Proszę o sprawdzenie log'a, trojanDownloader.Wigon.bs
Prosze o pomoc w usunieciu win32 small EPJ
witam.zamuliło mi kompa prosze o sprawdzenie logów
głośniki blaupunkta JBL i GROUND ZERO..prosze o opinie
o wejscie prosze osoby chodzące do tamady!!
Odjazdy autobusów z łodzi -Prosze o pomoc
Zostałam zasypana reklamami ! Prosze o pomoc!
moze ktos sprawdzic mi log?prosze
Prosze o pomoc (Asdef mnie tu skierowal)
Prosze o pomoz wirus samo odnawialny...
chomiki
Komp przeskanowany najnowszą bazą Avasta która nic nie wykryła ale dostawca internetu odłączył mi dostęp bo coś jednak mam na kompie - będę wdzięczny za szybką pomoc - korzystam z sieci gościnnie dlatego nie za bardzo mam możliwość wgłębienia sie bardziej w obsługę logów. Z góry dziękuję za pomoc:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:52:50, on 2010-02-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\tp4mon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: cbssreg - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 4271 bytes
Infekcja jest, ale podaj inne logi, z: OTL, GMER oraz System Repair Engineer
Masz rootkita. Wykasuj:
O20 - Winlogon Notify: cbssreg - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll
Zainstaluj SP3 i IE8 w celu poprawy bezpieczeństwa innych aplikacji i całego komputera.
Zaktualizuj Avasta: http://files.avast.com/ia...av_free_pol.exe - potem musisz go jeszcze skonfigurować, aby nie obciążał systemu (wyłącz animację ikony, dźwięki i inne niepotrzebne funkcje)
W autostarcie masz parę wpisów, które są zbędne: apdproxy.exe, QTTask.exe, Reader_sl.exe.
Tu log z OTLa - pozostałe właśnie instaluję
OTL logfile created on: 2010-02-23 19:08:41 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\KOMPUTEREK\Pulpit
Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
255,00 Mb Total Physical Memory | 155,00 Mb Available Physical Memory | 61,00% Memory free
626,00 Mb Paging File | 384,00 Mb Available in Paging File | 61,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 3,59 Gb Free Space | 9,64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LORD
Current User Name: KOMPUTEREK
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010-02-23 18:10:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
PRC - [2009-03-09 20:29:00 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-02-05 22:08:45 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-02-05 22:08:40 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-02-05 22:01:25 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2006-09-14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2004-08-03 23:44:28 | 000,082,432 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\tp4mon.exe
PRC - [2004-08-03 23:44:22 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-07-03 00:25:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
========== Modules (SafeList) ==========
MOD - [2010-02-23 18:10:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
MOD - [2004-08-03 23:42:34 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2009-03-09 20:29:00 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-02-05 22:08:40 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-02-05 22:08:26 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-02-05 22:06:04 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-02-05 22:01:25 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2006-10-26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006-10-26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-09-14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2004-08-03 23:44:02 | 000,027,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2003-07-03 00:25:00 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
========== Driver Services (SafeList) ==========
DRV - [2009-02-05 22:08:10 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-02-05 22:07:23 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-02-05 22:07:12 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-02-05 22:06:20 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-02-05 22:06:10 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-02-05 22:05:11 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-12-20 10:28:02 | 000,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008-09-23 21:12:05 | 000,020,747 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2007-01-04 09:41:00 | 000,255,488 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netr73.sys -- (netr73)
DRV - [2006-01-12 19:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004-08-03 23:38:40 | 000,607,068 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004-08-03 22:00:52 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2003-07-03 00:25:00 | 000,011,344 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2003-01-22 20:57:58 | 000,122,240 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001-10-30 13:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2001-10-30 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001-10-26 16:50:42 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Sterownik karty Intel(R)
DRV - [2001-08-17 21:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001-08-17 20:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Usługa instalacyjna sterownika audio Intel(r) 82801 (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-343818398-688789844-1060284298-1004\S-1-5-21-343818398-688789844-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-11-26 20:33:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-11-07 09:38:12 | 000,000,000 | ---D | M]
[2008-09-23 21:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Extensions
[2010-02-22 16:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Firefox\Profiles\p1e0kkc1.default\extensions
[2009-05-30 07:17:07 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Firefox\Profiles\p1e0kkc1.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2009-06-23 17:20:26 | 000,000,000 | ---D | M] (jDownFF) -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Firefox\Profiles\p1e0kkc1.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010-02-22 16:24:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006-02-12 20:06:23 | 000,602,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSignPlugin.dll
[2009-07-30 23:44:16 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-07-30 23:44:16 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-07-30 23:44:16 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-07-30 23:44:16 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-07-30 23:44:16 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-07-30 23:44:16 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml
O1 HOSTS File: ([2001-10-30 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4mon.exe (IBM Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-688789844-1060284298-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedi...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.134.128.19 213.134.128.20
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe) - C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe ()
O20 - HKU\S-1-5-21-343818398-688789844-1060284298-1004 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0553292099-4567294890-242777550-9292\winsystem.exe) - C:\RECYCLER\S-1-5-21-0553292099-4567294890-242777550-9292\winsystem.exe ()
O20 - HKU\S-1-5-21-343818398-688789844-1060284298-1004 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-343818398-688789844-1060284298-1004 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe) - C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe ()
O20 - Winlogon\Notify\cbssreg: DllName - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll ()
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-11-20 13:33:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010-02-23 18:09:57 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
[2010-02-23 17:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-02-23 17:39:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-02-23 17:39:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-02-21 10:56:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings
[2010-02-10 17:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KOMPUTEREK\Pulpit\MH
[2010-02-01 18:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KOMPUTEREK\Pulpit\pity
[2006-05-15 16:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2005-11-20 13:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2005-11-20 13:33:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2005-11-20 13:33:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[4 C:\WINDOWS\*.tmp files C:\WINDOWS\*.tmp ]
[1 C:\WINDOWS\System32\*.tmp files C:\WINDOWS\System32\*.tmp ]
========== Files - Modified Within 30 Days ==========
[2010-02-23 19:07:55 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\ntuser.dat
[2010-02-23 18:10:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
[2010-02-23 17:45:34 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\Pulpit\HijackThis.lnk
[2010-02-23 17:14:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-23 17:13:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-23 13:30:51 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\KOMPUTEREK\ntuser.ini
[2010-02-20 07:43:07 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-19 19:02:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\chrtmp
[2010-02-14 13:48:58 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-31 07:24:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[4 C:\WINDOWS\*.tmp files C:\WINDOWS\*.tmp ]
[1 C:\WINDOWS\System32\*.tmp files C:\WINDOWS\System32\*.tmp ]
========== Files Created - No Company Name ==========
[2010-02-23 17:45:34 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Pulpit\HijackThis.lnk
[2010-02-19 19:02:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\chrtmp
[2009-05-30 07:27:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009-03-20 17:42:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2009-02-12 00:19:42 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008-09-25 21:32:40 | 000,001,266 | ---- | C] () -- C:\WINDOWS\bestplayer.ini
[2008-09-23 22:24:10 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-09-23 22:11:35 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-09-23 21:48:40 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-09-23 21:48:39 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-09-23 21:48:33 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-09-23 21:48:33 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-09-23 21:48:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-09-23 21:48:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-09-23 21:48:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-09-23 21:12:29 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2003-07-03 00:25:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2001-10-30 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
< End of report >
Uruchom OTL w oknie Custom Scans/Fixes wklej:
:OTL
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe) - C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe ()
O20 - HKU\S-1-5-21-343818398-688789844-1060284298-1004 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0553292099-4567294890-242777550-9292\winsystem.exe) - C:\RECYCLER\S-1-5-21-0553292099-4567294890-242777550-9292\winsystem.exe ()
O20 - HKU\S-1-5-21-343818398-688789844-1060284298-1004 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe) - C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe ()
O20 - Winlogon\Notify\cbssreg: DllName - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll ()
:Files
C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings
C:\RECYCLER
C:\Qoobox
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe Photo Downloader"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"
[HKEY_USERS\S-1-5-21-343818398-688789844-1060284298-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=-
:Commands
[emptytemp]
[reboot]
Klikasz Run Fix. Dajesz log z usuwania + nowy log z OTL
W hijack... usunąłem rootkita o którym pisał WebCM, potem uruchomiłem Gmera ale zawiesił cały system - wyłączyłem na sztywno, zrobiłem w otlu jak pisał Blade a potem jeszcze skan SRE: poniżej logi po kolei:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan:C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe deleted successfully.
C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-343818398-688789844-1060284298-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-0553292099-4567294890-242777550-9292\winsystem.exe deleted successfully.
C:\RECYCLER\S-1-5-21-0553292099-4567294890-242777550-9292\winsystem.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-343818398-688789844-1060284298-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe deleted successfully.
File C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516\nissan.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg\ deleted successfully.
File move failed. C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll scheduled to be moved on reboot.
========== FILES ==========
Folder move failed. C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings scheduled to be moved on reboot.
C:\RECYCLER\S-1-5-21-9914090254-0814283880-759407442-4864 folder moved successfully.
C:\RECYCLER\S-1-5-21-9856136618-2032780866-436601514-6789 folder moved successfully.
C:\RECYCLER\S-1-5-21-9047805137-9583058611-404940635-9657 folder moved successfully.
C:\RECYCLER\S-1-5-21-682003330-764733703-854245398-1003 folder moved successfully.
C:\RECYCLER\S-1-5-21-6079975476-8446808430-172924369-1736 folder moved successfully.
C:\RECYCLER\S-1-5-21-5850312421-1991430824-123109813-8958 folder moved successfully.
C:\RECYCLER\S-1-5-21-4032942926-5141260847-086238207-5516 folder moved successfully.
C:\RECYCLER\S-1-5-21-343818398-688789844-1060284298-1004 folder moved successfully.
C:\RECYCLER\S-1-5-21-3204306752-0745215814-416467817-6082 folder moved successfully.
C:\RECYCLER\S-1-5-21-2781720372-9767588738-955256347-7753 folder moved successfully.
C:\RECYCLER\S-1-5-21-1502846540-6229800875-428045130-1999 folder moved successfully.
C:\RECYCLER\S-1-5-21-0553292099-4567294890-242777550-9292 folder moved successfully.
C:\RECYCLER\S-1-5-21-0215402219-1417864543-360333368-6112 folder moved successfully.
C:\RECYCLER folder moved successfully.
C:\Qoobox\TestC folder moved successfully.
C:\Qoobox\Test folder moved successfully.
C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
C:\Qoobox\Quarantine folder moved successfully.
C:\Qoobox\LastRun folder moved successfully.
C:\Qoobox\BackEnv folder moved successfully.
C:\Qoobox folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Photo Downloader deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"explorer.exe" /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-343818398-688789844-1060284298-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 314 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: All Users.WINDOWS
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: KOMPUTEREK
->Temp folder emptied: 480413582 bytes
->Temporary Internet Files folder emptied: 150718276 bytes
->Java cache emptied: 10250769 bytes
->FireFox cache emptied: 52850426 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService.ZARZĄDZANIE NT
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
User: NetworkService.ZARZĄDZANIE NT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: user
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1119389 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21980633 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 684,00 mb
OTL by OldTimer - Version 3.1.30.1 log created on 02232010_194414
Files\Folders moved on Reboot...
File move failed. C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_590.dat moved successfully.
Registry entries deleted on Reboot...
OTL logfile created on: 2010-02-23 19:48:05 - Run 2
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\KOMPUTEREK\Pulpit
Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
255,00 Mb Total Physical Memory | 28,00 Mb Available Physical Memory | 11,00% Memory free
626,00 Mb Paging File | 393,00 Mb Available in Paging File | 63,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 4,25 Gb Free Space | 11,40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LORD
Current User Name: KOMPUTEREK
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010-02-23 18:10:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
PRC - [2009-03-09 20:29:00 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-02-05 22:08:45 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-02-05 22:08:40 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-02-05 22:06:04 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-02-05 22:01:25 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2006-09-14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006-03-03 11:46:58 | 000,622,592 | ---- | M] (TP-LINK TECHNOLOGIES CO., LTD.) -- C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
PRC - [2004-08-03 23:44:28 | 000,082,432 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\tp4mon.exe
PRC - [2004-08-03 23:44:22 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-07-03 00:25:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
========== Modules (SafeList) ==========
MOD - [2010-02-23 18:10:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
MOD - [2004-08-03 23:42:34 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2009-03-09 20:29:00 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-02-05 22:08:40 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-02-05 22:08:26 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-02-05 22:06:04 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-02-05 22:01:25 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2006-10-26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006-10-26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-09-14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2004-08-03 23:44:02 | 000,027,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2003-07-03 00:25:00 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
========== Driver Services (SafeList) ==========
DRV - [2009-02-05 22:08:10 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-02-05 22:07:23 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-02-05 22:07:12 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-02-05 22:06:20 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-02-05 22:06:10 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-02-05 22:05:11 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-12-20 10:28:02 | 000,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008-09-23 21:12:05 | 000,020,747 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2007-01-04 09:41:00 | 000,255,488 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netr73.sys -- (netr73)
DRV - [2006-01-12 19:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004-08-03 23:38:40 | 000,607,068 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004-08-03 22:00:52 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2003-07-03 00:25:00 | 000,011,344 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2003-01-22 20:57:58 | 000,122,240 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001-10-30 13:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2001-10-30 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001-10-26 16:50:42 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Sterownik karty Intel(R)
DRV - [2001-08-17 21:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001-08-17 20:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Usługa instalacyjna sterownika audio Intel(r) 82801 (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-343818398-688789844-1060284298-1004\S-1-5-21-343818398-688789844-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-11-26 20:33:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-11-07 09:38:12 | 000,000,000 | ---D | M]
[2008-09-23 21:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Extensions
[2010-02-22 16:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Firefox\Profiles\p1e0kkc1.default\extensions
[2009-05-30 07:17:07 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Firefox\Profiles\p1e0kkc1.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2009-06-23 17:20:26 | 000,000,000 | ---D | M] (jDownFF) -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\Mozilla\Firefox\Profiles\p1e0kkc1.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010-02-22 16:24:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006-02-12 20:06:23 | 000,602,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSignPlugin.dll
[2009-07-30 23:44:16 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-07-30 23:44:16 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-07-30 23:44:16 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-07-30 23:44:16 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-07-30 23:44:16 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-07-30 23:44:16 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml
O1 HOSTS File: ([2001-10-30 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4mon.exe (IBM Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-688789844-1060284298-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedi...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.134.128.19 213.134.128.20
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-0553292099-4567294890-242777550-9292\winsystem.exe) - C:\RECYCLER\S-1-5-21-0553292099-4567294890-242777550-9292\winsystem.exe File not found
O20 - Winlogon\Notify\cbssreg: DllName - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll ()
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-11-20 13:33:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010-02-23 19:45:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-02-23 19:44:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-02-23 19:29:07 | 001,830,424 | ---- | C] (Smallfrogs Studio) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\SREngLdr.EXE
[2010-02-23 19:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KOMPUTEREK\Pulpit\Upload
[2010-02-23 18:09:57 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
[2010-02-23 17:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-02-23 17:39:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-02-21 10:56:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings
[2010-02-10 17:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KOMPUTEREK\Pulpit\MH
[2010-02-01 18:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KOMPUTEREK\Pulpit\pity
[2006-05-15 16:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2005-11-20 13:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2005-11-20 13:33:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2005-11-20 13:33:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
========== Files - Modified Within 30 Days ==========
[2010-02-23 19:47:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-23 19:47:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-23 19:46:07 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\ntuser.dat
[2010-02-23 19:46:07 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\KOMPUTEREK\ntuser.ini
[2010-02-23 18:10:00 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KOMPUTEREK\Pulpit\OTL.exe
[2010-02-23 17:45:34 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\Pulpit\HijackThis.lnk
[2010-02-20 07:43:07 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-19 19:02:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\chrtmp
[2010-02-14 13:48:58 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-31 07:24:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
========== Files Created - No Company Name ==========
[2010-02-23 19:28:44 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Pulpit\gmer.exe
[2010-02-23 17:45:34 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Pulpit\HijackThis.lnk
[2010-02-19 19:02:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\chrtmp
[2009-05-30 07:27:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009-03-20 17:42:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2009-02-12 00:19:42 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008-09-25 21:32:40 | 000,001,266 | ---- | C] () -- C:\WINDOWS\bestplayer.ini
[2008-09-23 22:24:10 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-09-23 22:11:35 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\KOMPUTEREK\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-09-23 21:48:40 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-09-23 21:48:39 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-09-23 21:48:33 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-09-23 21:48:33 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-09-23 21:48:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-09-23 21:48:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-09-23 21:48:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-09-23 21:12:29 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2003-07-03 00:25:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2001-10-30 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
< End of report >
2010-02-23,20:01:41
System Repair Engineer 2.8.2.1321
Smallfrogs (http://www.KZTechs.com)
Windows XP Home Edition Dodatek Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed
Follow item(s) have been selected:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Running Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Scheduled Tasks
Windows Security Update Check
API HOOK
Hidden Process
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<CTFMON.EXE><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<TrackPointSrv><tp4mon.exe> [(Verified)Microsoft Windows Publisher]
<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><%SystemRoot%\System32\webcheck.dll> [(Verified)Microsoft Windows Publisher]
<SysTray><C:\WINDOWS\System32\stobject.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg]
<WinlogonNotify: cbssreg><C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<Dostosowywanie przeglądarki><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Książka adresowa 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Aktualizacja pulpitu Windows><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr> [(Verified)Microsoft Windows Publisher]
==================================
Startup Folders
[TL-WN321G Wireless Utility]
<C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\TL-WN321G Wireless Utility.lnk C:\PROGRA~1\TP-LINK\TL-WN3~1\INSTAL~1\WINXP\TWCU.exe [TP-LINK TECHNOLOGIES CO., LTD.]><N>
==================================
Services
[Adobe Active File Monitor V5 / AdobeActiveFileMonitor5.0][Running/Auto Start]
<C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe><N/A>
[Zarządzanie aplikacjami / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
[avast! Mail Scanner / avast! Mail Scanner][Stopped/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[Dostęp do urządzeń interfejsu HID / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IBM PM Service / IBMPMSVC][Running/Auto Start]
<C:\WINDOWS\system32\ibmpmsvc.exe><N/A>
[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]
<"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.>
==================================
Drivers
[Usługa instalacyjna sterownika audio Intel(r) 82801 (WDM) / ac97intc][Running/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[AEGIS Protocol (IEEE 802.1x) v3.4.3.0 / AegisP][Running/Auto Start]
<System32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[aswFsBlk / aswFsBlk][Running/Auto Start]
<system32\DRIVERS\aswFsBlk.sys><ALWIL Software>
[Sterownik karty Intel(R) PRO / E100B][Running/Manual Start]
<System32\DRIVERS\e100b325.sys><Intel Corporation>
[IBMPMDRV / IBMPMDRV][Running/Manual Start]
<system32\DRIVERS\ibmpmdrv.sys><IBM Corp.>
[LT Modem Driver / ltmodem5][Running/Manual Start]
<System32\DRIVERS\ltmdmnt.sys><LT>
[TL-WN321G Wireless USB Adapter Driver for Vista / netr73][Stopped/Manual Start]
<System32\DRIVERS\netr73.sys><Ralink Technology Inc.>
[Sterownik urządzenia podczerwieni NSC / NSCIRDA][Running/Manual Start]
<System32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[Sterownik bezpośredniego połączenia kablowego / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[TL-WN321G USB Wireless Adapter / RT73][Stopped/Manual Start]
<System32\DRIVERS\rt73.sys><Ralink Technology, Corp.>
[S3SSavage / S3SSavage][Running/Manual Start]
<system32\DRIVERS\s3ssavm.sys><S3 Graphics, Inc.>
[SANDRA / SANDRA][Stopped/Manual Start]
<\??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Sandra.sys><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[Sterownik filtru urządzenia TrackPoint IBM PS/2 / TwoTrack][Running/Manual Start]
<System32\DRIVERS\TwoTrack.sys><IBM Corporation>
==================================
Browser Add-ons
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[Java(tm) Plug-In SSV Helper]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre6\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java(tm) Plug-In 2 SSV Helper]
{DBC80044-A445-435b-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.>
[JQSIEStartDetectorImpl Class]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[&Poszukaj]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_11]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_05]
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_07]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_11]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_11]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_11.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx, (Signed) Adobe Systems, Inc.>
[IDMIEHlprObj Class]
{0055C089-8582-441B-A0BF-17B458C2A3A8} <C:\Program Files\Internet Download Manager\IDMIECC.dll, N/A>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\System32\mshtml.dll, (Signed) N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\System32\shdocvw.dll, (Signed) N/A>
[Java(tm) Plug-In SSV Helper]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre6\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_11]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, (Signed) N/A>
[]
{BF00E119-21A3-4FD1-B178-3B8537E75C92} <, >
[Microsoft Office 12 Authorization Control]
{C9712B19-838B-45A5-ABF2-9A315DDDED50} <C:\PROGRA~1\MICROS~2\Office12\AUTHZAX.DLL, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx, (Signed) Adobe Systems, Inc.>
[Java(tm) Plug-In 2 SSV Helper]
{DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.>
[JQSIEStartDetectorImpl Class]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[E&ksport do programu Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
[E&ksportuj do programu Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A>
==================================
Running Processes
[PID: 572 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 620 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 644 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll] [N/A, ]
[PID: 688 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233)]
[PID: 700 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\wpcnervd.dll] [The GLib developer community, 2.22.3.0]
[PID: 852 / SYSTEM][C:\WINDOWS\system32\ibmpmsvc.exe] [N/A, ]
[PID: 876 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 952 / USŁUGA SIECIOWA][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1008 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1084 / SYSTEM][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1172 / USŁUGA SIECIOWA][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1336 / USŁUGA LOKALNA][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1352 / KOMPUTEREK][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\wpcnervd.dll] [The GLib developer community, 2.22.3.0]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
[C:\WINDOWS\system32\sql.dll] [WeOnlyDo! COM, 1, 0, 6, 11]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 8, 1335, 0]
[PID: 1380 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1335, 0]
[PID: 1496 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\AavmRpch.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\Polish\Base.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\aswRes.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\asw5Ldr.dll] [ALWIL Software, 1, 0, 0, 1]
[PID: 1620 / KOMPUTEREK][C:\WINDOWS\system32\tp4mon.exe] [IBM Corporation, 6.03 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\tp4res.dll] [IBM Corporation, 6.03 (XPClient.010817-1148)]
[PID: 1628 / KOMPUTEREK][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 8, 1335, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\Polish\Base.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\Polish\Lang.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.6030.0]
[c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 8, 1335, 0]
[c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 8, 1335, 0]
[c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 8, 1335, 0]
[c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 8, 1335, 0]
[c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 8, 1335, 0]
[c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 8, 1335, 0]
[PID: 1640 / KOMPUTEREK][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1656 / KOMPUTEREK][C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe] [TP-LINK TECHNOLOGIES CO., LTD., 1, 1, 6, 0]
[C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\AegisE5.dll] [Meetinghouse Data Communications, 3, 3, 10, 0]
[PID: 412 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 508 / USŁUGA LOKALNA][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 908 / SYSTEM][C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe] [N/A, ]
[C:\Program Files\Adobe\Photoshop Elements 5.0\platform.dll] [Adobe Systems, Inc., 1, 0, 0, 1]
[C:\Program Files\Adobe\Photoshop Elements 5.0\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Adobe\Photoshop Elements 5.0\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[PID: 1152 / SYSTEM][C:\Program Files\Java\jre6\bin\jqs.exe] [Sun Microsystems, Inc., 6.0.110.3]
[C:\Program Files\Java\jre6\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\netfxperf.dll] [Microsoft Corporation, 1.1.4322.573]
[PID: 1504 / USŁUGA LOKALNA][C:\WINDOWS\System32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 536 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\AavmRpch.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\Polish\Base.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 8, 1335, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 8, 1335, 0]
[PID: 2224 / SYSTEM][C:\WINDOWS\System32\wbem\wmiapsrv.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 532 / KOMPUTEREK][C:\Documents and Settings\KOMPUTEREK\Pulpit\SREngLdr.EXE] [Smallfrogs Studio, 2.8.2.1321]
[PID: 1264 / KOMPUTEREK][C:\Documents and Settings\KOMPUTEREK\Pulpit\SREa43be4f1.EXE] [Smallfrogs Studio, 2.8.2.1321]
[C:\Documents and Settings\KOMPUTEREK\Pulpit\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
N/A
==================================
Autorun.Inf
N/A
==================================
HOSTS File
127.0.0.1 localhost
==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1656, C:\PROGRAM FILES\TP-LINK\TL-WN321G WIRELESS UTILITY\INSTALLER\WINXP\TWCU.EXE]
==================================
Scheduled Tasks
N/A
==================================
Windows Security Update Check
N/A
==================================
API HOOK
N/A
==================================
Hidden Process
N/A
==================================
Jeszcze nie wszystko się usunęło.
Uruchom OTL w oknie Custom Scans/Fixes wklej:
:OTL
PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-0553292099-4567294890-242777550-9292\winsystem.exe) - C:\RECYCLER\S-1-5-21-0553292099-4567294890-242777550-9292\winsystem.exe File not found
O20 - Winlogon\Notify\cbssreg: DllName - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll - C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings\cbss.dll ()
:Files
C:\Documents and Settings\All Users.WINDOWS\Dokumenty\Settings
C:\Documents and Settings\KOMPUTEREK\Dane aplikacji\chrtmp
:Commands
[reboot]
Klikasz Run Fix. Dajesz log z usuwania + nowy log z OTL
