Logfile of HijackThis v1.99.1
Scan saved at 17:19:12, on 2006-08-11
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\RunDll32.exe
D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
D:\Program Files\Winamp\winampa.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\BearShare\BearShare.exe
D:\Program Files\BearFlix\bearflix.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Gadu-Gadu\gg.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\wpabaln.exe
D:\WINDOWS\System32\svchost.exe
D:\Documents and Settings\Andrzej\Moje dokumenty\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - D:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL (file missing)
O2 - BHO: IE 4.x-5.x BHO in ObjectPascal - {49E0E0F0-5C30-11D4-945D-000000000000} - D:\PROGRA~1\MarBit\TOOLS\IEHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - D:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Services] D:\WINDOWS\services.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [BearFlix] "D:\Program Files\BearFlix\bearflix.exe" /pause
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Odkurzacz-MCD] D:\Program Files\Odkurzacz\odk_mcd.exe
O8 - Extra context menu item: Download with Internet TOOLS - D:\Program Files\MarBit\TOOLS\MBdownload.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_71.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/ArcaOnline.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_30.cab
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
i jeszcze to..."Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "D:\WINDOWS\System32\ctfmon.exe" [MS]
"MSMSGS" = ""D:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Skype" = ""D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"Gadu-Gadu" = ""D:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]
"Odkurzacz-MCD" = "D:\Program Files\Odkurzacz\odk_mcd.exe" ["Franmo Software"]
"odk_mcd" = (empty string)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"Services" = "D:\WINDOWS\services.exe" [file not found]
"SunJavaUpdateSched" = "D:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" ["Sun Microsystems, Inc."]
"AT-Watch" = (empty string)
"WinampAgent" = "D:\Program Files\Winamp\winampa.exe" [null data]
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"NeroFilterCheck" = "D:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"BearShare" = ""D:\Program Files\BearShare\BearShare.exe" /pause" ["Free Peers, Inc."]
"BearFlix" = ""D:\Program Files\BearFlix\bearflix.exe" /pause" ["Musiclab, LLC"]
"TkBellExe" = ""D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"nod32kui" = ""D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{37B85A21-692B-4205-9CAD-2626E4993404}\(Default) = "My Global Search Bar BHO"
-> {HKLM...CLSID} = "My Global Search Bar BHO"
\InProcServer32\(Default) = "D:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL" [file not found]
{49E0E0F0-5C30-11D4-945D-000000000000}\(Default) = (no title provided)
-> {HKLM...CLSID} = "IE 4.x-5.x BHO in ObjectPascal"
\InProcServer32\(Default) = "D:\PROGRA~1\MarBit\TOOLS\IEHelper.dll" [file not found]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
W trybie awaryjnym z wyłączonym przywracaniem systemu usuwasz :
Pliki i foldery usuń ręcznie z dysku (D:\Program Files\MyGlobalSearch -> o ile będzie)
W razie problemów z usunięciem Plików/Folderów Użyj programu Pocket KillBox
Znasz to :?: Jeśli nie to też usuń.
Użyj :
Pobierz program, zrób update i przeskanuj