Lunatic
(Rafal P66)
9 Listopad 2007 08:39
#1
Witam, poszukałam na forum podobny problem z trojanem REG/Zapchast trojan wykrytym przez NOD32. Niestety, w moim logu z HijackThis nie potrafię odszukać wpisu który należy usunąć. Nie wiem może popełniam błąd w skanowaniu (skan przy włączonym NOD32). Zapchast jest cały czas w kwarantannie. Bardzo proszę o pomoc.
Pozdrawiam
Log z HijackThis
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:34:23, on 2007-11-09 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\V0220Mon.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\verify.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM…\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [Windows 32-bit DLL Integrity Verifier] verify.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM…\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM…\Run: [egui] “C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice O4 - HKLM…\RunServices: [Windows 32-bit DLL Integrity Verifier] verify.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe – End of file - 5440 bytes
Gutek
(Gutek)
9 Listopad 2007 19:55
#2
przeskanuj plik C:\Windows\System32\ verify.exe na http://virusscan.jotti.org/
Daj log z ComboFix
Lunatic
(Rafal P66)
9 Listopad 2007 22:25
#3
log z ComboFix
ComboFix 07-11-08.1 - My 2007-11-09 23:11:21.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.281 [GMT 1:00] Running from: C:\Documents and Settings\My\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-10-09 to 2007-11-09 ))))))))))))))))))))))))))))))) . 2007-11-09 23:10 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-09 17:05 2007-11-09 17:04 2007-11-09 12:07 2007-11-08 23:01 2007-11-08 23:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-11-08 09:14 2007-11-07 21:22 2007-11-07 21:22 2007-11-07 21:22 2007-11-07 11:37 2007-11-07 11:35 1,985,024 --a------ C:\WINDOWS\system32\verify.exe 2007-11-07 11:19 2007-11-06 10:17 2007-11-05 21:45 2007-11-05 21:32 2007-11-05 21:08 2007-11-05 21:02 2007-11-05 21:01 2007-11-05 20:59 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:19 2007-11-05 19:53 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:47 2007-11-05 19:47 2007-11-05 19:06 2007-11-05 18:59 2007-11-05 18:59 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-11-05 18:59 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-11-05 18:59 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2007-11-05 18:59 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-11-05 18:34 2007-11-05 18:31 2007-11-05 18:31 2007-11-05 18:26 2007-11-05 18:26 2007-11-05 18:18 2007-11-05 18:17 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-11-05 18:01 2007-11-05 18:01 2007-11-05 17:50 1,156 --a------ C:\WINDOWS\mozver.dat 2007-11-05 17:37 2007-11-05 17:37 2007-11-05 17:37 2007-11-05 17:37 2007-11-05 17:35 2007-11-05 17:35 2007-11-05 17:33 2007-11-05 17:15 73,601 -ra------ C:\WINDOWS\system32\MSMD4W.dll 2007-11-05 17:15 30,030 -ra------ C:\WINDOWS\system32\MSMWUD7.DLL 2007-11-05 17:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-11-05 17:15 15,104 --a–c— C:\WINDOWS\system32\dllcache\usbscan.sys 2007-11-05 17:11 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-11-05 17:09 2007-11-05 17:09 2007-11-05 17:09 2007-11-05 16:56 0 --a------ C:\WINDOWS\nsreg.dat 2007-11-05 16:41 2007-11-05 16:41 545 --a------ C:\WINDOWS\UC.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\RAR.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\LHA.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\ARJ.PIF 2007-11-05 16:36 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys 2007-11-05 16:25 1,416 --a------ C:\WINDOWS\unins000.dat 2007-11-05 16:20 2007-11-05 16:19 2007-11-05 16:19 2007-11-05 15:49 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-05 15:49 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-05 15:49 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-11-05 15:48 6,058,496 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-05 15:48 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-05 15:48 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-11-05 15:48 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-05 15:48 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-11-05 15:27 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-05 17:44 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2007-11-05 12:54 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-11-05 11:49 --------- d-----w C:\Program Files\hp deskjet 3320 series 2007-11-05 11:49 --------- d-----w C:\Program Files\Hewlett-Packard 2007-11-05 11:35 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-05 11:33 --------- d-----w C:\Program Files\Usługi online 2007-09-21 10:24 43,520 ----a-w C:\WINDOWS\system32\drivers\fetnd5bv.sys 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-13 17:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll 2007-08-13 17:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll 2007-08-13 17:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll 2007-08-13 17:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll 2007-08-13 17:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll 2007-08-13 17:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll 2007-08-13 17:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll 2007-08-13 17:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe 2007-08-13 17:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe” [2002-11-04 20:11] “V0220Mon.exe”=“C:\WINDOWS\V0220Mon.exe” [2006-06-28 18:01] “Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 19:51] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] “Windows 32-bit DLL Integrity Verifier”=“verify.exe” [2007-11-06 22:13 C:\WINDOWS\system32\verify.exe] “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 15:57] “SecurDisc”=“C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe” [2007-06-25 08:47] “InCD”=“C:\Program Files\Nero\Nero 7\InCD\InCD.exe” [2007-06-25 08:47] “egui”=“C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” [2007-10-25 09:26] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-06-27 19:03] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “Windows 32-bit DLL Integrity Verifier”=verify.exe R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys R2 ekrn;Eset Service;“C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe” R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys R3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys S3 EhttpSrv;Eset HTTP Server;“C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe” *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-09 23:12:38 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-09 23:13:13 . — E O F —
a skan verify.exe prześlę jutro, ponieważ dzisiaj serwer virusscan.jotti jest zbyt obciążony
Złączono Posta : 10.11.2007 (Sob) 0:02
No w końcu udało się
File: verify.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before.
Therefore, this file's scan results will not be stored in the database)
MD5: d81cf5a8c7bd48b8b90144d53a70e2b0
Packers detected: -
Bit9 reports: File not found
A-Squared Found nothing
AntiVir Found HEUR/Crypted
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found IRC/BackDoor.SdBot3.UYT
BitDefender Found nothing
ClamAV Found PUA.Packed.Themida
CPsecure Found Packed.W32.Themida.x.a
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found SDBot.gen9
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Gutek
(Gutek)
10 Listopad 2007 00:30
#4
Wklej do Notatnika:
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2 " - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: * * Qoobox**.
Po tym nowy log z Combo
Lunatic
(Rafal P66)
10 Listopad 2007 13:20
#5
Teraz NOD32 już nie wyświetla komunikatu, a oto nowy log z Combo
ComboFix 07-11-08.1 - My 2007-11-10 14:13:25.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.227 [GMT 1:00] Running from: C:\Documents and Settings\My\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-10 to 2007-11-10 ))))))))))))))))))))))))))))))) . 2007-11-09 23:10 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-09 17:05 2007-11-09 17:04 2007-11-09 12:07 2007-11-08 23:01 2007-11-08 23:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-11-08 09:14 2007-11-07 21:22 2007-11-07 21:22 2007-11-07 21:22 2007-11-07 11:37 2007-11-07 11:19 2007-11-06 10:17 2007-11-05 21:45 2007-11-05 21:32 2007-11-05 21:08 2007-11-05 21:02 2007-11-05 21:01 2007-11-05 20:59 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 2007-11-05 20:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:53 2007-11-05 20:19 2007-11-05 19:53 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:50 2007-11-05 19:47 2007-11-05 19:47 2007-11-05 19:06 2007-11-05 18:59 2007-11-05 18:59 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-11-05 18:59 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-11-05 18:59 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2007-11-05 18:59 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-11-05 18:34 2007-11-05 18:31 2007-11-05 18:31 2007-11-05 18:26 2007-11-05 18:26 2007-11-05 18:18 2007-11-05 18:17 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-11-05 18:01 2007-11-05 18:01 2007-11-05 17:50 1,156 --a------ C:\WINDOWS\mozver.dat 2007-11-05 17:37 2007-11-05 17:37 2007-11-05 17:37 2007-11-05 17:37 2007-11-05 17:35 2007-11-05 17:35 2007-11-05 17:33 2007-11-05 17:15 73,601 -ra------ C:\WINDOWS\system32\MSMD4W.dll 2007-11-05 17:15 30,030 -ra------ C:\WINDOWS\system32\MSMWUD7.DLL 2007-11-05 17:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-11-05 17:15 15,104 --a–c— C:\WINDOWS\system32\dllcache\usbscan.sys 2007-11-05 17:11 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-11-05 17:09 2007-11-05 17:09 2007-11-05 17:09 2007-11-05 16:56 0 --a------ C:\WINDOWS\nsreg.dat 2007-11-05 16:41 2007-11-05 16:41 545 --a------ C:\WINDOWS\UC.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\RAR.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\LHA.PIF 2007-11-05 16:41 545 --a------ C:\WINDOWS\ARJ.PIF 2007-11-05 16:36 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys 2007-11-05 16:25 1,416 --a------ C:\WINDOWS\unins000.dat 2007-11-05 16:20 2007-11-05 16:19 2007-11-05 16:19 2007-11-05 15:49 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-05 15:49 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-05 15:49 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-11-05 15:48 6,058,496 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-05 15:48 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-05 15:48 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-11-05 15:48 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-05 15:48 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-11-05 15:27 2007-11-05 14:33 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-05 17:44 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2007-11-05 12:54 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-11-05 11:49 --------- d-----w C:\Program Files\hp deskjet 3320 series 2007-11-05 11:49 --------- d-----w C:\Program Files\Hewlett-Packard 2007-11-05 11:35 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-05 11:33 --------- d-----w C:\Program Files\Usługi online 2007-09-21 10:24 43,520 ----a-w C:\WINDOWS\system32\drivers\fetnd5bv.sys 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-13 17:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll 2007-08-13 17:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll 2007-08-13 17:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll 2007-08-13 17:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll 2007-08-13 17:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll 2007-08-13 17:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll 2007-08-13 17:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll 2007-08-13 17:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe 2007-08-13 17:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe” [2002-11-04 20:11] “V0220Mon.exe”=“C:\WINDOWS\V0220Mon.exe” [2006-06-28 18:01] “Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 19:51] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] “Windows 32-bit DLL Integrity Verifier”=“verify.exe” [] “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 15:57] “SecurDisc”=“C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe” [2007-06-25 08:47] “InCD”=“C:\Program Files\Nero\Nero 7\InCD\InCD.exe” [2007-06-25 08:47] “egui”=“C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” [2007-10-25 09:26] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-06-27 19:03] R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys R2 ekrn;Eset Service;“C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe” R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys R3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys S3 EhttpSrv;Eset HTTP Server;“C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe” . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-10 14:14:36 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-10 14:15:11 . — E O F —
Mam nadzieję że już po kłopocie. Serdeczne dzięki Gutek2222 ale sprawdź proszę jeszcze ten nowy log. Pozdrawiam.
Lunatic
(Rafal P66)
11 Listopad 2007 10:37
#7
Jeszcze raz wielkie dzięki, wszystko działa ok. Pozdrawiam, Lunatic (K)
Kaka2
(Kaka_117827603)
23 Listopad 2007 13:32
#8
djpuzon proszę nie podczepiać się pod tematy innych userów. Jak masz problem, załóż własny temat.