:37 2007-11-05 17:37 2007-11-05 17:37 2007-11-05 17:37 2007-11-05 17:35 2007-11-05 17:35 2007-11-05 17:33 2007-11-05 17:15 73,601 -ra------ C:\WINDOWS\system32\MSMD4W.dll 2007-11-05 17:15 30,030 -ra------ C:\WINDOWS\system32\MSMWUD7.DLL 2007-11-05 17:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-11-05 17:15 15,104 --a–c— C:\WINDOWS\system32\dllcache\usbscan.sys 2007-11-05 17:11 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-11-05 17:09 2007-11-05 17:09 2007-11-05 17:09 2007-11-05 16:56 0 --a------ C:\WINDOWS\nsreg.dat 2007-11-05 16:41 2007-11-05 16:41 545 --a------ C:\WINDOWS\UC.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\RAR.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\LHA.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\ARJ.PIF 2007-11-05 16:36 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys 2007-11-05 16:25 1,416 --a------ C:\WINDOWS\unins000.dat 2007-11-05 16:20 2007-11-05 16:19 2007-11-05 16:19 2007-11-05 15:49 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-05 15:49 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-05 15:49 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-11-05 15:48 6,058,496 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-05 15:48 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-05 15:48 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-11-05 15:48 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-05 15:48 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-11-05 15:27 2007-11-05 14:33 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-05 17:44 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2007-11-05 12:54 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-11-05 11:49 --------- d-----w C:\Program Files\hp deskjet 3320 series 2007-11-05 11:49 --------- d-----w C:\Program Files\Hewlett-Packard 2007-11-05 11:35 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-05 11:33 --------- d-----w C:\Program Files\Usługi online 2007-09-21 10:24 43,520 ----a-w C:\WINDOWS\system32\drivers\fetnd5bv.sys 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-13 17:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll 2007-08-13 17:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll 2007-08-13 17:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll 2007-08-13 17:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll 2007-08-13 17:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll 2007-08-13 17:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll 2007-08-13 17:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll 2007-08-13 17:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe 2007-08-13 17:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe” [2002-11-04 20:11] “V0220Mon.exe”=“C:\WINDOWS\V0220Mon.exe” [2006-06-28 18:01] “Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 19:51] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] “Windows 32-bit DLL Integrity Verifier”=“verify.exe” [] “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 15:57] “SecurDisc”=“C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe” [2007-06-25 08:47] “InCD”=“C:\Program Files\Nero\Nero 7\InCD\InCD.exe” [2007-06-25 08:47] “egui”=“C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” [2007-10-25 09:26] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-06-27 19:03] R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys R2 ekrn;Eset Service;“C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe” R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys R3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys S3 EhttpSrv;Eset HTTP Server;“C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe” . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-10 14:14:36 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-10 14:15:11 . — E O F —

Mam nadzieję że już po kłopocie. Serdeczne dzięki Gutek2222 ale sprawdź proszę jeszcze ten nowy log. Pozdrawiam.

Gutek · 10 Listopad 2007 23:48

Powinno być Ok

Lunatic · 11 Listopad 2007 10:37

Jeszcze raz wielkie dzięki, wszystko działa ok. Pozdrawiam, Lunatic (K)

Kaka2 · 23 Listopad 2007 13:32

djpuzon proszę nie podczepiać się pod tematy innych userów. Jak masz problem, załóż własny temat.