Prosze sprawdzic loga i pomoc w odinstalowaniu Global Sreah

Krzychuu · 26 Październik 2007 12:26

Loluniek radziłbym jednak lepiej użyć Combo w trybie normalnym…

Weź wyłącz anty wirusa, neta i wszystkie inne programy na czas działania CF. Następnie nowe logi.

Loluniek · 26 Październik 2007 12:41

robilem w normalnym. zeby jeszcze sie dalo antywira wylaczyc… da sie tylko wszystkie monitory itp wylaczyc. karte sieciaowa moge wylaczyc. a i jak usowalem przez dod usun programy to tam byla tego instalka i jak dalem usun to pokazalo sie:

wystapil blad podczas ladowania

C:\PROGRA~1\MYGLOB~1\bar\1.bin\mgsBar.dll

Złączono Posta : 26.10.2007 (Pią) 14:43

C:\qoobox\Quarantine\C\Program Files hmmm to jest plik CF?? bo teraz tam jest ten folder

Złączono Posta : 26.10.2007 (Pią) 14:44

z my global sresh

Krzychuu · 26 Październik 2007 12:57

Loluniek daj loga z HiJackThis, Silent Runners oraz ComboFix i zobaczymy na czym stoisz.

To są pliki kwarantanny.

Loluniek · 26 Październik 2007 13:41

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:40, on 2007-10-26 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\mks_vir_2007\bin\MksFwall.exe C:\Program Files\mks_vir_2007\bin\MksPC.exe C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe C:\Program Files\SiteAdvisor\6172\SAService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\SiteAdvisor\6172\SiteAdv.exe C:\Program Files\ASUS\Asus Probe\AsusProb.exe C:\Program Files\mks_vir_2007\bin\mkstray.exe C:\Program Files\mks_vir_2007\bin\mks_mail.exe C:\Program Files\mks_vir_2007\bin\mksregmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\PROGRA~1\AUSLOG~1\boostspeed.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\mks_vir_2007\bin\mksupdate.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing) O4 - HKLM…\Run: [skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe O4 - HKLM…\Run: [ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe O4 - HKLM…\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe O4 - HKLM…\Run: [mkstray] C:\Program Files\mks_vir_2007\bin\mkstray.exe O4 - HKLM…\Run: [mks_mail] C:\Program Files\mks_vir_2007\bin\mks_mail.exe O4 - HKLM…\Run: [MKSRegmon] C:\Program Files\mks_vir_2007\bin\mksregmon.exe O4 - HKLM…\Run: [startCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [boostSpeed] “C:\PROGRA~1\AUSLOG~1\boostspeed.exe” /Q O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ … /CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MksFwall - MKS Sp z o.o. - C:\Program Files\mks_vir_2007\bin\MksFwall.exe O23 - Service: MksPC - Unknown owner - C:\Program Files\mks_vir_2007\bin\MksPC.exe O23 - Service: MksUpdate - MKS Sp. z o. o. - C:\Program Files\mks_vir_2007\bin\mksupdate.exe O23 - Service: mks_vir file monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\mks_vir_2007\bin\mks_scan.exe O23 - Service: Usługa SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe – End of file - 6442 bytes

Złączono Posta : 26.10.2007 (Pią) 15:41

narazie tyle reszte przysle kolo 18 bo musze leciec

// Poprawiłem Twój post - dodałem tagi quote.

Kaka’

Krzychuu · 26 Październik 2007 15:24

Fix w HJT.

Przejrzyj Optymalizację Autostartu.

Poza tym daj loga z SilentRunners oraz ComboFix.

Loluniek · 26 Październik 2007 16:46

“Silent Runners.vbs”, revision 52, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS]

“Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”]

“BoostSpeed” = ““C:\PROGRA~1\AUSLOG~1\boostspeed.exe” /Q” [“AusLogics, Inc.”]

“Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“Skrót do strony właściwości High Definition Audio” = “HDAudPropShortcut.exe” [“Windows ® Server 2003 DDK provider”]

“Cmaudio” = “RunDll32 cmicnfg.cpl,CMICtrlWnd” [MS]

“Control Center” = “C:\Program Files\ASUS\WLAN Card Utilities\Center.exe” [“ASUSTeK COMPUTER INC.”]

“SunJavaUpdateSched” = “C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe” [null data]

“ATIPTA” = ““C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe”” [“ATI Technologies, Inc.”]

“RemoteControl” = ““C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”]

“SiteAdvisor” = “C:\Program Files\SiteAdvisor\6172\SiteAdv.exe” [“McAfee, Inc.”]

“ASUS Probe” = “C:\Program Files\ASUS\Asus Probe\AsusProb.exe” [null data]

“mkstray” = “C:\Program Files\mks_vir_2007\bin\mkstray.exe” [“MKS Sp z o.o.”]

“mks_mail” = “C:\Program Files\mks_vir_2007\bin\mks_mail.exe” [“MkS Sp. z o.o.”]

“MKSRegmon” = “C:\Program Files\mks_vir_2007\bin\mksregmon.exe” [null data]

“StartCCC” = ““C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe”” [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM…CLSID} = “AcroIEHlprObj Class”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]

{089FD14D-132B-48FC-8861-0048AE113215}(Default) = (no title provided)

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\SiteAdvisor\6172\SiteAdv.dll” [“McAfee, Inc.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]

“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”

-> {HKLM…CLSID} = “Portable Media Devices Menu”

\InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS]

“{4B4604E0-8961-11D4-A0EC-009099164712}” = “Mój MultiPASS”

-> {HKLM…CLSID} = “Mój MultiPASS”

\InProcServer32(Default) = “C:\Program Files\Canon\MultiPASS4\DTM4.DLL” [file not found]

“{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension”

-> {HKLM…CLSID} = “SimpleShlExt Class”

\InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll” [empty string]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\

<> “AppInit_DLLs” = “wbsys.dll” [“Stardock.Net, Inc”]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”]

<> WB\DLLName = “C:\Program Files\AlienGUIse\fastload.dll” [“Stardock”]

HKLM\Software\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”

-> {HKLM…CLSID} = “PDF Shell Extension”

\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

MkS_Vir(Default) = “{E64226E0-9DA1-479E-8265-8D65BA327BD4}”

-> {HKLM…CLSID} = “MkS_Vir Shell Extension”

\InProcServer32(Default) = “C:\Program Files\mks_vir_2007\bin\mksshell.dll” [null data]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

MkS_Vir(Default) = “{E64226E0-9DA1-479E-8265-8D65BA327BD4}”

-> {HKLM…CLSID} = “MkS_Vir Shell Extension”

\InProcServer32(Default) = “C:\Program Files\mks_vir_2007\bin\mksshell.dll” [null data]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

Group Policies {GPedit.msc branch and setting}:

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

“undockwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

“Wallpaper” = “C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Winsock2 Service Provider DLLs:

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\Program Files\mks_vir_2007\bin\mkslsp.dll [null data], 01 - 03, 09

%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 10 - 23

%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08

Toolbars, Explorer Bars, Extensions:

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

“{0BF43445-2F28-4351-9252-17FE6E806AA0}” = “McAfee SiteAdvisor”

-> {HKLM…CLSID} = “McAfee SiteAdvisor”

\InProcServer32(Default) = “C:\Program Files\SiteAdvisor\6172\SiteAdv.dll” [“McAfee, Inc.”]

“{37B85A29-692B-4205-9CAD-2626E4993404}” = (no title provided)

-> {HKLM…CLSID} = “My Global Search Bar”

\InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL” [file not found]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie”

Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

“MenuText” = “Sun Java Console”

“CLSIDExtension” = “{08B0E5C0-4FCB-11CF-AAA5-00401C608501}”

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

“ButtonText” = “Badanie”

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

“ButtonText” = “Messenger”

“MenuText” = “Windows Messenger”

“Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”]

Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS]

mks_vir file monitor, MksVirMonSvc, “C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe” [null data]

MksFwall, MksFwall, ““C:\Program Files\mks_vir_2007\bin\MksFwall.exe”” [“MKS Sp z o.o.”]

MksPC, MksPC, ““C:\Program Files\mks_vir_2007\bin\MksPC.exe”” [null data]

MksUpdate, MksUpdate, ““C:\Program Files\mks_vir_2007\bin\mksupdate.exe”” [“MKS Sp. z o. o.”]

Usługa SiteAdvisor, SiteAdvisor Service, “C:\Program Files\SiteAdvisor\6172\SAService.exe” [“McAfee, Inc.”]

Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS]

Print Monitors:

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Canon MP Language Monitor\Driver = “MPASSMON.DLL” [“Canon Inc.”]

Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS]

Port USB programu Canon MultiPASS\Driver = “mpupmon.dll” [file not found]

---------- (launch time: 2007-10-26 18:43:59)

<>: Suspicious data at a malware launch point.

This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer “No” at the

first message box and “Yes” at the second message box.

---------- (total run time: 56 seconds, including 18 seconds for message boxes)

Złączono Posta : 26.10.2007 (Pią) 18:50

zaraz przysle jeszcze jeden log z HjT bo usunolem ten wpis:

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)

Złączono Posta : 26.10.2007 (Pią) 18:51

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:51, on 2007-10-26

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\mks_vir_2007\bin\MksFwall.exe

C:\Program Files\mks_vir_2007\bin\MksPC.exe

C:\Program Files\mks_vir_2007\bin\mksupdate.exe

C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe

C:\Program Files\SiteAdvisor\6172\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

C:\Program Files\mks_vir_2007\bin\mkstray.exe

C:\Program Files\mks_vir_2007\bin\mks_mail.exe

C:\Program Files\mks_vir_2007\bin\mksregmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\AUSLOG~1\boostspeed.exe

C:\WINDOWS\System32\svchost.exe

E:\Program Files\valve\hl.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll

O4 - HKLM…\Run: [skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM…\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe

O4 - HKLM…\Run: [ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe”

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

O4 - HKLM…\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe

O4 - HKLM…\Run: [mkstray] C:\Program Files\mks_vir_2007\bin\mkstray.exe

O4 - HKLM…\Run: [mks_mail] C:\Program Files\mks_vir_2007\bin\mks_mail.exe

O4 - HKLM…\Run: [MKSRegmon] C:\Program Files\mks_vir_2007\bin\mksregmon.exe

O4 - HKLM…\Run: [startCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe”

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [boostSpeed] “C:\PROGRA~1\AUSLOG~1\boostspeed.exe” /Q

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ … /CTPID.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MksFwall - MKS Sp z o.o. - C:\Program Files\mks_vir_2007\bin\MksFwall.exe

O23 - Service: MksPC - Unknown owner - C:\Program Files\mks_vir_2007\bin\MksPC.exe

O23 - Service: MksUpdate - MKS Sp. z o. o. - C:\Program Files\mks_vir_2007\bin\mksupdate.exe

O23 - Service: mks_vir file monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe

O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\mks_vir_2007\bin\mks_scan.exe

O23 - Service: Usługa SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

–

End of file - 6145 bytes

Złączono Posta : 26.10.2007 (Pią) 18:52

dodam ze mam wlaczonego counter strike 1.6

Złączono Posta : 26.10.2007 (Pią) 18:59

Oto log z Combo Fix ale ten przy ktorym system sie zrestartowal znalazlem go poprzez wyszukiwanie. jest starszy niz te logi z HJ i Silent Runners

ComboFix 07-10-23.2 - Admin 2007-10-26 14:19:24.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.511 [GMT 2:00]

Running from: C:\Documents and Settings\Admin\Pulpit\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\myglobalsearch

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL

C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL

C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL

C:\Program Files\myglobalsearch\bar\Cache\002D1A91

C:\Program Files\myglobalsearch\bar\Cache\002D1F16.bin

C:\Program Files\myglobalsearch\bar\Cache\002D2D4E.bin

C:\Program Files\myglobalsearch\bar\Cache\002D2EC5.bin

C:\Program Files\myglobalsearch\bar\Cache\files.ini

C:\Program Files\myglobalsearch\bar\History\search

C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm

C:\Program Files\myglobalsearch\bar\Settings\settings.dat

C:\Program Files\myglobalsearch\bar\Settings\settings.dat.bak

C:\Program Files\myglobalsearch\bar\Settings\settings.htm

C:\Program Files\myglobalsearch\bar\Settings\settings.htm.bak

C:\WINDOWS\install.exe

.

((((((((((((((((((((((((( Files Created from 2007-09-26 to 2007-10-26 )))))))))))))))))))))))))))))))

.

2007-10-26 14:18 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-25 21:40 114,688 --a------ C:\WINDOWS\system32\OdiOlDVR.dll

2007-10-25 21:40 86,016 --a------ C:\WINDOWS\system32\STRDEVAPI.dll

2007-10-25 21:40 53,248 --a------ C:\WINDOWS\system32\OdiAPI.dll

2007-10-25 21:26 73,728 --a------ C:\WINDOWS\system32\DW90USB.DLL

2007-10-25 21:26 39,096 --a------ C:\WINDOWS\system32\drivers\DW90USB.SYS

2007-10-25 21:25

2007-10-25 21:22 73,728 --a------ C:\WINDOWS\system32\VNUSB.dll

2007-10-25 21:22 38,496 --a------ C:\WINDOWS\system32\drivers\VNUSB.sys

2007-10-25 21:01

2007-10-25 20:51

2007-10-25 19:57

2007-10-24 18:41

2007-10-24 14:53

2007-10-24 14:26 0 --a------ C:\WINDOWS\ativpsrm.bin

2007-10-23 12:23

2007-10-23 12:17 61,440 -ra------ C:\WINDOWS\system32\MPASSMON.DLL

2007-10-14 15:29 996,872 --a------ C:\WINDOWS\system\CP3240MT.DLL

2007-10-14 15:29 458,752 --a------ C:\WINDOWS\system\COMCTL32.DLL

2007-10-14 15:29 29,952 --a------ C:\WINDOWS\system\BORLNDMM.DLL

2007-10-14 15:29 6,656 --a------ C:\WINDOWS\system32\drivers\AsProbe.sys

2007-10-14 15:28 6,272 --a------ C:\WINDOWS\system32\drivers\ASLM75.SYS

2007-10-14 15:21 299,008 --a------ C:\WINDOWS\uninst.exe

2007-10-14 15:01

2007-10-14 14:53

2007-10-14 14:19 41,984 --------- C:\WINDOWS\Ctregrun.exe

2007-10-14 14:19 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys

2007-10-14 14:19 15,360 --a–c— C:\WINDOWS\system32\dllcache\streamip.sys

2007-10-14 14:19 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys

2007-10-14 14:19 11,136 --a–c— C:\WINDOWS\system32\dllcache\slip.sys

2007-10-14 14:19 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys

2007-10-14 14:19 10,880 --a–c— C:\WINDOWS\system32\dllcache\ndisip.sys

2007-10-14 14:19 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys

2007-10-14 14:19 5,504 --a–c— C:\WINDOWS\system32\dllcache\mstee.sys

2007-10-14 14:17 306,688 --a------ C:\WINDOWS\IsUninst.exe

2007-10-14 14:16

2007-10-13 17:39

2007-10-12 21:58

2007-10-12 21:29

2007-10-12 21:29 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll

2007-10-12 21:29 778,240 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll

2007-10-12 21:29 764,416 --a------ C:\WINDOWS\system32\NCTRMFile.dll

2007-10-12 21:29 626,688 --a------ C:\WINDOWS\system32\NCTImageFile.dll

2007-10-12 21:29 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

2007-10-12 21:29 312,320 --a------ C:\WINDOWS\system32\NCTVideoView.dll

2007-10-12 21:29 188,416 --a------ C:\WINDOWS\system32\NCTVideoFile.dll

2007-10-12 19:34

2007-10-11 22:00

2007-10-10 22:04

2007-10-10 20:36 81,728 -ra------ C:\WINDOWS\system32\drivers\k750mgmt.sys

2007-10-10 20:23 89,872 -ra------ C:\WINDOWS\system32\drivers\k750mdm.sys

2007-10-10 20:23 55,216 -ra------ C:\WINDOWS\system32\drivers\k750bus.sys

2007-10-10 20:23 6,576 -ra------ C:\WINDOWS\system32\drivers\k750mdfl.sys

2007-10-10 20:23 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cmnt.sys

2007-10-10 20:23 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cm.sys

2007-10-10 20:23 5,744 -ra------ C:\WINDOWS\system32\drivers\k750whnt.sys

2007-10-10 20:23 5,744 -ra------ C:\WINDOWS\system32\drivers\k750wh.sys

2007-10-09 19:43

2007-10-09 19:42

2007-10-07 14:54 845 --a------ C:\Documents and Settings\Admin\kurs_skrypt02.vbs

2007-10-07 14:48 220 --a------ C:\Documents and Settings\Admin\kompname.vbs

2007-10-06 19:34

2007-10-06 19:34 36,864 --a------ C:\WINDOWS\system32\wbsys.dll

2007-10-06 16:05

2007-10-05 21:04 1,426 --a------ C:\WINDOWS\mozver.dat

2007-10-05 20:58

2007-10-05 20:58 0 --a------ C:\WINDOWS\nsreg.dat

2007-10-05 19:12 598,016 -ra------ C:\WINDOWS\system32\CFFFLWUD.DLL

2007-10-05 19:12 327,740 -ra------ C:\WINDOWS\system32\UCS32P.DLL

2007-10-05 19:12 139,264 -ra------ C:\WINDOWS\system32\mpmasdll.dll

2007-10-05 19:12 119,808 -ra------ C:\WINDOWS\system32\ITLIB32.DLL

2007-10-05 19:12 118,784 -ra------ C:\WINDOWS\system32\MPIMGENH.DLL

2007-10-05 19:12 45,056 -ra------ C:\WINDOWS\system32\CANOIT32.EXE

2007-10-05 19:12 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2007-10-05 19:12 15,104 --a–c— C:\WINDOWS\system32\dllcache\usbscan.sys

2007-10-04 22:02

2007-10-04 21:19

2007-10-04 21:17

2007-10-04 21:16

2007-10-04 21:15

2007-10-04 21:13

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-25 19:40 --------- d–h--w C:\Program Files\InstallShield Installation Information

2007-10-24 13:29 --------- d-----w C:\Program Files\DivX

2007-10-24 12:23 --------- d-----w C:\Program Files\ATI Technologies

2007-10-14 13:28 --------- d-----w C:\Program Files\ASUS

2007-10-03 17:33 --------- d-----w C:\Program Files\Common Files\Adobe

2007-10-03 17:32 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu

2007-10-03 17:31 --------- d-----w C:\Program Files\Gadu-Gadu

2007-10-03 17:30 --------- d-----w C:\Program Files\Codec Pack - All In 1

2007-10-03 17:29 737,280 ----a-w C:\WINDOWS\iun6002.exe

2007-10-03 17:29 --------- d-----w C:\Program Files\Codec

2007-10-03 15:47 --------- d-----w C:\Program Files\Unibrain

2007-10-03 15:46 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-10-03 15:43 --------- d-----w C:\Program Files\Silicon Image

2007-10-03 15:43 --------- d-----w C:\Program Files\Java

2007-10-03 15:43 --------- d-----w C:\Program Files\Common Files\Java

2007-10-03 15:42 --------- d-----w C:\Program Files\ITE

2007-10-03 15:34 --------- d-----w C:\Program Files\Intel

2007-10-03 15:26 --------- d-----w C:\Program Files\microsoft frontpage

2007-10-03 15:24 --------- d-----w C:\Program Files\Usługi online

2007-09-28 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Skrót do strony właściwości High Definition Audio”=“HDAudPropShortcut.exe” [2004-03-17 16:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]

“Cmaudio”=“cmicnfg.cpl” []

“Control Center”=“C:\Program Files\ASUS\WLAN Card Utilities\Center.exe” [2004-11-11 21:17]

“SunJavaUpdateSched”=“C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe” [2003-09-16 19:01]

“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-06-28 21:05]

“RemoteControl”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2004-11-02 20:24]

“SiteAdvisor”=“C:\Program Files\SiteAdvisor\6172\SiteAdv.exe” [2007-03-30 17:42]

“ASUS Probe”=“C:\Program Files\ASUS\Asus Probe\AsusProb.exe” [2002-12-06 16:07]

“mkstray”=“C:\Program Files\mks_vir_2007\bin\mkstray.exe” [2007-10-04 21:05]

“mks_mail”=“C:\Program Files\mks_vir_2007\bin\mks_mail.exe” [2007-05-24 05:06]

“MKSRegmon”=“C:\Program Files\mks_vir_2007\bin\mksregmon.exe” [2007-05-24 05:06]

“StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 12:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-08 10:47]

“BoostSpeed”=“C:\PROGRA~1\AUSLOG~1\boostspeed.exe” [2005-02-11 11:46]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-09-13 13:31]

Złączono Posta : 26.10.2007 (Pią) 19:00

nie moge zrobic nowszego z CF bo juz za dlugo czekam aby mi sie cos pobralo i nie chce tego wylanczac