Regedit,taskmgr problem


(Zidan1234567890) #1

Witam mam problem z systemem windows xp. Otóż to po formacie 2 dysków i zainstalowaniu windowsa na początu nic sie nie dzialo przez pierwsze dni lecz pozniej cos sie zaczelo dziac po kilku nastu minutach komputer zacinal sie i trzeba bylo resetowac ( narazie nic sie takiego nie dzieje) a teraz np. nie da sie wlaczyc regedita i taskmgra probowalem trj rvm ( trpjan remover ) lecz nic takze probowalem dr. web curelt ( cos tam usunelo lecz duzo to nie dalo ) prosze o wszelką pomoc i czekam na szybkie i mądre odp przez doświadczonych informatyków ( windows xp sp1 ) log z trj rvm :

*****NORMAL SCAN FOR ACTIVE MALWARE*****

Trojan Remover Ver 6.8.2.2596. For information, email support@simplysup.com

[Unregistered version]

Scan started at: 01:55:15 17 paź 2010

Using Database v7555

Operating System: Windows XP Professional (SP1) [Build]

File System: NTFS

UserData directory: C:\Documents and Settings\Patryk\Dane aplikacji\Simply Super Software\Trojan Remover\

Database directory: C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software\Trojan Remover\Data\

Logfile directory: C:\Documents and Settings\Patryk\Moje dokumenty\Simply Super Software\Trojan Remover Logfiles\

Program directory: C:\Program Files\Trojan Remover\

Running with Administrator privileges


************************************************************


************************************************************

01:55:15: ----- SCANNING FOR ROOTKIT SERVICES -----

No hidden Services were detected.


************************************************************

01:55:16: Scanning -----WINDOWS REGISTRY-----

--------------------

Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon

This key's "Shell" value calls the following program(s):

Key value: [Explorer.exe]

File: Explorer.exe

C:\WINDOWS\Explorer.exe

1005568 bytes

Created: 2002-09-20 17:05

Modified: 2002-09-20 17:05

Company: Microsoft Corporation

----------

This key's "Userinit" value calls the following program(s):

Key value: [C]

File: C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\system32\userinit.exe

22528 bytes

Created: 2002-09-20 17:05

Modified: 2002-09-20 17:05

Company: Microsoft Corporation

----------

This key's "System" value appears to be blank

----------

This key's "UIHost" value calls the following program:

Key value: [logonui.exe]

File: logonui.exe

C:\WINDOWS\System32\logonui.exe

504832 bytes

Created: 2002-09-20 17:05

Modified: 2002-09-20 17:05

Company: Microsoft Corporation

----------

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

--------------------

Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Value Name: load

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value Name: VTTimer

Value Data: VTTimer.exe

C:\WINDOWS\System32\VTTimer.exe

53248 bytes

Created: 2010-10-08 15:28

Modified: 2006-09-21 15:36

Company: S3 Graphics, Inc.

--------------------

Value Name: VTTrayp

Value Data: VTtrayp.exe

C:\WINDOWS\System32\VTtrayp.exe

176128 bytes

Created: 2010-10-08 15:28

Modified: 2006-12-15 13:04

Company: S3 Graphics Co., Ltd.

--------------------

Value Name: OrangeDeamon

Value Data: C:\Program Files\Orange\Orange.exe

C:\Program Files\Orange\Orange.exe

20336640 bytes

Created: 2010-10-11 15:27

Modified: 2008-05-16 11:33

Company: [no info]

--------------------

Value Name: AdslTaskBar

Value Data: rundll32.exe stmctrl.dll,TaskBar

C:\WINDOWS\System32\stmctrl.dll

151552 bytes

Created: 2010-10-11 15:28

Modified: 2008-04-23 09:30

Company: STMicroelectronics              

--------------------

Value Name: SoundMan

Value Data: SOUNDMAN.EXE

C:\WINDOWS\SOUNDMAN.EXE

73728 bytes

Created: 2010-10-16 10:28

Modified: 2004-10-27 07:49

Company: Realtek Semiconductor Corp.

--------------------

Value Name: KernelFaultCheck

Value Data: %systemroot%\system32\dumprep 0 -k

C:\WINDOWS\system32\dumprep.exe

9216 bytes

Created: 2002-09-20 17:05

Modified: 2002-09-20 17:05

Company: Microsoft Corporation

--------------------

Value Name: egui

Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

1410304 bytes

Created: 2007-11-23 21:51

Modified: 2007-11-23 21:51

Company: ESET

--------------------

Value Name: TrojanScanner

Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot

C:\Program Files\Trojan Remover\Trjscan.exe

1167808 bytes

Created: 2005-01-02 01:50

Modified: 2010-08-02 14:47

Company: Simply Super Software

--------------------

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

This Registry Key appears to be empty

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

This Registry Key appears to be empty

--------------------

Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Value Name: CTFMON.EXE

Value Data: C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\ctfmon.exe

13312 bytes

Created: 2002-09-20 17:05

Modified: 2002-09-20 17:05

Company: Microsoft Corporation

--------------------

Value Name: BitTorrent

Value Data: "C:\Program Files\BitTorrent\BitTorrent.exe"

C:\Program Files\BitTorrent\BitTorrent.exe

3058032 bytes

Created: 2010-10-16 09:34

Modified: 2010-10-16 09:34

Company: BitTorrent, Inc.

--------------------


************************************************************

01:55:22: Scanning -----SHELLEXECUTEHOOKS-----

ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}

File: shell32.dll - this file is expected and has been left in place

----------


************************************************************

01:55:22: Scanning -----HIDDEN REGISTRY ENTRIES-----

Taskdir check completed

----------

No Hidden File-loading Registry Entries found

----------


************************************************************

01:55:22: Scanning -----ACTIVE SCREENSAVER-----

ScreenSaver: C:\WINDOWS\System32\logon.scr

C:\WINDOWS\System32\logon.scr

219648 bytes

Created: 2002-09-20 17:05

Modified: 2002-09-20 17:05

Company: Microsoft Corporation

--------------------


************************************************************

01:55:22: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

Key: {22d6f312-b0f6-11d0-94ab-0080c74c7e95}

Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT

C:\WINDOWS\INF\mplayer2.inf

37582 bytes

Created: 2001-10-26 18:25

Modified: 2001-10-26 18:25

Company: [no info]

----------

Key: {306D6C21-C1B6-4629-986C-E59E1875B8AF}

Path: "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser

C:\Program Files\Messenger\msgsc.dll

109152 bytes

Created: 2010-10-08 14:13

Modified: 2002-08-20 12:39

Company: Microsoft Corporation

----------


************************************************************

01:55:23: Scanning ----- SERVICEDLL REGISTRY KEYS -----

Key: HidServ

%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)

--------------------

Key: RpcSs

Path: %SystemRoot%\system32\rpcss.dll

C:\WINDOWS\system32\rpcss.dll

260608 bytes

Created: 2002-09-20 17:04

Modified: 2002-09-20 17:04

Company: Microsoft Corporation

--------------------

Key: WmdmPmSp

Path: C:\WINDOWS\System32\mspmspsv.dll

C:\WINDOWS\System32\mspmspsv.dll

47104 bytes

Created: 2001-10-26 18:29

Modified: 2001-10-26 18:29

Company: Microsoft Corporation

--------------------


************************************************************

01:55:24: Scanning ----- SERVICES REGISTRY KEYS -----

Key: abp470n5

ImagePath: \??\C:\WINDOWS\System32\drivers\lomkjn.sys

C:\WINDOWS\System32\drivers\lomkjn.sys - [file not found to scan]

----------

Key: atapi

ImagePath: System32\DRIVERS\atapi.sys

C:\WINDOWS\System32\DRIVERS\atapi.sys

86912 bytes

Created: 2002-08-29 00:27

Modified: 2002-08-29 00:27

Company: Microsoft Corporation

----------

Key: BIOS

ImagePath: \??\C:\WINDOWS\System32\drivers\BIOS.sys

C:\WINDOWS\System32\drivers\BIOS.sys

-R- 13696 bytes

Created: 2010-10-16 10:25

Modified: 2005-03-16 07:23

Company: BIOSTAR Group

----------

Key: cpuz134

ImagePath: \??\C:\WINDOWS\System32\drivers\cpuz134_x32.sys

C:\WINDOWS\System32\drivers\cpuz134_x32.sys

20328 bytes

Created: 2010-10-16 10:28

Modified: 2010-07-09 12:18

Company: Windows (R) Win 7 DDK provider

----------

Key: eamon

ImagePath: System32\DRIVERS\eamon.sys

C:\WINDOWS\System32\DRIVERS\eamon.sys

33800 bytes

Created: 2007-11-23 21:50

Modified: 2007-11-23 21:50

Company: Eset 

----------

Key: easdrv

ImagePath: System32\DRIVERS\easdrv.sys

C:\WINDOWS\System32\DRIVERS\easdrv.sys

27656 bytes

Created: 2007-11-23 21:50

Modified: 2007-11-23 21:50

Company: ESET

----------

Key: EhttpSrv

ImagePath: C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

18176 bytes

Created: 2007-11-23 21:53

Modified: 2007-11-23 21:53

Company: [no info]

----------

Key: ekrn

ImagePath: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

455936 bytes

Created: 2007-11-23 21:51

Modified: 2007-11-23 21:51

Company: ESET

----------

Key: epfwtdir

ImagePath: System32\DRIVERS\epfwtdir.sys

C:\WINDOWS\System32\DRIVERS\epfwtdir.sys

30728 bytes

Created: 2007-11-23 21:52

Modified: 2007-11-23 21:52

Company: [no info]

----------

Key: NrConnmags

ImagePath: "C:\WINDOWS\system\csrss.exe"

C:\WINDOWS\system\csrss.exe - [file not found to scan]

----------

Key: rtl8139

ImagePath: System32\DRIVERS\RTL8139.SYS

C:\WINDOWS\System32\DRIVERS\RTL8139.SYS

23070 bytes

Created: 2010-10-14 18:25

Modified: 2001-08-17 19:12

Company: Realtek Semiconductor Corporation                                                

----------

Key: s3chipid

ImagePath: \??\C:\DOCUME~1\Patryk\USTAWI~1\Temp\s3chipid.sys

C:\DOCUME~1\Patryk\USTAWI~1\Temp\s3chipid.sys - [file not found to scan]

----------

Key: Secdrv

ImagePath: System32\DRIVERS\secdrv.sys

C:\WINDOWS\System32\DRIVERS\secdrv.sys

27440 bytes

Created: 2002-03-25 19:02

Modified: 2002-03-25 19:02

Company: [no info]

----------

Key: Stmatm

ImagePath: System32\DRIVERS\stmatm.sys

C:\WINDOWS\System32\DRIVERS\stmatm.sys

60255 bytes

Created: 2010-10-11 15:28

Modified: 2008-04-23 09:30

Company: STMicroelectronics              

----------

Key: SwPrv

ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{92761529-8B1D-4AF9-906B-1459EE640A81}

C:\WINDOWS\System32\dllhost.exe 

4608 bytes

Created: 2001-10-26 18:29

Modified: 2001-10-26 18:29

Company: Microsoft Corporation

----------

Key: TaurusUsb

ImagePath: System32\DRIVERS\torususb.sys

C:\WINDOWS\System32\DRIVERS\torususb.sys

683791 bytes

Created: 2010-10-11 15:28

Modified: 2008-04-23 09:30

Company: STMicroelectronics              

----------


************************************************************

01:55:29: Scanning -----VXD ENTRIES-----


************************************************************

01:55:29: Scanning ----- WINLOGON\NOTIFY DLLS -----


************************************************************

01:55:30: Scanning ----- CONTEXTMENUHANDLERS -----

Key: Eset Smart Security - Context Menu Shell Extension

CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D}

Path: C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll

C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll

156928 bytes

Created: 2007-11-23 21:54

Modified: 2007-11-23 21:54

Company: ESET

----------


************************************************************

01:55:30: Scanning ----- FOLDER\COLUMNHANDLERS -----


************************************************************

01:55:30: Scanning ----- BROWSER HELPER OBJECTS -----

No Browser Helper Objects found to scan


************************************************************

01:55:30: Scanning ----- SHELLSERVICEOBJECTS -----


************************************************************

01:55:30: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----


************************************************************

01:55:30: Scanning ----- IMAGEFILE DEBUGGERS -----

No "Debugger" entries found.


************************************************************

01:55:30: Scanning ----- APPINIT_DLLS -----

The AppInit_DLLs value is blank or does not exist


************************************************************

01:55:30: Scanning ----- SECURITY PROVIDER DLLS -----


************************************************************

01:55:30: Scanning ------ COMMON STARTUP GROUP ------

[C]

The Common Startup Group attempts to load the following file(s) at boot time:

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\desktop.ini

-HS- 84 bytes

Created: 2010-10-08 15:07

Modified: 2010-10-14 18:30

Company: [no info]

--------------------


************************************************************

No User Startup Groups were located to check


************************************************************

01:55:31: Scanning ----- SCHEDULED TASKS -----

No Scheduled Tasks found to scan


************************************************************

01:55:31: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----


************************************************************

01:55:31: Scanning ----- DEVICE DRIVER ENTRIES -----


************************************************************

01:55:31: ----- ADDITIONAL CHECKS -----

PE386 rootkit checks completed

----------

Winlogon registry rootkit checks completed

----------

Heuristic checks for hidden files/drivers completed

----------

Layered Service Provider entries checks completed

----------

==============================

Restrictive Windows Explorer Policies found in force on this computer:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System

Value: DisableRegistryTools

Value: DisableTaskMgr

All Policy Values listed have been removed or reset

==============================

Windows Explorer Policies checks completed

----------

Desktop Wallpaper: C:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

C:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

1440054 bytes

Created: 2010-10-08 14:23

Modified: 2010-10-12 14:37

Company: [no info]

----------

Web Desktop Wallpaper: %USERPROFILE%\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

C:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

1440054 bytes

Created: 2010-10-08 14:23

Modified: 2010-10-12 14:37

Company: [no info]

----------

DNS Server information:

Interface:   

NameServers: 79.163.127.70 217.116.100.65

Checks for rogue DNS NameServers completed

----------

The Security Center service is disabled

[Service set to DISABLED]

Additional checks completed


************************************************************

01:56:24: Scanning ----- RUNNING PROCESSES -----


C:\WINDOWS\System32\smss.exe

45568 bytes

Created: 2002-09-20 17:05

Modified: 2002-09-20 17:05

Company: Microsoft Corporation

--------------------

C:\WINDOWS\system32\winlogon.exe

519168 bytes

Created: 2002-09-20 17:05

Modified: 2002-09-20 17:05

Company: Microsoft Corporation

--------------------

C:\WINDOWS\system32\services.exe

101888 bytes

Created: 2001-10-26 18:30

Modified: 2001-10-26 18:30

Company: Microsoft Corporation

--------------------

C:\WINDOWS\system32\lsass.exe

11776 bytes

Created: 2002-09-20 17:05

Modified: 2002-09-20 17:05

Company: Microsoft Corporation

--------------------

C:\WINDOWS\system32\svchost.exe

12800 bytes

Created: 2001-10-26 18:30

Modified: 2001-10-26 18:30

Company: Microsoft Corporation

--------------------

C:\WINDOWS\System32\svchost.exe - file already scanned

--------------------

C:\WINDOWS\Explorer.EXE - file already scanned

--------------------

C:\WINDOWS\system32\spoolsv.exe

51200 bytes

Created: 2001-10-26 18:30

Modified: 2001-10-26 18:30

Company: Microsoft Corporation

--------------------

C:\WINDOWS\System32\VTTimer.exe - file already scanned

--------------------

C:\WINDOWS\System32\VTtrayp.exe - file already scanned

--------------------

C:\Program Files\Orange\Orange.exe - file already scanned

--------------------

C:\WINDOWS\SOUNDMAN.EXE - file already scanned

--------------------

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe - file already scanned

--------------------

C:\WINDOWS\System32\ctfmon.exe - file already scanned

--------------------

C:\Program Files\BitTorrent\BitTorrent.exe - file already scanned

--------------------

C:\Documents and Settings\Patryk\Dane aplikacji\Simply Super Software\Trojan Remover\qwi5.exe

FileSize: 3683248

[This is a Trojan Remover component]

--------------------

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe - file already scanned

--------------------


************************************************************

01:56:27: Checking HOSTS file

No malicious entries were found in the HOSTS file


************************************************************

------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------

HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":

http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":

%SystemRoot%\system32\blank.htm

HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":

http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":

http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":

http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":

http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":

C:\WINDOWS\System32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":

http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch


************************************************************

=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===

Scan completed at: 01:56:27 02 sty 2005

Total Scan time: 00:01:11

************************************************************



*****THE SYSTEM HAS BEEN RESTARTED*****

2005-01-02 01:53:17: Trojan Remover has been restarted

=======================================================

Removing the following registry keys:

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wuaucpl.exe - already removed (or did not exist)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wuaucpl.exe - already removed (or did not exist)

=======================================================

=======================================================

Deleting the following registry value(s):

HKLM\SYSTEM\CurrentControlSet\Services\Local Service\[ImagePath] - already deleted

=======================================================

2005-01-02 01:53:17: Trojan Remover closed

************************************************************



*****NORMAL SCAN FOR ACTIVE MALWARE*****

Trojan Remover Ver 6.8.2.2596. For information, email support@simplysup.com

[Unregistered version]

Scan started at: 01:51:10 02 sty 2005

Using Database v7555

Operating System: Windows XP Professional (SP1) [Build]

File System: NTFS

UserData directory: C:\Documents and Settings\Patryk\Dane aplikacji\Simply Super Software\Trojan Remover\

Database directory: C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software\Trojan Remover\Data\

Logfile directory: C:\Documents and Settings\Patryk\Moje dokumenty\Simply Super Software\Trojan Remover Logfiles\

Program directory: C:\Program Files\Trojan Remover\

Running with Administrator privileges


************************************************************


************************************************************

01:51:10: ----- SCANNING FOR ROOTKIT SERVICES -----

No hidden Services were detected.


************************************************************

01:51:11: Scanning -----WINDOWS REGISTRY-----

--------------------

Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon

This key's "Shell" value calls the following program(s):

Key value: [Explorer.exe]

File: Explorer.exe

C:\WINDOWS\Explorer.exe

1005568 bytes

Created: 2002-09-20 17:05

Modified: 2002-09-20 17:05

Company: Microsoft Corporation

----------

This key's "Userinit" value calls the following program(s):

Key value: [C]

File: C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\system32\userinit.exe

22528 bytes

Created: 2002-09-20 17:05

Modified: 2002-09-20 17:05

Company: Microsoft Corporation

----------

This key's "System" value appears to be blank

----------

This key's "UIHost" value calls the following program:

Key value: [logonui.exe]

File: logonui.exe

C:\WINDOWS\System32\logonui.exe

504832 bytes

Created: 2002-09-20 17:05

Modified: 2002-09-20 17:05

Company: Microsoft Corporation

----------

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

--------------------

Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Value Name: load

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value Name: VTTimer

Value Data: VTTimer.exe

C:\WINDOWS\System32\VTTimer.exe

53248 bytes

Created: 2010-10-08 15:28

Modified: 2006-09-21 15:36

Company: S3 Graphics, Inc.

--------------------

Value Name: VTTrayp

Value Data: VTtrayp.exe

C:\WINDOWS\System32\VTtrayp.exe

176128 bytes

Created: 2010-10-08 15:28

Modified: 2006-12-15 13:04

Company: S3 Graphics Co., Ltd.

--------------------

Value Name: OrangeDeamon

Value Data: C:\Program Files\Orange\Orange.exe

C:\Program Files\Orange\Orange.exe

20336640 bytes

Created: 2010-10-11 15:27

Modified: 2008-05-16 11:33

Company: [no info]

--------------------

Value Name: AdslTaskBar

Value Data: rundll32.exe stmctrl.dll,TaskBar

C:\WINDOWS\System32\stmctrl.dll

151552 bytes

Created: 2010-10-11 15:28

Modified: 2008-04-23 09:30

Company: STMicroelectronics              

--------------------

Value Name: SoundMan

Value Data: SOUNDMAN.EXE

C:\WINDOWS\SOUNDMAN.EXE

73728 bytes

Created: 2010-10-16 10:28

Modified: 2004-10-27 07:49

Company: Realtek Semiconductor Corp.

--------------------

Value Name: KernelFaultCheck

Value Data: %systemroot%\system32\dumprep 0 -k

C:\WINDOWS\system32\dumprep.exe

9216 bytes

Created: 2002-09-20 17:05

Modified: 2002-09-20 17:05

Company: Microsoft Corporation

--------------------

Value Name: egui

Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

1410304 bytes

Created: 2007-11-23 21:51

Modified: 2007-11-23 21:51

Company: ESET

--------------------

Value Name: TrojanScanner

Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot

C:\Program Files\Trojan Remover\Trjscan.exe

1167808 bytes

Created: 2005-01-02 01:50

Modified: 2010-08-02 14:47

Company: Simply Super Software

--------------------

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

This Registry Key appears to be empty

--------------------

Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

This Registry Key appears to be empty

--------------------

Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Value Name: CTFMON.EXE

Value Data: C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\ctfmon.exe

13312 bytes

Created: 2002-09-20 17:05

Modified: 2002-09-20 17:05

Company: Microsoft Corporation

--------------------

Value Name: BitTorrent

Value Data: "C:\Program Files\BitTorrent\BitTorrent.exe"

C:\Program Files\BitTorrent\BitTorrent.exe

3058032 bytes

Created: 2010-10-16 09:34

Modified: 2010-10-16 09:34

Company: BitTorrent, Inc.

--------------------


************************************************************

01:51:18: Scanning -----SHELLEXECUTEHOOKS-----

ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}

File: shell32.dll - this file is expected and has been left in place

----------


************************************************************

01:51:18: Scanning -----HIDDEN REGISTRY ENTRIES-----

Taskdir check completed

----------

No Hidden File-loading Registry Entries found

----------


************************************************************

01:51:19: Scanning -----ACTIVE SCREENSAVER-----

ScreenSaver: C:\WINDOWS\System32\logon.scr

C:\WINDOWS\System32\logon.scr

219648 bytes

Created: 2002-09-20 17:05

Modified: 2002-09-20 17:05

Company: Microsoft Corporation

--------------------


************************************************************

01:51:19: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

Key: {22d6f312-b0f6-11d0-94ab-0080c74c7e95}

Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT

C:\WINDOWS\INF\mplayer2.inf

37582 bytes

Created: 2001-10-26 18:25

Modified: 2001-10-26 18:25

Company: [no info]

----------

Key: {306D6C21-C1B6-4629-986C-E59E1875B8AF}

Path: "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser

C:\Program Files\Messenger\msgsc.dll

109152 bytes

Created: 2010-10-08 14:13

Modified: 2002-08-20 12:39

Company: Microsoft Corporation

----------


************************************************************

01:51:21: Scanning ----- SERVICEDLL REGISTRY KEYS -----

Key: HidServ

%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)

--------------------

Key: RpcSs

Path: %SystemRoot%\system32\rpcss.dll

C:\WINDOWS\system32\rpcss.dll

260608 bytes

Created: 2002-09-20 17:04

Modified: 2002-09-20 17:04

Company: Microsoft Corporation

--------------------

Key: WmdmPmSp

Path: C:\WINDOWS\System32\mspmspsv.dll

C:\WINDOWS\System32\mspmspsv.dll

47104 bytes

Created: 2001-10-26 18:29

Modified: 2001-10-26 18:29

Company: Microsoft Corporation

--------------------


************************************************************

01:51:23: Scanning ----- SERVICES REGISTRY KEYS -----

Key: abp470n5

ImagePath: \??\C:\WINDOWS\System32\drivers\lomkjn.sys

C:\WINDOWS\System32\drivers\lomkjn.sys - [file not found to scan]

----------

Key: atapi

ImagePath: System32\DRIVERS\atapi.sys

C:\WINDOWS\System32\DRIVERS\atapi.sys

86912 bytes

Created: 2002-08-29 00:27

Modified: 2002-08-29 00:27

Company: Microsoft Corporation

----------

Key: BIOS

ImagePath: \??\C:\WINDOWS\System32\drivers\BIOS.sys

C:\WINDOWS\System32\drivers\BIOS.sys

-R- 13696 bytes

Created: 2010-10-16 10:25

Modified: 2005-03-16 07:23

Company: BIOSTAR Group

----------

Key: cpuz134

ImagePath: \??\C:\WINDOWS\System32\drivers\cpuz134_x32.sys

C:\WINDOWS\System32\drivers\cpuz134_x32.sys

20328 bytes

Created: 2010-10-16 10:28

Modified: 2010-07-09 12:18

Company: Windows (R) Win 7 DDK provider

----------

Key: eamon

ImagePath: System32\DRIVERS\eamon.sys

C:\WINDOWS\System32\DRIVERS\eamon.sys

33800 bytes

Created: 2007-11-23 21:50

Modified: 2007-11-23 21:50

Company: Eset 

----------

Key: easdrv

ImagePath: System32\DRIVERS\easdrv.sys

C:\WINDOWS\System32\DRIVERS\easdrv.sys

27656 bytes

Created: 2007-11-23 21:50

Modified: 2007-11-23 21:50

Company: ESET

----------

Key: EhttpSrv

ImagePath: C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

18176 bytes

Created: 2007-11-23 21:53

Modified: 2007-11-23 21:53

Company: [no info]

----------

Key: ekrn

ImagePath: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

455936 bytes

Created: 2007-11-23 21:51

Modified: 2007-11-23 21:51

Company: ESET

----------

Key: epfwtdir

ImagePath: System32\DRIVERS\epfwtdir.sys

C:\WINDOWS\System32\DRIVERS\epfwtdir.sys

30728 bytes

Created: 2007-11-23 21:52

Modified: 2007-11-23 21:52

Company: [no info]

----------

Key: Local Service

ImagePath: "C:\WINDOWS\wuaucpl.exe"

C:\WINDOWS\wuaucpl.exe

-RHS- 415232 bytes

Created: 2010-10-14 19:00

Modified: 2010-10-14 19:00

Company: [no info]

C:\WINDOWS\wuaucpl.exe appears to be in-use/locked

C:\WINDOWS\wuaucpl.exe - this registry value has been removed

C:\WINDOWS\wuaucpl.exe - process is either not running or could not be terminated

C:\WINDOWS\wuaucpl.exe - READ-ONLY, HIDDEN and SYSTEM file attributes removed

C:\WINDOWS\wuaucpl.exe - file renamed to: C:\WINDOWS\wuaucpl.exe.vir

----------

Key: NrConnmags

ImagePath: "C:\WINDOWS\system\csrss.exe"

C:\WINDOWS\system\csrss.exe - [file not found to scan]

----------

Key: rtl8139

ImagePath: System32\DRIVERS\RTL8139.SYS

C:\WINDOWS\System32\DRIVERS\RTL8139.SYS

23070 bytes

Created: 2010-10-14 18:25

Modified: 2001-08-17 19:12

Company: Realtek Semiconductor Corporation                                                

----------

Key: s3chipid

ImagePath: \??\C:\DOCUME~1\Patryk\USTAWI~1\Temp\s3chipid.sys

C:\DOCUME~1\Patryk\USTAWI~1\Temp\s3chipid.sys - [file not found to scan]

----------

Key: Secdrv

ImagePath: System32\DRIVERS\secdrv.sys

C:\WINDOWS\System32\DRIVERS\secdrv.sys

27440 bytes

Created: 2002-03-25 19:02

Modified: 2002-03-25 19:02

Company: [no info]

----------

Key: Stmatm

ImagePath: System32\DRIVERS\stmatm.sys

C:\WINDOWS\System32\DRIVERS\stmatm.sys

60255 bytes

Created: 2010-10-11 15:28

Modified: 2008-04-23 09:30

Company: STMicroelectronics              

----------

Key: SwPrv

ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{92761529-8B1D-4AF9-906B-1459EE640A81}

C:\WINDOWS\System32\dllhost.exe 

4608 bytes

Created: 2001-10-26 18:29

Modified: 2001-10-26 18:29

Company: Microsoft Corporation

----------

Key: TaurusUsb

ImagePath: System32\DRIVERS\torususb.sys

C:\WINDOWS\System32\DRIVERS\torususb.sys

683791 bytes

Created: 2010-10-11 15:28

Modified: 2008-04-23 09:30

Company: STMicroelectronics              

----------


************************************************************

01:51:40: Scanning -----VXD ENTRIES-----


************************************************************

01:51:40: Scanning ----- WINLOGON\NOTIFY DLLS -----


************************************************************

01:51:40: Scanning ----- CONTEXTMENUHANDLERS -----

Key: Eset Smart Security - Context Menu Shell Extension

CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D}

Path: C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll

C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll

156928 bytes

Created: 2007-11-23 21:54

Modified: 2007-11-23 21:54

Company: ESET

----------


************************************************************

01:51:40: Scanning ----- FOLDER\COLUMNHANDLERS -----


************************************************************

01:51:40: Scanning ----- BROWSER HELPER OBJECTS -----

No Browser Helper Objects found to scan


************************************************************

01:51:40: Scanning ----- SHELLSERVICEOBJECTS -----


************************************************************

01:51:40: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----


************************************************************

01:51:40: Scanning ----- IMAGEFILE DEBUGGERS -----

No "Debugger" entries found.


************************************************************

01:51:40: Scanning ----- APPINIT_DLLS -----

The AppInit_DLLs value is blank or does not exist


************************************************************

01:51:41: Scanning ----- SECURITY PROVIDER DLLS -----


************************************************************

01:51:41: Scanning ------ COMMON STARTUP GROUP ------

[C]

The Common Startup Group attempts to load the following file(s) at boot time:

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\desktop.ini

-HS- 84 bytes

Created: 2010-10-08 15:07

Modified: 2010-10-14 18:30

Company: [no info]

--------------------


************************************************************

No User Startup Groups were located to check


************************************************************

01:51:41: Scanning ----- SCHEDULED TASKS -----

No Scheduled Tasks found to scan


************************************************************

01:51:41: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----


************************************************************

01:51:41: Scanning ----- DEVICE DRIVER ENTRIES -----


************************************************************

01:51:42: ----- ADDITIONAL CHECKS -----

PE386 rootkit checks completed

----------

Winlogon registry rootkit checks completed

----------

Heuristic checks for hidden files/drivers completed

----------

Layered Service Provider entries checks completed

----------

==============================

Restrictive Windows Explorer Policies found in force on this computer:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System

Value: DisableRegistryTools

Value: DisableTaskMgr

All Policy Values listed have been removed or reset

==============================

Windows Explorer Policies checks completed

----------

Desktop Wallpaper: C:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

C:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

1440054 bytes

Created: 2010-10-08 14:23

Modified: 2010-10-12 14:37

Company: [no info]

----------

Web Desktop Wallpaper: %USERPROFILE%\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

C:\Documents and Settings\Patryk\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

1440054 bytes

Created: 2010-10-08 14:23

Modified: 2010-10-12 14:37

Company: [no info]

----------

DNS Server information:

Interface:   

NameServers: 79.163.127.70 217.116.100.65

Checks for rogue DNS NameServers completed

----------

The Security Center service is disabled

[Service set to DISABLED]

Additional checks completed


************************************************************

01:51:47: Scanning ----- RUNNING PROCESSES -----


C:\WINDOWS\System32\smss.exe

45568 bytes

Created: 2002-09-20 17:05

Modified: 2002-09-20 17:05

Company: Microsoft Corporation

--------------------

C:\WINDOWS\system32\winlogon.exe

519168 bytes

Created: 2002-09-20 17:05

Modified: 2002-09-20 17:05

Company: Microsoft Corporation

--------------------

C:\WINDOWS\system32\services.exe

101888 bytes

Created: 2001-10-26 18:30

Modified: 2001-10-26 18:30

Company: Microsoft Corporation

--------------------

C:\WINDOWS\system32\lsass.exe

11776 bytes

Created: 2002-09-20 17:05

Modified: 2002-09-20 17:05

Company: Microsoft Corporation

--------------------

C:\WINDOWS\system32\svchost.exe

12800 bytes

Created: 2001-10-26 18:30

Modified: 2001-10-26 18:30

Company: Microsoft Corporation

--------------------

C:\WINDOWS\System32\svchost.exe - file already scanned

--------------------

C:\WINDOWS\Explorer.EXE - file already scanned

--------------------

C:\WINDOWS\system32\spoolsv.exe

51200 bytes

Created: 2001-10-26 18:30

Modified: 2001-10-26 18:30

Company: Microsoft Corporation

--------------------

C:\WINDOWS\System32\VTTimer.exe - file already scanned

--------------------

C:\WINDOWS\System32\VTtrayp.exe - file already scanned

--------------------

C:\Program Files\Orange\Orange.exe - file already scanned

--------------------

C:\WINDOWS\SOUNDMAN.EXE - file already scanned

--------------------

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe - file already scanned

--------------------

C:\WINDOWS\System32\ctfmon.exe - file already scanned

--------------------

C:\Program Files\BitTorrent\BitTorrent.exe - file already scanned

--------------------

C:\Program Files\Mozilla Firefox\firefox.exe

910296 bytes

Created: 2010-10-08 14:40

Modified: 2010-09-15 00:08

Company: Mozilla Corporation

--------------------

C:\Program Files\Mozilla Firefox\plugin-container.exe

14808 bytes

Created: 2010-10-08 14:40

Modified: 2010-09-15 00:08

Company: Mozilla Corporation

--------------------

C:\Documents and Settings\Patryk\Dane aplikacji\Simply Super Software\Trojan Remover\mmt124.exe

FileSize: 3683248

[This is a Trojan Remover component]

--------------------

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe - file already scanned

--------------------


************************************************************

01:51:50: Checking HOSTS file

No malicious entries were found in the HOSTS file


************************************************************

------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------

HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":

http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":

%SystemRoot%\system32\blank.htm

HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":

http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":

http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":

http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":

http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":

C:\WINDOWS\System32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":

http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch


************************************************************

=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===

=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===

Scan completed at: 01:51:50 02 sty 2005

Total Scan time: 00:00:40

-------------------------------------------------------------------------

Trojan Remover needs to restart the system to complete operations

2005-01-02 01:51:57: restart commenced

************************************************************

( zla data w logu poniewaz mialem inna na kompie i nie zmienialem jej :smiley:

-- Dodane 17.10.2010 (N) 16:49 --

log z Hi Jack This :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:47:57, on 2010-10-17

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\System32\VTTimer.exe

C:\WINDOWS\System32\VTtrayp.exe

C:\Program Files\Orange\Orange.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\BitTorrent\BitTorrent.exe

C:\WINDOWS\System32\cryptnets.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\System32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM..\Run: [VTTimer] VTTimer.exe

O4 - HKLM..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM..\Run: [OrangeDeamon] C:\Program Files\Orange\Orange.exe

O4 - HKLM..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot

O4 - HKLM..\Run: [internet Security Service] cryptnets.exe

O4 - HKLM..\RunServices: [internet Security Service] cryptnets.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU..\Run: [bitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe"

O4 - HKCU..\Run: [internet Security Service] cryptnets.exe

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-21-1229272821-113007714-839522115-1003..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O17 - HKLM\System\CCS\Services\Tcpip..{356A795E-4656-49D6-937C-7D4B054A3CCD}: NameServer = 217.116.100.65 79.163.127.70

O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Remote Network Connections to Manage (NrConnmags) - Unknown owner - C:\WINDOWS\system\csrss.exe (file missing)

--

End of file - 3504 bytes

proszę o wszelką możliwą pomoc z waszej strony z góry thx :slight_smile:


(Neon1992) #2

HijackThis to przeżytek.

Daj logi z OTL (OTL.txt oraz Extras.txt).