Log - rzuci ktoś okiem?

jestem kompletnie w tym zielonony :|… ale adaware wykrył mi WhenUsave… czytałem o tym na forum ale w moim logu ja tego nie widze ;/… rzuci ktoś okiem?? dzięki wielkie z góry

Logfile of HijackThis v1.99.1

Scan saved at 14:20:57, on 2007-01-27

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

C:\WINDOWS\system32\UMonit.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\WINDOWS\system32\acovcnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\VoipCheapCom\VoipCheapCom.exe

C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe

C:\Program Files\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

D:\programy\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [CognizanceTS] "rundll32.exe" c:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"

O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Power_Gear] "C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" 1

O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe

O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [ATKMEDIA] "C:\Program Files\ASUS\ATK Media\DMEDIA.EXE"

O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"

O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

O4 - HKLM\..\Run: [SMSERIAL] "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"

O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE

O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ASUS Live Update] "C:\Program Files\ASUS\ASUS Live Update\ALU.exe"

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: MultiFrame.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O20 - AppInit_DLLs: APSHook.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: OneCard - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Log czysty.

Jeśli nie masz już programy SpySweeper to przeczyść rejestr w celu usunięcia resztek po nim, opis.

Zajrzyj tutaj:

http://forum.dobreprogramy.pl/viewtopic … 580#578580

Przeskanuj http://www.ewido.net/en/ i wrzuć raport oraz log z SilentRunners.

dzięki :)… zaraz się tym zajme

log z silentrunnera

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"VoipCheapCom" = ""C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized" ["VoipCheapCom"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"HControl" = "C:\WINDOWS\ATK0100\HControl.exe" [empty string]

"igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]

"igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]

"igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]

"CognizanceTS" = ""rundll32.exe" c:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule" [MS]

"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]

"Wireless Console 2" = ""C:\Program Files\Wireless Console 2\wcourier.exe"" [null data]

"ABLKSR" = "C:\WINDOWS\ABLKSR\ABLKSR.exe" ["ASYSTeK Computer INC."]

"RemoteControl" = ""C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"" ["Cyberlink Corp."]

"ccApp" = ""c:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

"Power_Gear" = ""C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" 1" ["ASUSTeK Computer Inc."]

"UMonit" = "C:\WINDOWS\system32\UMonit.exe" [empty string]

"IntelZeroConfig" = ""C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"" ["Intel Corporation"]

"IntelWireless" = ""C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless" ["Intel Corporation"]

"Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."]

"BearShare" = ""C:\Program Files\BearShare\BearShare.exe" /pause" [file not found]

"ATKMEDIA" = ""C:\Program Files\ASUS\ATK Media\DMEDIA.EXE"" ["ASUSTeK Computer INC."]

"ACMON" = ""C:\Program Files\ASUS\Splendid\ACMON.exe"" ["ATK"]

"SynTPEnh" = ""C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"" ["Synaptics, Inc."]

"SMSERIAL" = ""C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"" ["Motorola Inc."]

"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]

"PowerForPhone" = ""C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe"" [null data]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Nero AG"]

"ASUS Live Update" = ""C:\Program Files\ASUS\ASUS Live Update\ALU.exe"" [empty string]

"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]

"WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security 2006"

  -> {HKLM...CLSID} = "CNisExtBho Class"

                   \InProcServer32\(Default) = "c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}\(Default) = "NAV Helper"

  -> {HKLM...CLSID} = "CNavExtBho Class"

                   \InProcServer32\(Default) = "c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

{DF21F1DB-80C6-11D3-9483-B03D0EC10000}\(Default) = "ASUS Security Protect Manager"

  -> {HKLM...CLSID} = "ASUS Security Protect Manager"

                   \InProcServer32\(Default) = "c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll" ["Infineon Technologies AG"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{666C7831-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (Context Menu)"

  -> {HKLM...CLSID} = "Document Manager (Shell Context Menu)"

                   \InProcServer32\(Default) = "c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll" ["Cognizance Corporation"]

"{666C7832-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (File Properties)"

  -> {HKLM...CLSID} = "Document Manager (Shell File Properties)"

                   \InProcServer32\(Default) = "c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll" ["Cognizance Corporation"]

"{666C7835-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (Drive Properties)"

  -> {HKLM...CLSID} = "Document Manager (Shell Drive Properties)"

                   \InProcServer32\(Default) = "c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll" ["Cognizance Corporation"]

"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"

  -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" [file not found]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\

<> "AppInit_DLLs" = "APSHook.dll" ["Cognizance Corporation"]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]

<> OneCard\DLLName = "c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll" ["Cognizance Corporation"]

<> WRNotifier\DLLName = "WRLogonNTF.dll" [file not found]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "c:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

  -> {HKLM...CLSID} = "IEContextMenu Class"

                   \InProcServer32\(Default) = "c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"

  -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" [file not found]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

  -> {HKLM...CLSID} = "IEContextMenu Class"

                   \InProcServer32\(Default) = "c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"

  -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" [file not found]



Group Policies {policy setting}:

--------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp"



Startup items in "krzychu" & "All Users" startup folders:

---------------------------------------------------------


C:\Documents and Settings\krzychu\Menu Start\Programy\Autostart

"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"MultiFrame" -> shortcut to: "C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe" ["ASUSTek Computer Inc."]

"Logitech SetPoint" -> shortcut to: "C:\Program Files\SetPoint\SetPoint.exe" ["Logitech Inc."]

"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]



Enabled Scheduled Tasks:

------------------------


"Norton AntiVirus - Run Full System Scan - krzychu" -> launches: "c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{C4069E3A-68F1-403E-B40E-20066696354B}"

  -> {HKLM...CLSID} = "Norton AntiVirus"

                   \InProcServer32\(Default) = "c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"

  -> {HKLM...CLSID} = "Norton Internet Security 2006"

                   \InProcServer32\(Default) = "c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security 2006"

  -> {HKLM...CLSID} = "Norton Internet Security 2006"

                   \InProcServer32\(Default) = "c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{C4069E3A-68F1-403E-B40E-20066696354B}" = "Norton AntiVirus"

  -> {HKLM...CLSID} = "Norton AntiVirus"

                   \InProcServer32\(Default) = "c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Miscellaneous IE Hijack Points

------------------------------


C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")


Added lines (compared with English-language version):

[Strings]: START_PAGE_URL=http://www.asus.com


Missing lines (compared with English-language version):

[Strings]: 1 line



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]

Intel(R) PROSet/Wireless Event Log, EvtEng, "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"]

Intel(R) PROSet/Wireless Registry Service, RegSrvc, "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"]

Intel(R) PROSet/Wireless Service, S24EventMonitor, "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "]

LightScribeService Direct Disc Labeling Service, LightScribeService, ""c:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]

Local Communication Channel, ASChannel, "C:\WINDOWS\System32\svchost.exe -k Cognizance" {"c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll" ["Cognizance Corporation"]}

Norton AntiVirus Auto-Protect Service, navapsvc, ""c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]

Norton Protection Center Service, NSCService, ""c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE"" ["Symantec Corporation"]

Symantec Core LC, Symantec Core LC, ""C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]

Symantec Event Manager, ccEvtMgr, ""c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]

Symantec Network Drivers Service, SNDSrvc, ""c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]

Symantec Network Proxy, ccProxy, ""c:\Program Files\Common Files\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]

Symantec Settings Manager, ccSetMgr, ""c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]



----------

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 31 seconds, including 10 seconds for message boxes)

ewido

__________________________________________________

ewido anti-spyware online scanner

	http://www.ewido.net

__________________________________________________



Name: Adware.SaveNow

Path: C:\Documents and Settings\krzychu\Ustawienia lokalne\Temp\saveinstwm.exe/VVSN.exe

Risk: Medium


Name: Adware.SaveNow

Path: C:\Documents and Settings\krzychu\Ustawienia lokalne\Temp\saveinstwm.exe/VVSN.exe

Risk: Medium


Name: TrackingCookie.Tradedoubler

Path: :mozilla.35:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Tradedoubler

Path: :mozilla.36:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Tradedoubler

Path: :mozilla.37:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Doubleclick

Path: :mozilla.62:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.84:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.85:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.86:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.87:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Statcounter

Path: :mozilla.110:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Statcounter

Path: :mozilla.111:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Statcounter

Path: :mozilla.112:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Statcounter

Path: :mozilla.113:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.119:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.120:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.2o7

Path: :mozilla.161:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.2o7

Path: :mozilla.165:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.174:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.175:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Hitbox

Path: :mozilla.180:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Hitbox

Path: :mozilla.181:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Hitbox

Path: :mozilla.182:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium

po tym raporcie usunąłem wszystkie ciasteczka i pierdoły z temp’a

Silent czysty.

Skoro usunąłeś już rzeczy z TEMP’a to już wszystko powinno być w porządku. Dodatkowo możesz dla pewności przeczyścić Current User Temp oraz All Users Temp za pomocą programu ATF Cleaner.

Możesz przeczyścić rejestr, ponieważ masz kilka pustych kluczy, opis.

Proszę poprawić nazwę tematu na konkretną, obrazującą problem, używając opcji Zmień