Zamuliło mi kompa zerknie ktos na te logi


(Szyndal) #1
Logfile of HijackThis v1.99.1

Scan saved at 17:19:12, on 2006-08-11

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\SYSTEM32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\System32\RunDll32.exe

D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

D:\Program Files\Winamp\winampa.exe

D:\WINDOWS\System32\RUNDLL32.EXE

D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

D:\Program Files\BearShare\BearShare.exe

D:\Program Files\BearFlix\bearflix.exe

D:\Program Files\Common Files\Real\Update_OB\realsched.exe

D:\Program Files\Eset\nod32kui.exe

D:\WINDOWS\System32\ctfmon.exe

D:\Program Files\Messenger\msmsgs.exe

D:\Program Files\Skype\Phone\Skype.exe

D:\Program Files\Gadu-Gadu\gg.exe

D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

D:\Program Files\Alwil Software\Avast4\ashServ.exe

D:\Program Files\Eset\nod32krn.exe

D:\WINDOWS\System32\nvsvc32.exe

D:\Program Files\Alwil Software\Avast4\ashWebSv.exe

D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

D:\WINDOWS\System32\wuauclt.exe

D:\WINDOWS\System32\wpabaln.exe

D:\WINDOWS\System32\svchost.exe

D:\Documents and Settings\Andrzej\Moje dokumenty\hijackthis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - D:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL (file missing)

O2 - BHO: IE 4.x-5.x BHO in ObjectPascal - {49E0E0F0-5C30-11D4-945D-000000000000} - D:\PROGRA~1\MarBit\TOOLS\IEHelper.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - D:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL (file missing)

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Services] D:\WINDOWS\services.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [BearFlix] "D:\Program Files\BearFlix\bearflix.exe" /pause

O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Odkurzacz-MCD] D:\Program Files\Odkurzacz\odk_mcd.exe

O8 - Extra context menu item: Download with Internet TOOLS - D:\Program Files\MarBit\TOOLS\MBdownload.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\System32\Shdocvw.dll

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_71.cab

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/ArcaOnline.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_30.cab

O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe


i jeszcze to..."Silent Runners.vbs", revision 46, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "D:\WINDOWS\System32\ctfmon.exe" [MS]

"MSMSGS" = ""D:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"Skype" = ""D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

"Gadu-Gadu" = ""D:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]

"Odkurzacz-MCD" = "D:\Program Files\Odkurzacz\odk_mcd.exe" ["Franmo Software"]

"odk_mcd" = (empty string)


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]

"Services" = "D:\WINDOWS\services.exe" [file not found]

"SunJavaUpdateSched" = "D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" ["Sun Microsystems, Inc."]

"AT-Watch" = (empty string)

"WinampAgent" = "D:\Program Files\Winamp\winampa.exe" [null data]

"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]

"avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

"NeroFilterCheck" = "D:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"BearShare" = ""D:\Program Files\BearShare\BearShare.exe" /pause" ["Free Peers, Inc."]

"BearFlix" = ""D:\Program Files\BearFlix\bearflix.exe" /pause" ["Musiclab, LLC"]

"TkBellExe" = ""D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]

"nod32kui" = ""D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{37B85A21-692B-4205-9CAD-2626E4993404}\(Default) = "My Global Search Bar BHO"

  -> {HKLM...CLSID} = "My Global Search Bar BHO"

                   \InProcServer32\(Default) = "D:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL" [file not found]

{49E0E0F0-5C30-11D4-945D-000000000000}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "IE 4.x-5.x BHO in ObjectPascal"

                   \InProcServer32\(Default) = "D:\PROGRA~1\MarBit\TOOLS\IEHelper.dll" [file not found]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

(Mayster X) #2

W trybie awaryjnym z wyłączonym przywracaniem systemu usuwasz :

Pliki i foldery usuń ręcznie z dysku (D:\Program Files\MyGlobalSearch -> o ile będzie)

W razie problemów z usunięciem Plików/Folderów Użyj programu Pocket KillBox

Znasz to :?: Jeśli nie to też usuń.

Użyj :

ewido.gif

Pobierz program, zrób update i przeskanuj

skaner.gif


(Myszonus) #3

http://www.bearflix.com/?lang=pl :slight_smile: