PROBLEM Z TROJAN-SPY.WIN32@mx

raafa · 24 Październik 2007 12:27

witam przesyłam loga do oceny bo mam troche problemu z tymi wirusami. Dziekuje za szybka odpowiedź

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:44:46, on 2007-10-24

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\Explorer.EXE

C:\Program Files\Video Add-on\icthis.exe

C:\Program Files\Video Add-on\isfmntr.exe

D:\mks_vir 2k7\bin\mkstray.exe

C:\Program Files\Video Add-on\isfmm.exe

C:\Program Files\Video Add-on\icmntr.exe

D:\mks_vir 2k7\bin\mks_mail.exe

D:\mks_vir 2k7\bin\mksregmon.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe

D:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Video Add-on\isfmdl.dll

O2 - BHO: (no name) - {F6104497-54FD-4688-9162-5115CC8AB0FB} - (no file)

O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM…\Run: [mkstray] D:\mks_vir 2k7\bin\mkstray.exe

O4 - HKLM…\Run: [mks_mail] D:\mks_vir 2k7\bin\mks_mail.exe

O4 - HKLM…\Run: [MKSRegmon] D:\mks_vir 2k7\bin\mksregmon.exe

O4 - HKLM…\Run: [spywareTerminator] “C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe”

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [QuickTime Task] “D:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe

O4 - HKLM…\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: d:\mks_vir 2k7\bin\mkslsp.dll

O17 - HKLM\System\CCS\Services\Tcpip…{9A6C0F3E-3545-4CCA-B546-CA7ABDD7D191}: NameServer = 194.24.244.3,194.24.244.4

O17 - HKLM\System\CCS\Services\Tcpip…{DCC97D9A-5127-43F2-AEDD-E622BD5AAAEF}: NameServer = 194.24.244.3,194.24.244.4

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O22 - SharedTaskScheduler: bosken - {d1e5ca97-235e-4ff0-9b92-7543c9d61ff4} - (no file)

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe

O23 - Service: MksFwall - MKS Sp z o.o. - D:\mks_vir 2k7\bin\MksFwall.exe

O23 - Service: MksPC - Unknown owner - D:\mks_vir 2k7\bin\MksPC.exe

O23 - Service: MksUpdate - MKS Sp. z o. o. - D:\mks_vir 2k7\bin\mksupdate.exe

O23 - Service: mks_vir file monitor (MksVirMonSvc) - Unknown owner - D:\mks_vir 2k7\bin\mksvirmonsvc.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: Softex WinRoute Service (WinRServ) - Unknown owner - C:\Program Files\Softex\winroute\WinRServ.exe

–

End of file - 6661 bytes

Złączono Posta : 24.10.2007 (Sro) 14:43

problemem jest wyskakujące okienko na pasku na dole o trojanie, odsyłanie do stron z antywirusami, spowolnienie kompa i połączenia z internetem. Ogólnie żle

Złączono Posta : 24.10.2007 (Sro) 14:46

to jest log zaznaczony juz tagiem…przepraszam ale nie jestem zbyt biegły

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:44:46, on 2007-10-24 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\Explorer.EXE C:\Program Files\Video Add-on\icthis.exe C:\Program Files\Video Add-on\isfmntr.exe D:\mks_vir 2k7\bin\mkstray.exe C:\Program Files\Video Add-on\isfmm.exe C:\Program Files\Video Add-on\icmntr.exe D:\mks_vir 2k7\bin\mks_mail.exe D:\mks_vir 2k7\bin\mksregmon.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe D:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Video Add-on\isfmdl.dll O2 - BHO: (no name) - {F6104497-54FD-4688-9162-5115CC8AB0FB} - (no file) O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [mkstray] D:\mks_vir 2k7\bin\mkstray.exe O4 - HKLM…\Run: [mks_mail] D:\mks_vir 2k7\bin\mks_mail.exe O4 - HKLM…\Run: [MKSRegmon] D:\mks_vir 2k7\bin\mksregmon.exe O4 - HKLM…\Run: [spywareTerminator] “C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [QuickTime Task] “D:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe O4 - HKLM…\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: d:\mks_vir 2k7\bin\mkslsp.dll O10 - Unknown file in Winsock LSP: d:\mks_vir 2k7\bin\mkslsp.dll O10 - Unknown file in Winsock LSP: d:\mks_vir 2k7\bin\mkslsp.dll O10 - Unknown file in Winsock LSP: d:\mks_vir 2k7\bin\mkslsp.dll O17 - HKLM\System\CCS\Services\Tcpip…{9A6C0F3E-3545-4CCA-B546-CA7ABDD7D191}: NameServer = 194.24.244.3,194.24.244.4 O17 - HKLM\System\CCS\Services\Tcpip…{DCC97D9A-5127-43F2-AEDD-E622BD5AAAEF}: NameServer = 194.24.244.3,194.24.244.4 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O22 - SharedTaskScheduler: bosken - {d1e5ca97-235e-4ff0-9b92-7543c9d61ff4} - (no file) O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: MksFwall - MKS Sp z o.o. - D:\mks_vir 2k7\bin\MksFwall.exe O23 - Service: MksPC - Unknown owner - D:\mks_vir 2k7\bin\MksPC.exe O23 - Service: MksUpdate - MKS Sp. z o. o. - D:\mks_vir 2k7\bin\mksupdate.exe O23 - Service: mks_vir file monitor (MksVirMonSvc) - Unknown owner - D:\mks_vir 2k7\bin\mksvirmonsvc.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Softex WinRoute Service (WinRServ) - Unknown owner - C:\Program Files\Softex\winroute\WinRServ.exe – End of file - 6661 bytes

jessica · 24 Październik 2007 12:56

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb O2 - BHO: (no name) - {F6104497-54FD-4688-9162-5115CC8AB0FB} - (no file) O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe O4 - HKLM…\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked.

Ściągnij -->ComboFix.

Wklej do Notatnika :

File::

C:\Program Files\Video Add-on\isfmdl.dll

C:\Program Files\Video Add-on\icthis.exe

C:\Program Files\Video Add-on\isfmntr.exe


Folder::

C:\Program Files\Video Add-on


Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] 

"{d1e5ca97-235e-4ff0-9b92-7543c9d61ff4}"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CFE15135-C591-4000-A55E-A50E5F9F82BC}]

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Daj ten log z ComboFixa.

jessi

raafa · 24 Październik 2007 15:08

daje loga z combo fix

ComboFix 07-10-23.1 - rafa1983 2007-10-24 16:04:33.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.205 [GMT 2:00] Running from: C:\Documents and Settings\Przemek\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\Przemek\Pulpit\CFScript.txt FILE:: C:\Program Files\Video Add-on\icthis.exe C:\Program Files\Video Add-on\isfmdl.dll C:\Program Files\Video Add-on\isfmntr.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Video Add-on\icmntr.exe C:\Program Files\Video Add-on\icthis.exe C:\Program Files\Video Add-on\ictmdl.dll C:\Program Files\Video Add-on\ictun.exe C:\Program Files\Video Add-on\icun.exe C:\Program Files\Video Add-on\isfmdl.dll C:\Program Files\Video Add-on\isfmm.exe C:\Program Files\Video Add-on\isfmntr.exe C:\Program Files\Video Add-on\isfun.exe C:\Program Files\Video Add-on\ot.ico C:\Program Files\Video Add-on\ts.ico C:\Program Files\Video Add-on\uninst.exe C:\Program Files\Video Add-on . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_POWERMANAGER ((((((((((((((((((((((((( Files Created from 2007-09-24 to 2007-10-24 ))))))))))))))))))))))))))))))) . 2007-10-24 16:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-24 15:59 2007-10-24 13:38 2007-10-19 19:44 2007-10-18 21:34 2007-10-18 21:33 2007-10-18 20:28 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2007-10-18 20:23 2007-10-18 20:23 2007-10-18 20:21 990 --a------ C:\WINDOWS\unins000.dat 2007-10-18 17:42 2007-10-18 17:38 2007-10-18 14:08 2007-10-17 23:40 2007-10-16 21:21 2007-10-09 20:00 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-09-30 00:11 2007-09-28 19:48 2007-09-28 19:29 2007-09-28 19:28 2007-09-28 13:57 550 --a------ C:\WINDOWS\mozver.dat 2007-09-28 13:49 0 --a------ C:\WINDOWS\nsreg.dat 2007-09-27 20:18 2007-09-27 16:21 2007-09-27 15:32 2007-09-25 17:19 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-24 14:50 2,883,584 ----a-w C:\Documents and Settings\rafał1983\NTUSER.DAT 2007-10-21 17:55 2,359,296 —ha-w C:\Documents and Settings\OLEŃKA\ntuser.dat 2007-10-17 19:20 786,432 —ha-w C:\Documents and Settings\Gość\NTUSER.DAT 2007-09-19 17:46 --------- d-----w C:\Documents and Settings\OLEŃKA\Dane aplikacji\Gadu-Gadu 2007-09-13 22:12 --------- d-----w C:\Documents and Settings\rafał1983\Dane aplikacji\Macromedia 2007-09-13 21:35 --------- d-----w C:\Documents and Settings\Gość\Dane aplikacji\Identities 2007-09-13 18:24 --------- d-----w C:\Documents and Settings\OLEŃKA\Dane aplikacji\Adobe 2007-09-07 18:23 --------- d-----w C:\Documents and Settings\OLEŃKA\Dane aplikacji\Sun 2007-09-04 16:19 --------- d-----w C:\Program Files\Yahoo! 2007-09-04 00:52 --------- d-----w C:\Documents and Settings\rafał1983\Dane aplikacji\Apple Computer 2007-09-04 00:41 --------- d-----w C:\Program Files\Apple Software Update 2007-09-01 18:10 --------- d-----w C:\Documents and Settings\rafał1983\Dane aplikacji\Identities 2007-08-31 18:02 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\Skype 2007-08-31 18:01 --------- d-----w C:\Program Files\Skype 2007-08-31 18:01 --------- d-----w C:\Program Files\Common Files\Skype 2007-08-26 22:42 --------- d—a-w C:\Program Files\BearShare applications 2007-08-26 22:40 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\BearShare 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:18 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-08-20 10:01 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-20 10:01 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-20 10:01 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-08-20 10:01 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-08-20 10:01 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-08-20 10:01 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-20 10:01 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-08-20 10:01 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-08-20 10:01 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-08-20 10:01 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-08-20 10:01 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-20 10:01 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-20 10:01 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-08-20 10:01 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-08-20 10:01 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-08-20 10:01 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-20 10:01 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-20 10:01 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-08-20 10:01 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-20 10:01 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll 2007-08-20 10:01 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll 2007-08-20 10:01 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll 2007-08-20 10:01 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-17 10:24 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-08-17 10:24 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-08-17 10:24 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2006-11-29 17:02:06 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2006-11-29 17:02:06 56 --sh–r C:\WINDOWS\system32\731CCB5A6A.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “mkstray”=“D:\mks_vir 2k7\bin\mkstray.exe” [2007-10-17 22:11] “mks_mail”=“D:\mks_vir 2k7\bin\mks_mail.exe” [2007-05-24 05:06] “MKSRegmon”=“D:\mks_vir 2k7\bin\mksregmon.exe” [2007-05-24 05:06] “SpywareTerminator”=“C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe” [2007-10-18 21:36] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 09:39] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoResolveSearch”=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan] @=“service” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” “Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” “QuickTime Task”=“D:\Program Files\QuickTime\QTTask.exe” -atboottime R0 mksidsa;mksidsa;C:\WINDOWS\system32\mksidsa.sys R1 mksfwallt;mksfwallt;??\C:\WINDOWS\system32\mksfwallt.sys R1 sp_rsdrv2;Spyware Terminator Driver 2;??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys R2 CTDevice_Srv;CT Device Query service;C:\Program Files\Creative\Shared Files\CTDevSrv.exe R2 MksFwall;MksFwall;“D:\mks_vir 2k7\bin\MksFwall.exe” R2 MksPC;MksPC;“D:\mks_vir 2k7\bin\MksPC.exe” R2 MksUpdate;MksUpdate;“D:\mks_vir 2k7\bin\mksupdate.exe” R2 U3sHlpDr;U3sHlpDr;??\C:\WINDOWS\System32\Drivers\U3sHlpDr.sys R2 WinRServ;Softex WinRoute Service;C:\Program Files\Softex\winroute\WinRServ.exe R3 mksfwallf;mksfwallf;??\C:\WINDOWS\system32\mksfwallf.sys R3 mksidsf;mksidsf;??\C:\WINDOWS\system32\mksidsf.sys R3 MksMonEn;MksMonEn;??\D:\mks_vir 2k7\bin\MksMonEn.sys R3 MksMonEv;MksMonEv;??\D:\mks_vir 2k7\bin\MksMonEv.sys R3 MksMonFd;MksMonFd;??\D:\mks_vir 2k7\bin\MksMonFd.sys R3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\netrcacm.sys S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys . Contents of the ‘Scheduled Tasks’ folder “2007-10-12 15:15:02 C:\WINDOWS\Tasks\1-Click Maintenance.job” - D:\SystemOptimizer.exe “2007-09-04 00:42:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - C:\Program Files\Apple Software Update\SoftwareUpdate.exe .

jessica · 24 Październik 2007 16:16

Byłoby wszystko OK, gdyby nie ten powyższy wpis.

Może on oznaczać zupełną katastrofę, bo to jest legalizacja usługi “JEEFO”.

a “JEEFO” zaraża wszystkie pliki o rozszerzeniu *.exe , czyli wszystkie programy i wszystkie pliki wykonywalne systemu.

Może masz szczęście, bo nie widać w logu ani tej usługi, ani związanego z nią pliku C:\WINDOWS** svchost.exe**.

Ale na wszelki wypadek, użyj szczepionki -->http://wirusy.antivirenkit.pl/pl/szczepionki/Jeefo.html.

jessi

raafa · 25 Październik 2007 12:58

jest juz ok co prawda komp mi sie troche zamulil ale to pewnie konsekwencje tego wszystkiego… dzieki za pomoc