Skocz do zawartości

emik73

Użytkownik
  • Postów

    4
  • Dołączył

  • Ostatnia wizyta

Odpowiedzi opublikowane przez emik73

  1. Dziś po powrocie z pracy zauważyłem, że laptop średnio co godzinę zaczyna sam się restartować - sprawdziłem temperatury, które są ok, oraz sprawdziłem na obecność Blastera - wynik negatywny. może logi coś wyjaśnią:

     

    » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "HiJack this"
    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 17:44:20, on 2008-09-26

    Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16705)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

    C:\Program Files\ESET\ESET Smart Security\ekrn.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Analog Devices\Core\smax4pnp.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    C:\WINDOWS\system32\igfxsrvc.exe

    C:\Program Files\ESET\ESET Smart Security\egui.exe

    C:\Program Files\Google\Gmail Notifier\gnotify.exe

    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    C:\Program Files\DAEMON Tools\daemon.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\BOINC\boinctray.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Picasa2\PicasaMediaDetector.exe

    C:\Program Files\RMClock\RMClock.exe

    C:\PROGRA~1\Wapster\WAPSTE~1\AQQ.exe

    C:\Documents and Settings\Emilian Krężołek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe

    C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe

    C:\Program Files\BOINC\boincmgr.exe

    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

    C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe

    C:\Program Files\BOINC\boinc.exe

    C:\Documents and Settings\All Users\Dane aplikacji\BOINC\projects\www.primegrid.com\primegrid_llr_wrapper_5.07_windows_intelx86.exe

    C:\Documents and Settings\All Users\Dane aplikacji\BOINC\projects\milkyway.cs.rpi.edu_milkyway\astronomy_1.22_windows_intelx86.exe

    C:\Documents and Settings\All Users\Dane aplikacji\BOINC\slots\1\primegrid_llr_5.07_windows_intelx86.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\foobar2000\foobar2000.exe

    C:\Program Files\Last.fm\LastFM.exe

    C:\WINDOWS\system32\notepad.exe

    C:\Documents and Settings\Emilian Krężołek\Pulpit\Nowy folder\HiJackThis.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

    O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

    O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

    O4 - HKLM\..\Run: [NodLogin] C:\Program Files\ESET\ESET Smart Security\nodlogin.exe

    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [RMClock] "C:\Program Files\RMClock\RMClockLauncher.exe"

    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

    O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\Wapster\WAPSTE~1\AQQ.exe

    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Emilian Krężołek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c

    O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

    O4 - HKCU\..\Run: [bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

    O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe

    O4 - Global Startup: BTTray.lnk = ?

    O4 - Global Startup: PLANET WL-U356A Utility.lnk = C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe

    O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

    O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

    O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214080098500

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1219568709843

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

     

    --

    End of file - 10068 bytes

    » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Silent Runners"
    "Silent Runners.vbs", revision 58, http://www.silentrunners.org/

    Operating System: Windows XP

    Output limited to non-default values, except where indicated by "{++}"

     

     

    Startup items buried in registry:

    ---------------------------------

     

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

    "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

    "RMClock" = ""C:\Program Files\RMClock\RMClockLauncher.exe"" ["NGO Science Center "RightMark""]

    "Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."]

    "AQQ" = "C:\PROGRA~1\Wapster\WAPSTE~1\AQQ.exe" [empty string]

    "Google Update" = ""C:\Documents and Settings\Emilian Krężołek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]

    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020" [file not found]

    "Bandwidth Monitor Pro" = ""C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized" ["Pro2soft"]

     

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

    "SoundMAXPnP" = "C:\Program Files\Analog Devices\Core\smax4pnp.exe" ["Analog Devices, Inc."]

    "SoundMAX" = "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray" ["Analog Devices, Inc."]

    "SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]

    "igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]

    "igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]

    "igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]

    "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]

    "egui" = ""C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice" ["ESET"]

    "NodLogin" = "C:\Program Files\ESET\ESET Smart Security\nodlogin.exe" [null data]

    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = "C:\Program Files\Google\Gmail Notifier\gnotify.exe" ["Google Inc."]

    "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]

    "HP Software Update" = "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard"]

    "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]

    "GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS]

    "NBKeyScan" = ""C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"" [file not found]

    "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

    "boinctray" = ""C:\Program Files\BOINC\boinctray.exe"" ["Space Sciences Laboratory"]

     

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = (no title provided)

    -> {HKLM...CLSID} = "Adobe PDF Link Helper"

    \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]

    {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch"

    -> {HKLM...CLSID} = "FGCatchUrl"

    \InProcServer32\(Default) = "C:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"]

    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)

    -> {HKLM...CLSID} = "Groove GFS Browser Helper"

    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

    -> {HKLM...CLSID} = "SSVHelper Class"

    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]

    {F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)

    -> {HKLM...CLSID} = "FlashGet GetFlash Class"

    \InProcServer32\(Default) = "C:\Program Files\FlashGet\getflash.dll" ["www.flashget.com"]

     

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

    -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

    \InProcServer32\(Default) = "deskpan.dll" [file not found]

    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

    "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"

    -> {HKLM...CLSID} = "History Band"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

    "{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"

    -> {HKLM...CLSID} = "Moje miejsca interfejsu Bluetooth"

    \InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."]

    "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]

    "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"

    -> {HKLM...CLSID} = "WinZip"

    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

    "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"

    -> {HKLM...CLSID} = "WinZip"

    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

    "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"

    -> {HKLM...CLSID} = "WinZip"

    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

    "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"

    -> {HKLM...CLSID} = "WinZip"

    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension"

    -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"

    \InProcServer32\(Default) = "C:\Program Files\ESET\ESET Smart Security\shellExt.dll" ["ESET"]

    "{46E22146-59C0-4136-9233-52E412E2B428}" = "EzCddax extension"

    -> {HKLM...CLSID} = "EzCddax Class"

    \InProcServer32\(Default) = "C:\Program Files\Easy CD-DA Extractor 8\ezcddax8.dll" [null data]

    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"

    -> {HKLM...CLSID} = "Groove GFS Browser Helper"

    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"

    -> {HKLM...CLSID} = "Groove Folder Synchronization"

    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

    "{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"

    -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"

    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"

    -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"

    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

    "{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"

    -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

    "{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"

    -> {HKLM...CLSID} = "Groove XML Icon Handler"

    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

    "{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"

    -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"

    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

    "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"

    -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"

    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

    "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"

    -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"

    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

    "{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"

    -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"

    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

    "{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"

    -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"

    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

    -> {HKLM...CLSID} = "Outlook File Icon Extension"

    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]

    "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

    -> {HKLM...CLSID} = "Microsoft Office Outlook"

    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]

    "{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

    -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]

    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

    -> {HKLM...CLSID} = (no title provided)

    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]

    "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

    -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

    \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

    "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

    -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

    \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

    "{10677009-C23C-4FC2-A62C-29323A2201F0}" = "AQQ File Transfer Shell Extension"

    -> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"

    \InProcServer32\(Default) = "C:\PROGRA~1\Wapster\WAPSTE~1\System\AQQSHE~1.DLL" [null data]

    "{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"

    -> {HKLM...CLSID} = "7-Zip Shell Extension"

    \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

     

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

    <<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"

    -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"

    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

     

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

    <<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS]

    <<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]

     

    HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

    <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"

    -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"

    \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

     

    HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

    -> {HKLM...CLSID} = "PDF Shell Extension"

    \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

     

    HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

    7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

    -> {HKLM...CLSID} = "7-Zip Shell Extension"

    \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

    AQQFileTransfer\(Default) = "{10677009-C23C-4FC2-A62C-29323A2201F0}"

    -> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"

    \InProcServer32\(Default) = "C:\PROGRA~1\Wapster\WAPSTE~1\System\AQQSHE~1.DLL" [null data]

    Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

    -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"

    \InProcServer32\(Default) = "C:\Program Files\ESET\ESET Smart Security\shellExt.dll" ["ESET"]

    EzCddax\(Default) = "{46E22146-59C0-4136-9233-52E412E2B428}"

    -> {HKLM...CLSID} = "EzCddax Class"

    \InProcServer32\(Default) = "C:\Program Files\Easy CD-DA Extractor 8\ezcddax8.dll" [null data]

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

    -> {HKLM...CLSID} = "WinZip"

    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

    XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

    -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

     

    HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

    7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

    -> {HKLM...CLSID} = "7-Zip Shell Extension"

    \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

    -> {HKLM...CLSID} = "WinZip"

    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

    XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

    -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

     

    HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

    Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

    -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"

    \InProcServer32\(Default) = "C:\Program Files\ESET\ESET Smart Security\shellExt.dll" ["ESET"]

    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

    -> {HKLM...CLSID} = "WinRAR"

    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

    -> {HKLM...CLSID} = "WinZip"

    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

    XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

    -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

     

    HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

    XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

    -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

     

     

    Group Policies {policy setting}:

    --------------------------------

     

    Note: detected settings may not have any effect.

     

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

     

    "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

    {Shutdown: Allow system to be shut down without having to log on}

     

    "undockwithoutlogon" = (REG_DWORD) dword:0x00000001

    {Devices: Allow undock without having to log on}

     

     

    Active Desktop and Wallpaper:

    -----------------------------

     

    Active Desktop may be disabled at this entry:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

     

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

    "Wallpaper" = "%APPDATA%\Mozilla\Firefox\Tapeta pulpitu.bmp"

     

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

    HKCU\Control Panel\Desktop\

    "Wallpaper" = "C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp"

     

     

    Enabled Screen Saver:

    ---------------------

     

    HKCU\Control Panel\Desktop\

    "SCRNSAVE.EXE" = "boinc.scr" [file not found]

     

     

    Windows Portable Device AutoPlay Handlers

    -----------------------------------------

     

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

     

    BridgeCS3ImportMediaOnArrival\

    "Provider" = "Adobe Bridge CS3"

    "InvokeProgID" = "Adobe.adobebridge"

    "InvokeVerb" = "launch"

    HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = "C:\Program Files\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."]

     

    EZCDDAXAutoPlayAudioCD\

    "Provider" = "Easy CD-DA Extractor 8"

    "InvokeProgID" = "ezcddax.AutoPlay"

    "InvokeVerb" = "AudioCD"

    HKLM\SOFTWARE\Classes\ezcddax.AutoPlay\shell\AudioCD\command\(Default) = ""C:\Program Files\Easy CD-DA Extractor 8\ezcddax.exe" -nn" ["Jukka Poikolainen"]

     

    EZCDDAXAutoPlayBlankCD\

    "Provider" = "Easy CD-DA Extractor 8"

    "InvokeProgID" = "ezcddax.AutoPlay"

    "InvokeVerb" = "EmptyCD"

    HKLM\SOFTWARE\Classes\ezcddax.AutoPlay\shell\EmptyCD\command\(Default) = ""C:\Program Files\Easy CD-DA Extractor 8\ezcddax.exe" -nn" ["Jukka Poikolainen"]

     

    NeroAutoPlay2AudioToNeroDigital\

    "Provider" = "Nero Burning ROM"

    "InvokeProgID" = "Nero.AutoPlay2"

    "InvokeVerb" = "PlayCDAudioOnArrival_AudioToNeroDigital"

    HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_AudioToNeroDigital\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracksND /Drive:%L" ["Ahead Software AG"]

     

    NeroAutoPlay2CDAudio\

    "Provider" = "Nero Express"

    "InvokeProgID" = "Nero.AutoPlay2"

    "InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"

    HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]

     

    NeroAutoPlay2CopyCD\

    "Provider" = "Nero Express"

    "InvokeProgID" = "Nero.AutoPlay2"

    "InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"

    HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]

     

    NeroAutoPlay2DataDisc\

    "Provider" = "Nero Express"

    "InvokeProgID" = "Nero.AutoPlay2"

    "InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"

    HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]

     

    NeroAutoPlay2LaunchNeroStartSmart\

    "Provider" = "Nero StartSmart"

    "InvokeProgID" = "Nero.AutoPlay2"

    "InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"

    HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]

     

    NeroAutoPlay2RipCD\

    "Provider" = "Nero Burning ROM"

    "InvokeProgID" = "Nero.AutoPlay2"

    "InvokeVerb" = "PlayCDAudioOnArrival_RipCD"

    HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_RipCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracks /Drive:%L" ["Ahead Software AG"]

     

    Picasa2ImportPicturesOnArrival\

    "Provider" = "Picasa2"

    "InvokeProgID" = "picasa2.autoplay"

    "InvokeVerb" = "import"

    HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files\Picasa2\Picasa2.exe "%1"" ["Google Inc."]

     

    WinampMTPHandler\

    "Provider" = "Winamp"

    "ProgID" = "Shell.HWEventHandlerShellExecute"

    "InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"

    HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

    -> {HKLM...CLSID} = "ShellExecute HW Event Handler"

    \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

     

    WinampPlayMediaOnArrival\

    "Provider" = "Winamp"

    "InvokeProgID" = "Winamp.File"

    "InvokeVerb" = "Play"

    HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]

    HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"

    -> {HKLM...CLSID} = (no title provided)

    \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]

     

     

    Startup items in "Emilian Krężołek" & "All Users" startup folders:

    ------------------------------------------------------------------

     

    C:\Documents and Settings\Emilian Krężołek\Menu Start\Programy\Autostart

    "Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007" -> shortcut to: "C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr" [MS]

    "Yahoo! Widgets" -> shortcut to: "C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe" ["Yahoo! Inc."]

     

    C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

    "BOINC Manager" -> shortcut to: "C:\Program Files\BOINC\boincmgr.exe /s" ["Space Sciences Laboratory"]

    "BTTray" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."]

    "PLANET WL-U356A Utility" -> shortcut to: "C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe" ["Planet Technology Corp."]

     

     

    Enabled Scheduled Tasks:

    ------------------------

     

    "Critical Battery Alarm Program" -> WARNING -- The file "Critical Battery Alarm Program.job" is corrupt! (no executable)

    "GoogleUpdateTaskUser" -> launches: "C:\Documents and Settings\Emilian Krężołek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]

     

     

    Winsock2 Service Provider DLLs:

    -------------------------------

     

    Namespace Service Providers

     

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]

     

    Transport Service Providers

     

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

    %SystemRoot%\system32\mswsock.dll [MS], 01 - 17

    %SystemRoot%\system32\rsvpsp.dll [MS], 18 - 19

     

     

    Toolbars, Explorer Bars, Extensions:

    ------------------------------------

     

    Explorer Bars

     

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

     

    HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"

    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

    InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

     

    HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"

    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

    InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]

     

    Extensions (Tools menu items, main toolbar menu buttons)

     

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

    "MenuText" = "Sun Java Console"

    "CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"

    -> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"

    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]

    -> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"

    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]

     

    {2670000A-7350-4F3C-8081-5663EE0C6C49}\

    "ButtonText" = "Wyślij do programu OneNote"

    "MenuText" = "Wyślij &do programu OneNote"

    "CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"

    -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"

    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]

     

    {92780B25-18CC-41C8-B9BE-3C9C571A8263}\

    "ButtonText" = "Research"

     

    {CCA281CA-C863-46EF-9331-5C8D4460577F}\

    "ButtonText" = "@btrez.dll,-4015"

    "MenuText" = "@btrez.dll,-4017"

    "Script" = "C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data]

     

    {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\

    "ButtonText" = "FlashGet"

    "MenuText" = "FlashGet"

    "Exec" = "C:\Program Files\FlashGet\FlashGet.exe" ["FlashGet.com"]

     

    {E2E2DD38-D088-4134-82B7-F2BA38496583}\

    "MenuText" = "@xpsp3res.dll,-20001"

    "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

     

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\

    "ButtonText" = "Messenger"

    "MenuText" = "Windows Messenger"

    "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

     

     

    Running Services (Display Name, Service Name, Path {Service DLL}):

    ------------------------------------------------------------------

     

    ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]

    Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."]

    Eset Service, ekrn, ""C:\Program Files\ESET\ESET Smart Security\ekrn.exe"" ["ESET"]

    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

     

     

    Print Monitors:

    ---------------

     

    HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

    Port drukarki interfejsu Bluetooth\Driver = "bthcrp.dll" ["Broadcom Corporation."]

    Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]

     

     

    ---------- (launch time: 2008-09-26 17:45:27)

    <<!>>: Suspicious data at a malware launch point.

     

    + This report excludes default entries except where indicated.

    + To see *everywhere* the script checks and *everything* it finds,

    launch it from a command prompt or a shortcut with the -all parameter.

    + To search all directories of local fixed drives for DESKTOP.INI

    DLL launch points, use the -supp parameter or answer "No" at the

    first message box and "Yes" at the second message box.

    ---------- (total run time: 42 seconds, including 7 seconds for message boxes)

    » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "ComboFix"
    ComboFix 08-09-25.07 - Emilian Kr©ľoek 2008-09-26 17:47:48.1 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.2509 [GMT 2:00]

    Uruchomiony z: C:\Documents and Settings\Emilian Kr©ľoek\Pulpit\Nowy folder\ComboFix.exe

    * Utworzono nowy punkt przywracania

    * Resident AV is active

     

     

    UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

    .

     

    ((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

    .

     

    C:\Documents and Settings\Emilian Krężołek\Cookies\emilian_krężołek@tradedoubler[1].txt

     

    .

    ((((((((((((((((((((((((( Pliki utworzone od 2008-08-26 do 2008-09-26 )))))))))))))))))))))))))))))))

    .

     

    2008-09-26 17:01 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\000001_.tmp

    2008-09-26 15:49 . 2008-09-26 16:47 110,592 --a------ C:\WINDOWS\system32\sprint.dll

    2008-09-23 17:58 . 2008-09-23 17:59 <DIR> d-------- C:\symbols

    2008-09-23 06:08 . 2008-09-26 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\BOINC

    2008-09-21 22:20 . 2008-09-21 22:21 <DIR> d-------- C:\Program Files\CDCheck

    2008-09-21 19:29 . <DIR> C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\EurekaLog

    2008-09-21 19:18 . 2008-09-21 19:18 <DIR> d-------- C:\Program Files\Yahoo!

    2008-09-17 19:44 . 2008-09-17 19:44 106,496 --a------ C:\WINDOWS\DIIUnin.exe

    2008-09-17 19:44 . 2008-09-17 19:47 36,979 --a------ C:\WINDOWS\DIIUnin.dat

    2008-09-17 19:44 . 2008-09-17 19:44 2,829 --a------ C:\WINDOWS\DIIUnin.pif

    2008-09-17 19:42 . 2008-09-21 18:22 <DIR> d-------- C:\Program Files\Diablo II

    2008-09-17 17:38 . 2008-09-17 17:38 <DIR> d-------- C:\Program Files\7-Zip

    2008-09-14 19:24 . <DIR> C:\Documents and Settings\Emilian Krężołek\.jeliza

    2008-09-14 10:27 . 2008-09-14 10:27 <DIR> d-------- C:\Program Files\Alex Buturuga

    2008-09-14 08:16 . 2008-09-16 21:51 <DIR> d-------- C:\Program Files\Warcraft III Deluxe

    2008-09-13 20:14 . <DIR> C:\Documents and Settings\Emilian Krężołek\EurekaLog

    2008-09-11 22:33 . <DIR> C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\Locktime

    2008-09-11 22:31 . 2008-09-11 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Locktime

    2008-09-10 13:32 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

    2008-09-10 13:32 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

    2008-09-10 13:32 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

    2008-09-10 13:32 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

    2008-09-10 13:32 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

    2008-09-10 13:32 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

    2008-09-10 13:32 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

    2008-09-10 13:32 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

    2008-09-10 06:03 . 2008-06-24 13:45 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll

    2008-09-10 06:03 . 2008-06-23 17:36 773,120 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB

    2008-09-10 06:02 . 2008-09-10 06:02 0 --a------ C:\WINDOWS\Irremote.ini

    2008-09-09 06:06 . 2008-09-09 06:06 <DIR> d-------- C:\Program Files\MSXML 4.0

    2008-09-08 20:27 . <DIR> C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\Nero

    2008-09-08 20:25 . 2008-09-10 06:03 <DIR> d-------- C:\Program Files\Common Files\Nero

    2008-09-08 20:25 . 2008-09-10 06:03 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero

    2008-09-06 09:55 . 2003-03-19 03:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.DLL

    2008-09-01 17:13 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

    2008-09-01 17:12 . 2008-09-01 17:12 <DIR> d-------- C:\Program Files\MSBuild

    2008-09-01 17:12 . 2008-09-01 17:12 <DIR> d-------- C:\Program Files\Microsoft Works

    2008-09-01 17:11 . 2008-09-01 17:11 <DIR> d-------- C:\Program Files\Microsoft.NET

    2008-09-01 17:08 . 2008-09-01 17:09 <DIR> d-------- C:\WINDOWS\SHELLNEW

    2008-09-01 17:08 . 2008-09-01 17:08 <DIR> dr-h----- C:\MSOCache

    2008-09-01 17:08 . 2008-09-10 06:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

    2008-09-01 17:03 . 2008-09-01 17:04 <DIR> d-------- C:\Program Files\DAEMON Tools

    2008-09-01 17:03 . 2008-09-01 17:03 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys

    2008-09-01 17:00 . 2008-09-01 17:00 664,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys

    2008-09-01 17:00 . 2008-09-26 16:49 96,384 --a------ C:\WINDOWS\system32\drivers\sptd7821.sys

    2008-08-26 10:27 . 2008-04-14 22:51 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

     

    .

    (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-09-26 15:26 --------- d-s---w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\Microsoft

    2008-09-26 15:05 --------- d-----w C:\Program Files\Bandwidth Monitor Pro

    2008-09-26 14:48 --------- d-----w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\foobar2000

    2008-09-26 13:54 --------- d-----w C:\Program Files\Debugging Tools for Windows

    2008-09-26 03:55 --------- d-----w C:\Program Files\FlashGet

    2008-09-25 04:17 --------- d--h--w C:\Program Files\InstallShield Installation Information

    2008-09-23 17:46 --------- d-----w C:\Program Files\BOINC

    2008-09-18 15:57 --------- d-----w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\uTorrent

    2008-09-13 20:37 --------- d-----w C:\Program Files\Easy CD-DA Extractor 8

    2008-09-10 11:32 --------- d-----w C:\Program Files\Ahead

    2008-09-10 11:31 --------- d-----w C:\Program Files\Common Files\Ahead

    2008-09-08 18:18 --------- d-----w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\Adobe

    2008-09-01 16:59 --------- d-----w C:\Program Files\Wapster

    2008-08-30 10:09 --------- d-----w C:\Program Files\Opera

    2008-08-25 16:33 --------- d-----w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\Codeton

    2008-08-25 16:32 --------- d-----w C:\Program Files\Paseczek

    2008-08-23 15:11 --------- d-----w C:\Program Files\Winamp

    2008-08-23 08:41 --------- d-----w C:\Program Files\Intel Corporation

    2008-08-21 20:17 --------- d-----w C:\Program Files\Hp

    2008-08-20 13:08 --------- d-----w C:\Program Files\ASCII Art Generator

    2008-08-17 08:36 81,920 ----a-w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\ezpinst.exe

    2008-08-17 08:36 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys

    2008-08-17 08:36 47,360 ----a-w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\pcouffin.sys

    2008-08-17 08:36 --------- d-----w C:\Program Files\McFunSoft Video Solution

    2008-08-17 08:36 --------- d-----w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\Vso

    2008-08-12 09:37 --------- d-----w C:\Program Files\Ballance

    2008-08-10 20:26 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

    2008-08-03 20:04 --------- d-----w C:\Program Files\Java

    2008-08-01 19:38 --------- d-----w C:\Program Files\RMClock

    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

    2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll

    .

     

    ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

    REGEDIT4

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

    "RMClock"="C:\Program Files\RMClock\RMClockLauncher.exe" [2008-02-29 61440]

    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

    "AQQ"="C:\PROGRA~1\Wapster\WAPSTE~1\AQQ.exe" [2008-09-18 1674736]

    "Bandwidth Monitor Pro"="C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" [2004-06-16 187904]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]

    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 94208]

    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 77824]

    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 118784]

    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

    "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072]

    "NodLogin"="C:\Program Files\ESET\ESET Smart Security\nodlogin.exe" [2008-07-29 358448]

    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 128920]

    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

    "boinctray"="C:\Program Files\BOINC\boinctray.exe" [2008-09-19 58112]

     

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

     

    C:\Documents and Settings\Emilian Kr©ľoek\Menu Start\Programy\Autostart\

    Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

    Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2008-03-19 4742184]

     

    C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

    BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2008-09-23 4190976]

    BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-15 581693]

    PLANET WL-U356A Utility.lnk - C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe [2008-06-21 483328]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusOverride"=dword:00000001

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "C:\\Program Files\\Wapster\\AQQ\\AQQ.exe"=

    "C:\\Program Files\\FlashGet\\flashget.exe"=

    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=

    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    "C:\\Program Files\\uTorrent\\uTorrent.exe"=

    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

     

    R3 ZD1211BU(PLANET Technology Corp.);PLANET WL-U356A Driver(PLANET Technology Corp.);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432]

    S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2006-03-02 3584]

    S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 20608]

     

    *Newly Created Service* - PROCEXP90

    .

    Zawartość folderu 'Zaplanowane zadania'

    .

    - - - - USUNIĘTO PUSTE WPISY - - - -

     

    HKCU-Run-Google Update - C:\Documents and Settings\Emilian Krężołek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe

    HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

    HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

     

     

    .

    ------- Skan uzupełniający -------

    .

    R0 -: HKCU-Main,Start Page = about:blank

    R1 -: HKCU-Internet Settings,ProxyOverride = *.local

    O8 -: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

    O8 -: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

    O8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O8 -: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

    .

     

    **************************************************************************

     

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-09-26 17:50:26

    Windows 5.1.2600 Dodatek Service Pack 3 NTFS

     

    skanowanie ukrytych procesów ...

     

    skanowanie ukrytych wpisów autostartu ...

     

    skanowanie ukrytych plików ...

     

    skanowanie pomyślnie ukończone

    ukryte pliki: 0

     

    **************************************************************************

    .

    Czas ukończenia: 2008-09-26 17:52:02

    ComboFix-quarantined-files.txt 2008-09-26 15:51:24

     

    Przed: 26˙568˙380˙416 bajt˘w wolnych

    Po: 26,570,485,760 bajt˘w wolnych

     

    192 --- E O F --- 2008-09-10 04:13:16

×
×
  • Dodaj nową pozycję...