Spowolnienie komputera - HJT, SilentRunners

Dla specjalistów Bezpieczeństwo
#1

Witam.

Od dłuższego czasu komputerek strasznie spowolnił :stuck_out_tongue: Miałem również otworzone wszystkie porty i naleciało robactwa :confused:

Proszę o sprawdzenie logów:

HJT

Logfile of HijackThis v1.99.1

Scan saved at 21:45:54, on 2007-08-08

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)


Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

D:\Program Files\AntiVir PersonalEdition Classic\sched.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

D:\Program Files\Bonjour\mDNSResponder.exe

D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

D:\WINDOWS\system32\cisvc.exe

D:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Windows Defender\MSASCui.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

D:\Program Files\Internet Explorer\iexplore.exe

C:\Gry Kamila\gitara\Gadu-Gadu\gg.exe

D:\Program Files\Winamp\winamp.exe

D:\Documents and Settings\Kamil.KOCON\Moje dokumenty\skrypty\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: d:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [INTERNATIONAL] International*

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: http://www.msi.com.tw

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170323015953

O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://tw.msi.com.tw/autobios/LOnline/install.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{EF644FEC-4C0E-4423-AC22-8621574816FE}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - c:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

Silent

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ctfmon.exe" = "D:\WINDOWS\system32\ctfmon.exe" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"avgnt" = ""D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]

"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"NvMediaCenter" = "RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

                   \InProcServer32\(Default) = "D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"

  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"

                   \InProcServer32\(Default) = "D:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

                   \InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"

  -> {HKLM...CLSID} = "PowerISO"

                   \InProcServer32\(Default) = "c:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

  -> {HKLM...CLSID} = "iTunes"

                   \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"

  -> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\WINDOW~1\MpShHook.dll" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

  -> {HKLM...CLSID} = "WPDShServiceObj Class"

                   \InProcServer32\(Default) = "D:\WINDOWS\system32\WPDShServiceObj.dll" [MS]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  -> {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

  -> {HKLM...CLSID} = "PowerISO"

                   \InProcServer32\(Default) = "c:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"

  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"

                   \InProcServer32\(Default) = "D:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

  -> {HKLM...CLSID} = "PowerISO"

                   \InProcServer32\(Default) = "c:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

  -> {HKLM...CLSID} = "PowerISO"

                   \InProcServer32\(Default) = "c:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"

  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"

                   \InProcServer32\(Default) = "D:\Program Files\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]



Group Policies {policy setting}:

--------------------------------


Note: detected settings may not have any effect.


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "D:\Documents and Settings\Kamil.KOCON\Dane aplikacji\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "D:\WINDOWS\system32\sspipes.scr" [MS]



Startup items in "Kamil" & "All Users" startup folders:

-------------------------------------------------------


D:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart

"HP Digital Imaging Monitor" -> shortcut to: "D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]



Enabled Scheduled Tasks:

------------------------


"AppleSoftwareUpdate" -> launches: "D:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]

"MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000004\LibraryPath = "D:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"

                   \InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."]


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""D:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]

AntiVir PersonalEdition Classic Guard, AntiVirService, ""D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"]

AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, ""D:\Program Files\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"]

Apple Mobile Device, Apple Mobile Device, ""D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."]

BlueSoleil Hid Service, BlueSoleil Hid Service, "c:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe" [null data]

Machine Debug Manager, MDM, ""D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]

NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Windows Defender, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzlnt12\Driver = "hpzlnt12.dll" ["HP"]



----------

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 291 seconds.

---------- (total run time: 411 seconds)
#2

Z tym plikiem,jest tak ile głów tyle zdan.

Wg mnie wystarczy zablokować go w firewallu,a jeśli będą problemy to go odblokujesz,pozatym czysto.

Dołącz log z ComboFix.

#3

DSS - ComboFIX u mnie nie działa

Deckard's System Scanner v20070807.62

Run by Kamil on 2007-08-09 at 09:08:18

Computer is in Normal Mode.

--------------------------------------------------------------------------------


-- System Restore --------------------------------------------------------------


Successfully created a Deckard's System Scanner Restore Point.



-- Last 5 Restore Point(s) --

48: 2007-08-09 07:08:26 UTC - RP218 - Deckard's System Scanner Restore Point

47: 2007-08-08 19:37:39 UTC - RP217 - Software Distribution Service 3.0

46: 2007-08-06 18:53:18 UTC - RP216 - Zainstalowano: IKEA HomePlanner Bedroom

45: 2007-08-03 08:41:15 UTC - RP215 - Software Distribution Service 3.0

44: 2007-08-01 13:00:48 UTC - RP214 - Software Distribution Service 3.0



-- First Restore Point -- 

1: 2007-06-16 09:07:45 UTC - RP171 - Software Distribution Service 3.0



Performed disk cleanup.




-- HijackThis (run as Kamil.exe) -----------------------------------------------


Logfile of HijackThis v1.99.1

Scan saved at 09:08:50, on 2007-08-09

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)


Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\AntiVir PersonalEdition Classic\sched.exe

D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

D:\Program Files\Bonjour\mDNSResponder.exe

D:\WINDOWS\system32\cisvc.exe

D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Windows Defender\MSASCui.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

D:\Program Files\Internet Explorer\iexplore.exe

C:\Gry Kamila\gitara\Gadu-Gadu\gg.exe

D:\Program Files\Winamp\winamp.exe

D:\Documents and Settings\Kamil.KOCON\Moje dokumenty\dss.exe

D:\DOCUME~1\KAMIL~1.KOC\MOJEDO~1\skrypty\Kamil.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: d:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [INTERNATIONAL] International*

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: http://www.msi.com.tw

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170323015953

O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://tw.msi.com.tw/autobios/LOnline/install.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{EF644FEC-4C0E-4423-AC22-8621574816FE}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - c:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe



-- File Associations -----------------------------------------------------------


[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]

[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR]

[COLOR=red].js - jsfile - DefaultIcon - unable to read value[/COLOR]

[COLOR=red].js - jsfile - shell\open\command - unable to read value[/COLOR]

[COLOR=red].txt - unable to read key[/COLOR]

[COLOR=red].txt - unable to read key[/COLOR]



-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------


R0 BTHidMgr (Bluetooth HID Manager Service) - d:\windows\system32\drivers\bthidmgr.sys 

R1 SCDEmu - d:\windows\system32\drivers\scdemu.sys 

R1 tvtool - d:\program files\tvtool\tvtool.sys

R3 BlueletAudio (Bluetooth Audio Service) - d:\windows\system32\drivers\blueletaudio.sys 

R3 BT (Bluetooth PAN Network Adapter) - d:\windows\system32\drivers\btnetdrv.sys 

R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - d:\windows\system32\drivers\btcusb.sys 

R3 BTHidEnum (Bluetooth HID Enumerator) - d:\windows\system32\drivers\vbtenum.sys

R3 VComm (Virtual Serial port driver) - d:\windows\system32\drivers\vcomm.sys 

R3 VcommMgr (Bluetooth VComm Manager Service) - d:\windows\system32\drivers\vcommmgr.sys 


S3 GMSIPCI - f:\install\gmsipci.sys (file missing)

S3 PalmUSBD - d:\windows\system32\drivers\palmusbd.sys (file missing)



-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------


R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "d:\program files\antivir personaledition classic\sched.exe" 

R2 Apple Mobile Device - "d:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" 

R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "d:\program files\bonjour\mdnsresponder.exe" 


S3 FLEXnet Licensing Service - "d:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" 



-- Device Manager: Disabled ----------------------------------------------------


Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Realtek RTL8139/810X Family PCI Fast Ethernet NIC

Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_032010BD&REV_10\3&61AAA01&0&50

Manufacturer: Realtek

Name: Realtek RTL8139/810X Family PCI Fast Ethernet NIC

PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_032010BD&REV_10\3&61AAA01&0&50

Service: rtl8139



-- Scheduled Tasks -------------------------------------------------------------


2007-08-09 08:55:11 330 --ah----- D:\WINDOWS\Tasks\MP Scheduled Scan.job

2007-07-10 12:32:12 284 --a------ D:\WINDOWS\Tasks\AppleSoftwareUpdate.job



-- Files created between 2007-07-09 and 2007-08-09 -----------------------------


2007-08-06 20:52:46 0 d-------- D:\Program Files\Common Files\Wise Installation Wizard

2007-07-12 18:21:17 0 d-------- D:\Program Files\SystemRequirementsLab

2007-07-10 12:32:07 0 d-------- D:\Program Files\Apple Software Update

2007-07-10 12:31:55 0 d------c- D:\WINDOWS\system32\DRVSTORE

2007-07-10 12:31:29 0 d-------- D:\Program Files\Common Files\Apple

2007-07-10 12:09:38 0 d-------- D:\Program Files\QuickTime

2007-07-09 22:20:36 1531904 --a------ D:\WINDOWS\adiras.exe 

2007-07-09 22:20:35 127456 --a------ D:\WINDOWS\system32\ipdetect.exe 

2007-07-09 22:20:32 126976 --a------ D:\WINDOWS\system32\coclassfast.dll

2007-07-09 22:20:31 114688 --a------ D:\WINDOWS\system32\unaddrv.exe 

2007-07-09 22:20:31 46892 --a------ D:\WINDOWS\system32\adadix16.dll

2007-07-09 22:20:29 143360 --a------ D:\WINDOWS\autoclk.exe 

2007-07-09 22:20:21 0 d-------- D:\Program Files\SAGEM



-- Find3M Report ---------------------------------------------------------------


2007-08-08 22:10:58 0 d-------- D:\Documents and Settings\Kamil.KOCON\Dane aplikacji\gtk-2.0

2007-08-06 20:52:46 0 d-------- D:\Program Files\Common Files

2007-07-11 17:42:17 0 d-------- D:\Documents and Settings\Kamil.KOCON\Dane aplikacji\FTPRush

2007-07-11 11:44:56 458022 --a------ D:\WINDOWS\system32\perfh015.dat

2007-07-11 11:44:56 79408 --a------ D:\WINDOWS\system32\perfc015.dat

2007-07-10 12:36:46 0 d-------- D:\Program Files\iPod

2007-07-10 12:10:57 0 d-------- D:\Documents and Settings\Kamil.KOCON\Dane aplikacji\Apple Computer

2007-07-10 08:30:32 0 d-------- D:\Documents and Settings\Kamil.KOCON\Dane aplikacji\uTorrent

2007-07-09 22:10:35 0 d--h----- D:\Program Files\InstallShield Installation Information

2007-07-06 19:57:15 0 d-------- D:\Documents and Settings\Kamil.KOCON\Dane aplikacji\Hamachi

2007-07-04 14:19:25 0 d-------- D:\Documents and Settings\Kamil.KOCON\Dane aplikacji\BearShare

2007-06-29 20:09:27 0 d-------- D:\Documents and Settings\Kamil.KOCON\Dane aplikacji\Skype

2007-06-29 20:04:52 0 d-------- D:\Program Files\Skype

2007-06-29 19:49:23 0 d-------- D:\Program Files\Common Files\Skype

2007-06-28 10:00:04 0 d-------- D:\Documents and Settings\Kamil.KOCON\Dane aplikacji\Mozilla

2007-06-28 10:00:00 335 --a------ D:\WINDOWS\nsreg.dat

2007-06-28 10:00:00 0 d-------- D:\Documents and Settings\Kamil.KOCON\Dane aplikacji\Talkback

2007-06-28 09:59:45 8956 --a------ D:\WINDOWS\mozver.dat

2007-06-28 09:59:22 98512 --a------ D:\WINDOWS\GREUninstall.exe

2007-06-28 09:59:11 0 d-------- D:\Program Files\Common Files\mozilla.org

2007-06-21 07:01:00 545 --a------ D:\WINDOWS\UC.PIF

2007-06-21 07:01:00 545 --a------ D:\WINDOWS\RAR.PIF

2007-06-21 07:01:00 545 --a------ D:\WINDOWS\PKZIP.PIF

2007-06-21 07:01:00 545 --a------ D:\WINDOWS\PKUNZIP.PIF

2007-06-21 07:01:00 545 --a------ D:\WINDOWS\NOCLOSE.PIF

2007-06-21 07:01:00 545 --a------ D:\WINDOWS\LHA.PIF

2007-06-21 07:01:00 545 --a------ D:\WINDOWS\ARJ.PIF

2007-06-19 20:23:08 29704 --a------ D:\Documents and Settings\Kamil.KOCON\Dane aplikacji\GDIPFONTCACHEV1.DAT

2007-06-19 12:05:16 0 d-------- D:\Documents and Settings\Kamil.KOCON\Dane aplikacji\Uniblue

2007-06-15 13:18:29 0 d-------- D:\Program Files\GSC World Publishing

2007-05-13 21:33:50 8 --a------ D:\WINDOWS\system32\nvModes.dat

2007-05-11 06:37:15 802816 --a------ D:\WINDOWS\system32\divx_xx11.dll 

2007-05-11 06:37:15 823296 --a------ D:\WINDOWS\system32\divx_xx0c.dll 

2007-05-11 06:37:15 823296 --a------ D:\WINDOWS\system32\divx_xx07.dll 

2007-05-11 06:37:15 740442 --a------ D:\WINDOWS\system32\DivX.dll 



-- Registry Dump ---------------------------------------------------------------


*Note* empty entries & legit default entries are not shown



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]

"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"DWQueuedReporting"="D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t


D:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\

HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

backup=D:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]

backup=D:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^BlueSoleil.lnk]

path=D:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\BlueSoleil.lnk

backup=D:\WINDOWS\pss\BlueSoleil.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^DSLMON.lnk]

path=D:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\DSLMON.lnk

backup=D:\WINDOWS\pss\DSLMON.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^eEye Windows Animated Cursor Patch Checker.lnk]

backup=D:\WINDOWS\pss\eEye Windows Animated Cursor Patch Checker.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^HP Image Zone - szybkie uruchamianie.lnk]

path=D:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\HP Image Zone - szybkie uruchamianie.lnk

backup=D:\WINDOWS\pss\HP Image Zone - szybkie uruchamianie.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^Microsoft Office.lnk]

backup=D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]

C:\GRYKAM~1\gitara\AQQ\AQQ.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

D:\WINDOWS\system32\ctfmon.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

"C:\Gry Kamila\gitara\Gadu-Gadu\gg.exe" /tray


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Program Files\iTunes\iTunesHelper.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]

"D:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"D:\Program Files\QuickTime\qttask.exe" -atboottime


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

"D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

SOUNDMAN.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

D:\Program Files\Winamp\winampa.exe


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

mysee2	Mysee2_Runtime



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

AutoRun\command- F:\autorun.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad17a2e3-0f87-11dc-8392-4d6564696130}]

AutoRun\command- D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

Open(&0)\command- Recycled\ctfmon.exe





-- Hosts -----------------------------------------------------------------------


127.0.0.1 www.intuneads.com

127.0.0.1 www.freemusic123.com

127.0.0.1 www.cifras.com.br

127.0.0.1 www.gshome.com

127.0.0.1 www.all-midi.com

127.0.0.1 www.directtabs.com

127.0.0.1 hg1.hitbox.com

127.0.0.1 ad.harmony-central.com

127.0.0.1 cdn1.tribalfusion.com

127.0.0.1 isg01.casalemedia.com


16 more entries in hosts file.



-- End of Deckard's System Scanner: finished at 2007-08-09 at 09:12:51 ---------

Deckard's System Scanner v20070807.62

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------


-- System Information ----------------------------------------------------------


Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: Polish


CPU 0: AMD Athlon(tm) 

Percentage of Memory in Use: 62%

Physical Memory (total/avail): 511.48 MiB / 191.23 MiB

Pagefile Memory (total/avail): 2979.81 MiB / 2629.67 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1966.84 MiB


A: is Removable (No Media)

C: is Fixed (NTFS) - 39.06 GiB total, 21.7 GiB free. 

D: is Fixed (NTFS) - 35.46 GiB total, 12.85 GiB free. 

E: is CDROM (No Media)

F: is CDROM (No Media)



-- Security Center -------------------------------------------------------------


AUOptions is scheduled to auto-install.



-- Environment Variables -------------------------------------------------------


ALLUSERSPROFILE=D:\Documents and Settings\All Users.WINDOWS

APPDATA=D:\Documents and Settings\Kamil.KOCON\Dane aplikacji

CLASSPATH=.;D:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

CLIENTNAME=Console

CommonProgramFiles=D:\Program Files\Common Files

COMPUTERNAME=KOCON

ComSpec=D:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=D:

HOMEPATH=\Documents and Settings\Kamil.KOCON

LOGONSERVER=\\KOCON

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\Program Files\Borland\Delphi7\Bin;C:\Program Files\Borland\Delphi7\Projects\Bpl\;D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\System32\Wbem;D:\Program Files\QuickTime\QTSystem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 6 Stepping 2, AuthenticAMD

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0602

ProgramFiles=D:\Program Files

PROMPT=$P$G

QTJAVA=D:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=D:

SystemRoot=D:\WINDOWS

TEMP=D:\DOCUME~1\KAMIL~1.KOC\USTAWI~1\Temp

TMP=D:\DOCUME~1\KAMIL~1.KOC\USTAWI~1\Temp

USERDOMAIN=KOCON

USERNAME=Kamil

USERPROFILE=D:\Documents and Settings\Kamil.KOCON

VBROKERDIR=C:\Inprise\vbroker

windir=D:\WINDOWS



-- User Profiles ---------------------------------------------------------------


mmx [I](admin)[/I]

 [I](admin)[/I]

Kamil.KOCON [I](admin)[/I]

Administrator.KOCON [I](admin)[/I]



-- Add/Remove Programs ---------------------------------------------------------


 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf

18 Wheels of Steel Haulin --> C:\PROGRA~1\18WHEE~1\UNWISE.EXE C:\PROGRA~1\18WHEE~1\INSTALL.LOG

Adobe Acrobat 5.0 --> D:\WINDOWS\ISUNINST.EXE -f"D:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"D:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"

Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}

Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}

Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}

Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}

Adobe Flash Player 9 ActiveX --> D:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Flash Player Plugin --> D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}

Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Photoshop CS3 --> D:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe

Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}

Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}

Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}

Adobe Shockwave Player --> D:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE D:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log

Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}

ALLPlayer V2.4 --> "c:\Program Files\MarBit\ALLPlayer\unins000.exe"

Apple Mobile Device Support --> MsiExec.exe /I{8FC46258-0843-4D79-B7F0-F2B82FE6173B}

Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}

Archiwizator WinRAR --> D:\Program Files\WinRAR\uninstall.exe

µTorrent --> "c:\Program Files\uTorrent\uninstall.exe"

Audacity 1.2.6 --> "c:\Program Files\Audacity\unins000.exe"

Avira AntiVir PersonalEdition Classic --> D:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

BlueSoleil --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x9 

Borland Delphi 7 --> MsiExec.exe /I{72263053-50D1-4598-9502-51ED64E54C51}

CCleaner (remove only) --> "D:\Program Files\CCleaner\uninst.exe"

DesignPro 5 --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{DF57E946-4885-4EEA-A958-D5F82CB21B99} 

DivX Codec --> D:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Content Uploader --> c:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER

DivX Player --> c:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player --> c:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

DVD Solution --> "D:\Program Files\Uninstall_CDS.exe"

EA Link --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F5577101-33CC-4711-8235-3A95BCD49DB0} /l1045 

Eusing Free Registry Cleaner --> C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG

EVEREST Home Edition v2.01 --> "c:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"

ffdshow (remove only) --> "D:\Program Files\ffdshow\uninstall.exe"

FTPRush 1.0.0.623 Unicode --> "c:\Program Files\FTPRush\unins000.exe"

Gadu-Gadu 7.7 --> C:\Gry Kamila\gitara\Gadu-Gadu\Setup.exe

Guitar Pro 5.0 --> "C:\Program Files\Guitar Pro 5\unins000.exe"

GuitarFX 3 --> C:\PROGRA~1\GUITAR~2\UNWISE.EXE C:\PROGRA~1\GUITAR~2\INSTALL.LOG

Haali Media Splitter --> "c:\Program Files\Matroska Pack\haali\uninstall.exe"

Hamachi 1.0.2.1 --> c:\Program Files\Hamachi\uninstall.exe

Harry's Filters --> RunDll32 advpack.dll,LaunchINFSection D:\WINDOWS\INF\HRRYFIL2.INF, DefaultUninstall.ntx86

HijackThis 1.99.1 --> D:\Documents and Settings\Kamil.KOCON\Moje dokumenty\skrypty\HijackThis.exe /uninstall

HP Document Viewer 5.3 --> D:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat

HP Extended Capabilities 5.3 --> D:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Image Zone 5.3 --> D:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat

HP Imaging Device Functions 5.3 --> D:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat

HP PSC & OfficeJet 5.3.B --> "D:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat

HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}

HP Solution Center & Imaging Support Tools 5.3 --> D:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

Icy Tower v1.3.1 --> "c:\games\icytower1.3\unins000.exe"

IKEA HomePlanner Bedroom --> MsiExec.exe /I{66763074-E033-4AB8-9DCD-76AA30CCD543}

iTunes --> MsiExec.exe /I{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}

J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}

J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}

Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

MapEdit --> MsiExec.exe /I{3C0AF5C6-331A-4197-A3B6-291F0C873592}

Matroska Pack --> c:\Program Files\Matroska Pack\uninstall.exe

Microsoft Office XP Professional z programem FrontPage --> MsiExec.exe /I{90280415-6000-11D3-8CFE-0050048383C9}

Microsoft Office XP Web Components --> MsiExec.exe /I{90260415-6000-11D3-8CFE-0050048383C9}

Mozilla 1.7.13 (PL) --> D:\WINDOWS\MozillaUninstall.exe /ua "1.7.13 (PL)"

Multimedia Launcher --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall

NVIDIA Drivers --> D:\WINDOWS\system32\nvudisp.exe UninstallGUI

NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 D:\WINDOWS\INF\nvstereo.inf

PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

PITy 2006 dla Windows kompilacja:1.0.1.3 --> "D:\Program Files\PITy\PITY2006NG\unins000.exe"

PowerDVD --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

PowerISO --> "c:\Program Files\PowerISO\uninstall.exe"

Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}

QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}

Real Alternative 1.51 --> "D:\Program Files\Real Alternative\unins000.exe"

Realtek AC'97 Audio --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE

RTLSetup --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x9 REMOVE

S.T.A.L.K.E.R. - Shadow of Chernobyl --> "c:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"

SAGEM F@st 800-840 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\Setup.exe" -l0x15 

Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Sjboy Beta4 --> "c:\Program Files\Sjboy Emulator\unins000.exe"

Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

Sp5 --> MsiExec.exe /I{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}

Sp5Intl --> MsiExec.exe /I{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}

Sp5TTInt --> MsiExec.exe /I{E415C943-37E5-473F-8BAE-043C56734124}

SpCommon --> MsiExec.exe /I{6C3959C6-943E-44B3-BAAD-570B04B134E5}

Speed-Link SL-6535 USB Pad --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{B0DC2DA9-2AF9-422A-88E0-1B84E0F65DB5}\setup.exe" -l0x9 -removeonly

SpPhones --> MsiExec.exe /I{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}

System Requirements Lab --> D:\Program Files\SystemRequirementsLab\Uninstall.exe

The GIMP 2.3.18 --> "c:\Program Files\GIMP-2.0\setup\unins000.exe"

Torrent Master 2.0 RC1 --> "c:\Program Files\Torrent Master\unins000.exe"

Total Commander (Remove or Repair) --> C:\Program Files\totalcmd\tcuninst.exe

TVTool --> D:\Program Files\TVTool\uninstall.exe

VIA Platform Device Manager --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} 

VisiBroker for Cpp 4.5 --> D:\WINDOWS\ISUNINST.EXE -fC:\Inprise\vbroker\vbcppdev.isu -cC:\Inprise\vbroker\bin\register.dll

Winamp (remove only) --> "D:\Program Files\Winamp\UninstWA.exe"

Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}

Windows Live OneCare safety scanner --> RunDll32.exe "D:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

XviD MPEG-4 Codec --> "D:\Program Files\XviD\UninstXviD.exe"



-- Application Event Log -------------------------------------------------------


Event ID #2097: Warning

Event Submitted/Written: 08/08/2007 09:52:43 PM

Event Source: H+BEDV AntiVir

Event Description:

AntiVir has detected 'APPL/NirCmd.1'

in the file

D:\ComboFix\nircmd.cfexe


Event ID #2096: Warning

Event Submitted/Written: 08/08/2007 09:52:31 PM

Event Source: H+BEDV AntiVir

Event Description:

AntiVir has detected 'APPL/NirCmd.1'

in the file

D:\ComboFix\nircmd.exe


Event ID #2092: Warning

Event Submitted/Written: 08/07/2007 10:29:49 PM

Event Source: Userenv

Event Description:

System Windows zapisał rejestr użytkownika KOCON\mmx, kiedy aplikacja lub usługa nadal użytkowała rejestr podczas wylogowania. Pamięć używana przez rejestr użytkownika nie została zwolniona. Rejestr zostanie zwolniony, kiedy nie będzie używany. 



Najczęstszą tego przyczyną są usługi uruchamiane z konta użytkownika. Próbuj skonfigurować te usługi, aby były uruchamiane z konta LocalService lub NetworkService.


Event ID #2091: Warning

Event Submitted/Written: 08/07/2007 10:29:47 PM

Event Source: Userenv

Event Description:

System Windows nie może zwolnić pliku rejestru klas - plik jest ciągle używany przez inną aplikację lub usługę. Plik zostanie zwolniony, gdy nie będzie używany.


Event ID #2087: Warning

Event Submitted/Written: 08/07/2007 09:55:03 PM

Event Source: Userenv

Event Description:

System Windows zapisał rejestr użytkownika KOCON\Kamil, kiedy aplikacja lub usługa nadal użytkowała rejestr podczas wylogowania. Pamięć używana przez rejestr użytkownika nie została zwolniona. Rejestr zostanie zwolniony, kiedy nie będzie używany. 



Najczęstszą tego przyczyną są usługi uruchamiane z konta użytkownika. Próbuj skonfigurować te usługi, aby były uruchamiane z konta LocalService lub NetworkService.




-- Security Event Log ----------------------------------------------------------


No Errors/Warnings found.



-- System Event Log ------------------------------------------------------------


Event ID #91540: Warning

Event Submitted/Written: 08/09/2007 09:09:10 AM

Event Source: WinDefend

Event Description:

%KOCON27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KOCON27 can't undo changes that you allow.


For more information please see the following:

%KOCON275


	Scan ID: {44ADB9BB-C956-49A4-BD1F-055C5FF471DC}


	User: KOCON\Kamil


	Name: %KOCON271


	ID: %KOCON272


	Severity: 1.1.1593.05


	Category: 1.1.1593.06


	Path Found: %KOCON276


	Alert Type: %KOCON278


	Detection Type: 1.1.1593.02


Event ID #91539: Warning

Event Submitted/Written: 08/09/2007 09:09:09 AM

Event Source: WinDefend

Event Description:

%KOCON27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KOCON27 can't undo changes that you allow.


For more information please see the following:

%KOCON275


	Scan ID: {73D969C2-6FF1-4599-85FD-D95BE37FAC34}


	User: KOCON\Kamil


	Name: %KOCON271


	ID: %KOCON272


	Severity: 1.1.1593.05


	Category: 1.1.1593.06


	Path Found: %KOCON276


	Alert Type: %KOCON278


	Detection Type: 1.1.1593.02


Event ID #91538: Warning

Event Submitted/Written: 08/09/2007 09:09:09 AM

Event Source: WinDefend

Event Description:

%KOCON27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KOCON27 can't undo changes that you allow.


For more information please see the following:

%KOCON275


	Scan ID: {7ECB9626-BB14-4332-BBC3-9B1656437193}


	User: KOCON\Kamil


	Name: %KOCON271


	ID: %KOCON272


	Severity: 1.1.1593.05


	Category: 1.1.1593.06


	Path Found: %KOCON276


	Alert Type: %KOCON278


	Detection Type: 1.1.1593.02


Event ID #91537: Warning

Event Submitted/Written: 08/09/2007 09:09:07 AM

Event Source: WinDefend

Event Description:

%KOCON27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KOCON27 can't undo changes that you allow.


For more information please see the following:

%KOCON275


	Scan ID: {EE3C9691-91BF-45C8-83A8-03D84AAAD973}


	User: KOCON\Kamil


	Name: %KOCON271


	ID: %KOCON272


	Severity: 1.1.1593.05


	Category: 1.1.1593.06


	Path Found: %KOCON276


	Alert Type: %KOCON278


	Detection Type: 1.1.1593.02


Event ID #91536: Warning

Event Submitted/Written: 08/09/2007 09:09:07 AM

Event Source: WinDefend

Event Description:

%KOCON27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %KOCON27 can't undo changes that you allow.


For more information please see the following:

%KOCON275


	Scan ID: {81BF7822-92CF-4B88-ADEC-939348A3430E}


	User: KOCON\Kamil


	Name: %KOCON271


	ID: %KOCON272


	Severity: 1.1.1593.05


	Category: 1.1.1593.06


	Path Found: %KOCON276


	Alert Type: %KOCON278


	Detection Type: 1.1.1593.02




-- End of Deckard's System Scanner: finished at 2007-08-09 at 09:12:51 ---------
#4

Edytuj plik hosts w notatniku, znajdujący się w C:\WINDOWS\System32\drivers\etc\HOSTS, powinna znajdować się tam linijka :

Wszystkie inne pod nią, jeśli sam nie dodawałeś, skasuj i zapisz zmiany.

Pozatym ok.

#5

THX, ale dalej muli :confused:

#6

Skan AVG AntySpyware 7.5 po update, wklej raport ze skanowania.

Optymalizacja i odchudzanie Windows XP

#7

Dziwne… AntySpyware wiesza się pod sam koniec skanu i nic nie można zrobić :frowning:

#8

Skan SUPERAntiSpyware po update, co znajdzie w kosmos.

#9

THx :slight_smile: