Wolnootwierające się strony


(Marek L5) #1

Bardzo wolno otwierają mi siestrony . , podejrzewam że kompa mam zarażonego jakimś syfem , proszę o sprawdzenie loga

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:12:46, on 2009-06-27

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe

C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Nowe Gadu-Gadu\gg.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE

C:\Program Files\Ares\Ares.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SMC\SMC2635W Wireless Cardbus Adapter Utility\drivers\WINXP\SMCRMonitor.exe

C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Marek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang PL

O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"

O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_S596.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: SMC2635W Wireless Cardbus Adapter Utility.lnk = C:\Program Files\SMC\SMC2635W Wireless Cardbus Adapter Utility\drivers\WINXP\SMCRMonitor.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe


--

End of file - 6619 bytes

(Henio Mazurek) #2

Na początek pokaż logi z OTL i gmer

http://www.searchengines.pl/index.php?s ... t&p=392369

http://www.gmer.net/


(Marek L5) #3

Oto logi z OTL :

[code]

OTL logfile created on: 2009-06-28 09:19:30 - Run 1

OTL by OldTimer - Version 3.0.5.3 Folder = C:\Documents and Settings\Marek\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


446,17 Mb Total Physical Memory | 107,49 Mb Available Physical Memory | 24,09% Memory free

1,03 Gb Paging File | 0,67 Gb Available in Paging File | 65,31% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37,26 Gb Total Space | 29,99 Gb Free Space | 80,49% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: MARK

Current User Name: Marek

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2005-06-29 07:55:40 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe

PRC - [2005-06-29 07:55:40 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe

PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2009-02-06 15:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

PRC - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2004-08-10 22:05:14 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe

PRC - [2005-06-28 21:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

PRC - [2004-10-08 23:44:24 | 00,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

PRC - [2004-10-08 23:43:12 | 00,688,218 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

PRC - [2005-08-01 23:25:44 | 01,093,632 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe

PRC - [2005-05-13 11:03:16 | 00,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe

PRC - [2004-11-17 10:56:10 | 01,077,327 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

PRC - [2005-05-31 05:33:00 | 00,122,941 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe

PRC - [2009-02-06 15:23:12 | 02,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

PRC - [2009-02-25 23:26:00 | 00,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe

PRC - [2009-03-09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2005-04-12 12:04:18 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

PRC - [2008-04-14 19:21:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

PRC - [2009-05-28 11:23:12 | 10,486,376 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe

PRC - [2007-04-12 08:00:00 | 00,182,272 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE

PRC - [2009-02-03 15:22:18 | 01,004,544 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe

PRC - [2009-03-16 11:07:11 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2004-03-09 12:04:16 | 00,860,251 | ---- | M] () -- C:\Program Files\SMC\SMC2635W Wireless Cardbus Adapter Utility\drivers\WINXP\SMCRMonitor.exe

PRC - [2009-05-28 10:33:44 | 00,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe

PRC - [2009-06-14 11:34:33 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009-06-28 09:18:21 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marek\Pulpit\OTL.exe


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - [2004-07-15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2005-06-29 07:55:40 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])

SRV - [2009-02-06 15:27:06 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])

SRV - [2009-02-06 15:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])

SRV - [2009-03-16 11:07:09 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2003-07-28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

SRV - [2004-08-10 22:05:14 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])


[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2005-05-25 01:39:44 | 00,465,952 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Stopped])

DRV - [2005-06-29 08:01:58 | 01,241,088 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])

DRV - [2005-06-11 06:42:40 | 00,005,504 | ---- | M] (Quanta Computer Corp) -- C:\WINDOWS\System32\drivers\BoiHwSetup.sys -- (BoiHwsetup [On_Demand | Running])

DRV - [2005-06-18 00:17:00 | 00,038,144 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\System32\drivers\camc6aud.sys -- (CAMCAUD [On_Demand | Running])

DRV - [2005-06-18 00:17:48 | 00,352,000 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\System32\drivers\camc6hal.sys -- (CAMCHALA [On_Demand | Running])

DRV - [2005-04-22 03:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])

DRV - [2005-04-21 02:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])

DRV - [2009-02-06 15:19:52 | 00,113,448 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running])

DRV - [2009-02-06 15:23:18 | 00,106,208 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv [System | Running])

DRV - [2009-02-06 15:24:24 | 00,093,336 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [System | Running])

DRV - [2005-04-01 02:08:02 | 00,211,200 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys -- (HSFHWATI [On_Demand | Running])

DRV - [2005-04-01 01:08:46 | 01,034,240 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])

DRV - [2004-03-17 20:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])

DRV - [2004-08-04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2008-08-20 19:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])

DRV - [2005-05-09 15:17:06 | 00,031,360 | ---- | M] (Quanta Computer, Inc.) -- C:\WINDOWS\System32\drivers\qkbfiltr.sys -- (qkbfiltr [On_Demand | Stopped])

DRV - [2005-05-05 14:27:38 | 00,007,936 | ---- | M] (Quanta Computer, Inc.) -- C:\WINDOWS\System32\drivers\qmofiltr.sys -- (qmofiltr [On_Demand | Stopped])

DRV - [2004-12-03 01:36:08 | 00,070,912 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])

DRV - [2004-08-04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])

DRV - [2008-04-13 18:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - [2003-12-12 10:43:32 | 00,051,456 | ---- | M] (SMC.) -- C:\WINDOWS\System32\DRIVERS\SMC2635R.sys -- (SMC2635R [On_Demand | Running])

DRV - [2005-05-13 10:37:28 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])

DRV - [2005-05-13 10:37:20 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\ssrtln.sys -- (ssrtln [System | Running])

DRV - [2004-10-08 23:33:46 | 00,185,824 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])

DRV - [2005-05-31 05:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])

DRV - [2005-05-31 05:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])

DRV - [2005-05-31 05:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])

DRV - [2005-05-31 05:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndres.sys -- (tfsndres [Auto | Running])

DRV - [2005-05-31 05:33:00 | 00,086,876 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])

DRV - [2005-05-31 05:33:00 | 00,015,069 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])

DRV - [2005-05-31 05:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])

DRV - [2005-05-31 05:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])

DRV - [2005-05-31 05:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])

DRV - [2003-12-04 15:50:00 | 00,017,401 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\SMC\SMC2635W Wireless Cardbus Adapter Utility\drivers\WINXP\W3304AN5.sys -- (W3304AN5 [On_Demand | Running])

DRV - [2005-04-01 01:08:00 | 00,714,880 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.startup.homepage: "http://www.wp.pl"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-03-04 15:40:04 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-06-25 11:10:55 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-06-14 11:34:38 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird


[2009-03-04 12:56:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Dane aplikacji\mozilla\Extensions

[2009-03-04 12:56:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009-03-04 12:56:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marek\Dane aplikacji\mozilla\Firefox\Profiles\jbzldenw.default\extensions

[2009-06-27 19:56:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009-06-14 11:34:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009-03-04 15:40:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

[2009-04-19 13:15:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009-06-14 11:34:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009-06-14 11:34:33 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009-03-09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009-06-14 11:34:34 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2003-07-15 07:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL

[2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml


O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Marek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)

O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)

O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [Toshiba Hotkey Utility] C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()

O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)

O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\SMC2635W Wireless Cardbus Adapter Utility.lnk = C:\Program Files\SMC\SMC2635W Wireless Cardbus Adapter Utility\drivers\WINXP\SMCRMonitor.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005-08-10 11:29:16 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2009-06-28 09:17:52 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marek\Pulpit\OTL.exe

[2009-06-27 23:00:50 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Marek\Pulpit\HijackThis.lnk

[2009-06-27 23:00:49 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009-06-27 23:00:08 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Marek\Pulpit\HJTInstall.exe

[2009-06-23 14:07:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marek\Moje dokumenty\ujek

[2009-06-23 14:01:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marek\Dane aplikacji\WinRAR

[2009-06-23 13:53:05 | 00,000,694 | ---- | C] () -- C:\Documents and Settings\Marek\Pulpit\WinRAR.lnk

[2009-06-23 13:52:59 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2009-06-01 12:02:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marek\Moje dokumenty\Dokumenty

[2009-05-31 11:07:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marek\Moje dokumenty\Pobrane

[2009-05-29 16:31:18 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Marek\Pulpit\Wyniki testu.doc

[2009-03-15 11:22:29 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2009-03-15 11:22:28 | 00,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009-03-15 11:22:26 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009-03-05 20:57:31 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2009-03-05 20:49:47 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CDEDX7400EXPORT.ini

[2005-08-10 16:12:58 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005-08-10 16:06:46 | 00,006,757 | ---- | C] () -- C:\WINDOWS\TcdsASC2.ini

[2005-08-10 15:57:57 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005-08-10 15:39:55 | 00,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005-08-10 15:36:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI

[2005-08-10 14:37:27 | 00,012,430 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini

[2005-08-10 14:37:27 | 00,002,070 | R--- | C] () -- C:\WINDOWS\SVPW32Str.ini

[2005-08-10 14:32:02 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini

[2005-08-10 14:32:02 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll

[2005-08-10 14:32:02 | 00,009,344 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini

[2005-08-10 14:32:02 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini

[2005-08-10 11:14:41 | 00,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005-08-10 11:14:21 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini

[2005-08-10 11:14:16 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

[2004-11-12 06:08:36 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll

[2003-07-10 21:45:46 | 00,651,264 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2003-07-10 21:45:46 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2003-04-08 12:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[1 C:\WINDOWS\System32\*.tmp files]

[1 C:\WINDOWS\*.tmp files]

[2009-06-28 09:18:21 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marek\Pulpit\OTL.exe

[2009-06-27 23:00:50 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Marek\Pulpit\HijackThis.lnk

[2009-06-27 23:00:21 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Marek\Pulpit\HJTInstall.exe

[2009-06-27 19:46:14 | 00,375,368 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009-06-27 19:46:14 | 00,328,326 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009-06-27 19:46:14 | 00,042,224 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009-06-27 19:46:14 | 00,000,918 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2009-06-27 19:46:14 | 00,000,536 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2009-06-27 19:44:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-06-27 19:44:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-06-27 19:44:33 | 46,791,4752 | -HS- | M] () -- C:\hiberfil.sys

[2009-06-25 11:20:59 | 05,328,854 | -H-- | M] () -- C:\Documents and Settings\Marek\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-06-23 13:53:05 | 00,000,694 | ---- | M] () -- C:\Documents and Settings\Marek\Pulpit\WinRAR.lnk

[2009-06-10 12:46:48 | 00,197,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009-06-10 11:03:32 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009-06-05 22:40:00 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Marek\Pulpit\Wyniki testu.doc

[2009-06-05 20:11:29 | 00,002,539 | ---- | M] () -- C:\Documents and Settings\Marek\Pulpit\Microsoft Office Word 2003.lnk

[2009-06-01 18:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

< End of report >

OTL Extras logfile created on: 2009-06-28 09:19:30 - Run 1 OTL by OldTimer - Version 3.0.5.3 Folder = C:\Documents and Settings\Marek\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 446,17 Mb Total Physical Memory | 107,49 Mb Available Physical Memory | 24,09% Memory free 1,03 Gb Paging File | 0,67 Gb Available in Paging File | 65,31% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37,26 Gb Total Space | 29,99 Gb Free Space | 80,49% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MARK Current User Name: Marek Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ==================== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes] .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY\_LOCAL\_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] ========== Authorized Applications List ========== [HKEY\_LOCAL\_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2008-04-13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [HKEY\_LOCAL\_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2009-02-03 15:22:18 | 01,004,544 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows [2008-04-13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2009-05-28 11:23:12 | 10,486,376 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player "{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver "{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility "{09C85E5A-3E10-4268-904C-BACEF16ECEF0}" = ESET NOD32 Antivirus "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = Panel sterowania ATI "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 13 "{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228 "{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch "{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = Program narzędziowy TOSHIBA Zooming Utility "{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Wyciszacz napędu CD/DVD "{A1CFBEF8-D9F6-4B2A-BDBE-7D8C0B0FE03A}" = Toshiba Hotkey Utility "{AC76BA86-7AD7-1045-7B44-A70000000000}" = Adobe Reader 7.0 - Polish "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility "{FEBD7C18-89D8-45A7-9F61-ECD2AD2CF04A}" = SMC2635W EZ Connect 2.4GHz 11 Mbps Wireless Cardbus Adapter "{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "All ATI Software" = Narzędzie Software Uninstall Utility firmy ATI "Ares" = Ares 2.1.1 "ATI Display Driver" = ATI Display Driver "CNXT_AUDIO" = Conexant AC-Link Audio "CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_FF311179" = AC97 Data Fax SoftModem with SmartCP "EPSON Printer and Utilities" = Oprogramowanie drukarki EPSON "EPSON Scanner" = EPSON Scan "EPSON Stylus CX7300_CX8300_DX7400_DX8400 Przewodnik użytkownika" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Podręcznik "HijackThis" = HijackThis 2.0.2 "InstallShield_{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility "InstallShield_{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility "InstallShield_{FEBD7C18-89D8-45A7-9F61-ECD2AD2CF04A}" = SMC2635W EZ Connect 2.4GHz 11 Mbps Wireless Cardbus Adapter "IrfanView" = IrfanView (remove only) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11) "Nowe Gadu-Gadu" = Nowe Gadu-Gadu "Program PC Diagnostic Tool" = Program TOSHIBA PC Narzędzie diagnostyczne "SynTPDeinstKey" = Synaptics Pointing Device Driver "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = Archiwizator WinRAR ========== Last 10 Event Log Errors ========== [Application Events] Error - 2009-03-04 06:42:42 | Computer Name = MARK | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: Określony serwer nie może wykonać żądanej operacji. Error - 2009-03-04 06:42:44 | Computer Name = MARK | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: Określony serwer nie może wykonać żądanej operacji. Error - 2009-03-04 09:14:19 | Computer Name = MARK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.0.3306, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2009-03-04 09:27:07 | Computer Name = MARK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.0.3306, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2009-03-04 09:29:50 | Computer Name = MARK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.0.3306, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2009-03-08 09:26:17 | Computer Name = MARK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca explorer.exe, wersja 6.0.2900.2180, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2009-03-25 07:11:42 | Computer Name = MARK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.0.3334, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2009-03-25 07:12:02 | Computer Name = MARK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca firefox.exe, wersja 1.9.0.3334, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2009-05-01 18:38:30 | Computer Name = MARK | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd ares.exe, wersja 2.1.1.3035, moduł powodujący błąd mplvw7.dll, wersja 1.0.0.3, adres błędu 0x0001c33a. Error - 2009-06-04 16:16:24 | Computer Name = MARK | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca Ares.exe, wersja 2.1.1.3035, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. [System Events] Error - 2009-06-24 06:17:08 | Computer Name = MARK | Source = Service Control Manager | ID = 7023 Description = Usługa Karta wydajności WMI zakończyła działanie; wystąpił następujący błąd: %%2147500037 Error - 2009-06-24 14:32:53 | Computer Name = MARK | Source = Service Control Manager | ID = 7023 Description = Usługa Karta wydajności WMI zakończyła działanie; wystąpił następujący błąd: %%2147500037 Error - 2009-06-24 15:25:27 | Computer Name = MARK | Source = Service Control Manager | ID = 7023 Description = Usługa Karta wydajności WMI zakończyła działanie; wystąpił następujący błąd: %%2147500037 Error - 2009-06-24 15:40:02 | Computer Name = MARK | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.1.100 dla karty sieciowej o adresie 0004E2D170BB został zabroniony przez serwer DHCP 192.168.1.254 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2009-06-24 15:46:45 | Computer Name = MARK | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.1.100 dla karty sieciowej o adresie 0004E2D170BB został zabroniony przez serwer DHCP 192.168.1.254 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2009-06-25 05:22:25 | Computer Name = MARK | Source = Service Control Manager | ID = 7023 Description = Usługa Karta wydajności WMI zakończyła działanie; wystąpił następujący błąd: %%2147500037 Error - 2009-06-25 05:41:40 | Computer Name = MARK | Source = Service Control Manager | ID = 7023 Description = Usługa Karta wydajności WMI zakończyła działanie; wystąpił następujący błąd: %%2147500037 Error - 2009-06-26 04:33:21 | Computer Name = MARK | Source = Windows Update Agent | ID = 20 Description = Instalacja nie powiodła się: system Windows nie mógł zainstalować następującej aktualizacji, ponieważ wystąpił błąd 0x80070643: Internet Explorer 8 dla systemu Windows XP. Error - 2009-06-27 13:44:49 | Computer Name = MARK | Source = Service Control Manager | ID = 7023 Description = Usługa Karta wydajności WMI zakończyła działanie; wystąpił następujący błąd: %%2147500037 Error - 2009-06-27 14:34:01 | Computer Name = MARK | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.1.102 dla karty sieciowej o adresie 0004E2D170BB został zabroniony przez serwer DHCP 192.168.1.254 (Serwer DHCP wysłał komunikat DHCPNACK). < End of report >


(Henio Mazurek) #4

Ech, nie przez code, bo to naprawdę się ciężko czyta. Wklejaj na www.wklej.org a tutaj link.

Wklej musowo log z gmer, bo tutaj nic nie widać.


(Marek L5) #5

Jeszcze raz OTL :

http://www.wklej.org/id/113206/

http://www.wklej.org/id/113208/

-- Dodane 28.06.2009 (N) 10:31 --

Mam jednak problem z Gmer-em. Zeskanowałem , ale niewiem gdzie pojawił się wpis z logiem ???? Nie ma żadnego notatnika jak w przypadku Hijacka , lub OTL


(Henio Mazurek) #6

Po zeskanowaniu gmerem klikasz przycisk Kopiuj , wklejasz na www.wklej.org i dajesz link.


(Marek L5) #7

Oto log GMER :

http://www.wklej.org/id/113227/


(Henio Mazurek) #8

Nic tutaj nie widać. Nie wygląda, że to od wirusów.

W OTL klikasz CleanUp.

Wykonaj skan skan dokładny Malwarebytes

http://dobreprogramy.pl/index.php?dz=2& ... lware+1.37

Przeczyść rejestr CCleaner'em

http://dobreprogramy.pl/index.php?dz=2& ... +v2.19.901

Zastosuj WWDC - pozamykaj wszystko by było na zielono, NetBios niech będzie na żółto

http://dobreprogramy.pl/index.php?dz=2& ... aner+1.4.1


(Marek L5) #9

Rozumiem więc że jeżeli chodzi , o bezpieczeństwo , różne robaki , trojany , wirusy , to z moim kompem jest ok ?

Zrobiłem tak jak poradziłeś mi :

Zadnych infekcji , wyczyszczony CCleaner,em , zastosowałem WWDC jest ok.

Co mi radzicie , w jakim dziale szukać teraz pomocy , co może być tego przyczyną , że te strony tak wolno sieotwierają ???


(Henio Mazurek) #10

Może to problem z modemem, przeinstaluj sterowniki, sprawdź czy nie jest uszkodzony.


(Marek L5) #11

Ok , dziękuję za pomoc w tym dziale. :smiley: