MBS Account Manager

nesquik21 · 3 Lipiec 2007 18:23

Witam! Od pewnego czasu mam problem z wyskakujacym oknem MBS Bill (https://secure.microbillsys.com/logon.php),poczatkowo bylo krotko teraz zamyka sie dopiero po 10 min. Zrobilem Spybot-Search & Destroy znalazl MBS.Sexxxpassport, daje usun i wyglada na to ze wszystko jest OK, jednak przy nastepnym uruchomieniu systemu to dziadostwo powraca.

Cytat:

Logfile of HijackThis v1.99.1

Scan saved at 17:23:58, on 03/07/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\MioNet\MioNetManager.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\MioNet\jvm\bin\MioNet.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\vphc700.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\smvalid.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Philips\Philips SPC710NC Webcam\TrayMin710.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\SkypePM.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Winamp\winamp.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\BitComet\BitComet.exe

C:\DOCUME~1\DOROTA~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM…\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM…\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

O4 - HKLM…\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM…\Run: [intelZeroConfig] “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe”

O4 - HKLM…\Run: [intelWireless] “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe”

O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized

O4 - HKCU…\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background

O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O4 - Global Startup: TrayMin710.exe.lnk = ?

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

dorzucam log z ComboFixCytat:

ComboFix 07-06-18.2 - C:\Downloads\ComboFix.exe

“Dorota Wojtasik” - 2007-07-03 17:09:10 - Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\msxml3a.dll

((((((((((((((((((((((((( Files Created from 2007-06-03 to 2007-07-03 )))))))))))))))))))))))))))))))

2007-07-03 17:08 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-07-01 20:35

2007-07-01 19:06

2007-06-30 01:50

2007-06-30 01:49

2007-06-29 20:41 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-06-26 18:42 61,440 --a------ C:\WINDOWS\system32\W32N50.dll

2007-06-26 18:42 114,688 --a------ C:\WINDOWS\system32\WLANUTL.dll

2007-06-24 16:20

2007-06-03 10:12 590,336 --a------ C:\WINDOWS\system32\smvalid.exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-03 16:01:25 -------- d-----w C:\DOCUME~1\DOROTA~1\APPLIC~1\Skype

2007-07-01 18:15:51 -------- d-----w C:\Program Files\MioNet

2007-07-01 18:06:16 -------- d–h--w C:\Program Files\InstallShield Installation Information

2007-06-29 22:50:29 -------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-06-14 20:13:52 10 ----a-w C:\WINDOWS\popcinfo.dat

2007-05-23 22:54:34 -------- d-----w C:\Program Files\Odkurzacz

2007-05-19 13:02:38 -------- d-----w C:\DOCUME~1\DOROTA~1\APPLIC~1\FreeCall

2007-05-18 20:11:09 -------- d-----w C:\Program Files\XnView

2007-05-18 20:05:59 -------- d-----w C:\Program Files\CyberLink

2007-05-18 20:04:47 -------- d-----w C:\Program Files\English Translator 3

2007-05-18 20:04:21 -------- d-----w C:\Program Files\InterVideo

2007-05-18 20:04:06 -------- d-----w C:\Program Files\DVD-RAM

2007-05-18 20:03:53 -------- d-----w C:\Program Files\GameHouse

2007-05-18 20:03:49 -------- d-----w C:\Program Files\DIFX

2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-05-09 22:49:52 -------- d-----w C:\Program Files\MSN Messenger

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2006-12-18 18:30]

{2F85D76C-0569-466F-A488-493E6BD0E955}=C:\Program Files\Windows Desktop Search\dsWebAllow.dll [2006-03-26 22:44]

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO.dll [2006-12-27 16:00]

{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]

{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 05:20]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22]

{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-03-03 00:02]

“THotkey”=“C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe” [2006-08-25 13:47]

“Tvs”=“C:\Program Files\TOSHIBA\Tvs\TvsTray.exe” [2006-02-02 12:11]

“SmoothView”=“C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe” [2005-05-12 10:31]

“IntelZeroConfig”=“C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe” [2006-08-02 01:38]

“IntelWireless”=“C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” [2006-08-02 01:32]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-01-15 18:28]

“LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2006-04-13 12:09]

“!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“TOSCDSPD”=“C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe” [2005-04-11 11:26]

“LDM”=“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe” [2007-02-19 18:41]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2007-02-16 23:32]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2006-11-14 10:12]

“Odkurzacz-MCD”=“C:\Program Files\Odkurzacz\odk_mcd.exe” [2006-08-03 00:46]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-10 13:00]

“PcSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2006-04-11 17:52]

“msnmsgr”=“C:\Program Files\MSN Messenger\msnmsgr.exe” [2006-01-24 20:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“InstallVisualStyle”=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

“InstallTheme”=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

“{56F9679E-7826-4C84-81F3-532071A8BCC5}”=“C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll” [2006-03-13 13:11]

“{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2007-05-30 13:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-03 17:10:40

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MioNet]

“ImagePath”="“C:\Program Files\MioNet\MioNetManager.exe” -s “C:\Program Files\MioNet\wrapper.conf”"

Completion time: 2007-07-03 17:11:18

C:\ComboFix-quarantined-files.txt … 2007-07-03 17:11

— E O F —

qrczak13 · 3 Lipiec 2007 22:28

Ściągasz Pocket Killbox,

zaznaczasz Delete on reboot , w polu Full Path of File to Delete wklej ścieżkę:

C:\WINDOWS\system32\smvalid.exe

i naciskasz X czerwony. Program poprosi o restart kompa, co robisz.

Skan AVG AntySpyware 7.5 po update, wklej raport ze skanowania. Co znajdzie usuwasz.

Daj też nowy log z combofix.

nesquik21 · 4 Lipiec 2007 11:18

ComboFix 07-06-18.2 - C:\Downloads\ComboFix.exe “Dorota Wojtasik” - 2007-07-04 12:10:19 - Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 ))))))))))))))))))))))))))))))) 2007-07-04 11:35 2007-07-03 17:08 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-07-01 20:35 2007-07-01 19:06 2007-06-30 01:50 2007-06-30 01:49 2007-06-29 20:41 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-06-26 18:42 61,440 --a------ C:\WINDOWS\system32\W32N50.dll 2007-06-26 18:42 114,688 --a------ C:\WINDOWS\system32\WLANUTL.dll 2007-06-24 16:20 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-03 18:01:25 -------- d-----w C:\DOCUME~1\DOROTA~1\APPLIC~1\Skype 2007-07-03 16:22:01 -------- d-----w C:\Program Files\BitComet 2007-07-01 18:15:51 -------- d-----w C:\Program Files\MioNet 2007-07-01 18:06:16 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-06-29 22:50:29 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-06-14 20:13:52 10 ----a-w C:\WINDOWS\popcinfo.dat 2007-05-23 22:54:34 -------- d-----w C:\Program Files\Odkurzacz 2007-05-19 13:02:38 -------- d-----w C:\DOCUME~1\DOROTA~1\APPLIC~1\FreeCall 2007-05-18 20:11:09 -------- d-----w C:\Program Files\XnView 2007-05-18 20:05:59 -------- d-----w C:\Program Files\CyberLink 2007-05-18 20:04:47 -------- d-----w C:\Program Files\English Translator 3 2007-05-18 20:04:21 -------- d-----w C:\Program Files\InterVideo 2007-05-18 20:04:06 -------- d-----w C:\Program Files\DVD-RAM 2007-05-18 20:03:53 -------- d-----w C:\Program Files\GameHouse 2007-05-18 20:03:49 -------- d-----w C:\Program Files\DIFX 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-09 22:49:52 -------- d-----w C:\Program Files\MSN Messenger 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2006-12-18 18:30] {2F85D76C-0569-466F-A488-493E6BD0E955}=C:\Program Files\Windows Desktop Search\dsWebAllow.dll [2006-03-26 22:44] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO.dll [2006-12-27 16:00] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04] {5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 05:20] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-03-03 00:02] “THotkey”=“C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe” [2006-08-25 13:47] “Tvs”=“C:\Program Files\TOSHIBA\Tvs\TvsTray.exe” [2006-02-02 12:11] “SmoothView”=“C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe” [2005-05-12 10:31] “IntelZeroConfig”=“C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe” [2006-08-02 01:38] “IntelWireless”=“C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” [2006-08-02 01:32] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-01-15 18:28] “LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2006-04-13 12:09] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 10:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “TOSCDSPD”=“C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe” [2005-04-11 11:26] “LDM”=“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe” [2007-02-19 18:41] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2007-02-16 23:32] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2006-11-14 10:12] “Odkurzacz-MCD”=“C:\Program Files\Odkurzacz\odk_mcd.exe” [2006-08-03 00:46] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-10 13:00] “PcSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2006-04-11 17:52] “msnmsgr”=“C:\Program Files\MSN Messenger\msnmsgr.exe” [2006-01-24 20:29] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “InstallVisualStyle”=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles “InstallTheme”=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{56F9679E-7826-4C84-81F3-532071A8BCC5}”=“C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll” [2006-03-13 13:11] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2007-05-30 13:29] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages msv1_0 nwprovau [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-04 12:11:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MioNet] “ImagePath”="“C:\Program Files\MioNet\MioNetManager.exe” -s “C:\Program Files\MioNet\wrapper.conf”" Completion time: 2007-07-04 12:11:44 C:\ComboFix-quarantined-files.txt … 2007-07-04 12:11 C:\ComboFix2.txt … 2007-07-03 17:11 — E O F —

Joan · 4 Lipiec 2007 14:35

log jest ok