Log - rzuci ktoś okiem?


(Pucek2) #1

jestem kompletnie w tym zielonony :|... ale adaware wykrył mi WhenUsave... czytałem o tym na forum ale w moim logu ja tego nie widze ;/.... rzuci ktoś okiem?? dzięki wielkie z góry

Logfile of HijackThis v1.99.1

Scan saved at 14:20:57, on 2007-01-27

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

C:\WINDOWS\system32\UMonit.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\WINDOWS\system32\acovcnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\VoipCheapCom\VoipCheapCom.exe

C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe

C:\Program Files\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

D:\programy\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [CognizanceTS] "rundll32.exe" c:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"

O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Power_Gear] "C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" 1

O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe

O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [ATKMEDIA] "C:\Program Files\ASUS\ATK Media\DMEDIA.EXE"

O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"

O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

O4 - HKLM\..\Run: [SMSERIAL] "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"

O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE

O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ASUS Live Update] "C:\Program Files\ASUS\ASUS Live Update\ALU.exe"

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: MultiFrame.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O20 - AppInit_DLLs: APSHook.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: OneCard - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

(adam9870) #2

Log czysty.

Jeśli nie masz już programy SpySweeper to przeczyść rejestr w celu usunięcia resztek po nim, opis.

Zajrzyj tutaj:

http://forum.dobreprogramy.pl/viewtopic ... 580#578580

Przeskanuj http://www.ewido.net/en/ i wrzuć raport oraz log z SilentRunners.


(Pucek2) #3

dzięki :)... zaraz się tym zajme

log z silentrunnera

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"VoipCheapCom" = ""C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized" ["VoipCheapCom"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"HControl" = "C:\WINDOWS\ATK0100\HControl.exe" [empty string]

"igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]

"igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]

"igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]

"CognizanceTS" = ""rundll32.exe" c:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule" [MS]

"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]

"Wireless Console 2" = ""C:\Program Files\Wireless Console 2\wcourier.exe"" [null data]

"ABLKSR" = "C:\WINDOWS\ABLKSR\ABLKSR.exe" ["ASYSTeK Computer INC."]

"RemoteControl" = ""C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"" ["Cyberlink Corp."]

"ccApp" = ""c:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]

"Power_Gear" = ""C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" 1" ["ASUSTeK Computer Inc."]

"UMonit" = "C:\WINDOWS\system32\UMonit.exe" [empty string]

"IntelZeroConfig" = ""C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"" ["Intel Corporation"]

"IntelWireless" = ""C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless" ["Intel Corporation"]

"Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."]

"BearShare" = ""C:\Program Files\BearShare\BearShare.exe" /pause" [file not found]

"ATKMEDIA" = ""C:\Program Files\ASUS\ATK Media\DMEDIA.EXE"" ["ASUSTeK Computer INC."]

"ACMON" = ""C:\Program Files\ASUS\Splendid\ACMON.exe"" ["ATK"]

"SynTPEnh" = ""C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"" ["Synaptics, Inc."]

"SMSERIAL" = ""C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"" ["Motorola Inc."]

"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]

"PowerForPhone" = ""C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe"" [null data]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Nero AG"]

"ASUS Live Update" = ""C:\Program Files\ASUS\ASUS Live Update\ALU.exe"" [empty string]

"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]

"WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security 2006"

  -> {HKLM...CLSID} = "CNisExtBho Class"

                   \InProcServer32\(Default) = "c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}\(Default) = "NAV Helper"

  -> {HKLM...CLSID} = "CNavExtBho Class"

                   \InProcServer32\(Default) = "c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

{DF21F1DB-80C6-11D3-9483-B03D0EC10000}\(Default) = "ASUS Security Protect Manager"

  -> {HKLM...CLSID} = "ASUS Security Protect Manager"

                   \InProcServer32\(Default) = "c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll" ["Infineon Technologies AG"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{666C7831-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (Context Menu)"

  -> {HKLM...CLSID} = "Document Manager (Shell Context Menu)"

                   \InProcServer32\(Default) = "c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll" ["Cognizance Corporation"]

"{666C7832-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (File Properties)"

  -> {HKLM...CLSID} = "Document Manager (Shell File Properties)"

                   \InProcServer32\(Default) = "c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll" ["Cognizance Corporation"]

"{666C7835-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (Drive Properties)"

  -> {HKLM...CLSID} = "Document Manager (Shell Drive Properties)"

                   \InProcServer32\(Default) = "c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll" ["Cognizance Corporation"]

"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"

  -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" [file not found]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\

<> "AppInit_DLLs" = "APSHook.dll" ["Cognizance Corporation"]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]

<> OneCard\DLLName = "c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll" ["Cognizance Corporation"]

<> WRNotifier\DLLName = "WRLogonNTF.dll" [file not found]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "c:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

  -> {HKLM...CLSID} = "IEContextMenu Class"

                   \InProcServer32\(Default) = "c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"

  -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" [file not found]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"

  -> {HKLM...CLSID} = "IEContextMenu Class"

                   \InProcServer32\(Default) = "c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"

  -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"

                   \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" [file not found]



Group Policies {policy setting}:

--------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp"



Startup items in "krzychu" & "All Users" startup folders:

---------------------------------------------------------


C:\Documents and Settings\krzychu\Menu Start\Programy\Autostart

"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"MultiFrame" -> shortcut to: "C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe" ["ASUSTek Computer Inc."]

"Logitech SetPoint" -> shortcut to: "C:\Program Files\SetPoint\SetPoint.exe" ["Logitech Inc."]

"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]



Enabled Scheduled Tasks:

------------------------


"Norton AntiVirus - Run Full System Scan - krzychu" -> launches: "c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{C4069E3A-68F1-403E-B40E-20066696354B}"

  -> {HKLM...CLSID} = "Norton AntiVirus"

                   \InProcServer32\(Default) = "c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"

  -> {HKLM...CLSID} = "Norton Internet Security 2006"

                   \InProcServer32\(Default) = "c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security 2006"

  -> {HKLM...CLSID} = "Norton Internet Security 2006"

                   \InProcServer32\(Default) = "c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{C4069E3A-68F1-403E-B40E-20066696354B}" = "Norton AntiVirus"

  -> {HKLM...CLSID} = "Norton AntiVirus"

                   \InProcServer32\(Default) = "c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Miscellaneous IE Hijack Points

------------------------------


C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")


Added lines (compared with English-language version):

[Strings]: START_PAGE_URL=http://www.asus.com


Missing lines (compared with English-language version):

[Strings]: 1 line



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]

Intel(R) PROSet/Wireless Event Log, EvtEng, "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"]

Intel(R) PROSet/Wireless Registry Service, RegSrvc, "C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"]

Intel(R) PROSet/Wireless Service, S24EventMonitor, "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "]

LightScribeService Direct Disc Labeling Service, LightScribeService, ""c:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]

Local Communication Channel, ASChannel, "C:\WINDOWS\System32\svchost.exe -k Cognizance" {"c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll" ["Cognizance Corporation"]}

Norton AntiVirus Auto-Protect Service, navapsvc, ""c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]

Norton Protection Center Service, NSCService, ""c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE"" ["Symantec Corporation"]

Symantec Core LC, Symantec Core LC, ""C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]

Symantec Event Manager, ccEvtMgr, ""c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]

Symantec Network Drivers Service, SNDSrvc, ""c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]

Symantec Network Proxy, ccProxy, ""c:\Program Files\Common Files\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]

Symantec Settings Manager, ccSetMgr, ""c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]



----------

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points, use the -supp parameter or answer "No" at the

  first message box and "Yes" at the second message box.

---------- (total run time: 31 seconds, including 10 seconds for message boxes)

ewido

__________________________________________________

ewido anti-spyware online scanner

	http://www.ewido.net

__________________________________________________



Name: Adware.SaveNow

Path: C:\Documents and Settings\krzychu\Ustawienia lokalne\Temp\saveinstwm.exe/VVSN.exe

Risk: Medium


Name: Adware.SaveNow

Path: C:\Documents and Settings\krzychu\Ustawienia lokalne\Temp\saveinstwm.exe/VVSN.exe

Risk: Medium


Name: TrackingCookie.Tradedoubler

Path: :mozilla.35:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Tradedoubler

Path: :mozilla.36:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Tradedoubler

Path: :mozilla.37:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Doubleclick

Path: :mozilla.62:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.84:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.85:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.86:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.87:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Statcounter

Path: :mozilla.110:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Statcounter

Path: :mozilla.111:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Statcounter

Path: :mozilla.112:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Statcounter

Path: :mozilla.113:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.119:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.120:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.2o7

Path: :mozilla.161:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.2o7

Path: :mozilla.165:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.174:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: :mozilla.175:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Hitbox

Path: :mozilla.180:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Hitbox

Path: :mozilla.181:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium


Name: TrackingCookie.Hitbox

Path: :mozilla.182:C:\Documents and Settings\krzychu\Dane aplikacji\Mozilla\Firefox\Profiles\hnigrpn8.default\cookies.txt

Risk: Medium

po tym raporcie usunąłem wszystkie ciasteczka i pierdoły z temp'a


(adam9870) #4

Silent czysty.

Skoro usunąłeś już rzeczy z TEMP'a to już wszystko powinno być w porządku. Dodatkowo możesz dla pewności przeczyścić Current User Temp oraz All Users Temp za pomocą programu ATF Cleaner.

Możesz przeczyścić rejestr, ponieważ masz kilka pustych kluczy, opis.


(boczi) #5

Proszę poprawić nazwę tematu na konkretną, obrazującą problem, używając opcji Zmień