prosze o sprawdzenie loga

**Posty:** 5 · przez **emeryt89** 07 Kwi 2007, 18:31

prosze o sprawdzenie loga, komp i net mi strasznie muli

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 16:57:56, on 07/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\BT Datasure\OLlaunch.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\BT Datasure\OLRegCap.EXE C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Wapster\AQQ\AQQ.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Venturi2\Configurator\ventcfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\eMule\eMule.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\explorer.exe C:\Program Files\Tlen.pl\tlen.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\ACD Systems\ACDZip\ACDZip.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\arcCC.tmp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: BTxxxxxx #LAPTOP O1 - Hosts: BTxxxxxx #LAPTOP O1 - Hosts: BTxxxxxx #Desktop O1 - Hosts: BTxxxxxx #LAPTOP O1 - Hosts: BTxxxxxx #Desktop O1 - Hosts: BTxxxxxx #Desktop O1 - Hosts: Router #Default gateway O1 - Hosts: BCM O1 - Hosts: 147.147.2.157 SRYNDENT46 #SIEBEL LIVE SERVER GATEWAY O1 - Hosts: 147.147.2.159 SRYNDENT47 #SIEBEL REFERENCE GATEWAY O1 - Hosts: 147.147.2.161 SRYNDENT48 #SIEBEL LIVE SERVER EIM,FILE SYSTEM,SMTP,BREAKOUT PORT 40400, 2320 O1 - Hosts: 147.147.2.163 SRYNDENT49 #SIEBEL LIVE SERVER EAI, WORKFLOW SIEBEL REMOTE O1 - Hosts: 147.147.2.165 SRYNDENT50 #SIEBEL LIVE SERVER EAI, WORKFLOW O1 - Hosts: 147.147.2.167 SRYNDENT51 #SIEBEL LIVE SERVER WORKFLOW AND COMMS MNG O1 - Hosts: 147.147.2.169 SRYNDENT52 #SIEBEL LIVE SIEBEL REMOTE SYCHRONIZATION SERVER O1 - Hosts: 147.147.2.171 SRYNDENT53 #SIEBEL REFERENCE SIEBEL SERVER, CURRENTLY LIVE MACCSIM BOX O1 - Hosts: 147.147.2.23 SRYNDENT73 #COLD FUSION PORT 80 O1 - Hosts: 147.147.2.24 SRYNDENT74 #COLD FUSION PORT 80 O1 - Hosts: 147.147.2.16 SRYNDENT81 #W2K CERTIFICATION AUTHORITY O1 - Hosts: 147.147.2.12 SRYNDENTD8 #SIEBEL REMOTE SERVER O1 - Hosts: 147.147.2.13 SRYNDENTD9 #SIEBEL REMOTE SERVER O1 - Hosts: 147.147.2.11 SRYNDENTD7 #SIEBEL REMOTE SERVER O1 - Hosts: 147.148.253.182 STNSS9NT05 #SIEBEL SERVER - RUNNING FT MESSAGEING SERVICE O1 - Hosts: 213.121.215.75 exhange #EXCHANGE SERVER O1 - Hosts: 147.147.2.21 DTBTSME02 #FLOATING PORT 1521 O1 - Hosts: 147.147.2.155 DTBTSME04 #FLOATING PORT 1521 LIVE O1 - Hosts: 132.146.17.20 O/G E-MAIL #PORT25 O1 - Hosts: 147.147.2.23 FRANCO PORTAL O1 - Hosts: 147.148.253.224 FRANCO PORTAL O1 - Hosts: 147.147.2.24 FRANCO PORTAL O1 - Hosts: 147.149.60.180 btlocalbusiness.intra.bt.com O1 - Hosts: 147.149.60.180 training.intra.bt.com O1 - Hosts: 147.149.60.213 btretail.intra.bt.com O1 - Hosts: 147.149.60.199 business.intra.bt.com O1 - Hosts: 147.149.60.199 http://business.intra.bt.com/highway/business/index.htm O1 - Hosts: 147.149.60.199 business.intra.bt.com/bmt O1 - Hosts: 147.149.60.199 http://business.intra.bt.com/training/hrtraining/overview/ovfrm.htm O1 - Hosts: 147.149.60.80 bmt.intra.bt.com O1 - Hosts: 147.149.60.107 intuition.intra.bt.com O1 - Hosts: 147.149.60.35 today.intra.bt.com O1 - Hosts: 147.149.60.229 products.intra.bt.com O1 - Hosts: 147.149.60.229 products.intra.bt.com/Network_features O1 - Hosts: 147.149.60.229 products.intra.bt.com/pstn_lines_projects/lineshomepage/homepage.htm O1 - Hosts: 147.149.60.229 products.intra.bt.com/pricing_design/document/download.htm O1 - Hosts: 147.149.31.16 www.intellact.nat.bt.com O1 - Hosts: 147.149.60.29 directory.intra.bt.com O1 - Hosts: 147.149.60.23 documents.intra.bt.com O1 - Hosts: 147.149.116.93 COBRA.INTRA.BT.COM O1 - Hosts: 147.149.100.114 launchpad.nat.bt.com O1 - Hosts: 147.149.60.220 benverwaayen.intra.bt.com O1 - Hosts: 147.149.60.186 btopenworld.intra.bt.com O1 - Hosts: 132.146.46.12 riker.axion.bt.co.uk O1 - Hosts: 147.149.60.229 products.intra.bt.com/privatecircuits/training/index.htm O1 - Hosts: 147.149.60.199 business.intra.bt.com/btsme/eureka/intro.htm O1 - Hosts: 132.146.209.115 www.acronyms.bt.com O1 - Hosts: 193.113.211.245 btwebworld.com O1 - Hosts: 147.149.60.196 homepage.intra.bt.com O1 - Hosts: 213.121.143.193 www.btopenworld.com/broadband O1 - Hosts: 147.149.60.192 callcentres.intra.bt.com O1 - Hosts: 147.149.60.16 px5.intra.bt.com O1 - Hosts: 147.149.60.144 retailproducts.intra.bt.com O1 - Hosts: 147.149.139.89 btbusinessplan.intra.bt.com O1 - Hosts: 147.149.60.109 btbcam.intra.bt.com O1 - Hosts: 132.146.197.110 npecrf.nat.bt.com O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\RunOnce: [a_usdll] cmd /C "del C:\WINDOWS\system32\Macromed\Download\Download.dll" O4 - HKLM\..\RunOnce: [b_usexe] cmd /C "del C:\WINDOWS\system32\Macromed\Download\Download.exe" O4 - HKLM\..\RunOnce: [c_usdir] cmd /C "rmdir /Q C:\WINDOWS\system32\Macromed\Download" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Venturi 2.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm428YYGB O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: BT Datasure Launcher (BT DatasureLauncher) - BT - C:\Program Files\BT Datasure\OLlaunch.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe O23 - Service: BT Datasure RegCap (OLRegCap) - BT - C:\Program Files\BT Datasure\OLRegCap.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe

**Posty:** 18165 · przez **wojtas** 07 Kwi 2007, 20:38

Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach)
Start do awaryjnego ( F8 ) przy starcie komputera.

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O1 - Hosts: BTxxxxxx #LAPTOP
O1 - Hosts: BTxxxxxx #LAPTOP
O1 - Hosts: BTxxxxxx #Desktop
O1 - Hosts: BTxxxxxx #LAPTOP
O1 - Hosts: BTxxxxxx #Desktop
O1 - Hosts: BTxxxxxx #Desktop
O1 - Hosts: Router #Default gateway
O1 - Hosts: BCM
O1 - Hosts: 147.147.2.157 SRYNDENT46 #SIEBEL LIVE SERVER GATEWAY
O1 - Hosts: 147.147.2.159 SRYNDENT47 #SIEBEL REFERENCE GATEWAY
O1 - Hosts: 147.147.2.161 SRYNDENT48 #SIEBEL LIVE SERVER EIM,FILE SYSTEM,SMTP,BREAKOUT PORT 40400, 2320
O1 - Hosts: 147.147.2.163 SRYNDENT49 #SIEBEL LIVE SERVER EAI, WORKFLOW SIEBEL REMOTE
O1 - Hosts: 147.147.2.165 SRYNDENT50 #SIEBEL LIVE SERVER EAI, WORKFLOW
O1 - Hosts: 147.147.2.167 SRYNDENT51 #SIEBEL LIVE SERVER WORKFLOW AND COMMS MNG
O1 - Hosts: 147.147.2.169 SRYNDENT52 #SIEBEL LIVE SIEBEL REMOTE SYCHRONIZATION SERVER
O1 - Hosts: 147.147.2.171 SRYNDENT53 #SIEBEL REFERENCE SIEBEL SERVER, CURRENTLY LIVE MACCSIM BOX
O1 - Hosts: 147.147.2.23 SRYNDENT73 #COLD FUSION PORT 80
O1 - Hosts: 147.147.2.24 SRYNDENT74 #COLD FUSION PORT 80
O1 - Hosts: 147.147.2.16 SRYNDENT81 #W2K CERTIFICATION AUTHORITY
O1 - Hosts: 147.147.2.12 SRYNDENTD8 #SIEBEL REMOTE SERVER
O1 - Hosts: 147.147.2.13 SRYNDENTD9 #SIEBEL REMOTE SERVER
O1 - Hosts: 147.147.2.11 SRYNDENTD7 #SIEBEL REMOTE SERVER
O1 - Hosts: 147.148.253.182 STNSS9NT05 #SIEBEL SERVER - RUNNING FT MESSAGEING SERVICE
O1 - Hosts: 213.121.215.75 exhange #EXCHANGE SERVER
O1 - Hosts: 147.147.2.21 DTBTSME02 #FLOATING PORT 1521
O1 - Hosts: 147.147.2.155 DTBTSME04 #FLOATING PORT 1521 LIVE
O1 - Hosts: 132.146.17.20 O/G E-MAIL #PORT25
O1 - Hosts: 147.147.2.23 FRANCO PORTAL
O1 - Hosts: 147.148.253.224 FRANCO PORTAL
O1 - Hosts: 147.147.2.24 FRANCO PORTAL
O1 - Hosts: 147.149.60.180 btlocalbusiness.intra.bt.com
O1 - Hosts: 147.149.60.180 training.intra.bt.com
O1 - Hosts: 147.149.60.213 btretail.intra.bt.com
O1 - Hosts: 147.149.60.199 business.intra.bt.com
O1 - Hosts: 147.149.60.199 http://business.intra.bt.com/highway/business/index.htm
O1 - Hosts: 147.149.60.199 business.intra.bt.com/bmt
O1 - Hosts: 147.149.60.199 http://business.intra.bt.com/training/hrtraining/overview/ovfrm.htm
O1 - Hosts: 147.149.60.80 bmt.intra.bt.com
O1 - Hosts: 147.149.60.107 intuition.intra.bt.com
O1 - Hosts: 147.149.60.35 today.intra.bt.com
O1 - Hosts: 147.149.60.229 products.intra.bt.com
O1 - Hosts: 147.149.60.229 products.intra.bt.com/Network_features
O1 - Hosts: 147.149.60.229 products.intra.bt.com/pstn_lines_projects/lineshomepage/homepage.htm
O1 - Hosts: 147.149.60.229 products.intra.bt.com/pricing_design/document/download.htm
O1 - Hosts: 147.149.31.16 www.intellact.nat.bt.com
O1 - Hosts: 147.149.60.29 directory.intra.bt.com
O1 - Hosts: 147.149.60.23 documents.intra.bt.com
O1 - Hosts: 147.149.116.93 COBRA.INTRA.BT.COM
O1 - Hosts: 147.149.100.114 launchpad.nat.bt.com
O1 - Hosts: 147.149.60.220 benverwaayen.intra.bt.com
O1 - Hosts: 147.149.60.186 btopenworld.intra.bt.com
O1 - Hosts: 132.146.46.12 riker.axion.bt.co.uk
O1 - Hosts: 147.149.60.229 products.intra.bt.com/privatecircuits/training/index.htm
O1 - Hosts: 147.149.60.199 business.intra.bt.com/btsme/eureka/intro.htm
O1 - Hosts: 132.146.209.115 www.acronyms.bt.com
O1 - Hosts: 193.113.211.245 btwebworld.com
O1 - Hosts: 147.149.60.196 homepage.intra.bt.com
O1 - Hosts: 213.121.143.193 www.btopenworld.com/broadband
O1 - Hosts: 147.149.60.192 callcentres.intra.bt.com
O1 - Hosts: 147.149.60.16 px5.intra.bt.com
O1 - Hosts: 147.149.60.144 retailproducts.intra.bt.com
O1 - Hosts: 147.149.139.89 btbusinessplan.intra.bt.com
O1 - Hosts: 147.149.60.109 btbcam.intra.bt.com
O1 - Hosts: 132.146.197.110 npecrf.nat.bt.com
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\RunOnce: [a_usdll] cmd /C "del C:\WINDOWS\system32\Macromed\Download\Download.dll"
O4 - HKLM\..\RunOnce: [b_usexe] cmd /C "del C:\WINDOWS\system32\Macromed\Download\Download.exe"
O4 - HKLM\..\RunOnce: [c_usdir] cmd /C "rmdir /Q C:\WINDOWS\system32\Macromed\Download"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm428YYGB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.cab

Odpalasz hijackthis i zaznaczasz ptaszkami powyższe wpisy i dajesz Fix checked.
Pogrubione pliki usuwasz ręcznie z dysku

start>urchom> wpisz msconfig> zakladka uruchamianie> wylacz progsy ktore nie chcesz zeby startowaly z systemem
potem nowe logi z Hijack This oraz Silent runners

**Posty:** 5 · przez **emeryt89** 07 Kwi 2007, 21:35

oo dzieki juz lepiej ale prosze sprawdzcie jeszcze to :wink:

Hijack This

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 20:24:46, on 07/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\BT Datasure\OLlaunch.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe C:\Program Files\BT Datasure\OLRegCap.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Venturi2\Configurator\ventcfg.exe C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\arc3.tmp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Venturi 2.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: BT Datasure Launcher (BT DatasureLauncher) - BT - C:\Program Files\BT Datasure\OLlaunch.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe O23 - Service: BT Datasure RegCap (OLRegCap) - BT - C:\Program Files\BT Datasure\OLRegCap.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe

Silent Runners

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "DrvLsnr" = "C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" ["adi"] "IgfxTray" = "C:\WINDOWS\System32\igfxtray.exe" ["Intel Corporation"] "HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"] "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."] "GhostStartTrayApp" = "C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" ["Symantec Corporation"] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "BJCFD" = "C:\Program Files\BroadJump\Client Foundation\CFD.exe" ["BroadJump, Inc."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."] "MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{57C51AF9-DEF7-11D3-A801-00C04F163490}" = "Ghost Shell Extension" -> {HKLM...CLSID} = "PropPage Class" \InProcServer32\(Default) = "C:\Program Files\Symantec\Norton Ghost 2003\GhoShExt.dll" ["Symantec Corporation"] "{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places" -> {HKLM...CLSID} = "My Bluetooth Places" \InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["WIDCOMM, Inc."] "{FEB7DAE0-E111-11D0-BFD7-444553540000}" = "ArjFolder" -> {HKLM...CLSID} = "Dossier ArjFolder" \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\ArjFolde.dll" ["Raphaël MOUNIER"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ACDZip\(Default) = "{A7DCFDEC-61A9-11D4-ABBF-00A083371417}" -> {HKLM...CLSID} = "ArcRClick Class" \InProcServer32\(Default) = "C:\Program Files\ACD Systems\ACDZip\ACDZipSh.dll" ["ACD Systems, Ltd."] ArjFolder\(Default) = "{FEB7DAE0-E111-11D0-BFd7-444553540000}" -> {HKLM...CLSID} = "Dossier ArjFolder" \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\ArjFolde.dll" ["Raphaël MOUNIER"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ArjFolder\(Default) = "{FEB7DAE0-E111-11D0-BFd7-444553540000}" -> {HKLM...CLSID} = "Dossier ArjFolder" \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\ArjFolde.dll" ["Raphaël MOUNIER"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ ACDZip\(Default) = "{A7DCFDEC-61A9-11D4-ABBF-00A083371417}" -> {HKLM...CLSID} = "ArcRClick Class" \InProcServer32\(Default) = "C:\Program Files\ACD Systems\ACDZip\ACDZipSh.dll" ["ACD Systems, Ltd."] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "ForceClassicControlPanel" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoSimpleStartMenu" = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKCU\Software\Policies\Microsoft\Windows\Network Connections\ "NC_NewConnectionWizard" = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "LogonType" = (REG_DWORD) hex:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\My Documents\My Pictures\Laura\8.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Administrator\My Documents\My Pictures\Laura\8.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "Administrator" & "All Users" startup folders: --------------------------------------------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup "BlueSoleil" -> shortcut to: "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" ["IVT Corporation"] "BTTray" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["WIDCOMM, Inc."] "Venturi 2" -> shortcut to: "C:\Program Files\Venturi2\Configurator\ventcfg.exe" [empty string] Enabled Scheduled Tasks: ------------------------ "itel1" -> launches: "D:\Shared Area - Inner London West\Itel\itel1.bat" [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: vlsp.dll ["Fourelle Systems, Inc"], 01 - 05, 17 C:\WINDOWS\system32\CSLSP.DLL ["Networks Associates Technologies, Inc."], 06 - 10, 16 %SystemRoot%\system32\mswsock.dll [MS], 11 - 13, 18 - 29 %SystemRoot%\system32\rsvpsp.dll [MS], 14 - 15 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{ACB1E670-3217-45C4-A021-6B829A8A27CB}" = "Mcafee VirusScan" -> {HKLM...CLSID} = "McAfee VirusScan" \InProcServer32\(Default) = "C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll" ["Network Associates, Inc."] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}\(Default) = "My Web Search Quick View" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}" -> {HKLM...CLSID} = "Java Plug-in 1.5.0_02" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {CCA281CA-C863-46EF-9331-5C8D4460577F}\ "ButtonText" = "@btrez.dll,-4015" "MenuText" = "@btrez.dll,-4017" "Script" = "C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*Z" (unwritable string) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] HOSTS file ---------- C:\WINDOWS\System32\drivers\etc\HOSTS maps: 9 domain names to IP addresses, 9 of the IP addresses are *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVSync Manager, AvSynMgr, ""C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe"" ["Network Associates, Inc."] BlueSoleil Hid Service, BlueSoleil Hid Service, "C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe" [null data] Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["WIDCOMM, Inc."] BT Datasure Launcher, BT DatasureLauncher, ""C:\Program Files\BT Datasure\OLlaunch.exe"" ["BT"] BT Datasure RegCap, OLRegCap, "C:\Program Files\BT Datasure\OLRegCap.EXE" ["BT"] GhostStartService, GhostStartService, "C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe" ["Symantec Corporation"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS] McShield, McShield, ""C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe"" ["Network Associates, Inc."] SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Bluetooth Printer Port\Driver = "bthcrp.dll" ["WIDCOMM, Inc."] Brother NetBIOS Port\Driver = "C:\WINDOWS\system32\brntmnNT.dll" [null data] HP Standard TCP/IP Port\Driver = "hptcpmon.dll" ["Hewlett Packard"] LIDIL hpzll4pi\Driver = "hpzll4pi.dll" ["Hewlett-Packard Company"] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 12 seconds. ---------- (total run time: 47 seconds)

**Posty:** 18165 · przez **wojtas** 07 Kwi 2007, 21:39

wklej do notatnika:

schtasks /delete /TN itel1 /F

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na Wszystkie pliki >>> Zapisz jako FIX.BAT >>> uruchom plik

potem

wejdź na dysk na którym masz windows zainstalowany, tam w katalog WINDOWS -> system 32 -> drivers -> etc
i tam za pomocą notatnika otwórz plik hosts

Jeśli są jakieś wpisy pod

# 102.54.94.97 rhino.acme.com # serwer źródłowy
# 38.25.63.10 x.acme.com # komputer kliencki x

127.0.0.1 localhost

to usun tylko zostaw te pokazane przeze mnie wyzej

na koniec daj loga z comboscana:

http://www.techsupportforum.com/sectools/Deckard/comboscan.exe

**Posty:** 5 · przez **emeryt89** 07 Kwi 2007, 21:48

oto co mam w pliku hosts... co skasowac?

Kod: Zaznacz wszystko: # BTLB Host File # ------------------------------------ # # This file should be placed in X:\winnt\system32\drivers\etc # where X is probably C or D drive. This file is used by any TCP/IP netwotk software # and DNS. It should be identical to lmhosts. # # updated: # 02.01.03 # #Local BTLB # #Local BTLB xxxxxxxxxx # # # # # # # Siebel Servers 10.220.28.120 SYNTEGRA-GEM #GEM WEBSITE (SYNTEGRA SUPPORT) # # # #INTRANET AND INTERNET SITE # 10.224.65.185 alchemy.nat.bt.com 10.241.14.17 www.prima.nat.bt.com 10.234.65.111 minerva.nat.bt.com 10.235.30.249 eBOOK pages 10.235.20.249/eBook/Security.asp?Book=1 10.220.28.120 syntegra-gem.syntegra.bt.co.uk/gem/imdex.htm 10.220.23.18 tetley.syntegra.bt.co.uk 10.224.65.187 bis.nat.bt.com 10.234.157.71 saleszone.technet.bt.com

**Posty:** 18165 · przez **wojtas** 07 Kwi 2007, 21:57

to mozesz:

10.220.28.120 SYNTEGRA-GEM #GEM WEBSITE (SYNTEGRA SUPPORT)
#
#
#
#INTRANET AND INTERNET SITE
#
10.224.65.185 alchemy.nat.bt.com
10.241.14.17 www.prima.nat.bt.com
10.234.65.111 minerva.nat.bt.com
10.235.30.249 eBOOK pages 10.235.20.249/eBook/Security.asp?Book=1
10.220.28.120 syntegra-gem.syntegra.bt.co.uk/gem/imdex.htm
10.220.23.18 tetley.syntegra.bt.co.uk
10.224.65.187 bis.nat.bt.com
10.234.157.71 saleszone.technet.bt.com

**Posty:** 5 · przez **emeryt89** 07 Kwi 2007, 22:04

ComboScan:

Kod: Zaznacz wszystko: ComboScan v20070306.20 run by Administrator on 2007-04-07 at 20:50:02 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable...success. -- Last 1 Restore Point(s) -- 1: 2007-04-07 19:50:08 UTC - RP1 - System Checkpoint Performed disk cleanup. -- HijackThis (run as Administrator.exe) --------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 20:52:24, on 07/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\BT Datasure\OLlaunch.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe C:\Program Files\BT Datasure\OLRegCap.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Venturi2\Configurator\ventcfg.exe C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\W1AJ4XUB\comboscan[1].exe C:\DOCUME~1\ADMINI~1\MYDOCU~1\HIJACK~1\Administrator.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Venturi 2.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: BT Datasure Launcher (BT DatasureLauncher) - BT - C:\Program Files\BT Datasure\OLlaunch.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe O23 - Service: BT Datasure RegCap (OLRegCap) - BT - C:\Program Files\BT Datasure\OLRegCap.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe -- File Associations ----------------------------------------------------------- .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .cmd - cmdfile - "%1" %* .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 3R aeaudio - C:\WINDOWS\system32\drivers\aeaudio.sys 2R Aspi32 - C:\WINDOWS\system32\drivers\ASPI32.SYS 3R b57w2k (Broadcom NetXtreme Gigabit Ethernet) - C:\WINDOWS\system32\drivers\b57xp32.sys 3R BlueletAudio (Bluetooth Audio Service) - C:\WINDOWS\system32\drivers\blueletaudio.sys 2R BrPar - C:\WINDOWS\system32\drivers\BRPAR.SYS 3R BT (Bluetooth PAN Network Adapter) - C:\WINDOWS\system32\drivers\BtNetDrv.sys 3S Btcsrusb (Bluetooth USB For Bluetooth Service) - C:\WINDOWS\system32\drivers\btcusb.sys 3R BTHidEnum (Bluetooth HID Enumerator) - C:\WINDOWS\system32\drivers\vbtenum.sys 0R BTHidMgr (Bluetooth HID Manager Service) - C:\WINDOWS\system32\drivers\BTHidMgr.sys 0R BTKRNL (Bluetooth Protocol Stack) - C:\WINDOWS\system32\drivers\btkrnl.sys 2R BTSERIAL (Bluetooth Serial Driver) - C:\WINDOWS\system32\drivers\btserial.sys 2R BTSLBCSP (Bluetooth Port Client Driver) - C:\WINDOWS\system32\drivers\btslbcsp.sys 3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys 1R GhPciScan (GhostPciScanner) - C:\Program Files\Symantec\Norton Ghost 2003\GhPciScan.sys 3R ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys 1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys 3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\MSTEE.sys 3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys 3R NaiFiltr - C:\WINDOWS\system32\drivers\NaiFiltr.sys 3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\NdisIP.sys 0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys 3S QV2KUX (Casio Digital Camera) - C:\WINDOWS\system32\drivers\qv2kux.sys 3R ROOTMODEM (Microsoft Legacy Modem Driver) - C:\WINDOWS\system32\drivers\rootmdm.sys 3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\SLIP.sys 3R smwdm - C:\WINDOWS\system32\drivers\smwdm.sys 3S StillCam (Still Serial Digital Camera Driver) - C:\WINDOWS\system32\drivers\serscan.sys 3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\StreamIP.sys 3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys 3S usbcm (USB Cable Modem 351000 NDIS Driver) - C:\WINDOWS\system32\drivers\usbcm.sys 3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys 3R usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys 3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS 3R V0260VID (Live! Cam Vista IM) - C:\WINDOWS\system32\drivers\V0260Vid.sys 3R VComm (Virtual Serial port driver) - C:\WINDOWS\system32\drivers\VComm.sys 3R VcommMgr (Bluetooth VComm Manager Service) - C:\WINDOWS\system32\drivers\VcommMgr.sys 0R WDMCAPI (ISDN PCI CAPI) - C:\WINDOWS\system32\drivers\WDMCAPI.sys 3R WDMWANMP (NDIS WAN miniport) - C:\WINDOWS\system32\drivers\wdmwanmp.sys 1R WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys 3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 2R AvSynMgr (AVSync Manager) - "C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe" 2R BlueSoleil Hid Service - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe 2S Brother XP spl Service (BrSplService) - C:\WINDOWS\system32\brsvc01a.exe 2R BT DatasureLauncher (BT Datasure Launcher) - "C:\Program Files\BT Datasure\OLlaunch.exe" 2R btwdins (Bluetooth Service) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 2R GhostStartService - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe 3S gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" 3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" 3R McShield - "C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe" 2R OLRegCap (BT Datasure RegCap) - C:\Program Files\BT Datasure\OLRegCap.EXE 3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" 3S Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe 2R SoundMAX Agent Service (default) (SoundMAX Agent Service) - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 2S Venturi2 (Venturi2 Client) - C:\Program Files\Venturi2\Client\ventc.exe -- Files created between 2007-03-07 and 2007-04-07 ----------------------------- 2007-04-06 21:41:44 0 d-------- C:\Program Files\ArjFolder<ARJFOL~1> 2007-04-06 21:35:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\ACD Systems<ACDSYS~1> 2007-04-06 21:31:08 0 d-------- C:\Program Files\ACD Systems<ACDSYS~1> 2007-04-06 18:54:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help 2007-04-06 16:12:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion<YAHOO!~1> 2007-04-06 16:07:17 0 d-------- C:\Program Files\Yahoo! 2007-03-20 19:13:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Tlen.pl 2007-03-20 19:13:26 0 d-------- C:\Program Files\Tlen.pl 2007-03-12 02:39:46 28672 --a------ C:\WINDOWS\system32\f3PSSavr.scr 2007-03-12 02:39:11 0 d-------- C:\Program Files\FunWebProducts<FUNWEB~1> 2007-03-10 23:41:52 2560 -----n--- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-03-10 23:41:52 2432 -----n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-03-10 23:41:30 0 d-------- C:\Program Files\Google 2007-03-10 23:41:16 0 d-------- C:\Program Files\Picasa2 2007-03-09 00:10:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun -- Find3M Report --------------------------------------------------------------- 2007-04-07 19:50:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype 2007-04-06 11:09:18 0 d-------- C:\Program Files\BT Datasure<BTDATA~1> 2007-04-05 19:45:02 0 d-------- C:\Program Files\GameSpy Arcade<GAMESP~1> 2007-03-18 13:34:44 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-03-18 13:34:33 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft<MICROS~1> 2007-03-10 23:32:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Image Zone Express<IMAGEZ~1> 2007-03-04 22:48:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ahead 2007-03-02 18:22:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\HP 2007-03-02 18:14:47 123996 --a------ C:\WINDOWS\HPHins12.dat 2007-03-02 18:14:05 0 d-------- C:\Program Files\HP 2007-03-02 18:11:59 0 d-------- C:\Program Files\Common Files\HP 2007-03-02 18:10:29 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1> 2007-02-28 22:56:53 0 d-------- C:\Program Files\directx 2007-02-28 22:42:48 0 d-------- C:\Program Files\Gathering<GATHER~1> 2007-02-28 22:16:26 0 d-------- C:\Program Files\Managed DirectX (0901)<MANAGE~1> 2007-02-28 21:48:03 724992 --a------ C:\WINDOWS\iun6002.exe 2007-02-25 07:05:50 0 d-------- C:\Program Files\Ahead 2007-02-25 07:02:19 0 d-------- C:\Program Files\Common Files\Ahead 2007-02-24 22:09:01 0 d-------- C:\Program Files\Wapster 2007-02-24 21:57:23 0 d-------- C:\Program Files\Gadu-Gadu<GADU-G~1> 2007-02-23 17:31:53 0 d-------- C:\Program Files\Codec Pack - All In 1<CODECP~1> 2007-02-21 16:32:55 0 d-------- C:\Program Files\eMule 2007-02-20 19:15:51 0 d-------- C:\Program Files\Skype 2007-02-15 16:46:16 0 d-------- C:\Program Files\Common Files\DirectX 2007-02-15 16:43:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\THQ 2007-02-15 16:42:49 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL> 2007-02-15 16:28:09 0 d-------- C:\Program Files\THQ 2007-02-15 16:27:22 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1> 2007-02-14 16:32:06 0 d-------- C:\Program Files\Autobahn Racing<AUTOBA~1> 2007-02-07 18:35:03 0 d-------- C:\Program Files\Common Files\Motive 2007-02-07 18:34:25 0 d-------- C:\Program Files\BroadJump<BROADJ~1> -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "Komunikator"="C:\\Program Files\\Tlen.pl\\tlen.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "DrvLsnr"="C:\\Program Files\\Analog Devices\\SoundMAX\\DrvLsnr.exe" "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe" "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe" "GhostStartTrayApp"="C:\\Program Files\\Symantec\\Norton Ghost 2003\\GhostStartTrayApp.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe" "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk" "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe " "item"="HP Digital Imaging Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AQQ" "hkey"="HKCU" "command"="C:\\PROGRA~1\\Wapster\\AQQ\\AQQ.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hpcmpmgr" "hkey"="HKLM" "command"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPWuSchd2" "hkey"="HKLM" "command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="tlen" "hkey"="HKCU" "command"="C:\\Program Files\\Tlen.pl\\tlen.exe" "inimapping"="0" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "LogonType"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"=dword:00000001 "NoSimpleStartMenu"=dword:00000001 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 -- End of ComboScan: finished at 2007-04-07 at 20:53:06 ------------------------

Supplement ( ??) :

Kod: Zaznacz wszystko: ComboScan v20070306.20 run by Administrator on 2007-04-07 at 20:50:02 Supplementary logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz Percentage of Memory in Use: 85% Physical Memory (total/avail): 247.48 MiB / 36.52 MiB Pagefile Memory (total/avail): 604.65 MiB / 336.67 MiB Virtual Memory (total/avail): 2047.88 MiB / 1990.71 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 18.56 GiB total, 5.78 GiB free. D: is Fixed (NTFS) - 18.7 GiB total, 15.13 GiB free. E: is CDROM (No Media) F: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is disabled. Windows Internal Firewall is disabled. AntiVirusDisableNotify is set. FirewallDisableNotify is set. UpdatesDisableNotify is set. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Administrator\Application Data CLASSPATH=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=PC7 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Administrator LOGONSERVER=\\PC7 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;"C:\Program Files\Symantec\Norton Ghost 2003\";C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0209 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp USERDOMAIN=PC7 USERNAME=Administrator USERPROFILE=C:\Documents and Settings\Administrator windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Sonia [I](new local, admin, profile directory not found)[/I] recovery [I](new local, admin, profile directory not found)[/I] arrabas [I](admin, profile directory not found)[/I] lobinv [I](admin, profile directory not found)[/I] Administrator [I](admin)[/I] -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNNMP.exe /UNINSTALL --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ACDZip Trial Version --> MsiExec.exe /I{42130514-A8DC-4F78-9774-0831D84ED303} Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001} ARJ Folder V3.65 --> RunDll32 advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\ArjFEx.inf, DefaultUninstall,,,256 Autobahn Racing --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Autobahn Racing\Uninst.isu" BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x9 BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a Brother 1470N --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Brother\BRHL1470\DeIsL1.isu" -cbrunin147.dll Brother Peer to Peer Print (NetBIOS) 1.10 --> C:\Program Files\Brother\Network Print Software\BNT\UnInst.exe BT Datasure Online PC Backup (remove only) --> C:\Program Files\BT Datasure\OLUninst.exe Codec Pack - All In 1 6.0.2.4 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini" Creative Live! Cam Vista IM Driver (1.00.07.0401) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0260.uns -unsext NT -plugin V0260Pin.dll -pluginres CtCamPin.crl FireWarrior --> C:\WINDOWS\iun6002.exe "C:\Program Files\FireWarrior\irunin.ini" Fourelle Venturi Personal Client 2.1.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C59FA2E-EEDA-41FA-90AC-F8FCBD032E85}\Setup.exe" -l0x9 Gadu-Gadu 7.6 --> C:\Program Files\Gadu-Gadu\Setup.exe GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG HijackThis 1.99.1 --> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\arcB7.tmp\HijackThis.exe /uninstall HP Customer cenzura! Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart and Deskjet 7.0 Software --> C:\Program Files\HP\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\setup\hpzscr01.exe -datfile hphscr12.dat -showdisconnect -forcereboot HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F} HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E} HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572 J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010} J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020} Juiced --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{902C9C8F-BFC8-4A70-BCE5-F311D6D9CFFD}\setup.exe" -l0x9 -removeonly LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log McAfee VirusScan Professional Edition --> MsiExec.exe /I{E4DC62CE-5F95-11D6-B254-00C04FF4B435} Microsoft Office Outlook 2003 --> MsiExec.exe /I{90E00409-6000-11D3-8CFE-0150048383C9} Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9} My Web Search (Popular Screensavers) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall Norton Ghost --> MsiExec.exe /I{BBAAACFA-B012-4367-ADDA-4DDCDFD48F96} Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe" QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033 SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" Tlen.pl --> "C:\Program Files\Tlen.pl\uninstall.exe" Wapster AQQ --> C:\Program Files\Wapster\AQQ\uninstall.exe WIDCOMM Bluetooth Software --> MsiExec.exe /X{FE90E9E7-A158-4687-8853-DF677A939A61} Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe -- End of ComboScan: finished at 2007-04-07 at 20:53:06 ------------------------

**Posty:** 18165 · przez **wojtas** 07 Kwi 2007, 22:06

jest czysto

**Posty:** 5 · przez **emeryt89** 07 Kwi 2007, 22:09

ok, wieelkie dzieki

. Pozdro

prosze o sprawdzenie loga

prosze o sprawdzenie loga

Kto jest na forum