Proszę o sprawdzenie loga


(Karambol23) #1
Logfile of HijackThis v1.99.1

Scan saved at 11:32:12, on 2006-03-16

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe

C:\Program Files\F-Secure\Common\FSMA32.EXE

C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe

C:\Program Files\F-Secure\Anti-Virus\fssm32.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE

C:\Program Files\F-Secure\Common\FSMB32.EXE

C:\Program Files\Lexmark 3300 Series\lxccmon.exe

C:\Program Files\F-Secure\Common\FSM32.EXE

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe

C:\Program Files\F-Secure\Common\FCH32.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\F-Secure\Anti-Virus\fsqh.exe

C:\Program Files\F-Secure\Common\FAMEH32.EXE

C:\PROGRA~1\INTERN~2\KBOSDCtl.EXE

C:\PROGRA~1\INTERN~2\KCodeMsg.EXE

C:\Program Files\F-Secure\Anti-Virus\fsrw.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\lxcccoms.exe

C:\Program Files\F-Secure\Common\FNRB32.EXE

C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe

C:\Program Files\F-Secure\Common\FIH32.EXE

C:\Program Files\F-Secure\Anti-Virus\fsav32.exe

C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe

C:\Program Files\F-Secure\FSGUI\fsguidll.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\F-Secure\FSGUI\fsavgui.exe

C:\Documents and Settings\niuniulki\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE

O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe

O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm

O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll

O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll

O15 - Trusted Zone: www.mks.com.pl

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {A854AD6D-6DB5-41FB-8044-0BD38092A007} (Ganymede Sudoku) - http://67.15.101.3/g_bin/pl/sudoku_2_0_0_6.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_36.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/pl/mahjong_2_0_0_20.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE

O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe

O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe (file missing)

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

logi z F securita

10 2006-03-16 08:22:37+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: 


 Action: Spyware was removed from the system.



11 2006-03-16 08:22:42+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: C:\DOCUMENTS AND SETTINGS\NIUNIULKI\COOKIES\NIUNIULKI@ADSERVER.O2[1].TXT


 Action: Spyware was removed from the system.



12 2006-03-16 08:22:47+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: 


 Action: Spyware was removed from the system.



1 2006-03-16 10:10:48+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Automatic Update Agent 1.3.6.1.4.1.2213.42

 F-Secure Anti-Virus update 2006-03-16_01 delivered to C:\Program Files\F-Secure\Anti-Virus\dbupdate

2 2006-03-16 10:11:14+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: C:\DOCUMENTS AND SETTINGS\NIUNIULKI\COOKIES\NIUNIULKI@TRADEDOUBLER[1].TXT


 Action: Spyware was removed from the system.



3 2006-03-16 10:11:34+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: 


 Action: Spyware was removed from the system.



4 2006-03-16 10:11:47+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.12

 Virus definition database(s) base091.avc daily.avc updated successfully.

5 2006-03-16 10:39:22+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: C:\DOCUMENTS AND SETTINGS\NIUNIULKI\COOKIES\NIUNIULKI@TRADEDOUBLER[1].TXT


 Action: Spyware was removed from the system.



6 2006-03-16 10:39:45+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: 


 Action: Spyware was removed from the system.



7 2006-03-16 11:00:24+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: C:\DOCUMENTS AND SETTINGS\NIUNIULKI\COOKIES\NIUNIULKI@TRADEDOUBLER[1].TXT


 Action: Spyware was removed from the system.



8 2006-03-16 11:00:44+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: 


 Action: Spyware was removed from the system.



9 2006-03-16 11:01:25+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: C:\DOCUMENTS AND SETTINGS\NIUNIULKI\COOKIES\NIUNIULKI@TRADEDOUBLER[1].TXT


 Action: Spyware was removed from the system.



10 2006-03-16 11:01:38+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: 


 Action: Spyware was removed from the system.



11 2006-03-16 11:03:32+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: C:\DOCUMENTS AND SETTINGS\NIUNIULKI\COOKIES\NIUNIULKI@TRADEDOUBLER[1].TXT


 Action: Spyware was removed from the system.



12 2006-03-16 11:03:41+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: 


 Action: Spyware was removed from the system.



13 2006-03-16 11:04:33+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: C:\DOCUMENTS AND SETTINGS\NIUNIULKI\COOKIES\NIUNIULKI@TRADEDOUBLER[1].TXT


 Action: Spyware was removed from the system.



14 2006-03-16 11:04:40+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: 


 Action: Spyware was removed from the system.



15 2006-03-16 11:04:52+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: C:\DOCUMENTS AND SETTINGS\NIUNIULKI\COOKIES\NIUNIULKI@TRADEDOUBLER[1].TXT


 Action: Spyware was removed from the system.



16 2006-03-16 11:04:58+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: 


 Action: Spyware was removed from the system.



17 2006-03-16 11:07:57+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: C:\DOCUMENTS AND SETTINGS\NIUNIULKI\COOKIES\NIUNIULKI@TRADEDOUBLER[1].TXT


 Action: Spyware was removed from the system.



18 2006-03-16 11:08:04+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: 


 Action: Spyware was removed from the system.



19 2006-03-16 11:12:14+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: C:\DOCUMENTS AND SETTINGS\NIUNIULKI\COOKIES\NIUNIULKI@TRADEDOUBLER[1].TXT


 Action: Spyware was removed from the system.



20 2006-03-16 11:12:21+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: 


 Action: Spyware was removed from the system.



21 2006-03-16 11:13:22+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: C:\DOCUMENTS AND SETTINGS\NIUNIULKI\COOKIES\NIUNIULKI@TRADEDOUBLER[1].TXT


 Action: Spyware was removed from the system.



22 2006-03-16 11:13:28+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: 


 Action: Spyware was removed from the system.



1 2006-03-16 11:23:47+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: C:\DOCUMENTS AND SETTINGS\NIUNIULKI\COOKIES\NIUNIULKI@TRADEDOUBLER[1].TXT


 Action: Spyware was removed from the system.



2 2006-03-16 11:24:05+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: 


 Action: Spyware was removed from the system.



3 2006-03-16 11:31:16+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: C:\DOCUMENTS AND SETTINGS\NIUNIULKI\COOKIES\NIUNIULKI@FASTCLICK[1].TXT


 Action: Spyware was removed from the system.



4 2006-03-16 11:31:16+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: C:\DOCUMENTS AND SETTINGS\NIUNIULKI\COOKIES\NIUNIULKI@FASTCLICK[1].TXT


 Action: Spyware was removed from the system.



5 2006-03-16 11:31:16+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: C:\DOCUMENTS AND SETTINGS\NIUNIULKI\COOKIES\NIUNIULKI@MEDIA.FASTCLICK[1].TXT


 Action: Spyware was removed from the system.



6 2006-03-16 11:31:18+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: C:\DOCUMENTS AND SETTINGS\NIUNIULKI\COOKIES\NIUNIULKI@CASALEMEDIA[1].TXT


 Action: Spyware was removed from the system.



7 2006-03-16 11:31:26+02:00 niniulki-lvfzw4 NINIULKI-LVFZW4\niuniulki F-Secure Anti-Virus 1.3.6.1.4.1.2213.11.1.12

 Spyware detected:


 Type: cookie


 Family: 


 Name: Tracking Cookie


 Object: 


 Action: Spyware was removed from the system.

RAPORT Z EWIDO

Name: TrackingCookie.2o7

Path: C:\Documents and Settings\niuniulki\Cookies\niuniulki@microsoftwga.112.2o7[1].txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: C:\Documents and Settings\niuniulki\Cookies\niuniulki@my.adocean[2].txt

Risk: Medium


Name: TrackingCookie.Adocean

Path: C:\Documents and Settings\niuniulki\Cookies\niuniulki@gde.adocean[2].txt

Risk: Medium

(Gblade) #2

Log ok,

Gutek ci już wspominał o tym, odinstaluj pande i mks,niepotrzebnie zamulają kompa, masz przecież F-secure

F-secure i ewido nic takiego nie wykryły, tylko niegroźne cookie :wink:

Na wszelki wypadek możesz dać loga z silent runners http://www.forum.dobreprogramy.pl/viewtopic.php?t=36654


(Karambol23) #3

Log Silent Runners

Jeszce jedno przy restarcie wycina mi wszysto z historii w danym dniu

"Silent Runners.vbs", revision 44, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"BoontyBox" = (empty string)

"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [file not found]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]

"CM-SmWizard" = "C:\WINDOWS\System\SmWizard.exe" ["C-Media Electronics Inc."]

"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]

"MediaKey" = "C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE" ["Dritek System Inc."]

"LXCCCATS" = "rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16" [MS]

"lxccmon.exe" = ""C:\Program Files\Lexmark 3300 Series\lxccmon.exe"" ["Lexmark International, Inc."]

"FaxCenterServer" = ""C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s" [null data]

"F-Secure Manager" = ""C:\Program Files\F-Secure\Common\FSM32.EXE" /splash" ["F-Secure Corporation"]

"F-Secure TNB" = ""C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW" ["F-Secure Corporation"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

  -> {HKLM...CLSID} = "Portable Media Devices"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"

                   \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" [file not found]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

  -> {HKLM...CLSID} = "Shell Search Band"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"

  -> {HKLM...CLSID} = "ShellLink for Application References"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]

"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"

  -> {HKLM...CLSID} = "Shell Icon Handler for Application References"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]

"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"

  -> {HKLM...CLSID} = "Uniwersalne urządzenia Plug and Play"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\niuniulki\Dane aplikacji\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\sstext3d.scr" [MS]



Startup items in "niuniulki" & "All Users" startup folders:

-----------------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]

"F-Secure Automatic Update" -> shortcut to: "C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe -startup" ["F-Secure Automatic Update"]



Enabled Scheduled Tasks:

------------------------


"Scheduled scanning task" -> launches: "C:\PROGRA~1\F-Secure\ANTI-V~1\fsav.exe /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-Secure\ANTI-V~1\report.txt " ["F-Secure Corporation"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL ["F-Secure Corporation"], 01 - 02, 14

%SystemRoot%\system32\mswsock.dll [MS], 03 - 05, 08 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 06 - 07



Toolbars, Explorer Bars, Extensions:

------------------------------------


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{300DB664-75B5-47C0-8B45-A44ACCF73C00}\

"ButtonText" = "IE Shield"

"MenuText" = "IE Shield..."

"CLSIDExtension" = "{0928F506-07E8-470c-979D-147C296D4879}"

  -> {HKLM...CLSID} = "F-Secure IE Shield COM button"

                   \InProcServer32\(Default) = "C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll" ["F-Secure Corporation"]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]

F-Secure Anti-Virus Firewall Daemon, FSDFWD, ""C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe"" ["F-Secure Corporation"]

F-Secure Automatic Update, BackWeb Plug-in - 7681197, "C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE" ["F-Secure Automatic Update"]

F-Secure Management Agent, FSMA, ""C:\Program Files\F-Secure\Common\FSMA32.EXE"" ["F-Secure Corporation"]

F-Secure Network Request Broker, F-Secure Network Request Broker, ""C:\Program Files\F-Secure\Common\FNRB32.EXE"" ["F-Secure Corporation"]

fsbwsys, fsbwsys, ""C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe"" ["F-Secure Corp."]

FSGKHS, F-Secure Gatekeeper Handler Starter, ""C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe"" ["F-Secure Corp."]

lxcc_device, lxcc_device, "C:\WINDOWS\system32\lxcccoms.exe -service" ["Lexmark International, Inc."]

Panda Process Protection Service, PavPrSrv, ""C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe"" ["Panda Software"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

3300 Series Port\Driver = "lxcclmpm.DLL" ["Lexmark International, Inc."]

Lexmark Print-2-Fax Port\Driver = "LXPRMON.DLL" [null data]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 85 seconds.

+ The search for all Registry CLSIDs containing dormant Explorer Bars

  took 20 seconds.

---------- (total run time: 152 seconds)

(Gblade) #4

Czysto

Masz pewnie ustawione w przeglądarce, co ile dni ma czyścić historie


(Kuz5) #5

Przed wczoraj wklejałeś już loga

http://forum.dobreprogramy.pl/viewtopic.php?t=67592

Druga sprawa

Widziałeś ten komunikat Ważny komunikat dotyczący tytułowania tematów zastosuj sie do niego => inaczej temat poleci do śmietnika