Komputer spowolnił

Deckard’s System Scanner v20070826.66

Run by wieslaw on 2007-08-29 21:31:47

Computer is in Normal Mode.


– System Restore --------------------------------------------------------------

Successfully created a Deckard’s System Scanner Restore Point.

– Last 5 Restore Point(s) –

7: 2007-08-29 19:31:59 UTC - RP180 - Deckard’s System Scanner Restore Point

6: 2007-08-27 11:48:50 UTC - RP179 - Punkt kontrolny systemu

5: 2007-08-22 09:52:35 UTC - RP178 - Punkt kontrolny systemu

4: 2007-08-18 21:35:48 UTC - RP177 - Installed ACDSee 9 Photo Manager

3: 2007-08-14 23:11:21 UTC - RP176 - Software Distribution Service 3.0

– First Restore Point –

1: 2007-08-11 14:59:22 UTC - RP174 - Usunięte Pro Evolution Soccer 6

Backed up registry hives.

Performed disk cleanup.

System Drive C: has 2.83 GiB (less than 15%) free.

– HijackThis (run as wieslaw.exe) ---------------------------------------------

Unable to find log (file not found); running clone.

– HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1

Scan saved at 2007-08-29 21:33:42

Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (7.00.6000.16512)

Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\DeskSite\binex\DeskSiteCMA.exe

C:\WITaj!\WITaj!\WIT2000.EXE

C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\oodag.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

D:\Program Files\Shareaza\Shareaza\Shareaza.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\download\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE 7

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll

O2 - BHO: IEbho Class - {68C55168-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O2 - BHO: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll

O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2575.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKEY_LOCAL_MACHINE…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKEY_LOCAL_MACHINE…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKEY_LOCAL_MACHINE…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [AWMON] “C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe”

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe

O4 - HKCU…\Run: [WITaj!] C:\WITaj!\WITaj!\WIT2000.EXE

O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.exe

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html

O8 - Extra context menu item: Download Link Using Mega Manager… - C:\Program Files\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm

O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll

O9 - Extra ‘Tools’ menuitem: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

O9 - Extra ‘Tools’ menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - (no file)

O9 - Extra ‘Tools’ menuitem: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - (no file)

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)

O9 - Extra ‘Tools’ menuitem: (no name) - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)

O15 - Trusted Zone: *.archiviosex.net (HKCU)

O15 - Trusted Zone: *.otherchance.com (HKCU)

O15 - Trusted Zone: *.whatsnew.name (HKCU)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/sh … tor/sw.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} (Moonlight MPEG-4 Video Decoder) - http://195.140.237.244/activex/decoder/mpeg4_dec.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.125.138.27/activex/AxisCamControl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://195.140.237.244/activex/AMC.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: DeskSiteCMA - Unknown owner - “C:\Program Files\DeskSite\binex\DeskSiteCMA.exe”

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - “C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe”

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - “C:\Program Files\CyberLink\Shared files\RichVideo.exe”

O23 - Service: StyleXPService - Unknown owner - “C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe”

– HijackThis Fixed Entries (D:\download\HIJACK~1\backups) --------------------

backup-20061220-202046-937 O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

backup-20061220-202151-400 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

backup-20061220-202151-586 O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

backup-20061220-202151-722 R3 - Default URLSearchHook is missing

backup-20061228-164505-803 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - blank (file missing)

backup-20061228-165550-254 O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

backup-20061228-165550-281 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

backup-20070202-184650-960 O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

backup-20070202-184821-451 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

backup-20070202-184821-606 O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

backup-20070214-125506-499 O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)

backup-20070214-125506-540 O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

backup-20070829-205818-356 O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)

backup-20070829-205818-739 O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)

backup-20070829-205818-959 O3 - Toolbar: (no name) - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - (no file)

– File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL “%1”,%*

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser “%1”,%*

– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys

R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe

R1 UserPort - c:\windows\system32\drivers\userport.sys

R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys

R2 PStrip - c:\windows\system32\drivers\pstrip.sys

R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys

R3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys

R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys

R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys

R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys

R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys

R3 Pcatip - c:\windows\system32\drivers\pcatip.sys

R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys

R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys

R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys

R3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys

S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys

S3 ENTECH - c:\windows\system32\drivers\entech.sys

S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys (file missing)

S3 ZDCndis5 (ZDCndis5 Protocol Driver) - c:\windows\system32\zdcndis5.sys (file missing)

– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe

R2 DeskSiteCMA - “c:\program files\desksite\binex\desksitecma.exe”

R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - “c:\program files\cyberlink\shared files\richvideo.exe”

R2 StyleXPService - “c:\program files\tgtsoft\stylexp\stylexpservice.exe”

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe

– Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Karta Realtek RTL8139 Family PCI Fast Ethernet NIC

Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_81391849&REV_10\4&32A45852&0&50F0

Manufacturer: Realtek

Name: Karta Realtek RTL8139 Family PCI Fast Ethernet NIC

PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_81391849&REV_10\4&32A45852&0&50F0

Service: rtl8139

– Scheduled Tasks -------------------------------------------------------------

2007-08-28 17:03:03 284 --a----c- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2007-08-24 00:05:02 440 --a----c- C:\WINDOWS\Tasks\EasyShare Registration Task.job

2007-08-17 19:12:00 296 --a----c- C:\WINDOWS\Tasks\avast! Antivirus.job

– Files created between 2007-07-29 and 2007-08-29 -----------------------------

2007-08-29 14:58:40 0 d------c- C:\WINDOWS\LastGood

2007-08-19 23:42:00 109568 --a----c- C:\WINDOWS\system32\apex3gp.exe

2007-08-19 23:41:59 4755968 --a----c- C:\WINDOWS\system32\apexconverter.exe

2007-08-19 23:41:59 120320 --a----c- C:\WINDOWS\system32\apexchanger.exe

2007-08-19 23:41:58 3138048 --a----c- C:\WINDOWS\system32\apexxbox.exe

2007-08-19 23:41:58 398798 --a----c- C:\WINDOWS\system32\apexpmp.exe

2007-08-19 23:41:58 86016 --a----c- C:\WINDOWS\system32\AddiTunes.exe

2007-08-19 23:41:39 764416 --a----c- C:\WINDOWS\system32\NCTRMFile.dll

2007-08-19 23:41:39 249856 --a----c- C:\WINDOWS\system32\NCTQuickTimeFile.dll

2007-08-19 23:41:39 626688 --a----c- C:\WINDOWS\system32\NCTImageFile.dll

2007-08-19 23:41:38 495104 --a----c- C:\WINDOWS\system32\NCTVideoCoreM.dll

2007-08-19 23:41:38 382464 --a----c- C:\WINDOWS\system32\NCTAVIFile.dll

2007-08-19 23:41:37 780288 --a----c- C:\WINDOWS\system32\NCTVideoCompress.dll

2007-08-19 23:41:37 90112 --a----c- C:\WINDOWS\system32\NCTAudioFormatSettings3.dll

2007-08-19 23:41:36 312320 --a----c- C:\WINDOWS\system32\NCTVideoView.dll

2007-08-19 23:41:36 188416 --a----c- C:\WINDOWS\system32\NCTVideoFile.dll

2007-08-19 23:41:36 2846720 --a----c- C:\WINDOWS\system32\NCTAudioCompress3.dll

2007-08-19 23:41:35 215552 --a----c- C:\WINDOWS\system32\NCTWMVFile.dll

2007-08-19 23:41:35 778240 --a----c- C:\WINDOWS\system32\NCTAudioCompress2.dll

2007-08-19 23:41:31 0 d------c- C:\WINDOWS\system32\RMBin

2007-08-19 23:41:30 81920 --a----c- C:\WINDOWS\system32\viscomwave.dll

2007-08-19 23:41:30 147456 --a----c- C:\WINDOWS\system32\viscomqtenc.dll http://www.viscomsoft.com; >

2007-08-19 23:41:30 139264 --a----c- C:\WINDOWS\system32\viscomqtde.dll http://www.viscomsoft.com; >

2007-08-18 23:38:08 0 d------c- C:\extensions

2007-08-18 23:37:14 0 d------c- C:\Program Files\Yahoo!

2007-08-15 01:12:24 0 d------c- C:\Program Files\MSXML 4.0

– Find3M Report ---------------------------------------------------------------

2007-08-28 20:28:40 14662 --a----c- C:\logfile

2007-08-26 13:59:13 0 d------c- C:\Documents and Settings\wieslaw\Dane aplikacji\MegauploadToolbar

2007-08-20 18:21:06 459070 --a----c- C:\WINDOWS\system32\perfh015.dat

2007-08-20 18:21:06 80352 --a----c- C:\WINDOWS\system32\perfc015.dat

2007-08-20 12:36:18 0 d------c- C:\Program Files\Mozilla Thunderbird

2007-08-20 10:57:29 0 d------c- C:\Program Files\Trojan Remover

2007-08-19 00:44:50 0 d------c- C:\Documents and Settings\wieslaw\Dane aplikacji\WinRAR

2007-08-18 23:36:17 0 d------c- C:\Program Files\Common Files\ACD Systems

2007-08-14 20:40:22 0 d------c- C:\Program Files\Odkurzacz

2007-08-11 17:00:20 0 d–h—c- C:\Program Files\InstallShield Installation Information

2007-08-11 15:52:49 0 d------c- C:\Program Files\Peer2Mail

2007-08-10 18:49:25 0 d------c- C:\Program Files\MegauploadToolbar

2007-07-20 18:14:23 0 d------c- C:\Program Files\Copernic Desktop Search 2

2007-07-14 17:37:06 0 d------c- C:\Documents and Settings\wieslaw\Dane aplikacji\uTorrent

2007-07-11 15:55:33 664 --a----c- C:\WINDOWS\desctemp.dat

2007-07-05 20:19:08 0 d------c- C:\Program Files\Vulcan Media

2007-07-05 20:19:03 0 d------c- C:\Program Files\PWN

2007-07-02 01:06:48 0 d------c- C:\Program Files\Kwyshell

2007-06-29 00:22:44 0 d------c- C:\Program Files\Kodak

2007-06-29 00:20:53 0 d------c- C:\Program Files\Common Files

2007-06-29 00:20:53 0 d------c- C:\Program Files\Common Files\Kodak

2007-06-08 22:38:51 356352 --a----c- C:\WINDOWS\eSellerateEngine.dll

2007-06-06 09:38:40 237568 --a----c- C:\WINDOWS\system32\KPDPMUI.dll

2007-06-06 09:38:14 344064 --a----c- C:\WINDOWS\system32\KPDPM.dll

– Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-07-28 00:03]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-08-11 22:43]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-01-15 00:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44]

“AWMON”=“C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe” [2005-05-25 13:12]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36]

“Odkurzacz-MCD”=“C:\Program Files\Odkurzacz\odk_mcd.exe” [2007-05-03 10:02]

“WITaj!”=“C:\WITaj!\WITaj!\WIT2000.EXE” [2005-03-21 18:20]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2007-01-13 20:50:30]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DemonStarter]

C:\Program Files\PWN\Definicje\Bin\Starter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

“C:\Program Files\Gadu-Gadu\gg.exe” /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WITaj!]

C:\WITaj!\WITaj!\WIT2000.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”

“FreeCall”=“C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe” -nosplash -minimized

“XPRepairBusiness”=C:\Program Files\XP Repair Pro\xprepairpro.exe /s

“Shareaza”=“D:\Program Files\Shareaza\Shareaza\Shareaza.exe” -tray

“ares”=“C:\Program Files\Ares\Ares.exe” -h

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe”

“WinampAgent”=C:\Program Files\Winamp\winampa.exe

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” -atboottime

“HPDJ Taskbar Utility”=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

“nwiz”=nwiz.exe /install

“BearShare”=“D:\Program Files\BearShare\BearShare.exe” /pause

“UserFaultCheck”=%systemroot%\system32\dumprep 0 -u

“TrojanScanner”=C:\Program Files\Trojan Remover\Trjscan.exe

“NeroFilterCheck”=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

– End of Deckard’s System Scanner: finished at 2007-08-29 21:34:59 ------------

Nie podpinaj się pod cudzy temat załóż swój -wydzielam wątek

usuń wpisy HJT

Daj log z Deckard’s System Scanner

Deckard’s System Scanner v20070826.66

Run by wieslaw on 2007-08-29 21:31:47

Computer is in Normal Mode.


– System Restore --------------------------------------------------------------

Successfully created a Deckard’s System Scanner Restore Point.

– Last 5 Restore Point(s) –

7: 2007-08-29 19:31:59 UTC - RP180 - Deckard’s System Scanner Restore Point

6: 2007-08-27 11:48:50 UTC - RP179 - Punkt kontrolny systemu

5: 2007-08-22 09:52:35 UTC - RP178 - Punkt kontrolny systemu

4: 2007-08-18 21:35:48 UTC - RP177 - Installed ACDSee 9 Photo Manager

3: 2007-08-14 23:11:21 UTC - RP176 - Software Distribution Service 3.0

– First Restore Point –

1: 2007-08-11 14:59:22 UTC - RP174 - Usunięte Pro Evolution Soccer 6

Backed up registry hives.

Performed disk cleanup.

System Drive C: has 2.83 GiB (less than 15%) free.

– HijackThis (run as wieslaw.exe) ---------------------------------------------

Unable to find log (file not found); running clone.

– HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1

Scan saved at 2007-08-29 21:33:42

Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (7.00.6000.16512)

Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\DeskSite\binex\DeskSiteCMA.exe

C:\WITaj!\WITaj!\WIT2000.EXE

C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\oodag.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

D:\Program Files\Shareaza\Shareaza\Shareaza.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\download\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE 7

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll

O2 - BHO: IEbho Class - {68C55168-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O2 - BHO: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll

O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2575.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKEY_LOCAL_MACHINE…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKEY_LOCAL_MACHINE…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKEY_LOCAL_MACHINE…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [AWMON] “C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe”

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe

O4 - HKCU…\Run: [WITaj!] C:\WITaj!\WITaj!\WIT2000.EXE

O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.exe

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html

O8 - Extra context menu item: Download Link Using Mega Manager… - C:\Program Files\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm

O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll

O9 - Extra ‘Tools’ menuitem: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

O9 - Extra ‘Tools’ menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - (no file)

O9 - Extra ‘Tools’ menuitem: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - (no file)

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)

O9 - Extra ‘Tools’ menuitem: (no name) - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)

O15 - Trusted Zone: *.archiviosex.net (HKCU)

O15 - Trusted Zone: *.otherchance.com (HKCU)

O15 - Trusted Zone: *.whatsnew.name (HKCU)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/sh … tor/sw.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} (Moonlight MPEG-4 Video Decoder) - http://195.140.237.244/activex/decoder/mpeg4_dec.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.125.138.27/activex/AxisCamControl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://195.140.237.244/activex/AMC.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: DeskSiteCMA - Unknown owner - “C:\Program Files\DeskSite\binex\DeskSiteCMA.exe”

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - “C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe”

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - “C:\Program Files\CyberLink\Shared files\RichVideo.exe”

O23 - Service: StyleXPService - Unknown owner - “C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe”

– HijackThis Fixed Entries (D:\download\HIJACK~1\backups) --------------------

backup-20061220-202046-937 O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

backup-20061220-202151-400 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

backup-20061220-202151-586 O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

backup-20061220-202151-722 R3 - Default URLSearchHook is missing

backup-20061228-164505-803 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - blank (file missing)

backup-20061228-165550-254 O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

backup-20061228-165550-281 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

backup-20070202-184650-960 O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

backup-20070202-184821-451 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

backup-20070202-184821-606 O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

backup-20070214-125506-499 O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)

backup-20070214-125506-540 O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

backup-20070829-205818-356 O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)

backup-20070829-205818-739 O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)

backup-20070829-205818-959 O3 - Toolbar: (no name) - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - (no file)

– File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL “%1”,%*

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser “%1”,%*

– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys

R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe

R1 UserPort - c:\windows\system32\drivers\userport.sys

R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys

R2 PStrip - c:\windows\system32\drivers\pstrip.sys

R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys

R3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys

R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys

R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys

R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys

R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys

R3 Pcatip - c:\windows\system32\drivers\pcatip.sys

R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys

R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys

R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys

R3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys

S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys

S3 ENTECH - c:\windows\system32\drivers\entech.sys

S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys (file missing)

S3 ZDCndis5 (ZDCndis5 Protocol Driver) - c:\windows\system32\zdcndis5.sys (file missing)

– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe

R2 DeskSiteCMA - “c:\program files\desksite\binex\desksitecma.exe”

R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - “c:\program files\cyberlink\shared files\richvideo.exe”

R2 StyleXPService - “c:\program files\tgtsoft\stylexp\stylexpservice.exe”

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe

– Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Karta Realtek RTL8139 Family PCI Fast Ethernet NIC

Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_81391849&REV_10\4&32A45852&0&50F0

Manufacturer: Realtek

Name: Karta Realtek RTL8139 Family PCI Fast Ethernet NIC

PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_81391849&REV_10\4&32A45852&0&50F0

Service: rtl8139

– Scheduled Tasks -------------------------------------------------------------

2007-08-28 17:03:03 284 --a----c- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2007-08-24 00:05:02 440 --a----c- C:\WINDOWS\Tasks\EasyShare Registration Task.job

2007-08-17 19:12:00 296 --a----c- C:\WINDOWS\Tasks\avast! Antivirus.job

– Files created between 2007-07-29 and 2007-08-29 -----------------------------

2007-08-29 14:58:40 0 d------c- C:\WINDOWS\LastGood

2007-08-19 23:42:00 109568 --a----c- C:\WINDOWS\system32\apex3gp.exe

2007-08-19 23:41:59 4755968 --a----c- C:\WINDOWS\system32\apexconverter.exe

2007-08-19 23:41:59 120320 --a----c- C:\WINDOWS\system32\apexchanger.exe

2007-08-19 23:41:58 3138048 --a----c- C:\WINDOWS\system32\apexxbox.exe

2007-08-19 23:41:58 398798 --a----c- C:\WINDOWS\system32\apexpmp.exe

2007-08-19 23:41:58 86016 --a----c- C:\WINDOWS\system32\AddiTunes.exe

2007-08-19 23:41:39 764416 --a----c- C:\WINDOWS\system32\NCTRMFile.dll

2007-08-19 23:41:39 249856 --a----c- C:\WINDOWS\system32\NCTQuickTimeFile.dll

2007-08-19 23:41:39 626688 --a----c- C:\WINDOWS\system32\NCTImageFile.dll

2007-08-19 23:41:38 495104 --a----c- C:\WINDOWS\system32\NCTVideoCoreM.dll

2007-08-19 23:41:38 382464 --a----c- C:\WINDOWS\system32\NCTAVIFile.dll

2007-08-19 23:41:37 780288 --a----c- C:\WINDOWS\system32\NCTVideoCompress.dll

2007-08-19 23:41:37 90112 --a----c- C:\WINDOWS\system32\NCTAudioFormatSettings3.dll

2007-08-19 23:41:36 312320 --a----c- C:\WINDOWS\system32\NCTVideoView.dll

2007-08-19 23:41:36 188416 --a----c- C:\WINDOWS\system32\NCTVideoFile.dll

2007-08-19 23:41:36 2846720 --a----c- C:\WINDOWS\system32\NCTAudioCompress3.dll

2007-08-19 23:41:35 215552 --a----c- C:\WINDOWS\system32\NCTWMVFile.dll

2007-08-19 23:41:35 778240 --a----c- C:\WINDOWS\system32\NCTAudioCompress2.dll

2007-08-19 23:41:31 0 d------c- C:\WINDOWS\system32\RMBin

2007-08-19 23:41:30 81920 --a----c- C:\WINDOWS\system32\viscomwave.dll

2007-08-19 23:41:30 147456 --a----c- C:\WINDOWS\system32\viscomqtenc.dll http://www.viscomsoft.com; >

2007-08-19 23:41:30 139264 --a----c- C:\WINDOWS\system32\viscomqtde.dll http://www.viscomsoft.com; >

2007-08-18 23:38:08 0 d------c- C:\extensions

2007-08-18 23:37:14 0 d------c- C:\Program Files\Yahoo!

2007-08-15 01:12:24 0 d------c- C:\Program Files\MSXML 4.0

– Find3M Report ---------------------------------------------------------------

2007-08-28 20:28:40 14662 --a----c- C:\logfile

2007-08-26 13:59:13 0 d------c- C:\Documents and Settings\wieslaw\Dane aplikacji\MegauploadToolbar

2007-08-20 18:21:06 459070 --a----c- C:\WINDOWS\system32\perfh015.dat

2007-08-20 18:21:06 80352 --a----c- C:\WINDOWS\system32\perfc015.dat

2007-08-20 12:36:18 0 d------c- C:\Program Files\Mozilla Thunderbird

2007-08-20 10:57:29 0 d------c- C:\Program Files\Trojan Remover

2007-08-19 00:44:50 0 d------c- C:\Documents and Settings\wieslaw\Dane aplikacji\WinRAR

2007-08-18 23:36:17 0 d------c- C:\Program Files\Common Files\ACD Systems

2007-08-14 20:40:22 0 d------c- C:\Program Files\Odkurzacz

2007-08-11 17:00:20 0 d–h—c- C:\Program Files\InstallShield Installation Information

2007-08-11 15:52:49 0 d------c- C:\Program Files\Peer2Mail

2007-08-10 18:49:25 0 d------c- C:\Program Files\MegauploadToolbar

2007-07-20 18:14:23 0 d------c- C:\Program Files\Copernic Desktop Search 2

2007-07-14 17:37:06 0 d------c- C:\Documents and Settings\wieslaw\Dane aplikacji\uTorrent

2007-07-11 15:55:33 664 --a----c- C:\WINDOWS\desctemp.dat

2007-07-05 20:19:08 0 d------c- C:\Program Files\Vulcan Media

2007-07-05 20:19:03 0 d------c- C:\Program Files\PWN

2007-07-02 01:06:48 0 d------c- C:\Program Files\Kwyshell

2007-06-29 00:22:44 0 d------c- C:\Program Files\Kodak

2007-06-29 00:20:53 0 d------c- C:\Program Files\Common Files

2007-06-29 00:20:53 0 d------c- C:\Program Files\Common Files\Kodak

2007-06-08 22:38:51 356352 --a----c- C:\WINDOWS\eSellerateEngine.dll

2007-06-06 09:38:40 237568 --a----c- C:\WINDOWS\system32\KPDPMUI.dll

2007-06-06 09:38:14 344064 --a----c- C:\WINDOWS\system32\KPDPM.dll

– Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-07-28 00:03]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-08-11 22:43]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-01-15 00:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44]

“AWMON”=“C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe” [2005-05-25 13:12]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36]

“Odkurzacz-MCD”=“C:\Program Files\Odkurzacz\odk_mcd.exe” [2007-05-03 10:02]

“WITaj!”=“C:\WITaj!\WITaj!\WIT2000.EXE” [2005-03-21 18:20]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2007-01-13 20:50:30]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DemonStarter]

C:\Program Files\PWN\Definicje\Bin\Starter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

“C:\Program Files\Gadu-Gadu\gg.exe” /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WITaj!]

C:\WITaj!\WITaj!\WIT2000.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”

“FreeCall”=“C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe” -nosplash -minimized

“XPRepairBusiness”=C:\Program Files\XP Repair Pro\xprepairpro.exe /s

“Shareaza”=“D:\Program Files\Shareaza\Shareaza\Shareaza.exe” -tray

“ares”=“C:\Program Files\Ares\Ares.exe” -h

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe”

“WinampAgent”=C:\Program Files\Winamp\winampa.exe

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” -atboottime

“HPDJ Taskbar Utility”=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

“nwiz”=nwiz.exe /install

“BearShare”=“D:\Program Files\BearShare\BearShare.exe” /pause

“UserFaultCheck”=%systemroot%\system32\dumprep 0 -u

“TrojanScanner”=C:\Program Files\Trojan Remover\Trjscan.exe

“NeroFilterCheck”=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

– End of Deckard’s System Scanner: finished at 2007-08-29 21:34:59 ------------

To nie jest ten log.

DSS tworzy dwa lub trzy logi, Ty masz pokazać głównie ten, w którym jest log z Hijacka, itd.

jessi

Deckard’s System Scanner v20070826.66

Run by wieslaw on 2007-08-29 21:31:47

Computer is in Normal Mode.


– System Restore --------------------------------------------------------------

Successfully created a Deckard’s System Scanner Restore Point.

– Last 5 Restore Point(s) –

7: 2007-08-29 19:31:59 UTC - RP180 - Deckard’s System Scanner Restore Point

6: 2007-08-27 11:48:50 UTC - RP179 - Punkt kontrolny systemu

5: 2007-08-22 09:52:35 UTC - RP178 - Punkt kontrolny systemu

4: 2007-08-18 21:35:48 UTC - RP177 - Installed ACDSee 9 Photo Manager

3: 2007-08-14 23:11:21 UTC - RP176 - Software Distribution Service 3.0

– First Restore Point –

1: 2007-08-11 14:59:22 UTC - RP174 - Usunięte Pro Evolution Soccer 6

Backed up registry hives.

Performed disk cleanup.

System Drive C: has 2.83 GiB (less than 15%) free.

– HijackThis (run as wieslaw.exe) ---------------------------------------------

Unable to find log (file not found); running clone.

– HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1

Scan saved at 2007-08-29 21:33:42

Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (7.00.6000.16512)

Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\DeskSite\binex\DeskSiteCMA.exe

C:\WITaj!\WITaj!\WIT2000.EXE

C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\oodag.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

D:\Program Files\Shareaza\Shareaza\Shareaza.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\download\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE 7

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll

O2 - BHO: IEbho Class - {68C55168-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O2 - BHO: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll

O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2575.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKEY_LOCAL_MACHINE…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKEY_LOCAL_MACHINE…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKEY_LOCAL_MACHINE…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [AWMON] “C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe”

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe

O4 - HKCU…\Run: [WITaj!] C:\WITaj!\WITaj!\WIT2000.EXE

O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.exe

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html

O8 - Extra context menu item: Download Link Using Mega Manager… - C:\Program Files\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm

O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll

O9 - Extra ‘Tools’ menuitem: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

O9 - Extra ‘Tools’ menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - (no file)

O9 - Extra ‘Tools’ menuitem: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - (no file)

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)

O9 - Extra ‘Tools’ menuitem: (no name) - {E908B145-C847-4e85-B315-07E2E70DECF8} - (no file)

O15 - Trusted Zone: *.archiviosex.net (HKCU)

O15 - Trusted Zone: *.otherchance.com (HKCU)

O15 - Trusted Zone: *.whatsnew.name (HKCU)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/sh … tor/sw.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {32C11E38-E587-4BE9-9ABB-D69158C21CE5} (Moonlight MPEG-4 Video Decoder) - http://195.140.237.244/activex/decoder/mpeg4_dec.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.125.138.27/activex/AxisCamControl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://195.140.237.244/activex/AMC.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: DeskSiteCMA - Unknown owner - “C:\Program Files\DeskSite\binex\DeskSiteCMA.exe”

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - “C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe”

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - “C:\Program Files\CyberLink\Shared files\RichVideo.exe”

O23 - Service: StyleXPService - Unknown owner - “C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe”

– HijackThis Fixed Entries (D:\download\HIJACK~1\backups) --------------------

backup-20061220-202046-937 O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

backup-20061220-202151-400 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

backup-20061220-202151-586 O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

backup-20061220-202151-722 R3 - Default URLSearchHook is missing

backup-20061228-164505-803 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - blank (file missing)

backup-20061228-165550-254 O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

backup-20061228-165550-281 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

backup-20070202-184650-960 O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

backup-20070202-184821-451 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

backup-20070202-184821-606 O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

backup-20070214-125506-499 O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)

backup-20070214-125506-540 O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

backup-20070829-205818-356 O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)

backup-20070829-205818-739 O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file)

backup-20070829-205818-959 O3 - Toolbar: (no name) - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - (no file)

– File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL “%1”,%*

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser “%1”,%*

– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys

R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe

R1 UserPort - c:\windows\system32\drivers\userport.sys

R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys

R2 PStrip - c:\windows\system32\drivers\pstrip.sys

R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys

R3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys

R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys

R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys

R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys

R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys

R3 Pcatip - c:\windows\system32\drivers\pcatip.sys

R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys

R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys

R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys

R3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys

S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys

S3 ENTECH - c:\windows\system32\drivers\entech.sys

S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys (file missing)

S3 ZDCndis5 (ZDCndis5 Protocol Driver) - c:\windows\system32\zdcndis5.sys (file missing)

– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe

R2 DeskSiteCMA - “c:\program files\desksite\binex\desksitecma.exe”

R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - “c:\program files\cyberlink\shared files\richvideo.exe”

R2 StyleXPService - “c:\program files\tgtsoft\stylexp\stylexpservice.exe”

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe

– Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Karta Realtek RTL8139 Family PCI Fast Ethernet NIC

Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_81391849&REV_10\4&32A45852&0&50F0

Manufacturer: Realtek

Name: Karta Realtek RTL8139 Family PCI Fast Ethernet NIC

PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_81391849&REV_10\4&32A45852&0&50F0

Service: rtl8139

– Scheduled Tasks -------------------------------------------------------------

2007-08-28 17:03:03 284 --a----c- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2007-08-24 00:05:02 440 --a----c- C:\WINDOWS\Tasks\EasyShare Registration Task.job

2007-08-17 19:12:00 296 --a----c- C:\WINDOWS\Tasks\avast! Antivirus.job

– Files created between 2007-07-29 and 2007-08-29 -----------------------------

2007-08-29 14:58:40 0 d------c- C:\WINDOWS\LastGood

2007-08-19 23:42:00 109568 --a----c- C:\WINDOWS\system32\apex3gp.exe

2007-08-19 23:41:59 4755968 --a----c- C:\WINDOWS\system32\apexconverter.exe

2007-08-19 23:41:59 120320 --a----c- C:\WINDOWS\system32\apexchanger.exe

2007-08-19 23:41:58 3138048 --a----c- C:\WINDOWS\system32\apexxbox.exe

2007-08-19 23:41:58 398798 --a----c- C:\WINDOWS\system32\apexpmp.exe

2007-08-19 23:41:58 86016 --a----c- C:\WINDOWS\system32\AddiTunes.exe

2007-08-19 23:41:39 764416 --a----c- C:\WINDOWS\system32\NCTRMFile.dll

2007-08-19 23:41:39 249856 --a----c- C:\WINDOWS\system32\NCTQuickTimeFile.dll

2007-08-19 23:41:39 626688 --a----c- C:\WINDOWS\system32\NCTImageFile.dll

2007-08-19 23:41:38 495104 --a----c- C:\WINDOWS\system32\NCTVideoCoreM.dll

2007-08-19 23:41:38 382464 --a----c- C:\WINDOWS\system32\NCTAVIFile.dll

2007-08-19 23:41:37 780288 --a----c- C:\WINDOWS\system32\NCTVideoCompress.dll

2007-08-19 23:41:37 90112 --a----c- C:\WINDOWS\system32\NCTAudioFormatSettings3.dll

2007-08-19 23:41:36 312320 --a----c- C:\WINDOWS\system32\NCTVideoView.dll

2007-08-19 23:41:36 188416 --a----c- C:\WINDOWS\system32\NCTVideoFile.dll

2007-08-19 23:41:36 2846720 --a----c- C:\WINDOWS\system32\NCTAudioCompress3.dll

2007-08-19 23:41:35 215552 --a----c- C:\WINDOWS\system32\NCTWMVFile.dll

2007-08-19 23:41:35 778240 --a----c- C:\WINDOWS\system32\NCTAudioCompress2.dll

2007-08-19 23:41:31 0 d------c- C:\WINDOWS\system32\RMBin

2007-08-19 23:41:30 81920 --a----c- C:\WINDOWS\system32\viscomwave.dll

2007-08-19 23:41:30 147456 --a----c- C:\WINDOWS\system32\viscomqtenc.dll http://www.viscomsoft.com; >

2007-08-19 23:41:30 139264 --a----c- C:\WINDOWS\system32\viscomqtde.dll http://www.viscomsoft.com; >

2007-08-18 23:38:08 0 d------c- C:\extensions

2007-08-18 23:37:14 0 d------c- C:\Program Files\Yahoo!

2007-08-15 01:12:24 0 d------c- C:\Program Files\MSXML 4.0

– Find3M Report ---------------------------------------------------------------

2007-08-28 20:28:40 14662 --a----c- C:\logfile

2007-08-26 13:59:13 0 d------c- C:\Documents and Settings\wieslaw\Dane aplikacji\MegauploadToolbar

2007-08-20 18:21:06 459070 --a----c- C:\WINDOWS\system32\perfh015.dat

2007-08-20 18:21:06 80352 --a----c- C:\WINDOWS\system32\perfc015.dat

2007-08-20 12:36:18 0 d------c- C:\Program Files\Mozilla Thunderbird

2007-08-20 10:57:29 0 d------c- C:\Program Files\Trojan Remover

2007-08-19 00:44:50 0 d------c- C:\Documents and Settings\wieslaw\Dane aplikacji\WinRAR

2007-08-18 23:36:17 0 d------c- C:\Program Files\Common Files\ACD Systems

2007-08-14 20:40:22 0 d------c- C:\Program Files\Odkurzacz

2007-08-11 17:00:20 0 d–h—c- C:\Program Files\InstallShield Installation Information

2007-08-11 15:52:49 0 d------c- C:\Program Files\Peer2Mail

2007-08-10 18:49:25 0 d------c- C:\Program Files\MegauploadToolbar

2007-07-20 18:14:23 0 d------c- C:\Program Files\Copernic Desktop Search 2

2007-07-14 17:37:06 0 d------c- C:\Documents and Settings\wieslaw\Dane aplikacji\uTorrent

2007-07-11 15:55:33 664 --a----c- C:\WINDOWS\desctemp.dat

2007-07-05 20:19:08 0 d------c- C:\Program Files\Vulcan Media

2007-07-05 20:19:03 0 d------c- C:\Program Files\PWN

2007-07-02 01:06:48 0 d------c- C:\Program Files\Kwyshell

2007-06-29 00:22:44 0 d------c- C:\Program Files\Kodak

2007-06-29 00:20:53 0 d------c- C:\Program Files\Common Files

2007-06-29 00:20:53 0 d------c- C:\Program Files\Common Files\Kodak

2007-06-08 22:38:51 356352 --a----c- C:\WINDOWS\eSellerateEngine.dll

2007-06-06 09:38:40 237568 --a----c- C:\WINDOWS\system32\KPDPMUI.dll

2007-06-06 09:38:14 344064 --a----c- C:\WINDOWS\system32\KPDPM.dll

– Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-07-28 00:03]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-08-11 22:43]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-01-15 00:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44]

“AWMON”=“C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe” [2005-05-25 13:12]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36]

“Odkurzacz-MCD”=“C:\Program Files\Odkurzacz\odk_mcd.exe” [2007-05-03 10:02]

“WITaj!”=“C:\WITaj!\WITaj!\WIT2000.EXE” [2005-03-21 18:20]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2007-01-13 20:50:30]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DemonStarter]

C:\Program Files\PWN\Definicje\Bin\Starter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

“C:\Program Files\Gadu-Gadu\gg.exe” /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WITaj!]

C:\WITaj!\WITaj!\WIT2000.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”

“FreeCall”=“C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe” -nosplash -minimized

“XPRepairBusiness”=C:\Program Files\XP Repair Pro\xprepairpro.exe /s

“Shareaza”=“D:\Program Files\Shareaza\Shareaza\Shareaza.exe” -tray

“ares”=“C:\Program Files\Ares\Ares.exe” -h

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe”

“WinampAgent”=C:\Program Files\Winamp\winampa.exe

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” -atboottime

“HPDJ Taskbar Utility”=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

“nwiz”=nwiz.exe /install

“BearShare”=“D:\Program Files\BearShare\BearShare.exe” /pause

“UserFaultCheck”=%systemroot%\system32\dumprep 0 -u

“TrojanScanner”=C:\Program Files\Trojan Remover\Trjscan.exe

“NeroFilterCheck”=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

– End of Deckard’s System Scanner: finished at 2007-08-29 21:34:59 ------------

Te bezplikowe wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked.

Sam dodałeś te powyższe do Zaufanych?

Znasz to?

Nic tu więcej podejrzanego nie widzę.

jessi