proszę o sprawdzenie

[basiag]

Ponieważ Spyware Doctor wykrył wiele rzeczy z priorytetem High, wklejam logi z hijackthis, silentrunners i wspomnianego Spyware Doctor.
Wcześniej mialam problemy z ujeciem tego w tagi, mam nadzieje ze teraz jest ok i prosze o sprawdzenie.

log z hijackthis:

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 14:50:35, on 2007-02-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\IZArc\IZArc.exe
C:\DOCUME~1\PIERNI~1\USTAWI~1\Temp\ARC1BA\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mozilla-europe.org/pl/products/firefox/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED799B32-DCB8-41D8-A7F5-1F1632D692E1}: NameServer = 10.0.0.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

log z silentrunners

Kod: Zaznacz wszystko

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"WebCamRT.exe" = "(empty string)" [file not found]
"eMuleAutoStart" = "C:\Program Files\eMule\emule.exe -AutoStart" ["http://www.emule-project.net"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"NWEReboot" = "(empty string)" [file not found]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"Lexmark X1100 Series" = ""C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"" ["Lexmark International, Inc."]
"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = "C:\Program Files\Google\Gmail Notifier\gnotify.exe" ["Google Inc."]
"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"FaxCenterServer" = ""C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)"
-> {HKLM...CLSID} = "Skype add-on (mastermind)"
\InProcServer32\(Default) = "C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL" ["Skype Technologies S.A."]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEToolbarHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6b5 (beta test) Context Menu Shell Extension"
-> {HKLM...CLSID} = "WinAceContext Menu Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6b5 (beta test) DragDrop Shell Extension"
-> {HKLM...CLSID} = "WinAceDrag-Drop Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6b5 (beta test) Context Menu Shell Extension"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6b5 (beta test) Property Sheet Shell Extension"
-> {HKLM...CLSID} = "WinAceProperty Sheet Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}" = "IZArc DragDrop Menu"
-> {HKLM...CLSID} = "IZArc DragDrop Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]
"{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}" = "IZArc Shell Context Menu"
-> {HKLM...CLSID} = "IZArc Shell Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"
-> {HKLM...CLSID} = "IZArc Shell Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"
-> {HKLM...CLSID} = "IZArc Shell Context Menu"
\InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
FineReader8\(Default) = "{F7091C74-EBB1-49D7-94C7-FE4886CCC18D}"
-> {HKLM...CLSID} = "FineReader8ExplorerContextMenuHandler"
\InProcServer32\(Default) = "C:\Program Files\ABBYY FineReader 8.0 Professional Edition\FECMenu.dll" ["ABBYY Software"]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\PC\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Startup items in "PC" & "All Users" startup folders:
------------------------------------------------------------

C:\Documents and Settings\PC\Menu Start\Programy\Autostart
"SpeedFan" -> shortcut to: "C:\Program Files\SpeedFan\speedfan.exe" ["Almico Software (www.almico.com)"]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Acrobat Assistant" -> shortcut to: "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe" ["Adobe Systems Inc."]
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"BlueSoleil" -> shortcut to: "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" ["IVT Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 12
%SystemRoot%\system32\mswsock.dll [MS], 06 - 09, 13 - 23
%SystemRoot%\system32\rsvpsp.dll [MS], 10 - 11


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{77BF5300-1474-4EC7-9980-D32B190E9B07}\
"ButtonText" = "Skype"
"CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"
-> {HKLM...CLSID} = "Skype add-on (button)"
\InProcServer32\(Default) = "C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL" ["Skype Technologies S.A."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

BlueSoleil Hid Service, BlueSoleil Hid Service, "C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe" [null data]
Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
ForceWare IP service, nSvcIp, "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe" ["NVIDIA Corporation"]
ForceWare user log service, nSvcLog, "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe" ["NVIDIA Corporation"]
Forceware Web Interface, ForcewareWebInterface, ""C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice" ["Apache Software Foundation"]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
Lexmark Print-2-Fax Port\Driver = "LXPRMON.DLL" [null data]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 38 seconds.
---------- (total run time: 90 seconds)

oraz wyniki ze spyware doctor, które jak mówiłam sprawiły, że się zaniepokoiłam:

Kod: Zaznacz wszystko

Spyware Doctor ReportSpyware Doctor Activity Report
Generated on 2007-02-01 11:26:07Spyware Doctor HomepagePC
Tools HomepageTechnical Support


Scans (basic information only):

Scan Results:
scan start:2007-02-01 11:28:23
scan stop:2007-02-01 11:43:08
scanned items:98675
found items:256
found and ignored:0
tools used:General Scanner, Process Scanner, LSP
Scanner, Startup Scanner, Registry Scanner,
Hosts Scanner, Browser Scanner, Browser Activity
Scanner, Disk Scanner, ActiveX Scanner



Infection NameLocationRisk
AdvertisingC:\Documents and
Settings\PC\Cookies\pc@com[1].txt   Low
Tracking Cookie(s)C:\Documents and Settings\PC\Cookies\pc@hit.gemius[2].txt   Low
Backdoor.Agent.AIRC:\Program Files\ESET   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\CACHE.NDB   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND0.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND1.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND10.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND11.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND12.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND13.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND14.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND15.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND16.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND17.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND18.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND19.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND1A.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND1B.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND1C.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND1D.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND2.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND24.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND25.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND26.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND27.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND28.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND29.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND2A.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND2B.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND2C.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND2D.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND2E.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND2F.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND3.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND30.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND31.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND32.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND33.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND34.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND35.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND36.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND37.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND38.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND39.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND3A.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND3B.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND3C.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND3D.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND3E.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND3F.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND4.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND40.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND41.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND42.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND43.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND5.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND6.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND7.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND8.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FND9.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FNDA.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FNDB.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FNDC.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FNDD.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FNDE.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\cache\FNDF.NFI   High
Backdoor.Agent.AIRC:\Program Files\ESET\dmon.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\emon.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\eset.chm   High
Backdoor.Agent.AIRC:\Program Files\ESET\Install   High
Backdoor.Agent.AIRC:\Program Files\ESET\Install\advheur.nup   High
Backdoor.Agent.AIRC:\Program Files\ESET\Install\archs.nup   High
Backdoor.Agent.AIRC:\Program Files\ESET\Install\charon.nup   High
Backdoor.Agent.AIRC:\Program Files\ESET\Install\engine.nup   High
Backdoor.Agent.AIRC:\Program Files\ESET\Install\main.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Install\mainlang.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Install\mfc42.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Install\mfc42u.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Install\msvcrt.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Install\ntbasepl.nup   High
Backdoor.Agent.AIRC:\Program Files\ESET\Install\ntinetpl.nup   High
Backdoor.Agent.AIRC:\Program Files\ESET\Install\ntstdpl.nup   High
Backdoor.Agent.AIRC:\Program Files\ESET\Install\pwscan.nup   High
Backdoor.Agent.AIRC:\Program Files\ESET\Install\readme.txt   High
Backdoor.Agent.AIRC:\Program Files\ESET\Install\setup.exe   High
Backdoor.Agent.AIRC:\Program Files\ESET\Install\setup.xml   High
Backdoor.Agent.AIRC:\Program Files\ESET\Install\utilmod.nup   High
Backdoor.Agent.AIRC:\Program Files\ESET\logs   High
Backdoor.Agent.AIRC:\Program Files\ESET\logs\nod32   High
Backdoor.Agent.AIRC:\Program Files\ESET\logs\nod32\NDL29061.DAT   High
Backdoor.Agent.AIRC:\Program Files\ESET\logs\virlog.dat   High
Backdoor.Agent.AIRC:\Program Files\ESET\logs\warnlog.dat   High
Backdoor.Agent.AIRC:\Program Files\ESET\nod.ovl   High
Backdoor.Agent.AIRC:\Program Files\ESET\nod32.000   High
Backdoor.Agent.AIRC:\Program Files\ESET\nod32.002   High
Backdoor.Agent.AIRC:\Program Files\ESET\nod32.003   High
Backdoor.Agent.AIRC:\Program Files\ESET\nod32.004   High
Backdoor.Agent.AIRC:\Program Files\ESET\nod32.005   High
Backdoor.Agent.AIRC:\Program Files\ESET\nod32.006   High
Backdoor.Agent.AIRC:\Program Files\ESET\nod32.chm   High
Backdoor.Agent.AIRC:\Program Files\ESET\nod32.exe   High
Backdoor.Agent.AIRC:\Program Files\ESET\nod32.log   High
Backdoor.Agent.AIRC:\Program Files\ESET\nod32api.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\nod32ari.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\nod32aui.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\nod32fix.reg   High
Backdoor.Agent.AIRC:\Program Files\ESET\nod32krn.exe   High
Backdoor.Agent.AIRC:\Program Files\ESET\nod32krr.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\nod32kui.chm   High
Backdoor.Agent.AIRC:\Program Files\ESET\nod32kui.exe   High
Backdoor.Agent.AIRC:\Program Files\ESET\nod32r.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\nod32rui.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\nodshex.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\nodshex64.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\pr_amon.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\pr_dmon.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\pr_emon.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\pr_imon.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\pr_nod32.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\pr_upd.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\ps_amon.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\ps_amon64.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\ps_dmon.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\ps_emon.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\ps_nod32.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\ps_upd.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\pu_amon.chm   High
Backdoor.Agent.AIRC:\Program Files\ESET\pu_amon.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\pu_dmon.chm   High
Backdoor.Agent.AIRC:\Program Files\ESET\pu_dmon.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\pu_emon.chm   High
Backdoor.Agent.AIRC:\Program Files\ESET\pu_emon.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\pu_imon.chm   High
Backdoor.Agent.AIRC:\Program Files\ESET\pu_imon.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\pu_nod32.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\pu_upd.chm   High
Backdoor.Agent.AIRC:\Program Files\ESET\pu_upd.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\readme.txt   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\00   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\00\krnstp.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\00\krnstpr.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\00\krnvis.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\00\pr_upd.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\00\ps_upd.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\00\pu_upd.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\01   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\01\ps_amon.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\01\ps_dmon.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\01\ps_nod32.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\01\pu_amon.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\01\pu_dmon.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\01\pu_nod32.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\02   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\02\imon.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\02\pr_emon.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\02\pr_imon.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\02\ps_emon.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\02\pu_emon.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\02\pu_imon.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\main.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\mainlang.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\setup.exe   High
Backdoor.Agent.AIRC:\Program Files\ESET\Setup\uninst.xml   High
Backdoor.Agent.AIRC:\Program Files\ESET\sporder.dll   High
Backdoor.Agent.AIRC:\Program Files\ESET\unins000.dat   High
Backdoor.Agent.AIRC:\Program Files\ESET\unins000.exe   High
Backdoor.Agent.AIRC:\Program Files\ESET\updfiles   High
Backdoor.Agent.AIRC:\Program Files\ESET\updfiles\lastupd.ver   High
Backdoor.Agent.AIRC:\Program Files\ESET\updfiles\nod0967.nup   High
Backdoor.Agent.AIRC:\Program Files\ESET\updfiles\nod0F4A.nup   High
Backdoor.Agent.AIRC:\Program Files\ESET\updfiles\nod1036.nup   High
Backdoor.Agent.AIRC:\Program Files\ESET\updfiles\nod10F1.nup   High
Backdoor.Agent.AIRC:\Program Files\ESET\updfiles\nod16D7.nup   High
Backdoor.Agent.AIRC:\Program Files\ESET\updfiles\nod2685.nup   High
Backdoor.Agent.AIRC:\Program Files\ESET\updfiles\nod2767.nup   High
Backdoor.Agent.AIRC:\Program Files\ESET\updfiles\nod296C.nup   High
Backdoor.Agent.AIRC:\Program Files\ESET\updfiles\nod2D9F.nup   High
Backdoor.Agent.AIRC:\Program Files\ESET\updfiles\nod349B.nup   High
Backdoor.Agent.AIRC:\Program Files\ESET\updfiles\nod40FB.nup   High
Backdoor.Agent.AIRC:\Program Files\ESET\updfiles\nod461C.nup   High
Backdoor.Agent.AIRC:\Program Files\ESET\updfiles\nod6821.nup   High
Backdoor.Agent.AIRC:\Program Files\ESET\updfiles\nod6AF7.nup   High
Backdoor.Agent.AIRC:\Program Files\ESET\updfiles\upd.ver   High
Tracking Cookie(s)cookies.txt - Line #117   Low
Tracking Cookie(s)cookies.txt - Line #118   Low
Tracking Cookie(s)cookies.txt - Line #119   Low
Tracking Cookie(s)cookies.txt - Line #127   Low
Tracking Cookie(s)cookies.txt - Line #132   Low
Tracking Cookie(s)cookies.txt - Line #133   Low
Tracking Cookie(s)cookies.txt - Line #134   Low
Tracking Cookie(s)cookies.txt - Line #225   Low
Tracking Cookie(s)cookies.txt - Line #226   Low
Tracking Cookie(s)cookies.txt - Line #227   Low
Advertisingcookies.txt - Line #229   Low
Tracking Cookie(s)cookies.txt - Line #253   Low
Advertisingcookies.txt - Line #296   Low
Tracking Cookie(s)cookies.txt - Line #333   Low
Tracking Cookie(s)cookies.txt - Line #336   Low
Tracking Cookie(s)cookies.txt - Line #39   Low
Advertisingcookies.txt - Line #42   Low
Advertisingcookies.txt - Line #422   Low
Advertisingcookies.txt - Line #53   Low
Known Bad Sitescookies.txt - Line #82   High
Backdoor.Agent.AIRHKCR\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}   High
Backdoor.Agent.AIRHKCR\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}##   High
Backdoor.Agent.AIRHKCR\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\Implemented Categories   High
Backdoor.Agent.AIRHKCR\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\Implemented Categories##   High
Backdoor.Agent.AIRHKCR\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}   High
Backdoor.Agent.AIRHKCR\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}##   High
Backdoor.Agent.AIRHKCR\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\InprocServer32   High
Backdoor.Agent.AIRHKCR\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\InprocServer32##   High
Backdoor.Agent.AIRHKCR\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\InprocServer32##ThreadingModel   High
Backdoor.Agent.AIRHKCR\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\ProgID   High
Backdoor.Agent.AIRHKCR\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\ProgID##   High
Backdoor.Agent.AIRHKCR\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\Programmable   High
Backdoor.Agent.AIRHKCR\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\Programmable##   High
Backdoor.Agent.AIRHKCR\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\TypeLib   High
Backdoor.Agent.AIRHKCR\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\TypeLib##   High
Backdoor.Agent.AIRHKCR\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\VersionIndependentProgID   High
Backdoor.Agent.AIRHKCR\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\VersionIndependentProgID##   High
Backdoor.Agent.AIRHKCR\CLSID\{B089FE88-FB52-11D3-BDF1-0050DA34150D}   High
Backdoor.Agent.AIRHKCR\CLSID\{B089FE88-FB52-11D3-BDF1-0050DA34150D}##   High
Backdoor.Agent.AIRHKCR\CLSID\{B089FE88-FB52-11D3-BDF1-0050DA34150D}\InProcServer32   High
Backdoor.Agent.AIRHKCR\CLSID\{B089FE88-FB52-11D3-BDF1-0050DA34150D}\InProcServer32##   High
Backdoor.Agent.AIRHKCR\CLSID\{B089FE88-FB52-11D3-BDF1-0050DA34150D}\InProcServer32##ThreadingModel   High
cenzura-spam DialerHKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\1987324.com   High
cenzura-spam DialerHKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\1987324.com##   High
cenzura-spam DialerHKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\1987324.com##*   High
cenzura-spam DialerHKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\1987324.com\www   High
cenzura-spam DialerHKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\1987324.com\www##   High
cenzura-spam DialerHKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\1987324.com\www##*   High
Backdoor.Agent.AIRHKLM\Software\Classes\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}   High
Backdoor.Agent.AIRHKLM\Software\Classes\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}##   High
Backdoor.Agent.AIRHKLM\Software\Classes\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\Implemented Categories   High
Backdoor.Agent.AIRHKLM\Software\Classes\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\Implemented Categories##   High
Backdoor.Agent.AIRHKLM\Software\Classes\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}   High
Backdoor.Agent.AIRHKLM\Software\Classes\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}##   High
Backdoor.Agent.AIRHKLM\Software\Classes\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\InprocServer32   High
Backdoor.Agent.AIRHKLM\Software\Classes\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\InprocServer32##   High
Backdoor.Agent.AIRHKLM\Software\Classes\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\InprocServer32##ThreadingModel   High
Backdoor.Agent.AIRHKLM\Software\Classes\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\ProgID   High
Backdoor.Agent.AIRHKLM\Software\Classes\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\ProgID##   High
Backdoor.Agent.AIRHKLM\Software\Classes\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\Programmable   High
Backdoor.Agent.AIRHKLM\Software\Classes\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\Programmable##   High
Backdoor.Agent.AIRHKLM\Software\Classes\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\TypeLib   High
Backdoor.Agent.AIRHKLM\Software\Classes\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\TypeLib##   High
Backdoor.Agent.AIRHKLM\Software\Classes\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\VersionIndependentProgID   High
Backdoor.Agent.AIRHKLM\Software\Classes\CLSID\{68DA9FAB-4A6A-4975-A1CA-B50E56B1F4F3}\VersionIndependentProgID##   High
Backdoor.Agent.AIRHKLM\Software\Classes\CLSID\{B089FE88-FB52-11D3-BDF1-0050DA34150D}   High
Backdoor.Agent.AIRHKLM\Software\Classes\CLSID\{B089FE88-FB52-11D3-BDF1-0050DA34150D}##   High
Backdoor.Agent.AIRHKLM\Software\Classes\CLSID\{B089FE88-FB52-11D3-BDF1-0050DA34150D}\InProcServer32   High
Backdoor.Agent.AIRHKLM\Software\Classes\CLSID\{B089FE88-FB52-11D3-BDF1-0050DA34150D}\InProcServer32##   High
Backdoor.Agent.AIRHKLM\Software\Classes\CLSID\{B089FE88-FB52-11D3-BDF1-0050DA34150D}\InProcServer32##ThreadingModel   High
Backdoor.Agent.AIRHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved##{B089FE88-FB52-11D3-BDF1-0050DA34150D}   High


Other Sections:






Copyright © 2003 PC Tools. All rights reserved.Legal Notice



sigs



Click to go back

[Dzi@dek]

Ponieważ Spyware Doctor

Po pierwsze - nie radze używać tego programu - odinstalować go dla świętego spokoju.

W trybie awaryjnym z wyłączonym przywracaniem systemu usuwasz (wpisy Hijackiem, plik na czarno po usunięciu wpisów usuwasz ręcznie z dysku

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Dwa logi po czynnościach do kontroli. ( HJ + silent )

[basiag]

Ok Spyware Doctor odinstalowałam, ale czy mogłabym o dokładniejsze wyjaśnienie tego, co należy zrobić krok po kroku, gdyż jestem zupełnym laikiem komputerowym
Pozdrawiam

[kahoona]

...weź kajecik i pisz...

- będzie to później potrzebne, a na kartce będzie przed oczami.


1. Prawy przycisk myszy na ikonie "Mój komputer" - wybrać "właściwości", lub - Start ->Ustawienia->panel sterowania-System. Te dwie drogi prowadzą do jednego: pojawi się aplet panelu sterowania - "System".
2. Wybrać w "system" zakładkę "Przywracanie systemu" i zaznaczyć ptaszka przy "Wyłącz przywracanie systemu na wszystkich dyskach", OK.
3. Zrestartować system (uruchomić ponownie)
4. Nacisnąć i trzymać klawisz "F8" aż do chwili, kiedy pojawi się wybór rodzaju uruchomienia. Strzałkami wybrać "Tryb awaryjny z obsługą sieci" i dać ENTER.
5. System będzie fatalnie wyglądał i fatalnie działał. Tak ma być, nic złego się nie dzieje.
6. Uruchomić Hijack This! Zaznaczyć ptaszka przy pozycji "O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE" oraz " O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)" i wcisnąć "Fix Checked".
7. Start - Wyszukaj - Pliki lub Foldery. Wybrać ponownie "Pliki lub Foldery" - kliknąć "Bardziej zaawansowane opcje" i zaznaczyć TRZY pozycje - "przeszukaj foldery systemowe", "przeszukaj ukryte pliki lub foldery" oraz "Przeszukaj podfoldery". Wpisz nazwę (dokładnie) ALCMTR.EXE jako nazwę pliku do wyszukania.
8. Poczekaj, aż skończy.
9. Jeśli znalazł - zaznacz pliki i wywal je do kosza. Kosz opróżnij.
10. Pozamykaj wszystkie okna. Zrestartuj komputer - tak jak normalnie.
11. Przeskanuj, jak już to robiłaś wcześniej.


Do skanowania - Spybot Search and destroy, Ad-Aware SE, Spyware terminator, a nawet windows defender.
I niech zgadnę: parę rzeczy nie powinno na tym komputerze być, a Adobe i Abby lepiej żeby nie wiedziały?


I na koniec drobiazg - wcale chłopak/znajomy nie musiał surfować po stronkach z panienkami. Jest jeszcze mały drobiazg opisany tutaj:

http://drukarki.idg.pl/news/88807.html

razem ze sposobem leczenia.

[basiag]

Bardzo dziękuję za odpowiedź.
Po wykonaniu wszystkiego logi z hijackthis i silentrunners wyglądają tak:

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 00:52:49, on 2007-02-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\WinClamAVShield\sp_clamsrv.exe
C:\Documents and Settings\Pc\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mozilla-europe.org/pl/products/firefox/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED799B32-DCB8-41D8-A7F5-1F1632D692E1}: NameServer = 10.0.0.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe



Kod: Zaznacz wszystko

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"WebCamRT.exe" = "(empty string)" [file not found]
"eMuleAutoStart" = "C:\Program Files\eMule\emule.exe -AutoStart" ["http://www.emule-project.net"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"NWEReboot" = "(empty string)" [file not found]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"Lexmark X1100 Series" = ""C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"" ["Lexmark International, Inc."]
"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = "C:\Program Files\Google\Gmail Notifier\gnotify.exe" ["Google Inc."]
"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"FaxCenterServer" = ""C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s" [null data]
"SpywareTerminator" = ""C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"" ["Crawler.com"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "AcroIEHlprObj Class"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)"
  -> {HKLM...CLSID} = "Skype add-on (mastermind)"
                   \InProcServer32\(Default) = "C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL" ["Skype Technologies S.A."]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "AcroIEToolbarHelper Class"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
  -> {HKLM...CLSID} = "Microsoft Office Outlook"
                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
  -> {HKLM...CLSID} = "Acrobat Elements Context Menu"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6b5 (beta test) Context Menu Shell Extension"
  -> {HKLM...CLSID} = "WinAceContext Menu Extension"
                   \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6b5 (beta test) DragDrop Shell Extension"
  -> {HKLM...CLSID} = "WinAceDrag-Drop Extension"
                   \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6b5 (beta test) Context Menu Shell Extension"
  -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
                   \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6b5 (beta test) Property Sheet Shell Extension"
  -> {HKLM...CLSID} = "WinAceProperty Sheet Extension"
                   \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}" = "IZArc DragDrop Menu"
  -> {HKLM...CLSID} = "IZArc DragDrop Menu"
                   \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]
"{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}" = "IZArc Shell Context Menu"
  -> {HKLM...CLSID} = "IZArc Shell Context Menu"
                   \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]
"{BD88A479-9623-4897-8546-BC62B9628F44}" = "SPTHandler"
  -> {HKLM...CLSID} = "SPTHandler"
                   \InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]

HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"| [file not found]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
  -> {HKLM...CLSID} = "Acrobat Elements Context Menu"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"
  -> {HKLM...CLSID} = "IZArc Shell Context Menu"
                   \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
  -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
                   \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"
  -> {HKLM...CLSID} = "IZArc Shell Context Menu"
                   \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
  -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
                   \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
FineReader8\(Default) = "{F7091C74-EBB1-49D7-94C7-FE4886CCC18D}"
  -> {HKLM...CLSID} = "FineReader8ExplorerContextMenuHandler"
                   \InProcServer32\(Default) = "C:\Program Files\ABBYY FineReader 8.0 Professional Edition\FECMenu.dll" ["ABBYY Software"]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}"
  -> {HKLM...CLSID} = "SPTHandler"
                   \InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Pc\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Startup items in "Pc" & "All Users" startup folders:
------------------------------------------------------------

C:\Documents and Settings\Pc\Menu Start\Programy\Autostart
"SpeedFan" -> shortcut to: "C:\Program Files\SpeedFan\speedfan.exe" ["Almico Software (www.almico.com)"]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Acrobat Assistant" -> shortcut to: "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe" ["Adobe Systems Inc."]
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"BlueSoleil" -> shortcut to: "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" ["IVT Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 12
%SystemRoot%\system32\mswsock.dll [MS], 06 - 09, 13 - 23
%SystemRoot%\system32\rsvpsp.dll [MS], 10 - 11


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
  -> {HKLM...CLSID} = "Adobe PDF"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
  -> {HKLM...CLSID} = "Adobe PDF"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Adobe PDF"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{77BF5300-1474-4EC7-9980-D32B190E9B07}\
"ButtonText" = "Skype"
"CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"
  -> {HKLM...CLSID} = "Skype add-on (button)"
                   \InProcServer32\(Default) = "C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL" ["Skype Technologies S.A."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Badanie"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

BlueSoleil Hid Service, BlueSoleil Hid Service, "C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe" [null data]
Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
ForceWare IP service, nSvcIp, "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe" ["NVIDIA Corporation"]
ForceWare user log service, nSvcLog, "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe" ["NVIDIA Corporation"]
Forceware Web Interface, ForcewareWebInterface, ""C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice" ["Apache Software Foundation"]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Spyware Terminator Clam Service, sp_clamsrv, "C:\Program Files\WinClamAVShield\sp_clamsrv.exe" ["Crawler.com"]
Spyware Terminator Realtime Shield Service, sp_rssrv, "C:\Program Files\Spyware Terminator\sp_rsser.exe" ["Crawler.com"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
Lexmark Print-2-Fax Port\Driver = "LXPRMON.DLL" [null data]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 8 seconds.
---------- (total run time: 47 seconds)


Czy już wszystko jest ok?