Wielkie dzięki za zainteresowanie i pomoc
- main.txt :
Deckard’s System Scanner v20071014.68
Run by Hubert on 2008-03-09 21:54:05
Computer is in Normal Mode.
– System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable…success.
– Last 1 Restore Point(s) –
1: 2008-03-09 20:54:08 UTC - RP1 - Punkt kontrolny systemu
Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 478 MiB (512 MiB recommended).
– HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-09 21:55:29
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.13)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\Keyhook.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search Destroy\TeaTimer.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Hubert\Pulpit\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-SD IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVShExt.dll
O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM…\Run: [ccRegVfy] “C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe”
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM…\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: apitrap.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Usługa Auto-Protect w programie Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\Navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\system32\slserv.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
–
End of file - 6946 bytes
– File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL “%1”,%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser “%1”,%*
– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S3 QDFSDRV - c:\windows\system32\drivers\qdfsdrv.sys
– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Speed Disk service - c:\progra~1\norton~1\speedd~1\nopdb.exe
– Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
– Scheduled Tasks -------------------------------------------------------------
2008-03-09 21:45:48 414 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-02-29 20:51:00 518 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Skanuj komputer.job
– Files created between 2008-02-09 and 2008-03-09 -----------------------------
2008-03-09 21:42:14 296 --a------ C:\plik.reg
2008-03-09 19:18:13 71680 -r-hs---- C:\WINDOWS\system32\amvo0.dll
2008-03-09 19:18:13 107489 -r-hs---- C:\WINDOWS\system32\amvo.exe
2008-03-09 17:57:06 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-09 17:57:06 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-09 17:57:06 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-09 17:57:06 73728 --a------ C:\WINDOWS\system32\fdsv.exe
2008-02-17 13:08:04 0 d-------- C:\Program Files\AIMP2
– Find3M Report ---------------------------------------------------------------
2008-03-09 21:54:47 0 d-------- C:\Documents and Settings\Hubert\Dane aplikacji\Skype
2008-03-09 21:45:22 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-02 14:28:35 0 d-------- C:\Program Files\Norton SystemWorks
2008-02-24 18:38:23 0 d-------- C:\Program Files\Warblade
2008-02-23 12:52:41 0 d-------- C:\Program Files\NAPI-PROJEKT
2008-02-17 11:57:45 1279 --a------ C:\WINDOWS\mozver.dat
2008-02-05 11:19:43 0 d-------- C:\Program Files\Microsoft.NET
2008-02-05 11:18:43 0 d-------- C:\Program Files\Common Files
2008-02-05 11:18:37 0 d-------- C:\Program Files\Microsoft Works
2008-02-05 11:11:53 0 d-------- C:\Program Files\AbiSuite2
2008-02-03 13:24:51 0 d-------- C:\Program Files\microsoft frontpage
2008-02-01 12:56:45 0 d-------- C:\Program Files\Invention Pilot
2008-02-01 12:21:51 0 d-------- C:\Program Files\Rekenwonder Software
2008-01-30 22:48:40 0 d-------- C:\Program Files\WordToPDF
2008-01-30 22:34:57 0 d-------- C:\Documents and Settings\Hubert\Dane aplikacji\WordToPDF
2008-01-24 20:40:08 0 d-------- C:\Program Files\PWN
2008-01-24 17:44:01 0 d-------- C:\Program Files\Gadu-Gadu
2008-01-19 00:01:23 0 d-------- C:\Documents and Settings\Hubert\Dane aplikacji\Apple Computer
2008-01-17 17:26:50 0 d-------- C:\Documents and Settings\Hubert\Dane aplikacji\AdobeUM
2008-01-17 17:26:41 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-16 16:36:17 0 d-------- C:\Documents and Settings\Hubert\Dane aplikacji\Adobe
2008-01-15 14:46:03 0 d-------- C:\Program Files\Skype
2008-01-14 22:47:53 0 d-------- C:\Program Files\QuickTime
2008-01-12 21:22:41 0 d-------- C:\Documents and Settings\Hubert\Dane aplikacji\OpenOffice.org2
2008-01-05 19:41:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-05 19:38:25 32 --ahs---- C:\WINDOWS\system32{E06F6178-1BE3-4D59-A693-B8D97A0DE96D}.dat
2008-01-05 19:38:25 32 --ahs---- C:\WINDOWS{644A2FBC-2FBC-4E2A-B09C-968B3FEC417B}.dat
2008-01-05 19:38:01 32 --ahs---- C:\WINDOWS\system32{F194FEB8-A001-4448-BFF8-7D08993874D1}.dat
2008-01-05 19:38:01 32 --ahs---- C:\WINDOWS{794D01D3-254F-42D8-9D57-24F6D9419E7D}.dat
2008-01-05 19:37:15 32 --ahs---- C:\WINDOWS\system32{165D2A65-6D28-435E-9410-E07818B16955}.dat
2008-01-05 19:37:15 32 --ahs---- C:\WINDOWS{32933DBC-1B8D-4644-8AC0-79556C10EA16}.dat
2008-01-05 19:35:43 32 --ahs---- C:\WINDOWS\system32{9FF394FD-5F42-41E2-B28D-31C6A89107DF}.dat
2008-01-05 19:35:43 32 --ahs---- C:\WINDOWS\system32{68E19A99-5B16-47F4-8CC1-329F4C6AC84E}.dat
2008-01-05 19:35:43 32 --ahs---- C:\WINDOWS\system32{078D3026-72DC-4C21-964C-E77DA5F53377}.dat
2008-01-05 19:35:43 32 --ahs---- C:\WINDOWS{78C6DE58-B596-4EE9-B05D-DA977AF77ED5}.dat
2008-01-05 19:35:43 32 --ahs---- C:\WINDOWS{5FB5FAE4-B996-48C5-920C-5A7EFDC6F4FE}.dat
2008-01-05 19:35:43 32 --ahs---- C:\WINDOWS{5C6CFBFB-F0A1-45F9-B45D-D27D857F3147}.dat
2008-01-05 19:34:00 32 --ahs---- C:\WINDOWS\system32{1ACA7DC9-B113-4B0A-8FB2-9FC769FEE18C}.dat
2008-01-05 19:34:00 32 --ahs---- C:\WINDOWS{7C90715E-EB50-42C9-8808-70B3A2160159}.dat
2008-01-05 19:33:51 14 --a------ C:\WINDOWS\system32\SR2.dat
2008-01-05 19:15:20 62 --ahs---- C:\Documents and Settings\Hubert\Dane aplikacji\desktop.ini
2008-01-05 18:45:38 356068 --a------ C:\WINDOWS\system32\perfh015.dat
2008-01-05 18:45:38 49910 --a------ C:\WINDOWS\system32\perfc015.dat
2008-01-05 18:30:27 0 -rahs---- C:\MSDOS.SYS
2008-01-05 18:30:27 0 -rahs---- C:\IO.SYS
2008-01-05 18:30:27 0 --a------ C:\CONFIG.SYS
2008-01-05 18:30:27 0 --a------ C:\AUTOEXEC.BAT
2008-01-05 18:26:06 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat
– Registry Dump ---------------------------------------------------------------
*Note* empty entries legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2002-12-10 19:20]
“ccRegVfy”=“C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe” [2002-12-10 19:21]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50]
“SoundMan”=“SOUNDMAN.EXE” [2003-04-15 08:15 C:\WINDOWS\SOUNDMAN.EXE]
“SiS Windows KeyHook”=“C:\WINDOWS\system32\keyhook.exe” [2004-02-27 03:06]
“SiSUSBRG”=“C:\WINDOWS\SiSUSBrg.exe” [2002-07-12 12:15]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2003-12-08 17:35]
“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2007-10-19 20:16]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-04 00:55]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 11:54]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-03-02 11:55]
“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2008-01-28 11:43]
C:\Documents and Settings\Hubert\Menu Start\Programy\Autostart\
Norton System Doctor.lnk - C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE [2008-01-05 19:36:15]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2008-01-05 21:55:03]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“DisableRegistryTools”=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“DisableRegistryTools”=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“appinit_dlls”=apitrap.dll
– Hosts -----------------------------------------------------------------------
127.0.0.1 007guard.com
127.0.0.1 http://www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 http://www.008k.com
127.0.0.1 00hq.com
127.0.0.1 http://www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 http://www.032439.com
7898 more entries in hosts file.
– End of Deckard’s System Scanner: finished at 2008-03-09 21:56:57 ------------
- extra.txt :
Deckard’s System Scanner v20071014.68
Run by Hubert on 2008-03-09 21:54:05
Computer is in Normal Mode.
– System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable…success.
– Last 1 Restore Point(s) –
1: 2008-03-09 20:54:08 UTC - RP1 - Punkt kontrolny systemu
Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 478 MiB (512 MiB recommended).
– HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-09 21:55:29
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.13)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\Keyhook.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search Destroy\TeaTimer.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Hubert\Pulpit\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-SD IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVShExt.dll
O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM…\Run: [ccRegVfy] “C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe”
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM…\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: apitrap.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Usługa Auto-Protect w programie Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\Navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\system32\slserv.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
–
End of file - 6946 bytes
– File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL “%1”,%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser “%1”,%*
– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S3 QDFSDRV - c:\windows\system32\drivers\qdfsdrv.sys
– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Speed Disk service - c:\progra~1\norton~1\speedd~1\nopdb.exe
– Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
– Scheduled Tasks -------------------------------------------------------------
2008-03-09 21:45:48 414 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-02-29 20:51:00 518 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Skanuj komputer.job
– Files created between 2008-02-09 and 2008-03-09 -----------------------------
2008-03-09 21:42:14 296 --a------ C:\plik.reg
2008-03-09 19:18:13 71680 -r-hs---- C:\WINDOWS\system32\amvo0.dll
2008-03-09 19:18:13 107489 -r-hs---- C:\WINDOWS\system32\amvo.exe
2008-03-09 17:57:06 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-09 17:57:06 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-09 17:57:06 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-09 17:57:06 73728 --a------ C:\WINDOWS\system32\fdsv.exe
2008-02-17 13:08:04 0 d-------- C:\Program Files\AIMP2
– Find3M Report ---------------------------------------------------------------
2008-03-09 21:54:47 0 d-------- C:\Documents and Settings\Hubert\Dane aplikacji\Skype
2008-03-09 21:45:22 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-02 14:28:35 0 d-------- C:\Program Files\Norton SystemWorks
2008-02-24 18:38:23 0 d-------- C:\Program Files\Warblade
2008-02-23 12:52:41 0 d-------- C:\Program Files\NAPI-PROJEKT
2008-02-17 11:57:45 1279 --a------ C:\WINDOWS\mozver.dat
2008-02-05 11:19:43 0 d-------- C:\Program Files\Microsoft.NET
2008-02-05 11:18:43 0 d-------- C:\Program Files\Common Files
2008-02-05 11:18:37 0 d-------- C:\Program Files\Microsoft Works
2008-02-05 11:11:53 0 d-------- C:\Program Files\AbiSuite2
2008-02-03 13:24:51 0 d-------- C:\Program Files\microsoft frontpage
2008-02-01 12:56:45 0 d-------- C:\Program Files\Invention Pilot
2008-02-01 12:21:51 0 d-------- C:\Program Files\Rekenwonder Software
2008-01-30 22:48:40 0 d-------- C:\Program Files\WordToPDF
2008-01-30 22:34:57 0 d-------- C:\Documents and Settings\Hubert\Dane aplikacji\WordToPDF
2008-01-24 20:40:08 0 d-------- C:\Program Files\PWN
2008-01-24 17:44:01 0 d-------- C:\Program Files\Gadu-Gadu
2008-01-19 00:01:23 0 d-------- C:\Documents and Settings\Hubert\Dane aplikacji\Apple Computer
2008-01-17 17:26:50 0 d-------- C:\Documents and Settings\Hubert\Dane aplikacji\AdobeUM
2008-01-17 17:26:41 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-16 16:36:17 0 d-------- C:\Documents and Settings\Hubert\Dane aplikacji\Adobe
2008-01-15 14:46:03 0 d-------- C:\Program Files\Skype
2008-01-14 22:47:53 0 d-------- C:\Program Files\QuickTime
2008-01-12 21:22:41 0 d-------- C:\Documents and Settings\Hubert\Dane aplikacji\OpenOffice.org2
2008-01-05 19:41:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-05 19:38:25 32 --ahs---- C:\WINDOWS\system32{E06F6178-1BE3-4D59-A693-B8D97A0DE96D}.dat
2008-01-05 19:38:25 32 --ahs---- C:\WINDOWS{644A2FBC-2FBC-4E2A-B09C-968B3FEC417B}.dat
2008-01-05 19:38:01 32 --ahs---- C:\WINDOWS\system32{F194FEB8-A001-4448-BFF8-7D08993874D1}.dat
2008-01-05 19:38:01 32 --ahs---- C:\WINDOWS{794D01D3-254F-42D8-9D57-24F6D9419E7D}.dat
2008-01-05 19:37:15 32 --ahs---- C:\WINDOWS\system32{165D2A65-6D28-435E-9410-E07818B16955}.dat
2008-01-05 19:37:15 32 --ahs---- C:\WINDOWS{32933DBC-1B8D-4644-8AC0-79556C10EA16}.dat
2008-01-05 19:35:43 32 --ahs---- C:\WINDOWS\system32{9FF394FD-5F42-41E2-B28D-31C6A89107DF}.dat
2008-01-05 19:35:43 32 --ahs---- C:\WINDOWS\system32{68E19A99-5B16-47F4-8CC1-329F4C6AC84E}.dat
2008-01-05 19:35:43 32 --ahs---- C:\WINDOWS\system32{078D3026-72DC-4C21-964C-E77DA5F53377}.dat
2008-01-05 19:35:43 32 --ahs---- C:\WINDOWS{78C6DE58-B596-4EE9-B05D-DA977AF77ED5}.dat
2008-01-05 19:35:43 32 --ahs---- C:\WINDOWS{5FB5FAE4-B996-48C5-920C-5A7EFDC6F4FE}.dat
2008-01-05 19:35:43 32 --ahs---- C:\WINDOWS{5C6CFBFB-F0A1-45F9-B45D-D27D857F3147}.dat
2008-01-05 19:34:00 32 --ahs---- C:\WINDOWS\system32{1ACA7DC9-B113-4B0A-8FB2-9FC769FEE18C}.dat
2008-01-05 19:34:00 32 --ahs---- C:\WINDOWS{7C90715E-EB50-42C9-8808-70B3A2160159}.dat
2008-01-05 19:33:51 14 --a------ C:\WINDOWS\system32\SR2.dat
2008-01-05 19:15:20 62 --ahs---- C:\Documents and Settings\Hubert\Dane aplikacji\desktop.ini
2008-01-05 18:45:38 356068 --a------ C:\WINDOWS\system32\perfh015.dat
2008-01-05 18:45:38 49910 --a------ C:\WINDOWS\system32\perfc015.dat
2008-01-05 18:30:27 0 -rahs---- C:\MSDOS.SYS
2008-01-05 18:30:27 0 -rahs---- C:\IO.SYS
2008-01-05 18:30:27 0 --a------ C:\CONFIG.SYS
2008-01-05 18:30:27 0 --a------ C:\AUTOEXEC.BAT
2008-01-05 18:26:06 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat
– Registry Dump ---------------------------------------------------------------
*Note* empty entries legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2002-12-10 19:20]
“ccRegVfy”=“C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe” [2002-12-10 19:21]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50]
“SoundMan”=“SOUNDMAN.EXE” [2003-04-15 08:15 C:\WINDOWS\SOUNDMAN.EXE]
“SiS Windows KeyHook”=“C:\WINDOWS\system32\keyhook.exe” [2004-02-27 03:06]
“SiSUSBRG”=“C:\WINDOWS\SiSUSBrg.exe” [2002-07-12 12:15]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2003-12-08 17:35]
“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2007-10-19 20:16]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-04 00:55]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 11:54]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-03-02 11:55]
“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2008-01-28 11:43]
C:\Documents and Settings\Hubert\Menu Start\Programy\Autostart\
Norton System Doctor.lnk - C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE [2008-01-05 19:36:15]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2008-01-05 21:55:03]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“DisableRegistryTools”=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“DisableRegistryTools”=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“appinit_dlls”=apitrap.dll
– Hosts -----------------------------------------------------------------------
127.0.0.1 007guard.com
127.0.0.1 http://www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 http://www.008k.com
127.0.0.1 00hq.com
127.0.0.1 http://www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 http://www.032439.com
7898 more entries in hosts file.
– End of Deckard’s System Scanner: finished at 2008-03-09 21:56:57 ------------
także tak to wygląda, ja nie wiem co z tym fantem dalej zrobić i byłbym bardzo wdzięczny o dalsze pokierowanie mnie w tej kwestjii. Pozdrawiam