Witam mam problem z systemem windows xp. Otóż to po formacie 2 dysków i zainstalowaniu windowsa na początu nic sie nie dzialo przez pierwsze dni lecz pozniej cos sie zaczelo dziac po kilku nastu minutach komputer zacinal sie i trzeba bylo resetowac ( narazie nic sie takiego nie dzieje) a teraz np. nie da sie wlaczyc regedita i taskmgra probowalem trj rvm ( trpjan remover ) lecz nic takze probowalem dr. web curelt ( cos tam usunelo lecz duzo to nie dalo ) prosze o wszelką pomoc i czekam na szybkie i mądre odp przez doświadczonych informatyków ( windows xp sp1 ) log z trj rvm :
*****NORMAL SCAN FOR ACTIVE MALWARE*****
Trojan Remover Ver 6.8.2.2596. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 01:55:15 17 paź 2010
Using Database v7555
Operating System: Windows XP Professional (SP1) [Build]
File System: NTFS
UserData directory: C:\Documents and Settings\Patryk\Dane aplikacji\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Patryk\Moje dokumenty\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
************************************************************
01:55:15: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
01:55:16: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1005568 bytes
Created: 2002-09-20 17:05
Modified: 2002-09-20 17:05
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
22528 bytes
Created: 2002-09-20 17:05
Modified: 2002-09-20 17:05
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\System32\logonui.exe
504832 bytes
Created: 2002-09-20 17:05
Modified: 2002-09-20 17:05
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: VTTimer
Value Data: VTTimer.exe
C:\WINDOWS\System32\VTTimer.exe
53248 bytes
Created: 2010-10-08 15:28
Modified: 2006-09-21 15:36
Company: S3 Graphics, Inc.
--------------------
Value Name: VTTrayp
Value Data: VTtrayp.exe
C:\WINDOWS\System32\VTtrayp.exe
176128 bytes
Created: 2010-10-08 15:28
Modified: 2006-12-15 13:04
Company: S3 Graphics Co., Ltd.
--------------------
Value Name: OrangeDeamon
Value Data: C:\Program Files\Orange\Orange.exe
C:\Program Files\Orange\Orange.exe
20336640 bytes
Created: 2010-10-11 15:27
Modified: 2008-05-16 11:33
Company: [no info]
--------------------
Value Name: AdslTaskBar
Value Data: rundll32.exe stmctrl.dll,TaskBar
C:\WINDOWS\System32\stmctrl.dll
151552 bytes
Created: 2010-10-11 15:28
Modified: 2008-04-23 09:30
Company: STMicroelectronics
--------------------
Value Name: SoundMan
Value Data: SOUNDMAN.EXE
C:\WINDOWS\SOUNDMAN.EXE
73728 bytes
Created: 2010-10-16 10:28
Modified: 2004-10-27 07:49
Company: Realtek Semiconductor Corp.
--------------------
Value Name: KernelFaultCheck
Value Data: %systemroot%\system32\dumprep 0 -k
C:\WINDOWS\system32\dumprep.exe
9216 bytes
Created: 2002-09-20 17:05
Modified: 2002-09-20 17:05
Company: Microsoft Corporation
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1410304 bytes
Created: 2007-11-23 21:51
Modified: 2007-11-23 21:51
Company: ESET
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1167808 bytes
Created: 2005-01-02 01:50
Modified: 2010-08-02 14:47
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\ctfmon.exe
13312 bytes
Created: 2002-09-20 17:05
Modified: 2002-09-20 17:05
Company: Microsoft Corporation
--------------------
Value Name: BitTorrent
Value Data: "C:\Program Files\BitTorrent\BitTorrent.exe"
C:\Program Files\BitTorrent\BitTorrent.exe
3058032 bytes
Created: 2010-10-16 09:34
Modified: 2010-10-16 09:34
Company: BitTorrent, Inc.
--------------------
************************************************************
01:55:22: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
************************************************************
01:55:22: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
01:55:22: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\System32\logon.scr
C:\WINDOWS\System32\logon.scr
219648 bytes
Created: 2002-09-20 17:05
Modified: 2002-09-20 17:05
Company: Microsoft Corporation
--------------------
************************************************************
01:55:22: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT
C:\WINDOWS\INF\mplayer2.inf
37582 bytes
Created: 2001-10-26 18:25
Modified: 2001-10-26 18:25
Company: [no info]
----------
Key: {306D6C21-C1B6-4629-986C-E59E1875B8AF}
Path: "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser
C:\Program Files\Messenger\msgsc.dll
109152 bytes
Created: 2010-10-08 14:13
Modified: 2002-08-20 12:39
Company: Microsoft Corporation
----------
************************************************************
01:55:23: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: RpcSs
Path: %SystemRoot%\system32\rpcss.dll
C:\WINDOWS\system32\rpcss.dll
260608 bytes
Created: 2002-09-20 17:04
Modified: 2002-09-20 17:04
Company: Microsoft Corporation
--------------------
Key: WmdmPmSp
Path: C:\WINDOWS\System32\mspmspsv.dll
C:\WINDOWS\System32\mspmspsv.dll
47104 bytes
Created: 2001-10-26 18:29
Modified: 2001-10-26 18:29
Company: Microsoft Corporation
--------------------
************************************************************
01:55:24: Scanning ----- SERVICES REGISTRY KEYS -----
Key: abp470n5
ImagePath: \??\C:\WINDOWS\System32\drivers\lomkjn.sys
C:\WINDOWS\System32\drivers\lomkjn.sys - [file not found to scan]
----------
Key: atapi
ImagePath: System32\DRIVERS\atapi.sys
C:\WINDOWS\System32\DRIVERS\atapi.sys
86912 bytes
Created: 2002-08-29 00:27
Modified: 2002-08-29 00:27
Company: Microsoft Corporation
----------
Key: BIOS
ImagePath: \??\C:\WINDOWS\System32\drivers\BIOS.sys
C:\WINDOWS\System32\drivers\BIOS.sys
-R- 13696 bytes
Created: 2010-10-16 10:25
Modified: 2005-03-16 07:23
Company: BIOSTAR Group
----------
Key: cpuz134
ImagePath: \??\C:\WINDOWS\System32\drivers\cpuz134_x32.sys
C:\WINDOWS\System32\drivers\cpuz134_x32.sys
20328 bytes
Created: 2010-10-16 10:28
Modified: 2010-07-09 12:18
Company: Windows (R) Win 7 DDK provider
----------
Key: eamon
ImagePath: System32\DRIVERS\eamon.sys
C:\WINDOWS\System32\DRIVERS\eamon.sys
33800 bytes
Created: 2007-11-23 21:50
Modified: 2007-11-23 21:50
Company: Eset
----------
Key: easdrv
ImagePath: System32\DRIVERS\easdrv.sys
C:\WINDOWS\System32\DRIVERS\easdrv.sys
27656 bytes
Created: 2007-11-23 21:50
Modified: 2007-11-23 21:50
Company: ESET
----------
Key: EhttpSrv
ImagePath: C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
18176 bytes
Created: 2007-11-23 21:53
Modified: 2007-11-23 21:53
Company: [no info]
----------
Key: ekrn
ImagePath: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
455936 bytes
Created: 2007-11-23 21:51
Modified: 2007-11-23 21:51
Company: ESET
----------
Key: epfwtdir
ImagePath: System32\DRIVERS\epfwtdir.sys
C:\WINDOWS\System32\DRIVERS\epfwtdir.sys
30728 bytes
Created: 2007-11-23 21:52
Modified: 2007-11-23 21:52
Company: [no info]
----------
Key: NrConnmags
ImagePath: "C:\WINDOWS\system\csrss.exe"
C:\WINDOWS\system\csrss.exe - [file not found to scan]
----------
Key: rtl8139
ImagePath: System32\DRIVERS\RTL8139.SYS
C:\WINDOWS\System32\DRIVERS\RTL8139.SYS
23070 bytes
Created: 2010-10-14 18:25
Modified: 2001-08-17 19:12
Company: Realtek Semiconductor Corporation
----------
Key: s3chipid
ImagePath: \??\C:\DOCUME~1\Patryk\USTAWI~1\Temp\s3chipid.sys
C:\DOCUME~1\Patryk\USTAWI~1\Temp\s3chipid.sys - [file not found to scan]
----------
Key: Secdrv
ImagePath: System32\DRIVERS\secdrv.sys
C:\WINDOWS\System32\DRIVERS\secdrv.sys
27440 bytes
Created: 2002-03-25 19:02
Modified: 2002-03-25 19:02
Company: [no info]
----------
Key: Stmatm
ImagePath: System32\DRIVERS\stmatm.sys
C:\WINDOWS\System32\DRIVERS\stmatm.sys
60255 bytes
Created: 2010-10-11 15:28
Modified: 2008-04-23 09:30
Company: STMicroelectronics
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{92761529-8B1D-4AF9-906B-1459EE640A81}
C:\WINDOWS\System32\dllhost.exe
4608 bytes
Created: 2001-10-26 18:29
Modified: 2001-10-26 18:29
Company: Microsoft Corporation
----------
Key: TaurusUsb
ImagePath: System32\DRIVERS\torususb.sys
C:\WINDOWS\System32\DRIVERS\torususb.sys
683791 bytes
Created: 2010-10-11 15:28
Modified: 2008-04-23 09:30
Company: STMicroelectronics
----------
************************************************************
01:55:29: Scanning -----VXD ENTRIES-----
************************************************************
01:55:29: Scanning ----- WINLOGON\NOTIFY DLLS -----
************************************************************
01:55:30: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Eset Smart Security - Context Menu Shell Extension
CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D}
Path: C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
156928 bytes
Created: 2007-11-23 21:54
Modified: 2007-11-23 21:54
Company: ESET
----------
************************************************************
01:55:30: Scanning ----- FOLDER\COLUMNHANDLERS -----
************************************************************
01:55:30: Scanning ----- BROWSER HELPER OBJECTS -----
No Browser Helper Objects found to scan
************************************************************
01:55:30: Scanning ----- SHELLSERVICEOBJECTS -----
************************************************************
01:55:30: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
01:55:30: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
01:55:30: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist
************************************************************
01:55:30: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
01:55:30: Scanning ------ COMMON STARTUP GROUP ------
[C]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\desktop.ini
-HS- 84 bytes
Created: 2010-10-08 15:07
Modified: 2010-10-14 18:30
Company: [no info]
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
01:55:31: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan
************************************************************
01:55:31: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
01:55:31: Scanning ----- DEVICE DRIVER ENTRIES -----
************************************************************
01:55:31: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
==============================
Restrictive Windows Explorer Policies found in force on this computer:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
Value: DisableRegistryTools
Value: DisableTaskMgr
All Policy Values listed have been removed or reset
==============================
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 2010-10-08 14:23
Modified: 2010-10-12 14:37
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 2010-10-08 14:23
Modified: 2010-10-12 14:37
Company: [no info]
----------
DNS Server information:
Interface:
NameServers: 79.163.127.70 217.116.100.65
Checks for rogue DNS NameServers completed
----------
The Security Center service is disabled
[Service set to DISABLED]
Additional checks completed
************************************************************
01:56:24: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
45568 bytes
Created: 2002-09-20 17:05
Modified: 2002-09-20 17:05
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
519168 bytes
Created: 2002-09-20 17:05
Modified: 2002-09-20 17:05
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
101888 bytes
Created: 2001-10-26 18:30
Modified: 2001-10-26 18:30
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
11776 bytes
Created: 2002-09-20 17:05
Modified: 2002-09-20 17:05
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
12800 bytes
Created: 2001-10-26 18:30
Modified: 2001-10-26 18:30
Company: Microsoft Corporation
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
51200 bytes
Created: 2001-10-26 18:30
Modified: 2001-10-26 18:30
Company: Microsoft Corporation
--------------------
C:\WINDOWS\System32\VTTimer.exe - file already scanned
--------------------
C:\WINDOWS\System32\VTtrayp.exe - file already scanned
--------------------
C:\Program Files\Orange\Orange.exe - file already scanned
--------------------
C:\WINDOWS\SOUNDMAN.EXE - file already scanned
--------------------
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe - file already scanned
--------------------
C:\WINDOWS\System32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\BitTorrent\BitTorrent.exe - file already scanned
--------------------
C:\Documents and Settings\Patryk\Dane aplikacji\Simply Super Software\Trojan Remover\qwi5.exe
FileSize: 3683248
[This is a Trojan Remover component]
--------------------
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe - file already scanned
--------------------
************************************************************
01:56:27: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\System32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 01:56:27 02 sty 2005
Total Scan time: 00:01:11
************************************************************
*****THE SYSTEM HAS BEEN RESTARTED*****
2005-01-02 01:53:17: Trojan Remover has been restarted
=======================================================
Removing the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wuaucpl.exe - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wuaucpl.exe - already removed (or did not exist)
=======================================================
=======================================================
Deleting the following registry value(s):
HKLM\SYSTEM\CurrentControlSet\Services\Local Service\[ImagePath] - already deleted
=======================================================
2005-01-02 01:53:17: Trojan Remover closed
************************************************************
*****NORMAL SCAN FOR ACTIVE MALWARE*****
Trojan Remover Ver 6.8.2.2596. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 01:51:10 02 sty 2005
Using Database v7555
Operating System: Windows XP Professional (SP1) [Build]
File System: NTFS
UserData directory: C:\Documents and Settings\Patryk\Dane aplikacji\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Patryk\Moje dokumenty\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
************************************************************
01:51:10: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
01:51:11: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1005568 bytes
Created: 2002-09-20 17:05
Modified: 2002-09-20 17:05
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
22528 bytes
Created: 2002-09-20 17:05
Modified: 2002-09-20 17:05
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\System32\logonui.exe
504832 bytes
Created: 2002-09-20 17:05
Modified: 2002-09-20 17:05
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: VTTimer
Value Data: VTTimer.exe
C:\WINDOWS\System32\VTTimer.exe
53248 bytes
Created: 2010-10-08 15:28
Modified: 2006-09-21 15:36
Company: S3 Graphics, Inc.
--------------------
Value Name: VTTrayp
Value Data: VTtrayp.exe
C:\WINDOWS\System32\VTtrayp.exe
176128 bytes
Created: 2010-10-08 15:28
Modified: 2006-12-15 13:04
Company: S3 Graphics Co., Ltd.
--------------------
Value Name: OrangeDeamon
Value Data: C:\Program Files\Orange\Orange.exe
C:\Program Files\Orange\Orange.exe
20336640 bytes
Created: 2010-10-11 15:27
Modified: 2008-05-16 11:33
Company: [no info]
--------------------
Value Name: AdslTaskBar
Value Data: rundll32.exe stmctrl.dll,TaskBar
C:\WINDOWS\System32\stmctrl.dll
151552 bytes
Created: 2010-10-11 15:28
Modified: 2008-04-23 09:30
Company: STMicroelectronics
--------------------
Value Name: SoundMan
Value Data: SOUNDMAN.EXE
C:\WINDOWS\SOUNDMAN.EXE
73728 bytes
Created: 2010-10-16 10:28
Modified: 2004-10-27 07:49
Company: Realtek Semiconductor Corp.
--------------------
Value Name: KernelFaultCheck
Value Data: %systemroot%\system32\dumprep 0 -k
C:\WINDOWS\system32\dumprep.exe
9216 bytes
Created: 2002-09-20 17:05
Modified: 2002-09-20 17:05
Company: Microsoft Corporation
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1410304 bytes
Created: 2007-11-23 21:51
Modified: 2007-11-23 21:51
Company: ESET
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1167808 bytes
Created: 2005-01-02 01:50
Modified: 2010-08-02 14:47
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\ctfmon.exe
13312 bytes
Created: 2002-09-20 17:05
Modified: 2002-09-20 17:05
Company: Microsoft Corporation
--------------------
Value Name: BitTorrent
Value Data: "C:\Program Files\BitTorrent\BitTorrent.exe"
C:\Program Files\BitTorrent\BitTorrent.exe
3058032 bytes
Created: 2010-10-16 09:34
Modified: 2010-10-16 09:34
Company: BitTorrent, Inc.
--------------------
************************************************************
01:51:18: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
************************************************************
01:51:18: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
01:51:19: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\System32\logon.scr
C:\WINDOWS\System32\logon.scr
219648 bytes
Created: 2002-09-20 17:05
Modified: 2002-09-20 17:05
Company: Microsoft Corporation
--------------------
************************************************************
01:51:19: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT
C:\WINDOWS\INF\mplayer2.inf
37582 bytes
Created: 2001-10-26 18:25
Modified: 2001-10-26 18:25
Company: [no info]
----------
Key: {306D6C21-C1B6-4629-986C-E59E1875B8AF}
Path: "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser
C:\Program Files\Messenger\msgsc.dll
109152 bytes
Created: 2010-10-08 14:13
Modified: 2002-08-20 12:39
Company: Microsoft Corporation
----------
************************************************************
01:51:21: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: RpcSs
Path: %SystemRoot%\system32\rpcss.dll
C:\WINDOWS\system32\rpcss.dll
260608 bytes
Created: 2002-09-20 17:04
Modified: 2002-09-20 17:04
Company: Microsoft Corporation
--------------------
Key: WmdmPmSp
Path: C:\WINDOWS\System32\mspmspsv.dll
C:\WINDOWS\System32\mspmspsv.dll
47104 bytes
Created: 2001-10-26 18:29
Modified: 2001-10-26 18:29
Company: Microsoft Corporation
--------------------
************************************************************
01:51:23: Scanning ----- SERVICES REGISTRY KEYS -----
Key: abp470n5
ImagePath: \??\C:\WINDOWS\System32\drivers\lomkjn.sys
C:\WINDOWS\System32\drivers\lomkjn.sys - [file not found to scan]
----------
Key: atapi
ImagePath: System32\DRIVERS\atapi.sys
C:\WINDOWS\System32\DRIVERS\atapi.sys
86912 bytes
Created: 2002-08-29 00:27
Modified: 2002-08-29 00:27
Company: Microsoft Corporation
----------
Key: BIOS
ImagePath: \??\C:\WINDOWS\System32\drivers\BIOS.sys
C:\WINDOWS\System32\drivers\BIOS.sys
-R- 13696 bytes
Created: 2010-10-16 10:25
Modified: 2005-03-16 07:23
Company: BIOSTAR Group
----------
Key: cpuz134
ImagePath: \??\C:\WINDOWS\System32\drivers\cpuz134_x32.sys
C:\WINDOWS\System32\drivers\cpuz134_x32.sys
20328 bytes
Created: 2010-10-16 10:28
Modified: 2010-07-09 12:18
Company: Windows (R) Win 7 DDK provider
----------
Key: eamon
ImagePath: System32\DRIVERS\eamon.sys
C:\WINDOWS\System32\DRIVERS\eamon.sys
33800 bytes
Created: 2007-11-23 21:50
Modified: 2007-11-23 21:50
Company: Eset
----------
Key: easdrv
ImagePath: System32\DRIVERS\easdrv.sys
C:\WINDOWS\System32\DRIVERS\easdrv.sys
27656 bytes
Created: 2007-11-23 21:50
Modified: 2007-11-23 21:50
Company: ESET
----------
Key: EhttpSrv
ImagePath: C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
18176 bytes
Created: 2007-11-23 21:53
Modified: 2007-11-23 21:53
Company: [no info]
----------
Key: ekrn
ImagePath: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
455936 bytes
Created: 2007-11-23 21:51
Modified: 2007-11-23 21:51
Company: ESET
----------
Key: epfwtdir
ImagePath: System32\DRIVERS\epfwtdir.sys
C:\WINDOWS\System32\DRIVERS\epfwtdir.sys
30728 bytes
Created: 2007-11-23 21:52
Modified: 2007-11-23 21:52
Company: [no info]
----------
Key: Local Service
ImagePath: "C:\WINDOWS\wuaucpl.exe"
C:\WINDOWS\wuaucpl.exe
-RHS- 415232 bytes
Created: 2010-10-14 19:00
Modified: 2010-10-14 19:00
Company: [no info]
C:\WINDOWS\wuaucpl.exe appears to be in-use/locked
C:\WINDOWS\wuaucpl.exe - this registry value has been removed
C:\WINDOWS\wuaucpl.exe - process is either not running or could not be terminated
C:\WINDOWS\wuaucpl.exe - READ-ONLY, HIDDEN and SYSTEM file attributes removed
C:\WINDOWS\wuaucpl.exe - file renamed to: C:\WINDOWS\wuaucpl.exe.vir
----------
Key: NrConnmags
ImagePath: "C:\WINDOWS\system\csrss.exe"
C:\WINDOWS\system\csrss.exe - [file not found to scan]
----------
Key: rtl8139
ImagePath: System32\DRIVERS\RTL8139.SYS
C:\WINDOWS\System32\DRIVERS\RTL8139.SYS
23070 bytes
Created: 2010-10-14 18:25
Modified: 2001-08-17 19:12
Company: Realtek Semiconductor Corporation
----------
Key: s3chipid
ImagePath: \??\C:\DOCUME~1\Patryk\USTAWI~1\Temp\s3chipid.sys
C:\DOCUME~1\Patryk\USTAWI~1\Temp\s3chipid.sys - [file not found to scan]
----------
Key: Secdrv
ImagePath: System32\DRIVERS\secdrv.sys
C:\WINDOWS\System32\DRIVERS\secdrv.sys
27440 bytes
Created: 2002-03-25 19:02
Modified: 2002-03-25 19:02
Company: [no info]
----------
Key: Stmatm
ImagePath: System32\DRIVERS\stmatm.sys
C:\WINDOWS\System32\DRIVERS\stmatm.sys
60255 bytes
Created: 2010-10-11 15:28
Modified: 2008-04-23 09:30
Company: STMicroelectronics
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{92761529-8B1D-4AF9-906B-1459EE640A81}
C:\WINDOWS\System32\dllhost.exe
4608 bytes
Created: 2001-10-26 18:29
Modified: 2001-10-26 18:29
Company: Microsoft Corporation
----------
Key: TaurusUsb
ImagePath: System32\DRIVERS\torususb.sys
C:\WINDOWS\System32\DRIVERS\torususb.sys
683791 bytes
Created: 2010-10-11 15:28
Modified: 2008-04-23 09:30
Company: STMicroelectronics
----------
************************************************************
01:51:40: Scanning -----VXD ENTRIES-----
************************************************************
01:51:40: Scanning ----- WINLOGON\NOTIFY DLLS -----
************************************************************
01:51:40: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Eset Smart Security - Context Menu Shell Extension
CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D}
Path: C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
156928 bytes
Created: 2007-11-23 21:54
Modified: 2007-11-23 21:54
Company: ESET
----------
************************************************************
01:51:40: Scanning ----- FOLDER\COLUMNHANDLERS -----
************************************************************
01:51:40: Scanning ----- BROWSER HELPER OBJECTS -----
No Browser Helper Objects found to scan
************************************************************
01:51:40: Scanning ----- SHELLSERVICEOBJECTS -----
************************************************************
01:51:40: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
01:51:40: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
01:51:40: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist
************************************************************
01:51:41: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
01:51:41: Scanning ------ COMMON STARTUP GROUP ------
[C]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\desktop.ini
-HS- 84 bytes
Created: 2010-10-08 15:07
Modified: 2010-10-14 18:30
Company: [no info]
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
01:51:41: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan
************************************************************
01:51:41: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
01:51:41: Scanning ----- DEVICE DRIVER ENTRIES -----
************************************************************
01:51:42: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
==============================
Restrictive Windows Explorer Policies found in force on this computer:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
Value: DisableRegistryTools
Value: DisableTaskMgr
All Policy Values listed have been removed or reset
==============================
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 2010-10-08 14:23
Modified: 2010-10-12 14:37
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 2010-10-08 14:23
Modified: 2010-10-12 14:37
Company: [no info]
----------
DNS Server information:
Interface:
NameServers: 79.163.127.70 217.116.100.65
Checks for rogue DNS NameServers completed
----------
The Security Center service is disabled
[Service set to DISABLED]
Additional checks completed
************************************************************
01:51:47: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
45568 bytes
Created: 2002-09-20 17:05
Modified: 2002-09-20 17:05
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
519168 bytes
Created: 2002-09-20 17:05
Modified: 2002-09-20 17:05
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
101888 bytes
Created: 2001-10-26 18:30
Modified: 2001-10-26 18:30
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
11776 bytes
Created: 2002-09-20 17:05
Modified: 2002-09-20 17:05
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
12800 bytes
Created: 2001-10-26 18:30
Modified: 2001-10-26 18:30
Company: Microsoft Corporation
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
51200 bytes
Created: 2001-10-26 18:30
Modified: 2001-10-26 18:30
Company: Microsoft Corporation
--------------------
C:\WINDOWS\System32\VTTimer.exe - file already scanned
--------------------
C:\WINDOWS\System32\VTtrayp.exe - file already scanned
--------------------
C:\Program Files\Orange\Orange.exe - file already scanned
--------------------
C:\WINDOWS\SOUNDMAN.EXE - file already scanned
--------------------
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe - file already scanned
--------------------
C:\WINDOWS\System32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\BitTorrent\BitTorrent.exe - file already scanned
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
910296 bytes
Created: 2010-10-08 14:40
Modified: 2010-09-15 00:08
Company: Mozilla Corporation
--------------------
C:\Program Files\Mozilla Firefox\plugin-container.exe
14808 bytes
Created: 2010-10-08 14:40
Modified: 2010-09-15 00:08
Company: Mozilla Corporation
--------------------
C:\Documents and Settings\Patryk\Dane aplikacji\Simply Super Software\Trojan Remover\mmt124.exe
FileSize: 3683248
[This is a Trojan Remover component]
--------------------
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe - file already scanned
--------------------
************************************************************
01:51:50: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\System32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 01:51:50 02 sty 2005
Total Scan time: 00:00:40
-------------------------------------------------------------------------
Trojan Remover needs to restart the system to complete operations
2005-01-02 01:51:57: restart commenced
************************************************************
( zla data w logu poniewaz mialem inna na kompie i nie zmienialem jej
– Dodane 17.10.2010 (N) 16:49 –
log z Hi Jack This :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:47:57, on 2010-10-17
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\System32\VTtrayp.exe
C:\Program Files\Orange\Orange.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\WINDOWS\System32\cryptnets.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM…\Run: [VTTimer] VTTimer.exe
O4 - HKLM…\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM…\Run: [OrangeDeamon] C:\Program Files\Orange\Orange.exe
O4 - HKLM…\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM…\Run: [egui] “C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice
O4 - HKLM…\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM…\Run: [internet Security Service] cryptnets.exe
O4 - HKLM…\RunServices: [internet Security Service] cryptnets.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU…\Run: [bitTorrent] “C:\Program Files\BitTorrent\BitTorrent.exe”
O4 - HKCU…\Run: [internet Security Service] cryptnets.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘?’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘?’)
O4 - HKUS\S-1-5-21-1229272821-113007714-839522115-1003…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User ‘?’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘?’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip…{356A795E-4656-49D6-937C-7D4B054A3CCD}: NameServer = 217.116.100.65 79.163.127.70
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Remote Network Connections to Manage (NrConnmags) - Unknown owner - C:\WINDOWS\system\csrss.exe (file missing)
–
End of file - 3504 bytes
proszę o wszelką możliwą pomoc z waszej strony z góry thx