emik73 Opublikowano 26 Września 2008 Zgłoś Opublikowano 26 Września 2008 Dziś po powrocie z pracy zauważyłem, że laptop średnio co godzinę zaczyna sam się restartować - sprawdziłem temperatury, które są ok, oraz sprawdziłem na obecność Blastera - wynik negatywny. może logi coś wyjaśnią: » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "HiJack this" Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:44:20, on 2008-09-26 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\BOINC\boinctray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\RMClock\RMClock.exe C:\PROGRA~1\Wapster\WAPSTE~1\AQQ.exe C:\Documents and Settings\Emilian Krężołek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe C:\Program Files\BOINC\boincmgr.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe C:\Program Files\BOINC\boinc.exe C:\Documents and Settings\All Users\Dane aplikacji\BOINC\projects\www.primegrid.com\primegrid_llr_wrapper_5.07_windows_intelx86.exe C:\Documents and Settings\All Users\Dane aplikacji\BOINC\projects\milkyway.cs.rpi.edu_milkyway\astronomy_1.22_windows_intelx86.exe C:\Documents and Settings\All Users\Dane aplikacji\BOINC\slots\1\primegrid_llr_5.07_windows_intelx86.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\foobar2000\foobar2000.exe C:\Program Files\Last.fm\LastFM.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Emilian Krężołek\Pulpit\Nowy folder\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NodLogin] C:\Program Files\ESET\ESET Smart Security\nodlogin.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RMClock] "C:\Program Files\RMClock\RMClockLauncher.exe" O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\Wapster\WAPSTE~1\AQQ.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Emilian Krężołek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: PLANET WL-U356A Utility.lnk = C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214080098500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1219568709843 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 10068 bytes » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Silent Runners" "Silent Runners.vbs", revision 58, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "RMClock" = ""C:\Program Files\RMClock\RMClockLauncher.exe"" ["NGO Science Center "RightMark""] "Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."] "AQQ" = "C:\PROGRA~1\Wapster\WAPSTE~1\AQQ.exe" [empty string] "Google Update" = ""C:\Documents and Settings\Emilian Krężołek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020" [file not found] "Bandwidth Monitor Pro" = ""C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized" ["Pro2soft"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SoundMAXPnP" = "C:\Program Files\Analog Devices\Core\smax4pnp.exe" ["Analog Devices, Inc."] "SoundMAX" = "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray" ["Analog Devices, Inc."] "SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."] "igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"] "igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"] "igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."] "egui" = ""C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice" ["ESET"] "NodLogin" = "C:\Program Files\ESET\ESET Smart Security\nodlogin.exe" [null data] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = "C:\Program Files\Google\Gmail Notifier\gnotify.exe" ["Google Inc."] "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "HP Software Update" = "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard"] "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] "GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS] "NBKeyScan" = ""C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"" [file not found] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "boinctray" = ""C:\Program Files\BOINC\boinctray.exe"" ["Space Sciences Laboratory"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch" -> {HKLM...CLSID} = "FGCatchUrl" \InProcServer32\(Default) = "C:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."] {F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided) -> {HKLM...CLSID} = "FlashGet GetFlash Class" \InProcServer32\(Default) = "C:\Program Files\FlashGet\getflash.dll" ["www.flashget.com"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places" -> {HKLM...CLSID} = "Moje miejsca interfejsu Bluetooth" \InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."] "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET Smart Security\shellExt.dll" ["ESET"] "{46E22146-59C0-4136-9233-52E412E2B428}" = "EzCddax extension" -> {HKLM...CLSID} = "EzCddax Class" \InProcServer32\(Default) = "C:\Program Files\Easy CD-DA Extractor 8\ezcddax8.dll" [null data] "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper" -> {HKLM...CLSID} = "Groove GFS Browser Helper" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar" -> {HKLM...CLSID} = "Groove Folder Synchronization" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler" -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler" -> {HKLM...CLSID} = "Groove XML Icon Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS] "{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{10677009-C23C-4FC2-A62C-29323A2201F0}" = "AQQ File Transfer Shell Extension" -> {HKLM...CLSID} = "AQQ File Transfer Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\Wapster\WAPSTE~1\System\AQQSHE~1.DLL" [null data] "{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook" -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS] <<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"] AQQFileTransfer\(Default) = "{10677009-C23C-4FC2-A62C-29323A2201F0}" -> {HKLM...CLSID} = "AQQ File Transfer Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\Wapster\WAPSTE~1\System\AQQSHE~1.DLL" [null data] Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET Smart Security\shellExt.dll" ["ESET"] EzCddax\(Default) = "{46E22146-59C0-4136-9233-52E412E2B428}" -> {HKLM...CLSID} = "EzCddax Class" \InProcServer32\(Default) = "C:\Program Files\Easy CD-DA Extractor 8\ezcddax8.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET Smart Security\shellExt.dll" ["ESET"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}" -> {HKLM...CLSID} = "Groove GFS Context Menu Handler" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "%APPDATA%\Mozilla\Firefox\Tapeta pulpitu.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "boinc.scr" [file not found] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ BridgeCS3ImportMediaOnArrival\ "Provider" = "Adobe Bridge CS3" "InvokeProgID" = "Adobe.adobebridge" "InvokeVerb" = "launch" HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = "C:\Program Files\Adobe\Adobe Bridge CS3\bridgeproxy.exe -v %1" ["Adobe Systems, Inc."] EZCDDAXAutoPlayAudioCD\ "Provider" = "Easy CD-DA Extractor 8" "InvokeProgID" = "ezcddax.AutoPlay" "InvokeVerb" = "AudioCD" HKLM\SOFTWARE\Classes\ezcddax.AutoPlay\shell\AudioCD\command\(Default) = ""C:\Program Files\Easy CD-DA Extractor 8\ezcddax.exe" -nn" ["Jukka Poikolainen"] EZCDDAXAutoPlayBlankCD\ "Provider" = "Easy CD-DA Extractor 8" "InvokeProgID" = "ezcddax.AutoPlay" "InvokeVerb" = "EmptyCD" HKLM\SOFTWARE\Classes\ezcddax.AutoPlay\shell\EmptyCD\command\(Default) = ""C:\Program Files\Easy CD-DA Extractor 8\ezcddax.exe" -nn" ["Jukka Poikolainen"] NeroAutoPlay2AudioToNeroDigital\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "PlayCDAudioOnArrival_AudioToNeroDigital" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_AudioToNeroDigital\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracksND /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2CDAudio\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "HandleCDBurningOnArrival_CDAudio" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2CopyCD\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "PlayCDAudioOnArrival_CopyCD" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2DataDisc\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "HandleCDBurningOnArrival_DataDisc" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2LaunchNeroStartSmart\ "Provider" = "Nero StartSmart" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2RipCD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "PlayCDAudioOnArrival_RipCD" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_RipCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracks /Drive:%L" ["Ahead Software AG"] Picasa2ImportPicturesOnArrival\ "Provider" = "Picasa2" "InvokeProgID" = "picasa2.autoplay" "InvokeVerb" = "import" HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files\Picasa2\Picasa2.exe "%1"" ["Google Inc."] WinampMTPHandler\ "Provider" = "Winamp" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "C:\Program Files\Winamp\winamp.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] WinampPlayMediaOnArrival\ "Provider" = "Winamp" "InvokeProgID" = "Winamp.File" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"] HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"] Startup items in "Emilian Krężołek" & "All Users" startup folders: ------------------------------------------------------------------ C:\Documents and Settings\Emilian Krężołek\Menu Start\Programy\Autostart "Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007" -> shortcut to: "C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr" [MS] "Yahoo! Widgets" -> shortcut to: "C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe" ["Yahoo! Inc."] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "BOINC Manager" -> shortcut to: "C:\Program Files\BOINC\boincmgr.exe /s" ["Space Sciences Laboratory"] "BTTray" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."] "PLANET WL-U356A Utility" -> shortcut to: "C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe" ["Planet Technology Corp."] Enabled Scheduled Tasks: ------------------------ "Critical Battery Alarm Program" -> WARNING -- The file "Critical Battery Alarm Program.job" is corrupt! (no executable) "GoogleUpdateTaskUser" -> launches: "C:\Documents and Settings\Emilian Krężołek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe /c" ["Google Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 18 - 19 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_07" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_07" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."] {2670000A-7350-4F3C-8081-5663EE0C6C49}\ "ButtonText" = "Wyślij do programu OneNote" "MenuText" = "Wyślij &do programu OneNote" "CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}" -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {CCA281CA-C863-46EF-9331-5C8D4460577F}\ "ButtonText" = "@btrez.dll,-4015" "MenuText" = "@btrez.dll,-4017" "Script" = "C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data] {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ "ButtonText" = "FlashGet" "MenuText" = "FlashGet" "Exec" = "C:\Program Files\FlashGet\FlashGet.exe" ["FlashGet.com"] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."] Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."] Eset Service, ekrn, ""C:\Program Files\ESET\ESET Smart Security\ekrn.exe"" ["ESET"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Port drukarki interfejsu Bluetooth\Driver = "bthcrp.dll" ["Broadcom Corporation."] Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS] ---------- (launch time: 2008-09-26 17:45:27) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 42 seconds, including 7 seconds for message boxes) » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "ComboFix" ComboFix 08-09-25.07 - Emilian Kr©ľoek 2008-09-26 17:47:48.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.2509 [GMT 2:00] Uruchomiony z: C:\Documents and Settings\Emilian Kr©ľoek\Pulpit\Nowy folder\ComboFix.exe * Utworzono nowy punkt przywracania * Resident AV is active UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Emilian Krężołek\Cookies\emilian_krężołek@tradedoubler[1].txt . ((((((((((((((((((((((((( Pliki utworzone od 2008-08-26 do 2008-09-26 ))))))))))))))))))))))))))))))) . 2008-09-26 17:01 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\000001_.tmp 2008-09-26 15:49 . 2008-09-26 16:47 110,592 --a------ C:\WINDOWS\system32\sprint.dll 2008-09-23 17:58 . 2008-09-23 17:59 <DIR> d-------- C:\symbols 2008-09-23 06:08 . 2008-09-26 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\BOINC 2008-09-21 22:20 . 2008-09-21 22:21 <DIR> d-------- C:\Program Files\CDCheck 2008-09-21 19:29 . <DIR> C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\EurekaLog 2008-09-21 19:18 . 2008-09-21 19:18 <DIR> d-------- C:\Program Files\Yahoo! 2008-09-17 19:44 . 2008-09-17 19:44 106,496 --a------ C:\WINDOWS\DIIUnin.exe 2008-09-17 19:44 . 2008-09-17 19:47 36,979 --a------ C:\WINDOWS\DIIUnin.dat 2008-09-17 19:44 . 2008-09-17 19:44 2,829 --a------ C:\WINDOWS\DIIUnin.pif 2008-09-17 19:42 . 2008-09-21 18:22 <DIR> d-------- C:\Program Files\Diablo II 2008-09-17 17:38 . 2008-09-17 17:38 <DIR> d-------- C:\Program Files\7-Zip 2008-09-14 19:24 . <DIR> C:\Documents and Settings\Emilian Krężołek\.jeliza 2008-09-14 10:27 . 2008-09-14 10:27 <DIR> d-------- C:\Program Files\Alex Buturuga 2008-09-14 08:16 . 2008-09-16 21:51 <DIR> d-------- C:\Program Files\Warcraft III Deluxe 2008-09-13 20:14 . <DIR> C:\Documents and Settings\Emilian Krężołek\EurekaLog 2008-09-11 22:33 . <DIR> C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\Locktime 2008-09-11 22:31 . 2008-09-11 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Locktime 2008-09-10 13:32 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2008-09-10 13:32 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2008-09-10 13:32 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2008-09-10 13:32 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2008-09-10 13:32 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2008-09-10 13:32 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys 2008-09-10 13:32 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2008-09-10 13:32 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2008-09-10 06:03 . 2008-06-24 13:45 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll 2008-09-10 06:03 . 2008-06-23 17:36 773,120 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB 2008-09-10 06:02 . 2008-09-10 06:02 0 --a------ C:\WINDOWS\Irremote.ini 2008-09-09 06:06 . 2008-09-09 06:06 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-09-08 20:27 . <DIR> C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\Nero 2008-09-08 20:25 . 2008-09-10 06:03 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-09-08 20:25 . 2008-09-10 06:03 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero 2008-09-06 09:55 . 2003-03-19 03:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.DLL 2008-09-01 17:13 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-09-01 17:12 . 2008-09-01 17:12 <DIR> d-------- C:\Program Files\MSBuild 2008-09-01 17:12 . 2008-09-01 17:12 <DIR> d-------- C:\Program Files\Microsoft Works 2008-09-01 17:11 . 2008-09-01 17:11 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-09-01 17:08 . 2008-09-01 17:09 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-09-01 17:08 . 2008-09-01 17:08 <DIR> dr-h----- C:\MSOCache 2008-09-01 17:08 . 2008-09-10 06:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2008-09-01 17:03 . 2008-09-01 17:04 <DIR> d-------- C:\Program Files\DAEMON Tools 2008-09-01 17:03 . 2008-09-01 17:03 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2008-09-01 17:00 . 2008-09-01 17:00 664,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-09-01 17:00 . 2008-09-26 16:49 96,384 --a------ C:\WINDOWS\system32\drivers\sptd7821.sys 2008-08-26 10:27 . 2008-04-14 22:51 221,184 --a------ C:\WINDOWS\system32\wmpns.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-26 15:26 --------- d-s---w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\Microsoft 2008-09-26 15:05 --------- d-----w C:\Program Files\Bandwidth Monitor Pro 2008-09-26 14:48 --------- d-----w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\foobar2000 2008-09-26 13:54 --------- d-----w C:\Program Files\Debugging Tools for Windows 2008-09-26 03:55 --------- d-----w C:\Program Files\FlashGet 2008-09-25 04:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-23 17:46 --------- d-----w C:\Program Files\BOINC 2008-09-18 15:57 --------- d-----w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\uTorrent 2008-09-13 20:37 --------- d-----w C:\Program Files\Easy CD-DA Extractor 8 2008-09-10 11:32 --------- d-----w C:\Program Files\Ahead 2008-09-10 11:31 --------- d-----w C:\Program Files\Common Files\Ahead 2008-09-08 18:18 --------- d-----w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\Adobe 2008-09-01 16:59 --------- d-----w C:\Program Files\Wapster 2008-08-30 10:09 --------- d-----w C:\Program Files\Opera 2008-08-25 16:33 --------- d-----w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\Codeton 2008-08-25 16:32 --------- d-----w C:\Program Files\Paseczek 2008-08-23 15:11 --------- d-----w C:\Program Files\Winamp 2008-08-23 08:41 --------- d-----w C:\Program Files\Intel Corporation 2008-08-21 20:17 --------- d-----w C:\Program Files\Hp 2008-08-20 13:08 --------- d-----w C:\Program Files\ASCII Art Generator 2008-08-17 08:36 81,920 ----a-w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\ezpinst.exe 2008-08-17 08:36 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2008-08-17 08:36 47,360 ----a-w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\pcouffin.sys 2008-08-17 08:36 --------- d-----w C:\Program Files\McFunSoft Video Solution 2008-08-17 08:36 --------- d-----w C:\Documents and Settings\Emilian Krężołek\Dane aplikacji\Vso 2008-08-12 09:37 --------- d-----w C:\Program Files\Ballance 2008-08-10 20:26 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-08-03 20:04 --------- d-----w C:\Program Files\Java 2008-08-01 19:38 --------- d-----w C:\Program Files\RMClock 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "RMClock"="C:\Program Files\RMClock\RMClockLauncher.exe" [2008-02-29 61440] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968] "AQQ"="C:\PROGRA~1\Wapster\WAPSTE~1\AQQ.exe" [2008-09-18 1674736] "Bandwidth Monitor Pro"="C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" [2004-06-16 187904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 118784] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072] "NodLogin"="C:\Program Files\ESET\ESET Smart Security\nodlogin.exe" [2008-07-29 358448] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 128920] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "boinctray"="C:\Program Files\BOINC\boinctray.exe" [2008-09-19 58112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\Emilian Kr©ľoek\Menu Start\Programy\Autostart\ Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2008-03-19 4742184] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2008-09-23 4190976] BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-02-15 581693] PLANET WL-U356A Utility.lnk - C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe [2008-06-21 483328] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Wapster\\AQQ\\AQQ.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R3 ZD1211BU(PLANET Technology Corp.);PLANET WL-U356A Driver(PLANET Technology Corp.);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432] S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2006-03-02 3584] S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 20608] *Newly Created Service* - PROCEXP90 . Zawartość folderu 'Zaplanowane zadania' . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-Google Update - C:\Documents and Settings\Emilian Krężołek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe . ------- Skan uzupełniający ------- . R0 -: HKCU-Main,Start Page = about:blank R1 -: HKCU-Internet Settings,ProxyOverride = *.local O8 -: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm O8 -: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm O8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 -: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-26 17:50:26 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2008-09-26 17:52:02 ComboFix-quarantined-files.txt 2008-09-26 15:51:24 Przed: 26˙568˙380˙416 bajt˘w wolnych Po: 26,570,485,760 bajt˘w wolnych 192 --- E O F --- 2008-09-10 04:13:16 Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
Kolobos Opublikowano 26 Września 2008 Zgłoś Opublikowano 26 Września 2008 Sprawdz w dzienniku zdarzen systemowych czy wystapil jakis blad, jezeli tak to ustaw we wlasciwosicach systemu zeby utworzyl sie zrzut pamieci, nastepnie uzyj debugger'a i wklej wynik na forum. Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
emik73 Opublikowano 26 Września 2008 Zgłoś Opublikowano 26 Września 2008 zainstalowałem ponownie SP3 i na razie ustały problemy - jeśli znów się powtórzą to wkleję wynik z WinDbg Cytuj Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
