pc sie resetuje przy starcie próby ataków wirusów

[conter]

tak jak w temacie dokładnie pc sie resetuje nawet bez większego obciążenia przy starce anty wir informuje o próbach "zainfekowania"

Kod: Zaznacz wszystko

ComboScan v20070306.20 run by kowalsky on 2007-10-07 at 10:08:33
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: Polish

CPU 0: AMD Athlon(tm) XP 1600+
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 511.48 MiB / 260.23 MiB
Pagefile Memory (total/avail): 1250.24 MiB / 994.97 MiB
Virtual Memory (total/avail): 2047.88 MiB / 2002.75 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 9.77 GiB total, 1.8 GiB free.
D: is Fixed (NTFS) - 27.53 GiB total, 1.91 GiB free.
G: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is disabled.
AUState says computer has updates disabled.
Windows Internal Firewall is enabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\kowalsky\Dane aplikacji
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PIEKAR-J34ZF3MX
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\kowalsky
LOGONSERVER=\\PIEKAR-J34ZF3MX
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0602
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\kowalsky\USTAWI~1\Temp
TMP=C:\DOCUME~1\kowalsky\USTAWI~1\Temp
USERDOMAIN=PIEKAR-J34ZF3MX
USERNAME=kowalsky
USERPROFILE=C:\Documents and Settings\kowalsky
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

kowalsky [I](admin)[/I]
Administrator.PIEKAR-J34ZF3MX [I](new local, admin)[/I]


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
ALLPlayer V2.3.1 --> "C:\Program Files\MarBit\ALLPlayer\unins000.exe"
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
BitDefender Antivirus v10 --> MsiExec.exe /I{DA363248-A490-4B9E-931B-8AB11C0FE22E}
C-Media Audio --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\C-Media Audio\Uninst.isu" -c"C:\Program Files\C-Media Audio\CMIUnInstall.DLL"
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
Gadu-Gadu 6.1 --> C:\Program Files\Gadu-Gadu\Setup.exe
GIGABYTE VGA Utility Manager --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\GigaByte\VGA Utility Manager\Uninst.isu"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
K-Lite Codec Pack 3.4.0 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Konnekt --> C:\Program Files\Konnekt\Uninst.exe
Magic Speed v2.3 --> "C:\Program Files\Smart PC Solutions\Magic Speed\unins000.exe"
Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe"  -uninstall
NAPIPROJEKT 1.0.5.0 --> "C:\Program Files\NAPI-PROJEKT\unins000.exe"
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Niezbędnik Internauty --> C:\Program Files\HT NETWORKS\Niezbędnik Internauty\Uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
Pocket RAR documentation --> C:\Program Files\PocketRAR\uninstall.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe"  -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe"  -uninstall
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe"  /l0015 -Control_Panel
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam --> D:\Steam\UNWISE.EXE D:\Steam\INSTALL.LOG
SubEdit-Player --> "C:\Program Files\SubEdit-Player\unins000.exe"
Sunbelt Kerio Personal Firewall --> MsiExec.exe /X{E659E0EE-10E6-49B7-8696-60F38D0EB174}
Teleport Pro --> C:\Program Files\Teleport Pro\Uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
X264 H.264/AVC Video Codec (remove only) --> "C:\WINDOWS\System32\x264-uninstall.exe"
XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe
XviD 1.1 final uninstall --> "C:\Program Files\XviD\unins000.exe"


-- End of ComboScan: finished at 2007-10-07 at 10:10:50 ------------------------



[/code]

Kod: Zaznacz wszystko

ComboScan v20070306.20 run by kowalsky on 2007-10-07 at 10:08:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.


-- Last 2 Restore Point(s) --
2: 2007-10-07 08:08:36 UTC - RP2 - ComboScan Restore Point
1: 2007-10-06 16:58:04 UTC - RP1 - Punkt kontrolny systemu


Performed disk cleanup.


-- HijackThis (run as kowalsky.exe) --------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:09:15, on 2007-10-07
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Konnekt\konnekt.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Documents and Settings\kowalsky\Moje dokumenty\comboscan.exe
D:\instalki\Everest_3.00.630_by_KrysB\everest.bin
C:\DOCUME~1\kowalsky\MOJEDO~1\hihackis\kowalsky.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{595BC3AC-3411-4FCC-95BE-7197ED0B888E}: NameServer = 213.241.79.37 83.238.255.76
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


-- HijackThis Fixed Entries (C:\DOCUME~1\kowalsky\MOJEDO~1\hihackis\backups\) --

backup-20060622-172057-150 O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
backup-20060622-172057-360 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
backup-20060622-172057-370 O4 - HKLM\..\Run: [secures23] lat.exe
backup-20060622-172057-453 O4 - HKLM\..\Run: [msconfig38] mssvcc.exe
backup-20060622-172057-545 O4 - HKLM\..\RunServices: [secures23] lat.exe
backup-20060622-172058-446 O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
backup-20060623-135545-808 O16 - DPF: Win32 Classes -
backup-20060623-135545-895 O23 - Service: l5 - Unknown owner - C:\WINDOWS\system32\ll5.exe
backup-20060714-150811-660 O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
backup-20060810-175308-110 O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
backup-20060810-175308-205 O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
backup-20060810-175308-715 O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
backup-20060810-175308-935 O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
backup-20070328-221645-258 O4 - HKLM\..\RunServices: [Internet Security Service] msq23.exe
backup-20070328-221645-341 O4 - HKLM\..\Run: [Internet Security Service] msq23.exe
backup-20070328-221645-433 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
backup-20070328-221646-351 O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
backup-20070328-225029-266 O4 - HKCU\..\Run: [Internet Security Service] msq23.exe
backup-20070329-231922-776 O4 - HKLM\..\RunServices: [Nod32 Service] nod64.exe
backup-20070329-231929-472 O4 - HKLM\..\Run: [Nod32 Service] nod64.exe
backup-20070503-190125-937 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3R alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - C:\WINDOWS\system32\drivers\alcan5wn.sys
3R alcaudsl (SpeedTouch ADSL Modem ATM Transport) - C:\WINDOWS\system32\drivers\alcaudsl.sys
3R ALCXSENS (Service for WDM 3D Audio Driver) - C:\WINDOWS\system32\drivers\alcxsens.sys
3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\alcxwdm.sys
1R AmdK7 (Sterownik procesora AMD K7) - C:\WINDOWS\system32\drivers\amdk7.sys
3R Arp1394 (Protokół klienta 1394 ARP) - C:\WINDOWS\system32\drivers\arp1394.sys
3R bdfdll - C:\Program Files\Softwin\BitDefender10\bdfdll.sys
3R BDFSDRV - C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys
1R bdpredir - C:\Program Files\Softwin\BitDefender10\bdpredir.sys
2R BDRSDRV - C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys
0R d347bus - C:\WINDOWS\system32\drivers\d347bus.sys
0R d347prt - C:\WINDOWS\system32\drivers\d347prt.sys
1R fwdrv (Firewall Driver) - C:\WINDOWS\system32\drivers\fwdrv.sys
3R GPCIDrv - C:\WINDOWS\GPCIDrv.sys
3S GVCplDrv - C:\WINDOWS\system32\drivers\GVCplDrv.sys
3R GVTDrv - C:\WINDOWS\system32\drivers\GVTDrv.sys
3S hamachi (Hamachi Network Interface) - C:\WINDOWS\system32\drivers\hamachi.sys
3R hidusb (Sterownik Microsoft klasy HID) - C:\WINDOWS\system32\drivers\hidusb.sys
1R khips (Kerio HIPS Driver) - C:\WINDOWS\system32\drivers\khips.sys
3S MagicTune - C:\WINDOWS\system32\drivers\MTictwl.sys
3R mouhid (Sterownik myszy HID) - C:\WINDOWS\system32\drivers\mouhid.sys
3R NIC1394 (Sterownik sieci 1394) - C:\WINDOWS\system32\drivers\nic1394.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
0R ohci1394 (Kontroler hosta IEEE 1394 VIA zgodny z OHCI) - C:\WINDOWS\system32\drivers\ohci1394.sys
3S Profos - C:\Program Files\Softwin\BitDefender10\profos.sys
3R rtl8139 (Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet) - C:\WINDOWS\system32\drivers\RTL8139.sys
3S Trufos - C:\Program Files\Softwin\BitDefender10\trufos.sys
3R usbehci (Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft) - C:\WINDOWS\system32\drivers\usbehci.sys
3S USBSTOR (Sterownik magazynu masowego USB) - C:\WINDOWS\system32\drivers\usbstor.sys
0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\system32\drivers\VIAAGP1.SYS
3R EverestDriver (Lavalys EVEREST Kernel Driver) - D:\instalki\Everest_3.00.630_by_KrysB\kerneld.wnt


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2R bdss (BitDefender Scan Server) - "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
2S Distributed Allocated Memory Unit - "C:\WINDOWS\system32\dllcache\mravsc32.exe"
2R KPF4 (Sunbelt Kerio Personal Firewall 4) - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
2R LIVESRV (BitDefender Desktop Update Service) - "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\System32\nvsvc32.exe
3S SCardDrv (Pomocnik karty inteligentnej) - C:\WINDOWS\System32\SCardSvr.exe
3S UMWdf (Struktura sterowników trybu użytkownika w systemie Windows) - C:\WINDOWS\System32\wdfmgr.exe
2R uploadmgr (Menedżer przekazywania) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S usprserv (User Privilege Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R VSSERV (BitDefender Virus Shield) - "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
2R WmdmPmSp (Numer seryjny nośnika przenośnego) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R XCOMM (BitDefender Communicator) - "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service


-- Files created between 2007-09-07 and 2007-10-07 -----------------------------

2007-10-07 01:20:57         0 d-------- C:\Program Files\SubEdit-Player<SUBEDI~1>
2007-10-07 01:15:05         0 d-------- C:\Program Files\MarBit
2007-10-07 00:54:48     36224 --a------ C:\WINDOWS\System32\drivers\isapnp.sys
2007-10-07 00:50:26         0 d-------- C:\Program Files\C-Media Audio<C-MEDI~1>
2007-10-07 00:43:37         0 d-------- C:\Program Files\XviD
2007-10-06 21:53:57         0 d-------- C:\Program Files\Smart PC Solutions<SMARTP~1>
2007-10-06 18:54:58         0 d-------- C:\WINDOWS\Prefetch
2007-10-06 18:36:57     27904 -ra------ C:\WINDOWS\System32\drivers\VIAAGP1.SYS
2007-10-06 18:36:54     23070 --a------ C:\WINDOWS\System32\drivers\RTL8139.sys
2007-10-06 18:34:32     24661 --a------ C:\WINDOWS\System32\spxcoins.dll
2007-10-06 18:34:32     13312 --a------ C:\WINDOWS\System32\irclass.dll
2007-10-02 20:15:53         0 d-a------ C:\Program Files\Konnekt
2007-09-28 17:02:42         0 d-a------ C:\Program Files\Gadu-Gadu<GADU-G~1>
2007-09-27 18:41:55     13440 --a------ C:\WINDOWS\GPCIDrv.sys
2007-09-27 18:39:01    180224 --a------ C:\WINDOWS\System32\nvudisp.exe
2007-09-27 18:39:01         0 d-------- C:\WINDOWS\nview
2007-09-26 18:39:41         0 d-a------ C:\Program Files\Tweak-XP Pro<TWEAK-~2>
2007-09-26 11:13:24         0 d-a------ C:\WINNT
2007-09-26 09:38:20         0 --ah----- C:\CONFIG.SYS
2007-09-26 09:38:20         0 --ah----- C:\AUTOEXEC.BAT
2007-09-26 09:32:47         0 d-------- C:\Program Files\Accessories<ACCESS~1>
2007-09-25 18:48:40         0 --a------ C:\WINDOWS\System32\hmm.exe
2007-09-25 18:47:51         0 d-a------ C:\Program Files\Tweak-XP Pro 4<TWEAK-~1>
2007-09-24 19:33:37         0 d-a------ C:\Program Files\Google
2007-09-22 08:51:07         0 d-a------ C:\Program Files\Lavasoft
2007-09-21 23:15:48         0 d-a------ C:\Program Files\Common Files\Blizzard Entertainment<BLIZZA~1>
2007-09-17 19:38:08     20480 --a------ C:\WINDOWS\System32\wmpui.dll
2007-09-17 19:38:08     20480 --a------ C:\WINDOWS\System32\wmpcore.dll
2007-09-17 19:38:06     20480 --a------ C:\WINDOWS\System32\wmpcd.dll
2007-09-17 19:36:56    175104 --a------ C:\WINDOWS\System32\wmpsrcwp.dll
2007-09-17 19:36:56     86016 --a------ C:\WINDOWS\System32\wmpshell.dll
2007-09-17 19:36:56   3407872 --a------ C:\WINDOWS\System32\wmploc.dll
2007-09-17 19:36:56   1594880 --a------ C:\WINDOWS\System32\wmpencen.dll
2007-09-17 19:36:56    282624 --a------ C:\WINDOWS\System32\wmpdxm.dll
2007-09-17 19:36:56    135168 --a------ C:\WINDOWS\System32\wmpasf.dll
2007-09-17 19:36:56    217088 --a------ C:\WINDOWS\System32\wmerror.dll
2007-09-17 19:36:56    485888 --a------ C:\WINDOWS\System32\Audiodev.dll
2007-09-17 19:36:56      8192 --a------ C:\WINDOWS\System32\asferror.dll
2007-09-17 19:36:28    331264 --a------ C:\WINDOWS\System32\wpdsp.dll
2007-09-17 19:36:28     66560 --a------ C:\WINDOWS\System32\wpdmtpus.dll
2007-09-17 19:36:28    331776 --a------ C:\WINDOWS\System32\wpdmtpdr.dll
2007-09-17 19:36:28    114176 --a------ C:\WINDOWS\System32\wpdmtp.dll
2007-09-17 19:36:28     61952 --a------ C:\WINDOWS\System32\wpdconns.dll
2007-09-17 19:36:28     18944 --a------ C:\WINDOWS\System32\drivers\wpdusb.sys
2007-09-17 19:36:27     38912 --a------ C:\WINDOWS\System32\wdfmgr.exe
2007-09-17 19:36:27     15872 --a------ C:\WINDOWS\System32\wdfapi.dll
2007-09-17 19:36:27     47104 --a------ C:\WINDOWS\System32\uwdf.exe
2007-09-17 19:36:17     33792 --a------ C:\WINDOWS\System32\WMDMPS.dll
2007-09-17 19:36:17     28160 --a------ C:\WINDOWS\System32\WMDMLOG.dll
2007-09-17 19:36:17     25088 --a------ C:\WINDOWS\System32\MsPMSNSv.dll
2007-09-17 19:36:17    164864 --a------ C:\WINDOWS\System32\cewmdm.dll
2007-09-17 19:36:16    315904 --a------ C:\WINDOWS\System32\MSWMDM.dll
2007-09-17 19:36:16    364784 --a------ C:\WINDOWS\System32\MSSCP.dll
2007-09-17 19:36:16    173568 --a------ C:\WINDOWS\System32\MsPMSP.dll
2007-09-17 19:36:03    335872 --a------ C:\WINDOWS\System32\WMDRMdev.dll
2007-09-17 19:36:02   1003008 --a------ C:\WINDOWS\System32\wmvdmoe2.dll
2007-09-17 19:36:02   2370296 --a------ C:\WINDOWS\System32\wmvcore.dll
2007-09-17 19:36:02   1512448 --a------ C:\WINDOWS\System32\WMVADVE.DLL
2007-09-17 19:36:02    940544 --a------ C:\WINDOWS\System32\wmspdmoe.dll
2007-09-17 19:36:02   1119744 --a------ C:\WINDOWS\System32\wmsdmoe2.dll
2007-09-17 19:36:02   1027072 --a------ C:\WINDOWS\System32\wmnetmgr.dll
2007-09-17 19:36:02    290816 --a------ C:\WINDOWS\System32\WMDRMNet.dll
2007-09-17 19:36:02    716288 --a------ C:\WINDOWS\System32\wmadmoe.dll
2007-09-17 19:36:01    150016 --a------ C:\WINDOWS\System32\wmidx.dll
2007-09-17 19:36:01    224768 --a------ C:\WINDOWS\System32\wmasf.dll
2007-09-17 19:36:01    221184 --a------ C:\WINDOWS\System32\qasf.dll
2007-09-17 19:36:01     96768 --a------ C:\WINDOWS\System32\logagent.exe
2007-09-17 19:36:01      6656 --a------ C:\WINDOWS\System32\laprxy.dll
2007-09-17 19:35:56    895736 --a------ C:\WINDOWS\System32\wmvdmod.dll
2007-09-17 19:35:56   1218808 --a------ C:\WINDOWS\System32\wmvadvd.dll
2007-09-17 19:35:56    413944 --a------ C:\WINDOWS\System32\wmspdmod.dll
2007-09-17 19:35:56    774904 --a------ C:\WINDOWS\System32\wmsdmod.dll
2007-09-17 19:35:56    396528 --a------ C:\WINDOWS\System32\wmadmod.dll
2007-09-17 19:25:21         0 d-a------ C:\Program Files\HT NETWORKS<HTNETW~1>
2007-09-15 14:41:21      4682 --a------ C:\WINDOWS\System32\npptNT2.sys
2007-09-09 21:46:04         0 d-a------ C:\Program Files\NAPI-PROJEKT<NAPI-P~1>
2007-09-09 21:35:30    163840 --a------ C:\WINDOWS\System32\unrar.dll
2007-09-09 21:35:26    217088 --a------ C:\WINDOWS\System32\yv12vfw.dll
2007-09-09 21:35:26    180224 --a------ C:\WINDOWS\System32\xvidvfw.dll
2007-09-09 21:35:26    761856 --a------ C:\WINDOWS\System32\xvidcore.dll
2007-09-09 21:35:25   3596288 --a------ C:\WINDOWS\System32\qt-dx331.dll
2007-09-09 21:35:24     73728 --a------ C:\WINDOWS\System32\dpl100.dll
2007-09-09 21:35:23    740442 --a------ C:\WINDOWS\System32\divx.dll
2007-09-09 21:35:22      7680 --a------ C:\WINDOWS\System32\ff_vfw.dll
2007-09-09 21:35:19         0 d-a------ C:\Program Files\K-Lite Codec Pack<K-LITE~1>
2007-09-09 21:25:50     55949 --a------ C:\WINDOWS\System32\x264-uninstall.exe<X264-U~1.EXE>
2007-09-07 21:12:22     25544 --a------ C:\WINDOWS\System32\drivers\hamachi.sys


-- Find3M Report ---------------------------------------------------------------

2007-10-07 10:00:32         0 d-------- C:\Documents and Settings\kowalsky\Dane aplikacji\uTorrent
2007-10-07 00:49:32         0 d-a------ C:\Program Files\AvRack
2007-10-07 00:37:10         0 d-a------ C:\Program Files\XP Codec Pack<XPCODE~1>
2007-10-06 21:54:06         0 d-------- C:\Documents and Settings\kowalsky\Dane aplikacji\Smart PC Solutions<SMARTP~1>
2007-10-06 19:05:46    355486 --a------ C:\WINDOWS\System32\perfh015.dat
2007-10-06 19:05:46     49492 --a------ C:\WINDOWS\System32\perfc015.dat
2007-10-06 18:48:11     23016 --a------ C:\WINDOWS\System32\emptyregdb.dat<EMPTYR~1.DAT>
2007-10-06 18:47:48         0 d-a------ C:\Program Files\Windows NT<WINDOW~1>
2007-10-02 15:50:03         0 d-------- C:\Documents and Settings\kowalsky\Dane aplikacji\DMCache
2007-10-02 15:07:35         0 d-------- C:\Documents and Settings\kowalsky\Dane aplikacji\Bitdefender<BITDEF~1>
2007-09-29 17:04:06         0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-09-26 10:39:26         0 d-a------ C:\Program Files\Thomson
2007-09-26 09:36:11     22039 --ah----- C:\Program Files\folder.htt
2007-09-26 09:36:11       271 ---hs---- C:\Program Files\desktop.ini
2007-09-24 19:34:25         0 d-------- C:\Documents and Settings\kowalsky\Dane aplikacji\Google
2007-09-22 08:51:12         0 d-------- C:\Documents and Settings\kowalsky\Dane aplikacji\Lavasoft
2007-09-19 16:08:31         0 d-a------ C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-09-17 19:36:45         0 d---s---- C:\Documents and Settings\kowalsky\Dane aplikacji\Microsoft<MICROS~1>
2007-09-15 21:11:40         0 d-ah----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-09-11 15:44:38         0 d-------- C:\Documents and Settings\kowalsky\Dane aplikacji\My Games<MYGAME~1>
2007-09-10 14:54:42         0 d-------- C:\Documents and Settings\kowalsky\Dane aplikacji\Media Player Classic<MEDIAP~1>
2007-09-08 01:15:35         0 d-------- C:\Documents and Settings\kowalsky\Dane aplikacji\Hamachi
2007-09-07 17:22:28         0 d-------- C:\Documents and Settings\kowalsky\Dane aplikacji\Microsoft Games<MICROS~2>
2007-09-04 16:40:49         0 d-a------ C:\Program Files\Teleport Pro<TELEPO~1>
2007-09-02 22:18:41         0 d-a------ C:\Program Files\Pixarra
2007-09-02 22:13:43         0 d-a------ C:\Program Files\PocketRAR<POCKET~1>
2007-09-01 18:57:13         0 d-a------ C:\Program Files\D-Tools
2007-09-01 18:54:19         0 d-------- C:\Documents and Settings\kowalsky\Dane aplikacji\Macromedia<MACROM~1>
2007-09-01 18:54:13      1156 --a------ C:\WINDOWS\mozver.dat
2007-09-01 18:07:25         0 d-a------ C:\Program Files\uTorrent
2007-09-01 17:53:15         0 d-a------ C:\Program Files\TGTSoft
2007-09-01 17:46:25         0 d-a------ C:\Program Files\Common Files\Adobe
2007-09-01 17:21:58         0 d-a------ C:\Program Files\Kaspersky Lab<KASPER~1>
2007-09-01 17:04:30         0 --a------ C:\WINDOWS\nsreg.dat
2007-09-01 17:04:25         0 d-------- C:\Documents and Settings\kowalsky\Dane aplikacji\Mozilla
2007-09-01 15:43:41         0 d-a------ C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-09-01 15:40:10         0 d-------- C:\Documents and Settings\kowalsky\Dane aplikacji\InterTrust<INTERT~1>
2007-09-01 15:40:10         0 d-------- C:\Documents and Settings\kowalsky\Dane aplikacji\Adobe
2007-09-01 15:40:03         0 d-------- C:\Documents and Settings\kowalsky\Dane aplikacji\Identities<IDENTI~1>
2007-09-01 15:38:52         0 d-a------ C:\Program Files\Ahead
2007-09-01 15:38:40         0 d-a------ C:\Program Files\Common Files\Ahead
2007-09-01 15:37:36         0 d-a------ C:\Program Files\CyberLink DVD Solution<CYBERL~2>
2007-09-01 15:31:36         0 d-a------ C:\Program Files\microsoft frontpage<MICROS~1>
2007-09-01 15:31:08         0 -rahs---- C:\MSDOS.SYS
2007-09-01 15:31:08         0 -rahs---- C:\IO.SYS
2007-09-01 15:30:01         0 d-a------ C:\Program Files\SEC
2007-09-01 15:29:50         0 d-a------ C:\Program Files\Usługi online<USUGIO~1>
2007-09-01 15:29:16         0 d-a------ C:\Program Files\Movie Maker<MOVIEM~1>
2007-09-01 15:28:34         0 d-a------ C:\Program Files\Common Files\MSSoap
2007-09-01 15:27:11         0 d-a------ C:\Program Files\Messenger<MESSEN~1>
2007-09-01 15:27:04         0 d-a------ C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-09-01 15:17:16         0 d-a------ C:\Program Files\Realtek Sound Manager<REALTE~1>
2007-09-01 15:15:18         0 d-a------ C:\Program Files\CyberLink<CYBERL~1>
2007-09-01 15:15:10         0 d-a------ C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-09-01 15:14:50         0 d-a------ C:\Program Files\GigaByte
2007-09-01 15:08:11         0 d-a------ C:\Program Files\Common Files\ODBC
2007-09-01 15:08:07         0 d-a------ C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-09-01 15:07:38        62 --ahs---- C:\Documents and Settings\kowalsky\Dane aplikacji\desktop.ini


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"="\"d:\\steam\\steam.exe\" -silent"
"Konnekt"="\"C:\\Program Files\\Konnekt\\konnekt.exe\" /autostart"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"VGAUtil"="C:\\Program Files\\GigaByte\\VGA Utility Manager\\G-VGA.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\"  -lang 1033"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg"
"BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\""
"SoundMan"="SOUNDMAN.EXE"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=dword:00000002
   
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="sockspy.dll"


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService   REG_MULTI_SZ      Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService   REG_MULTI_SZ      DnsCache\0\0
rpcss   REG_MULTI_SZ      RpcSs\0\0
imgsvc   REG_MULTI_SZ      StiSvc\0\0
termsvcs   REG_MULTI_SZ      TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_EVERESTDRIVER


-- End of ComboScan: finished at 2007-10-07 at 10:10:50 ------------------------

[wojtas]

C:\WINDOWS\System32\hmm.exe

ten plik ^^ przeskanuj tu i daj raporty

http://virusscan.jotti.org/
http://www.virustotal.com/


oraz daj loga z combofixa

[conter]

przeskanować nie można bo plik nic nie warzy

Kod: Zaznacz wszystko

ComboFix 07-10-07.2 - kowalsky 2007-10-07 14:21:49.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.1.1250.1.1045.18.282 [GMT 2:00]
Running from: C:\Documents and Settings\kowalsky\Pulpit\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2007-09-07 to 2007-10-07  )))))))))))))))))))))))))))))))
.

2007-10-07 14:09   <DIR>   d--h-----   C:\WINDOWS\PIF
2007-10-07 14:05   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-10-07 01:20   <DIR>   d--------   C:\Program Files\SubEdit-Player
2007-10-07 01:15   <DIR>   d--------   C:\Program Files\MarBit
2007-10-07 00:57   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2007-10-07 00:54   36,224   --a--c---   C:\WINDOWS\system32\dllcache\isapnp.sys
2007-10-07 00:54   36,224   --a------   C:\WINDOWS\system32\drivers\isapnp.sys
2007-10-07 00:50   <DIR>   d--------   C:\Program Files\C-Media Audio
2007-10-07 00:49   57,856   --a--c---   C:\WINDOWS\system32\dllcache\drmk.sys
2007-10-07 00:49   134,272   --a--c---   C:\WINDOWS\system32\dllcache\portcls.sys
2007-10-07 00:43   <DIR>   d--------   C:\Program Files\XviD
2007-10-06 21:54   <DIR>   d--------   C:\Documents and Settings\kowalsky\Dane aplikacji\Smart PC Solutions
2007-10-06 21:53   <DIR>   d--------   C:\Program Files\Smart PC Solutions
2007-10-06 18:50   <DIR>   d--------   C:\Documents and Settings\Default User\Dane aplikacji\DivX
2007-10-06 18:36   27,904   -ra------   C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2007-10-06 18:36   23,070   --a------   C:\WINDOWS\system32\drivers\RTL8139.sys
2007-10-06 18:34   24,661   --a------   C:\WINDOWS\system32\spxcoins.dll
2007-10-06 18:34   13,312   --a------   C:\WINDOWS\system32\irclass.dll
2007-10-02 20:15   <DIR>   d-a------   C:\Program Files\Konnekt
2007-10-02 15:48   <DIR>   d--------   C:\Documents and Settings\kowalsky\Dane aplikacji\DMCache
2007-10-02 15:08   81,984   --a------   C:\WINDOWS\system32\bdod.bin
2007-10-02 15:07   <DIR>   d--------   C:\Documents and Settings\kowalsky\Dane aplikacji\Bitdefender
2007-10-02 15:06   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\BitDefender
2007-09-28 17:02   <DIR>   d-a------   C:\Program Files\Gadu-Gadu
2007-09-28 17:02   <DIR>   d--------   C:\Documents and Settings\kowalsky\Gadu-Gadu
2007-09-27 18:44   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2007-09-27 18:41   13,440   --a------   C:\WINDOWS\GPCIDrv.sys
2007-09-27 18:39   180,224   --a------   C:\WINDOWS\system32\nvudisp.exe
2007-09-27 18:39   <DIR>   d--------   C:\WINDOWS\nview
2007-09-26 18:39   <DIR>   d-a------   C:\Program Files\Tweak-XP Pro
2007-09-26 11:13   <DIR>   d-a------   C:\WINNT
2007-09-26 10:48   <DIR>   d--------   C:\Documents and Settings\kowalsky.KOWALSKY-C2693A\Dane aplikacji\stamina
2007-09-26 10:19   <DIR>   d-ah-----   C:\Documents and Settings\All Users.WINNT\Dane aplikacji
2007-09-26 10:19   <DIR>   d-a------   C:\Documents and Settings\All Users.WINNT\Dokumenty
2007-09-26 10:19   <DIR>   d--h-----   C:\Documents and Settings\Default User.WINNT\Ustawienia lokalne
2007-09-26 10:19   <DIR>   d--h-----   C:\Documents and Settings\Default User.WINNT\Szablony
2007-09-26 10:19   <DIR>   d--h-----   C:\Documents and Settings\Default User.WINNT\Dane aplikacji
2007-09-26 10:19   <DIR>   d--h-----   C:\Documents and Settings\All Users.WINNT\Szablony
2007-09-26 10:19   <DIR>   d--------   C:\Documents and Settings\Default User.WINNT\Ulubione
2007-09-26 10:19   <DIR>   d--------   C:\Documents and Settings\Default User.WINNT\Pulpit
2007-09-26 10:19   <DIR>   d--------   C:\Documents and Settings\Default User.WINNT\Moje dokumenty
2007-09-26 10:19   <DIR>   d--------   C:\Documents and Settings\Default User.WINNT\Menu Start
2007-09-26 10:19   <DIR>   d--------   C:\Documents and Settings\All Users.WINNT\Ulubione
2007-09-26 10:19   <DIR>   d--------   C:\Documents and Settings\All Users.WINNT\Pulpit
2007-09-26 10:19   <DIR>   d--------   C:\Documents and Settings\All Users.WINNT\Menu Start
2007-09-26 09:51   <DIR>   dr-------   C:\Documents and Settings\kowalsky.KOWALSKY-C2693A\Ulubione
2007-09-26 09:51   <DIR>   d--h-----   C:\Documents and Settings\kowalsky.KOWALSKY-C2693A\Ustawienia lokalne
2007-09-26 09:51   <DIR>   d--h-----   C:\Documents and Settings\kowalsky.KOWALSKY-C2693A\Szablony
2007-09-26 09:51   <DIR>   d--h-----   C:\Documents and Settings\kowalsky.KOWALSKY-C2693A\Dane aplikacji
2007-09-26 09:51   <DIR>   d--------   C:\Documents and Settings\kowalsky.KOWALSKY-C2693A\Pulpit
2007-09-26 09:51   <DIR>   d--------   C:\Documents and Settings\kowalsky.KOWALSKY-C2693A\Moje dokumenty
2007-09-26 09:51   <DIR>   d--------   C:\Documents and Settings\kowalsky.KOWALSKY-C2693A\Menu Start
2007-09-26 09:36   <DIR>   d--hs----   C:\Documents and Settings\All Users.WINNT\DRM
2007-09-26 09:32   <DIR>   d--------   C:\Program Files\Accessories
2007-09-25 18:48   0   --a------   C:\WINDOWS\system32\hmm.exe
2007-09-25 18:47   <DIR>   d-a------   C:\Program Files\Tweak-XP Pro 4
2007-09-24 19:33   <DIR>   d-a------   C:\Program Files\Google
2007-09-24 19:33   <DIR>   d--------   C:\Documents and Settings\kowalsky\Dane aplikacji\Google
2007-09-23 10:10   <DIR>   dr-h-----   C:\Documents and Settings\Administrator.PIEKAR-J34ZF3MX\Dane aplikacji
2007-09-23 10:10   <DIR>   dr-------   C:\Documents and Settings\Administrator.PIEKAR-J34ZF3MX\Menu Start
2007-09-23 10:10   <DIR>   d--h-----   C:\Documents and Settings\Administrator.PIEKAR-J34ZF3MX\Ustawienia lokalne
2007-09-23 10:10   <DIR>   d--h-----   C:\Documents and Settings\Administrator.PIEKAR-J34ZF3MX\Szablony
2007-09-23 10:10   <DIR>   d--------   C:\Documents and Settings\Administrator.PIEKAR-J34ZF3MX\Ulubione
2007-09-23 10:10   <DIR>   d--------   C:\Documents and Settings\Administrator.PIEKAR-J34ZF3MX\Pulpit
2007-09-23 10:10   <DIR>   d--------   C:\Documents and Settings\Administrator.PIEKAR-J34ZF3MX\Moje dokumenty
2007-09-23 09:46   <DIR>   d--------   C:\Documents and Settings\Administrator\Ustawienia lokalne
2007-09-23 09:46   <DIR>   d--------   C:\Documents and Settings\Administrator\Szablony
2007-09-23 09:46   <DIR>   d--------   C:\Documents and Settings\Administrator\Dane aplikacji
2007-09-22 08:51   <DIR>   d-a------   C:\Program Files\Lavasoft
2007-09-22 08:51   <DIR>   d--------   C:\Documents and Settings\kowalsky\Dane aplikacji\Lavasoft
2007-09-21 23:15   <DIR>   d-a------   C:\Program Files\Common Files\Blizzard Entertainment
2007-09-17 19:38   20,480   --a------   C:\WINDOWS\system32\wmpui.dll
2007-09-17 19:38   20,480   --a------   C:\WINDOWS\system32\wmpcore.dll
2007-09-17 19:38   20,480   --a------   C:\WINDOWS\system32\wmpcd.dll
2007-09-17 19:35   895,736   --a------   C:\WINDOWS\system32\wmvdmod.dll
2007-09-17 19:35   774,904   --a------   C:\WINDOWS\system32\wmsdmod.dll
2007-09-17 19:35   413,944   --a------   C:\WINDOWS\system32\wmspdmod.dll
2007-09-17 19:35   396,528   --a------   C:\WINDOWS\system32\wmadmod.dll
2007-09-17 19:35   1,218,808   --a------   C:\WINDOWS\system32\wmvadvd.dll
2007-09-17 19:25   <DIR>   d-a------   C:\Program Files\HT NETWORKS
2007-09-15 14:41   4,682   --a------   C:\WINDOWS\system32\npptNT2.sys
2007-09-10 14:54   <DIR>   d--------   C:\Documents and Settings\kowalsky\Dane aplikacji\Media Player Classic
2007-09-09 21:46   <DIR>   d-a------   C:\Program Files\NAPI-PROJEKT
2007-09-09 21:35   761,856   --a------   C:\WINDOWS\system32\xvidcore.dll
2007-09-09 21:35   740,442   --a------   C:\WINDOWS\system32\divx.dll
2007-09-09 21:35   73,728   --a------   C:\WINDOWS\system32\dpl100.dll
2007-09-09 21:35   7,680   --a------   C:\WINDOWS\system32\ff_vfw.dll
2007-09-09 21:35   3,596,288   --a------   C:\WINDOWS\system32\qt-dx331.dll
2007-09-09 21:35   217,088   --a------   C:\WINDOWS\system32\yv12vfw.dll
2007-09-09 21:35   180,224   --a------   C:\WINDOWS\system32\xvidvfw.dll
2007-09-09 21:35   163,840   --a------   C:\WINDOWS\system32\unrar.dll
2007-09-09 21:35   <DIR>   d-a------   C:\Program Files\K-Lite Codec Pack
2007-09-09 21:25   55,949   --a------   C:\WINDOWS\system32\x264-uninstall.exe
2007-09-09 19:18   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-09-07 21:12   25,544   --a------   C:\WINDOWS\system32\drivers\hamachi.sys
2007-09-07 21:12   <DIR>   d--------   C:\Documents and Settings\kowalsky\Dane aplikacji\Hamachi

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-07 14:18   23524   --a------   C:\WINDOWS\system32\drivers\GVTDrv.sys
2007-10-07 13:46   ---------   d--------   C:\Documents and Settings\kowalsky\Dane aplikacji\uTorrent
2007-10-07 00:49   ---------   d-a------   C:\Program Files\AvRack
2007-10-07 00:37   ---------   d-a------   C:\Program Files\XP Codec Pack
2007-10-02 20:16   ---------   d--------   C:\Documents and Settings\All Users\Dane aplikacji\stamina
2007-09-29 17:04   ---------   d--h-----   C:\Program Files\InstallShield Installation Information
2007-09-26 10:39   ---------   d-a------   C:\Program Files\Thomson
2007-09-26 09:36   271   ---hs----   C:\Program Files\desktop.ini
2007-09-26 09:36   22039   --ah-----   C:\Program Files\folder.htt
2007-09-23 10:10   330   --a------   C:\WINDOWS\system32\drivers\fwdrv.err
2007-09-11 15:44   ---------   d--------   C:\Documents and Settings\kowalsky\Dane aplikacji\My Games
2007-09-07 17:22   ---------   d--------   C:\Documents and Settings\kowalsky\Dane aplikacji\Microsoft Games
2007-09-04 16:40   ---------   d-a------   C:\Program Files\Teleport Pro
2007-09-02 22:18   ---------   d-a------   C:\Program Files\Pixarra
2007-09-02 22:13   ---------   d-a------   C:\Program Files\PocketRAR
2007-09-01 18:57   ---------   d-a------   C:\Program Files\D-Tools
2007-09-01 18:07   ---------   d-a------   C:\Program Files\uTorrent
2007-09-01 17:53   ---------   d-a------   C:\Program Files\TGTSoft
2007-09-01 17:21   ---------   d-a------   C:\Program Files\Kaspersky Lab
2007-09-01 15:43   ---------   d-a------   C:\Program Files\Sunbelt Software
2007-09-01 15:40   ---------   d--------   C:\Documents and Settings\kowalsky\Dane aplikacji\InterTrust
2007-09-01 15:38   ---------   d-a------   C:\Program Files\Common Files\Ahead
2007-09-01 15:38   ---------   d-a------   C:\Program Files\Ahead
2007-09-01 15:37   ---------   d-a------   C:\Program Files\CyberLink DVD Solution
2007-09-01 15:31   ---------   d-a------   C:\Program Files\microsoft frontpage
2007-09-01 15:30   ---------   d-a------   C:\Program Files\SEC
2007-09-01 15:17   ---------   d-a------   C:\Program Files\Realtek Sound Manager
2007-09-01 15:15   ---------   d-a------   C:\Program Files\CyberLink
2007-09-01 15:15   ---------   d-a------   C:\Program Files\Common Files\InstallShield
2007-09-01 15:15   ---------   d--------   C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2007-09-01 15:14   ---------   d-a------   C:\Program Files\GigaByte
2004-10-01 15:00   40960   --a------   C:\Program Files\Uninstall_CDS.exe
2004-09-28 04:00   26240   --a------   C:\WINDOWS\inf\RAMDSK.SYS
   ---------      C:\Program Files\Usługi online
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VGAUtil"="C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe" [2005-08-16 15:50]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-03-23 12:06]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-11-11 13:47]
"nwiz"="nwiz.exe" [2005-11-11 13:47 C:\WINDOWS\system32\nwiz.exe]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 09:34 C:\WINDOWS\soundman.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-11-11 13:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\steam\steam.exe" [2007-09-01 18:18]
"Konnekt"="C:\Program Files\Konnekt\konnekt.exe" [2005-05-24 23:41]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)

R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys
R3 GPCIDrv;GPCIDrv;\??\C:\WINDOWS\GPCIDrv.sys
R3 GVTDrv;GVTDrv;\??\C:\WINDOWS\System32\Drivers\GVTDrv.sys
S2 Distributed Allocated Memory Unit;Distributed Allocated Memory Unit;"C:\WINDOWS\system32\dllcache\mravsc32.exe"
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\System32\drivers\GVCplDrv.sys

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-07 14:26:23
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-07 14:29:30
.
   --- E O F ---


[wojtas]

skasuj ten plik:

C:\WINDOWS\system32\hmm.exe