sheriff ,reklamy-juz nie mam sily

**Posty:** 34 · przez **do843** 01 Mar 2006, 17:51

ok. a potem znow skan?

**Posty:** 8694 · przez **Red** 01 Mar 2006, 18:00

**Posty:** 34 · przez **do843** 01 Mar 2006, 19:35

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

------- System Files in System Directory -------

Wolumin w stacji dysk˘w C: SYSTEM
Numer seryjny woluminu: 2A20-16DA
Katalog C:\WINDOWS\SYSTEM

MNMBG DLL 226 592 06.02.20 21:32 MNMBG.DLL
FZWPP DLL 226 592 06.02.20 21:32 FZWPP.DLL
MRVCR71 DLL 226 592 06.02.20 21:32 mrvcr71.dll
MSVCRT DLL 278 528 04.09.21 0:12 MSVCRT.DLL
MSVCIRT DLL 77 824 04.09.21 0:11 MSVCIRT.DLL
MSVCP60 DLL 401 462 04.02.17 20:26 MSVCP60.DLL
MFC42 DLL 1 019 959 04.02.17 6:53 MFC42.DLL
OLEPRO32 DLL 164 112 03.06.19 12:05 OLEPRO32.DLL
OLEAUT32 DLL 626 960 03.06.19 12:05 OLEAUT32.DLL
REGSVR32 EXE 37 136 00.02.24 17:07 REGSVR32.EXE
10 plik(˘w) 3 285 757 bajt˘w
0 katalog(˘w) 425 242 624 bajt˘w wolnych

------- Hidden Files in System Directory -------

Wolumin w stacji dysk˘w C: SYSTEM
Numer seryjny woluminu: 2A20-16DA
Katalog C:\WINDOWS\SYSTEM

ATI98DEF GID 10 844 04.12.30 15:59 ati98def.GID
FOLDER HTT 13 264 04.12.30 15:44 folder.htt
DESKTOP INI 266 04.12.30 15:44 desktop.ini
MSVCRT DLL 278 528 04.09.21 0:12 MSVCRT.DLL
MSVCIRT DLL 77 824 04.09.21 0:11 MSVCIRT.DLL
MSVCP60 DLL 401 462 04.02.17 20:26 MSVCP60.DLL
MFC42 DLL 1 019 959 04.02.17 6:53 MFC42.DLL
OLEPRO32 DLL 164 112 03.06.19 12:05 OLEPRO32.DLL
OLEAUT32 DLL 626 960 03.06.19 12:05 OLEAUT32.DLL
REGSVR32 EXE 37 136 00.02.24 17:07 REGSVR32.EXE
10 plik(˘w) 2 630 355 bajt˘w
0 katalog(˘w) 425 238 528 bajt˘w wolnych

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{48A8F24B-6F61-7AEA-5893-D79F8E76A322}"=""

------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
mnmbg.dll Mon 2006-02-20 21:32:52 ..S.R 226 592 221,28 K
fzwpp.dll Mon 2006-02-20 21:32:52 ..S.R 226 592 221,28 K
mrvcr71.dll Mon 2006-02-20 21:32:52 ..S.R 226 592 221,28 K

3 items found: 3 files, 0 directories.
Total of file sizes: 679 776 bytes 663,84 K

------------ Strings.exe Qoologic Results ------------

C:\WINDOWS\USER.DAT: eFind-Qoologic.zip
C:\WINDOWS\USER.DAT: Find-Qoologic.lnk
C:\WINDOWS\USER.DAT: Find-Qoologic
C:\WINDOWS\USER.DAT: Find-Qoologic.zip
C:\WINDOWS\USER.DAT: Find-Qoologic
C:\WINDOWS\USER.DAT: Find-Qoologic
C:\WINDOWS\hosts.bak: 127.0.0.1 www.qoologic.com

-------------- Strings.exe Aspack Results -------------

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\ipebase11.dll: ??0ECalMonitor@@QAE@PAUMONITOR_CAL@@@Z

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe"
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"Atikey"="Atitask.exe"
"AtiCwd32"="Aticwd32.exe"
"StillImageMonitor"="C:\\WINDOWS\\SYSTEM\\STIMON.EXE"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

z 1,5godz moze byc kaspersky..

[ Dodano: Dzisiaj o 20:11 ]
po skanie w kasperskym monit: Nie wykryto szkodliwego oprogramowania .Skanowane obszary systemu nie sa zainfekowane"
co prawda reklamy rzadziej sie pokazuja ale pokazuja...

[ Dodano: Dzisiaj o 21:40 ]
moze recznie usunac wszystkie pliki utworzone 06- 02- 20 po godz 21.30 jest ich tam kilka ?

**Posty:** 8694 · przez **Red** 02 Mar 2006, 10:18

Jesli jest ich kilka to sprawdz własnie ich daty utworzenia i upewnij sie ze pojawiły sie własnie po infekcji,nie są to pliki systemowe .Jesli tak jest to usun je recznie ,ale w trybie awaryjnym .

**Posty:** 34 · przez **do843** 02 Mar 2006, 13:15

z systemowych to tkwi dalej mrvcr71.dll
reszta to pliki w C:\WINDOWS\TEMP -list, $2341235.TEMP, $b17a2e8.temp
C:\WINDOWS\Temporay Internet files -aplikacja -unme[1]
C:\WINDOWS\APPLOG Tool2.log , Tool3.lgc , Tollbor.lgc
C:\WINDOWS -uniq , drsmostload2.dat
czyli moge usunac tylko te ktore nie sa w C:\WINDOWS\SYSTEM ?

**Posty:** 8694 · przez **Red** 02 Mar 2006, 13:16

do843 napisał(a):tkwi dalej mrvcr71.dll

To jest sedno sprawy

Autor postu otrzymał pochwałę

**Posty:** 34 · przez **do843** 02 Mar 2006, 13:20

jego usunac recznie w awaryjnym?

przez **Tom@szek** 02 Mar 2006, 17:13

Wszystko proszę robić w trybie awaryjnym.

**Posty:** 34 · przez **do843** 05 Mar 2006, 13:00

Red

,dzieki za cierpliwośc .
Plik : mrvcr71.dll dalej tkwi tam gdzie byl, Copy lock tez go nie skasowal ani w awaryjnym ani w normalnym trybie ......robilam wszystko dolkadnie jak pisales
mrvcr71.dll jest jeszcze w folderze URTTemp..

Nie wiem co dalej ..od wypadku wysylam loga z wszystkich programow

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 09:59:27, on 06-03-05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SYSTEM\INTERNAT.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\ATITASK.EXE C:\WINDOWS\SYSTEM\ATICWD32.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE C:\PROGRAM FILES\GADU-GADU\GG.EXE C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQGALRY.EXE C:\WINDOWS\PULPIT\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program Microsoft Internet Explorer dostarczony przez chello broadband n.v. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [internat.exe] internat.exe O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Atikey] Atitask.exe O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL O14 - IERESET.INF: START_PAGE_URL=http://home.pol.chello.pl/ssi/welcome/welcome.php?url=home O15 - Trusted Zone: http://www.mks.com.pl O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navy_2_0_0_18.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.pl/resources/virusscanner/kavwebscan_ansi.cab

-----------------------------------------------------

Kod: Zaznacz wszystko: Warning! This utility will find legitimate files in addition to malware. Do not remove anything unless you are sure you know what you're doing. ------- System Files in System Directory ------- Wolumin w stacji dysk˘w C: SYSTEM Numer seryjny woluminu: 2A20-16DA Katalog C:\WINDOWS\SYSTEM DSGSIG DLL 226 592 06.02.20 21:32 DSGSIG.DLL MRVCR71 DLL 226 592 06.02.20 21:32 mrvcr71.dll MSVCRT DLL 278 528 04.09.21 0:12 MSVCRT.DLL MSVCIRT DLL 77 824 04.09.21 0:11 MSVCIRT.DLL MSVCP60 DLL 401 462 04.02.17 20:26 MSVCP60.DLL MFC42 DLL 1 019 959 04.02.17 6:53 MFC42.DLL OLEPRO32 DLL 164 112 03.06.19 12:05 OLEPRO32.DLL OLEAUT32 DLL 626 960 03.06.19 12:05 OLEAUT32.DLL REGSVR32 EXE 37 136 00.02.24 17:07 REGSVR32.EXE 9 plik(˘w) 3 059 165 bajt˘w 0 katalog(˘w) 347 828 224 bajt˘w wolnych ------- Hidden Files in System Directory ------- Wolumin w stacji dysk˘w C: SYSTEM Numer seryjny woluminu: 2A20-16DA Katalog C:\WINDOWS\SYSTEM ATI98DEF GID 10 844 04.12.30 15:59 ati98def.GID FOLDER HTT 13 264 04.12.30 15:44 folder.htt DESKTOP INI 266 04.12.30 15:44 desktop.ini MSVCRT DLL 278 528 04.09.21 0:12 MSVCRT.DLL MSVCIRT DLL 77 824 04.09.21 0:11 MSVCIRT.DLL MSVCP60 DLL 401 462 04.02.17 20:26 MSVCP60.DLL MFC42 DLL 1 019 959 04.02.17 6:53 MFC42.DLL OLEPRO32 DLL 164 112 03.06.19 12:05 OLEPRO32.DLL OLEAUT32 DLL 626 960 03.06.19 12:05 OLEAUT32.DLL REGSVR32 EXE 37 136 00.02.24 17:07 REGSVR32.EXE 10 plik(˘w) 2 630 355 bajt˘w 0 katalog(˘w) 347 824 128 bajt˘w wolnych ---------------- User Agent ------------ REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{48A8F24B-6F61-7AEA-5893-D79F8E76A322}"="" ------------------ Locate.com Results ------------------ C:\WINDOWS\SYSTEM\ dsgsig.dll Mon 2006-02-20 21:32:52 ..S.R 226 592 221,28 K mrvcr71.dll Mon 2006-02-20 21:32:52 ..S.R 226 592 221,28 K 2 items found: 2 files, 0 directories. Total of file sizes: 453 184 bytes 442,56 K ------------ Strings.exe Qoologic Results ------------ C:\WINDOWS\USER.DAT: eFind-Qoologic.zip C:\WINDOWS\USER.DAT: Find-Qoologic.lnk C:\WINDOWS\USER.DAT: Find-Qoologic C:\WINDOWS\USER.DAT: Find-Qoologic.zip C:\WINDOWS\USER.DAT: Find-Qoologic C:\WINDOWS\USER.DAT: Find-Qoologic -------------- Strings.exe Aspack Results ------------- ----------------- HKLM Run Key ------------------ -------------- Strings.exe Umonitor Results ------------- C:\WINDOWS\SYSTEM\ipebase11.dll: ??0ECalMonitor@@QAE@PAUMONITOR_CAL@@@Z

-----------------------------------------------

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 43, http://www.silentrunners.org/ Operating System: Windows 98 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Gadu-Gadu" = ""C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray" ["sms-express.com"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "internat.exe" = "internat.exe" [MS] "ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS] "TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS] "SystemTray" = "SysTray.Exe" [MS] "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS] "Atikey" = "Atitask.exe" ["ATI Technologies, Inc."] "AtiCwd32" = "Aticwd32.exe" ["ATI Technologies Inc."] "StillImageMonitor" = "C:\WINDOWS\SYSTEM\STIMON.EXE" [MS] "HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"] "HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++} "SchedulingAgent" = "mstask.exe" [MS] "KB891711" = "C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\7-ZIP\7-ZIP.DLL" ["Igor Pavlov"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\7-ZIP\7-ZIP.DLL" ["Igor Pavlov"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\7-ZIP\7-ZIP.DLL" ["Igor Pavlov"] Active Desktop and Wallpaper: ----------------------------- Active Desktop is enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\Dane aplikacji\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp" WIN.INI & SYSTEM.INI launch points: ----------------------------------- SYSTEM.INI [boot] "SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\AQUARIUM.SCR" [null data] Startup items in "Startup" & "All Users...Startup" folders: ----------------------------------------------------------- C:\WINDOWS\Menu Start\Programy\Autostart "HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."] "HP Image Zone - szybkie uruchamianie" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe -s" [null data] Enabled Scheduled Tasks: ------------------------ "Rozpoczęcie aplikacji dostrajania" -> launches: "walign" [MS] "Symantec NetDetect" -> launches: "C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\NDETECT.EXE" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range: C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1 C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4 C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL" ["Sun Microsystems, Inc."] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data) The Internet Explorer version cannot be found! C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") The contents of IERESET.INF cannot be reliably checked! Added lines (compared with English-language version): [Strings]: START_PAGE_URL=http://home.pol.chello.pl/ssi/welcome/welcome.php?url=home [Strings]: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" Missing lines (compared with English-language version): [Strings]: 2 lines Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ usbmon.dll\Driver = "usbmon.dll" [MS] usbmon\Driver = "usbmon.dll" [MS] hpzs9x10\Driver = "hpzs9x10.dll" ["HP"] Canon BJC Language Monitor\Driver = "CBJMON.DLL" ["Canon Information Systems"] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 29 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 27 seconds. ---------- (total run time: 78 seconds)

[ Dodano: Dzisiaj o 10:40 ]
mrvcr71.dll nie chce sie skasowac w awaryjnym
ciagle sie mutuje po ponownym wlaczeniu kompoa zamienia nazwy zakazonego pliku wczoraj przed wylaczeniem tkwil w systemie np. mrvcr71.dll i MTXML4R.dll......

Kod: Zaznacz wszystko: Warning! This utility will find legitimate files in addition to malware. Do not remove anything unless you are sure you know what you're doing. ------- System Files in System Directory ------- Wolumin w stacji dysk˘w C: SYSTEM Numer seryjny woluminu: 2A20-16DA Katalog C:\WINDOWS\SYSTEM MTXML4R DLL 226 592 06.02.20 21:32 MTXML4r.dll MRVCR71 DLL 226 592 06.02.20 21:32 mrvcr71.dll MSVCRT DLL 278 528 04.09.21 0:12 MSVCRT.DLL MSVCIRT DLL 77 824 04.09.21 0:11 MSVCIRT.DLL MSVCP60 DLL 401 462 04.02.17 20:26 MSVCP60.DLL MFC42 DLL 1 019 959 04.02.17 6:53 MFC42.DLL OLEPRO32 DLL 164 112 03.06.19 12:05 OLEPRO32.DLL OLEAUT32 DLL 626 960 03.06.19 12:05 OLEAUT32.DLL REGSVR32 EXE 37 136 00.02.24 17:07 REGSVR32.EXE 9 plik(˘w) 3 059 165 bajt˘w 0 katalog(˘w) 682 377 216 bajt˘w wolnych ------- Hidden Files in System Directory ------- Wolumin w stacji dysk˘w C: SYSTEM Numer seryjny woluminu: 2A20-16DA Katalog C:\WINDOWS\SYSTEM ATI98DEF GID 10 844 04.12.30 15:59 ati98def.GID FOLDER HTT 13 264 04.12.30 15:44 folder.htt DESKTOP INI 266 04.12.30 15:44 desktop.ini MSVCRT DLL 278 528 04.09.21 0:12 MSVCRT.DLL MSVCIRT DLL 77 824 04.09.21 0:11 MSVCIRT.DLL MSVCP60 DLL 401 462 04.02.17 20:26 MSVCP60.DLL MFC42 DLL 1 019 959 04.02.17 6:53 MFC42.DLL OLEPRO32 DLL 164 112 03.06.19 12:05 OLEPRO32.DLL OLEAUT32 DLL 626 960 03.06.19 12:05 OLEAUT32.DLL REGSVR32 EXE 37 136 00.02.24 17:07 REGSVR32.EXE 10 plik(˘w) 2 630 355 bajt˘w 0 katalog(˘w) 682 373 120 bajt˘w wolnych ---------------- User Agent ------------ REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{48A8F24B-6F61-7AEA-5893-D79F8E76A322}"="" ------------------ Locate.com Results ------------------ C:\WINDOWS\SYSTEM\ mtxml4r.dll Mon 2006-02-20 21:32:52 ..S.R 226 592 221,28 K mrvcr71.dll Mon 2006-02-20 21:32:52 ..S.R 226 592 221,28 K 2 items found: 2 files, 0 directories. Total of file sizes: 453 184 bytes 442,56 K ------------ Strings.exe Qoologic Results ------------ C:\WINDOWS\USER.DAT: eFind-Qoologic.zip C:\WINDOWS\USER.DAT: Find-Qoologic.lnk C:\WINDOWS\USER.DAT: Find-Qoologic C:\WINDOWS\USER.DAT: Find-Qoologic.zip C:\WINDOWS\USER.DAT: Find-Qoologic C:\WINDOWS\USER.DAT: Find-Qoologic C:\WINDOWS\USER.DAT: Find-Qoologic C:\WINDOWS\hosts.bak: 127.0.0.1 www.qoologic.com -------------- Strings.exe Aspack Results ------------- ----------------- HKLM Run Key ------------------ -------------- Strings.exe Umonitor Results ------------- C:\WINDOWS\SYSTEM\ipebase11.dll: ??0ECalMonitor@@QAE@PAUMONITOR_CAL@@@Z

a dzis po wlaczeniu kompa - MTXML4R.dll zamienil na Jpst500.dll.......
i wyglada to tak......

Kod: Zaznacz wszystko: Warning! This utility will find legitimate files in addition to malware. Do not remove anything unless you are sure you know what you're doing. ------- System Files in System Directory ------- Wolumin w stacji dysk˘w C: SYSTEM Numer seryjny woluminu: 2A20-16DA Katalog C:\WINDOWS\SYSTEM JPST500 DLL 226 592 06.02.20 21:32 Jpst500.dll MRVCR71 DLL 226 592 06.02.20 21:32 mrvcr71.dll MSVCRT DLL 278 528 04.09.21 0:12 MSVCRT.DLL MSVCIRT DLL 77 824 04.09.21 0:11 MSVCIRT.DLL MSVCP60 DLL 401 462 04.02.17 20:26 MSVCP60.DLL MFC42 DLL 1 019 959 04.02.17 6:53 MFC42.DLL OLEPRO32 DLL 164 112 03.06.19 12:05 OLEPRO32.DLL OLEAUT32 DLL 626 960 03.06.19 12:05 OLEAUT32.DLL REGSVR32 EXE 37 136 00.02.24 17:07 REGSVR32.EXE 9 plik(˘w) 3 059 165 bajt˘w 0 katalog(˘w) 660 217 856 bajt˘w wolnych ------- Hidden Files in System Directory ------- Wolumin w stacji dysk˘w C: SYSTEM Numer seryjny woluminu: 2A20-16DA Katalog C:\WINDOWS\SYSTEM ATI98DEF GID 10 844 04.12.30 15:59 ati98def.GID FOLDER HTT 13 264 04.12.30 15:44 folder.htt DESKTOP INI 266 04.12.30 15:44 desktop.ini MSVCRT DLL 278 528 04.09.21 0:12 MSVCRT.DLL MSVCIRT DLL 77 824 04.09.21 0:11 MSVCIRT.DLL MSVCP60 DLL 401 462 04.02.17 20:26 MSVCP60.DLL MFC42 DLL 1 019 959 04.02.17 6:53 MFC42.DLL OLEPRO32 DLL 164 112 03.06.19 12:05 OLEPRO32.DLL OLEAUT32 DLL 626 960 03.06.19 12:05 OLEAUT32.DLL REGSVR32 EXE 37 136 00.02.24 17:07 REGSVR32.EXE 10 plik(˘w) 2 630 355 bajt˘w 0 katalog(˘w) 660 213 760 bajt˘w wolnych ---------------- User Agent ------------ REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{AFFB10E3-C7A0-70AA-4013-B9B129A017DD}"="" ------------------ Locate.com Results ------------------ C:\WINDOWS\SYSTEM\ jpst500.dll Mon 2006-02-20 21:32:52 ..S.. 226 592 221,28 K mrvcr71.dll Mon 2006-02-20 21:32:52 ..S.. 226 592 221,28 K 2 items found: 2 files, 0 directories. Total of file sizes: 453 184 bytes 442,56 K ------------ Strings.exe Qoologic Results ------------ C:\WINDOWS\USER.DAT: eFind-Qoologic.zip C:\WINDOWS\USER.DAT: Find-Qoologic.lnk C:\WINDOWS\USER.DAT: Find-Qoologic C:\WINDOWS\USER.DAT: Find-Qoologic.zip C:\WINDOWS\USER.DAT: Find-Qoologic C:\WINDOWS\USER.DAT: Find-Qoologic C:\WINDOWS\USER.DAT: Find-Qoologic C:\WINDOWS\hosts: 127.0.0.1 www.qoologic.com C:\WINDOWS\hosts.bak: 127.0.0.1 www.qoologic.com -------------- Strings.exe Aspack Results ------------- ----------------- HKLM Run Key ------------------ -------------- Strings.exe Umonitor Results ------------- C:\WINDOWS\SYSTEM\ipebase11.dll: ??0ECalMonitor@@QAE@PAUMONITOR_CAL@@@Z REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "internat.exe"="internat.exe" "ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun" "TaskMonitor"="C:\\WINDOWS\\taskmon.exe" "SystemTray"="SysTray.Exe" "LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" "Atikey"="Atitask.exe" "AtiCwd32"="Aticwd32.exe" "StillImageMonitor"="C:\\WINDOWS\\SYSTEM\\STIMON.EXE" "HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\"" "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1"

mks mowi ze mrvcr71.dll i Jpst500.dll zarazone Adeware.look2me.Vp

sheriff ,reklamy-juz nie mam sily

Kto jest na forum