emik73

może to jakaś wina m$ bo ja miałem wczoraj podobne problemy i pomogła reinstalacja SP3

zainstalowałem ponownie SP3 i na razie ustały problemy - jeśli znów się powtórzą to wkleję wynik z WinDbg

Dziś po powrocie z pracy zauważyłem, że laptop średnio co godzinę zaczyna sam się restartować - sprawdziłem temperatury, które są ok, oraz sprawdziłem na obecność Blastera - wynik negatywny. może logi coś wyjaśnią: » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "HiJack this" Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:44:20, on 2008-09-26 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\BOINC\boinctray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\RMClock\RMClock.exe C:\PROGRA~1\Wapster\WAPSTE~1\AQQ.exe C:\Documents and Settings\Emilian Krężołek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe C:\Program Files\BOINC\boincmgr.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe C:\Program Files\BOINC\boinc.exe C:\Documents and Settings\All Users\Dane aplikacji\BOINC\projects\www.primegrid.com\primegrid_llr_wrapper_5.07_windows_intelx86.exe C:\Documents and Settings\All Users\Dane aplikacji\BOINC\projects\milkyway.cs.rpi.edu_milkyway\astronomy_1.22_windows_intelx86.exe C:\Documents and Settings\All Users\Dane aplikacji\BOINC\slots\1\primegrid_llr_5.07_windows_intelx86.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\foobar2000\foobar2000.exe C:\Program Files\Last.fm\LastFM.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Emilian Krężołek\Pulpit\Nowy folder\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NodLogin] C:\Program Files\ESET\ESET Smart Security\nodlogin.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RMClock] "C:\Program Files\RMClock\RMClockLauncher.exe" O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\Wapster\WAPSTE~1\AQQ.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Emilian Krężołek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: PLANET WL-U356A Utility.lnk = C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214080098500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1219568709843 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 10068 bytes » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Silent Runners" "Silent Runners.vbs", revision 58, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "RMClock" = ""C:\Program Files\RMClock\RMClockLauncher.exe"" ["NGO Science Center "RightMark""] "Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."] "AQQ" = "C:\PROGRA~1\Wapster\WAPSTE~1\AQQ.exe" [empty string] "Google Update" = ""C:\Documents and Settings\Emilian Krężołek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020" [file not found] "Bandwidth Monitor Pro" = ""C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized" ["Pro2soft"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SoundMAXPnP" = "C:\Program Files\Analog Devices\Core\smax4pnp.exe" ["Analog Devices, Inc."] "SoundMAX" = "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray" ["Analog Devices, Inc."] "SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."] "igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"] "igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"] "igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."] "egui" = ""C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice" ["ESET"] "NodLogin" = "C:\Program Files\ESET\ESET Smart Security\nodlogin.exe" [null data] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = "C:\Program Files\Google\Gmail Notifier\gnotify.exe" ["Google Inc."] "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "HP Software Update" = "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard"] "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] "GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS] "NBKeyScan" = ""C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"" [file not found] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "boinctray" = ""C:\Program Files\BOINC\boinctray.exe"" ["Space Sciences Laboratory"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch" -> {HKLM...CLSID} = "FGCatchUrl" \InProcServer32\(Default) = "C:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."] {F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided) -> {HKLM...CLSID} = "FlashGet GetFlash Class" \InProcServer32\(Default) = "C:\Program Files\FlashGet\getflash.dll" ["www.flashget.com"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places" -> {HKLM...CLSID} = "Moje miejsca interfejsu Bluetooth" \InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."] "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET Smart Security\shellExt.dll" ["ESET"] "{46E22146-59C0-4136-9233-52E412E2B428}" = "EzCddax extension" -> {HKLM...CLSID} = "EzCddax Class" \InProcServer32\(Default) = "C:\Program Files\Easy CD-DA Extractor 8\ezcddax8.dll" [null data] "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper" -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar" -> {HKLM...CLSID} = "Groove Folder Synchronization" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler" -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler" -> {HKLM...CLSID} = "Groove XML Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS] "{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{10677009-C23C-4FC2-A62C-29323A2201F0}" = "AQQ File Transfer Shell Extension" -> {HKLM...CLSID} = "AQQ File Transfer Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\Wapster\WAPSTE~1\System\AQQSHE~1.DLL" [null data] "{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS] <<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"] AQQFileTransfer\(Default) = "{10677009-C23C-4FC2-A62C-29323A2201F0}" -> {HKLM...CLSID} = "AQQ File Transfer Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\Wapster\WAPSTE~1\System\AQQSHE~1.DLL" [null data] Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET Smart Security\shellExt.dll" ["ESET"] EzCddax\(Default) = "{46E22146-59C0-4136-9233-52E412E2B428}" -> {HKLM...CLSID} = "EzCddax Class" \InProcServer32\(Default) = "C:\Program Files\Easy CD-DA Extractor 8\ezcddax8.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET Smart Security\shellExt.dll" ["ESET"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "%APPDATA%\Mozilla\Firefox\Tapeta pulpitu.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "boinc.scr" [file not found] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ BridgeCS3ImportMediaOnArrival\ "Provider" = "Adobe Bridge CS3" "InvokeProgID" = "Adobe.adobebridge" "InvokeVerb" = "launch" HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = "C:\Program Files\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."] EZCDDAXAutoPlayAudioCD\ "Provider" = "Easy CD-DA Extractor 8" "InvokeProgID" = "ezcddax.AutoPlay" "InvokeVerb" = "AudioCD" HKLM\SOFTWARE\Classes\ezcddax.AutoPlay\shell\AudioCD\command\(Default) = ""C:\Program Files\Easy CD-DA Extractor 8\ezcddax.exe" -nn" ["Jukka Poikolainen"] EZCDDAXAutoPlayBlankCD\ "Provider" = "Easy CD-DA Extractor 8" "InvokeProgID" = "ezcddax.AutoPlay" "InvokeVerb" = "EmptyCD" HKLM\SOFTWARE\Classes\ezcddax.AutoPlay\shell\EmptyCD\command\(Default) = ""C:\Program Files\Easy CD-DA Extractor 8\ezcddax.exe" -nn" ["Jukka Poikolainen"] NeroAutoPlay2AudioToNeroDigital\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "PlayCDAudioOnArrival_AudioToNeroDigital" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_AudioToNeroDigital\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracksND /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2CDAudio\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "HandleCDBurningOnArrival_CDAudio" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2CopyCD\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "PlayCDAudioOnArrival_CopyCD" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2DataDisc\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "HandleCDBurningOnArrival_DataDisc" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2LaunchNeroStartSmart\ "Provider" = "Nero StartSmart" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2RipCD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "PlayCDAudioOnArrival_RipCD" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_RipCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracks /Drive:%L" ["Ahead Software AG"] Picasa2ImportPicturesOnArrival\ "Provider" = "Picasa2" "InvokeProgID" = "picasa2.autoplay" "InvokeVerb" = "import" HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files\Picasa2\Picasa2.exe "%1"" ["Google Inc."] WinampMTPHandler\ "Provider" = "Winamp" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "C:\Program Files\Winamp\winamp.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] WinampPlayMediaOnArrival\ "Provider" = "Winamp" "InvokeProgID" = "Winamp.File" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"] HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"] Startup items in "Emilian Krężołek" & "All Users" startup folders: ------------------------------------------------------------------ C:\Documents and Settings\Emilian Krężołek\Menu Start\Programy\Autostart "Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007" -> shortcut to: "C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr" [MS] "Yahoo! Widgets" -> shortcut to: "C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe" ["Yahoo! Inc."] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "BOINC Manager" -> shortcut to: "C:\Program Files\BOINC\boincmgr.exe /s" ["Space Sciences Laboratory"] "BTTray" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."] "PLANET WL-U356A Utility" -> shortcut to: "C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe" ["Planet Technology Corp."] Enabled Scheduled Tasks: ------------------------ "Critical Battery Alarm Program" -> WARNING -- The file "Critical Battery Alarm Program.job" is corrupt! (no executable) "GoogleUpdateTaskUser" -> launches: "C:\Documents and Settings\Emilian Krężołek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe /c" ["Google Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 18 - 19 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_07" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_07" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."] {2670000A-7350-4F3C-8081-5663EE0C6C49}\ "ButtonText" = "Wyślij do programu OneNote" "MenuText" = "Wyślij &do programu OneNote" "CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}" -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {CCA281CA-C863-46EF-9331-5C8D4460577F}\ "ButtonText" = "@btrez.dll,-4015" "MenuText" = "@btrez.dll,-4017" "Script" = "C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data] {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ "ButtonText" = "FlashGet" "MenuText" = "FlashGet" "Exec" = "C:\Program Files\FlashGet\FlashGet.exe" ["FlashGet.com"] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."] Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."] Eset Service, ekrn, ""C:\Program Files\ESET\ESET Smart Security\ekrn.exe"" ["ESET"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Port drukarki interfejsu Bluetooth\Driver = "bthcrp.dll" ["Broadcom Corporation."] Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS] ---------- (launch time: 2008-09-26 17:45:27) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 42 seconds, including 7 seconds for message boxes) » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "ComboFix" ComboFix 08-09-25.07 - Emilian Kr©ľoek 2008-09-26 17:47:48.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.2509 [GMT 2:00] Uruchomiony z: C:\Documents and Settings\Emilian Kr©ľoek\Pulpit\Nowy folder\ComboFix.exe * Utworzono nowy punkt przywracania * Resident AV is active UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Emilian Krężołek\Cookies\emilian_krężołek@tradedoubler[1].txt . ((((((((((((((((((((((((( Pliki utworzone od 2008-08-26 do 2008-09-26 ))))))))))))))))))))))))))))))) . 2008-09-26 17:01 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\000001_.tmp 2008-09-26 15:49 . 2008-09-26 16:47 110,592 --a------ C:\WINDOWS\system32\sprint.dll 2008-09-23 17:58 . 2008-09-23 17:59 <DIR> d-------- C:\symbols 2008-09-23 06:08 . 2008-09-26 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\BOINC 2008-09-21 22:20 . 2008-09-21 22:21 <DIR> d-------- C:\Program Files\CDCheck 2008-09-21 19:29 . <DIR> C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\EurekaLog 2008-09-21 19:18 . 2008-09-21 19:18 <DIR> d-------- C:\Program Files\Yahoo! 2008-09-17 19:44 . 2008-09-17 19:44 106,496 --a------ C:\WINDOWS\DIIUnin.exe 2008-09-17 19:44 . 2008-09-17 19:47 36,979 --a------ C:\WINDOWS\DIIUnin.dat 2008-09-17 19:44 . 2008-09-17 19:44 2,829 --a------ C:\WINDOWS\DIIUnin.pif 2008-09-17 19:42 . 2008-09-21 18:22 <DIR> d-------- C:\Program Files\Diablo II 2008-09-17 17:38 . 2008-09-17 17:38 <DIR> d-------- C:\Program Files\7-Zip 2008-09-14 19:24 . <DIR> C:\Documents and Settings\Emilian Krężołek\.jeliza 2008-09-14 10:27 . 2008-09-14 10:27 <DIR> d-------- C:\Program Files\Alex Buturuga 2008-09-14 08:16 . 2008-09-16 21:51 <DIR> d-------- C:\Program Files\Warcraft III Deluxe 2008-09-13 20:14 . <DIR> C:\Documents and Settings\Emilian Krężołek\EurekaLog 2008-09-11 22:33 . <DIR> C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\Locktime 2008-09-11 22:31 . 2008-09-11 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Locktime 2008-09-10 13:32 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2008-09-10 13:32 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2008-09-10 13:32 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2008-09-10 13:32 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2008-09-10 13:32 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-09-10 13:32 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys 2008-09-10 13:32 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2008-09-10 13:32 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2008-09-10 06:03 . 2008-06-24 13:45 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll 2008-09-10 06:03 . 2008-06-23 17:36 773,120 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB 2008-09-10 06:02 . 2008-09-10 06:02 0 --a------ C:\WINDOWS\Irremote.ini 2008-09-09 06:06 . 2008-09-09 06:06 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-09-08 20:27 . <DIR> C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\Nero 2008-09-08 20:25 . 2008-09-10 06:03 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-09-08 20:25 . 2008-09-10 06:03 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero 2008-09-06 09:55 . 2003-03-19 03:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.DLL 2008-09-01 17:13 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-09-01 17:12 . 2008-09-01 17:12 <DIR> d-------- C:\Program Files\MSBuild 2008-09-01 17:12 . 2008-09-01 17:12 <DIR> d-------- C:\Program Files\Microsoft Works 2008-09-01 17:11 . 2008-09-01 17:11 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-09-01 17:08 . 2008-09-01 17:09 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-09-01 17:08 . 2008-09-01 17:08 <DIR> dr-h----- C:\MSOCache 2008-09-01 17:08 . 2008-09-10 06:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2008-09-01 17:03 . 2008-09-01 17:04 <DIR> d-------- C:\Program Files\DAEMON Tools 2008-09-01 17:03 . 2008-09-01 17:03 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2008-09-01 17:00 . 2008-09-01 17:00 664,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-09-01 17:00 . 2008-09-26 16:49 96,384 --a------ C:\WINDOWS\system32\drivers\sptd7821.sys 2008-08-26 10:27 . 2008-04-14 22:51 221,184 --a------ C:\WINDOWS\system32\wmpns.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-26 15:26 --------- d-s---w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\Microsoft 2008-09-26 15:05 --------- d-----w C:\Program Files\Bandwidth Monitor Pro 2008-09-26 14:48 --------- d-----w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\foobar2000 2008-09-26 13:54 --------- d-----w C:\Program Files\Debugging Tools for Windows 2008-09-26 03:55 --------- d-----w C:\Program Files\FlashGet 2008-09-25 04:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-23 17:46 --------- d-----w C:\Program Files\BOINC 2008-09-18 15:57 --------- d-----w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\uTorrent 2008-09-13 20:37 --------- d-----w C:\Program Files\Easy CD-DA Extractor 8 2008-09-10 11:32 --------- d-----w C:\Program Files\Ahead 2008-09-10 11:31 --------- d-----w C:\Program Files\Common Files\Ahead 2008-09-08 18:18 --------- d-----w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\Adobe 2008-09-01 16:59 --------- d-----w C:\Program Files\Wapster 2008-08-30 10:09 --------- d-----w C:\Program Files\Opera 2008-08-25 16:33 --------- d-----w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\Codeton 2008-08-25 16:32 --------- d-----w C:\Program Files\Paseczek 2008-08-23 15:11 --------- d-----w C:\Program Files\Winamp 2008-08-23 08:41 --------- d-----w C:\Program Files\Intel Corporation 2008-08-21 20:17 --------- d-----w C:\Program Files\Hp 2008-08-20 13:08 --------- d-----w C:\Program Files\ASCII Art Generator 2008-08-17 08:36 81,920 ----a-w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\ezpinst.exe 2008-08-17 08:36 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2008-08-17 08:36 47,360 ----a-w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\pcouffin.sys 2008-08-17 08:36 --------- d-----w C:\Program Files\McFunSoft Video Solution 2008-08-17 08:36 --------- d-----w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\Vso 2008-08-12 09:37 --------- d-----w C:\Program Files\Ballance 2008-08-10 20:26 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-08-03 20:04 --------- d-----w C:\Program Files\Java 2008-08-01 19:38 --------- d-----w C:\Program Files\RMClock 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "RMClock"="C:\Program Files\RMClock\RMClockLauncher.exe" [2008-02-29 61440] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968] "AQQ"="C:\PROGRA~1\Wapster\WAPSTE~1\AQQ.exe" [2008-09-18 1674736] "Bandwidth Monitor Pro"="C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" [2004-06-16 187904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 118784] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072] "NodLogin"="C:\Program Files\ESET\ESET Smart Security\nodlogin.exe" [2008-07-29 358448] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 128920] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "boinctray"="C:\Program Files\BOINC\boinctray.exe" [2008-09-19 58112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\Emilian Kr©ľoek\Menu Start\Programy\Autostart\ Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2008-03-19 4742184] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2008-09-23 4190976] BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-15 581693] PLANET WL-U356A Utility.lnk - C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe [2008-06-21 483328] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Wapster\\AQQ\\AQQ.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R3 ZD1211BU(PLANET Technology Corp.);PLANET WL-U356A Driver(PLANET Technology Corp.);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432] S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2006-03-02 3584] S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 20608] *Newly Created Service* - PROCEXP90 . Zawartość folderu 'Zaplanowane zadania' . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-Google Update - C:\Documents and Settings\Emilian Krężołek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe . ------- Skan uzupełniający ------- . R0 -: HKCU-Main,Start Page = about:blank R1 -: HKCU-Internet Settings,ProxyOverride = *.local O8 -: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm O8 -: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm O8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 -: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-26 17:50:26 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2008-09-26 17:52:02 ComboFix-quarantined-files.txt 2008-09-26 15:51:24 Przed: 26˙568˙380˙416 bajt˘w wolnych Po: 26,570,485,760 bajt˘w wolnych 192 --- E O F --- 2008-09-10 04:13:16

witam mam takiego procka: AXDA2500DKV4D Z372347K30098 AQYHA0347WPMW czy można coś z nim zrobić?