Powolne zamykanie i uruchamianie systemu XP

Dla specjalistów Bezpieczeństwo
#1

Witam,

Log z Hjack:

Scan saved at 16:16:12, on 2007-01-10

 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

 MSIE: Internet Explorer v7.00 (7.00.5730.0011)


 Running processes:

 C:\WINDOWS\System32\smss.exe

 C:\WINDOWS\system32\csrss.exe

 C:\WINDOWS\system32\winlogon.exe

 C:\WINDOWS\system32\services.exe

 C:\WINDOWS\system32\lsass.exe

 C:\WINDOWS\system32\svchost.exe

 C:\WINDOWS\system32\svchost.exe

 C:\WINDOWS\System32\svchost.exe

 C:\WINDOWS\system32\svchost.exe

 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

 C:\Program Files\CachemanXP\CachemanXP.exe

 C:\WINDOWS\system32\nvsvc32.exe

 C:\WINDOWS\Explorer.EXE

 C:\WINDOWS\SOUNDMAN.EXE

 C:\Program Files\VisualTooltip\VisualToolTip.exe

 C:\Program Files\Styler\Styler.exe

 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

 C:\WINDOWS\system32\ctfmon.exe

 C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\{61A61D81-22D5-4BCA-8AD2-A264D2D7D109}\Blaero Start Orb.exe

 C:\WINDOWS\system32\wuauclt.exe

 C:\WINDOWS\system32\wbem\wmiprvse.exe

 C:\Program Files\Opera\Opera.exe

 D:\Inne\Inne\Programy\Do windowsa xp\Inne\HijackThis.exe


 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

 O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

 O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

 O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

 O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll

 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

 O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

 O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe

 O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe

 O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

 O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe

 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

 O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm

 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

 O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll

 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

 O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

 O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

 O11 - Options group: [INTERNATIONAL] International*

 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165665427093

 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165665418421

 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

 O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

 O20 - AppInit_DLLs: "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"

 O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

 O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)

 O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\Program Files\CachemanXP\CachemanXP.exe

 O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe

 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

Log z Siliena:

Operating System: Windows XP SP2

 Output limited to non-default values, except where indicated by "{++}"



 Startup items buried in registry:

 ---------------------------------


 HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

 "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]


 HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

 "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

 "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

 "DiskeeperSystray" = ""C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"" ["Diskeeper Corporation"]

 "VisualTooltip" = "C:\Program Files\VisualTooltip\VisualToolTip.exe" ["Christian Salmon"]

 "Styler" = "C:\Program Files\Styler\Styler.exe" ["ta2027"]

 "AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"" ["Kaspersky Lab"]

 "Blaero Start Orb" = "C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe" [null data]


 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

 {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)

   -> {HKLM...CLSID} = "PCTools Site Guard"

                    \InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]

 {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)

   -> {HKLM...CLSID} = "Groove GFS Browser Helper"

                    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

 {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

   -> {HKLM...CLSID} = "Google Toolbar Helper"

                    \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

 {B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)

   -> {HKLM...CLSID} = "PCTools Browser Monitor"

                    \InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]


 HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

 "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

   -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                    \InProcServer32\(Default) = "deskpan.dll" [file not found]

 "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

   -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

 "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

   -> {HKLM...CLSID} = "DesktopContext Class"

                    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

 "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

   -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

 "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

   -> {HKLM...CLSID} = "Desktop Explorer"

                    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

 "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

   -> {HKLM...CLSID} = (no title provided)

                    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

 "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

   -> {HKLM...CLSID} = "nView Desktop Context Menu"

                    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

 "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"

   -> {HKLM...CLSID} = (no title provided)

                    \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

 "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"

   -> {HKLM...CLSID} = (no title provided)

                    \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

 "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"

   -> {HKLM...CLSID} = (no title provided)

                    \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

 "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"

   -> {HKLM...CLSID} = (no title provided)

                    \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

 "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

   -> {HKLM...CLSID} = "WinRAR"

                    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

   -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

                    \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

 "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

   -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

                    \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

 "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"

   -> {HKLM...CLSID} = "Groove GFS Browser Helper"

                    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

 "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"

   -> {HKLM...CLSID} = "Groove Folder Synchronization"

                    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

 "{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"

   -> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"

                    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

 "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"

   -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"

                    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

 "{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"

   -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

                    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

 "{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"

   -> {HKLM...CLSID} = "Groove XML Icon Handler"

                    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

 "{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"

   -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"

                    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

 "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"

   -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"

                    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

 "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"

   -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"

                    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

 "{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"

   -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"

                    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

 "{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"

   -> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"

                    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

 "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

   -> {HKLM...CLSID} = "Outlook File Icon Extension"

                    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]

 "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

   -> {HKLM...CLSID} = "Microsoft Office Outlook"

                    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]

 "{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

   -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

                    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]

 "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

   -> {HKLM...CLSID} = (no title provided)

                    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]

 "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

   -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

                    \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

 "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

   -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

                    \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

 "{B40C87F3-71A6-48CA-839A-634A1C55ECD5}" = "Niszczarka NxG"

   -> {HKLM...CLSID} = "Niszczarka NxG"

                    \InProcServer32\(Default) = "C:\Program Files\G DATA Software\Niszczarka NxG\ShrExt.dll" [empty string]

 "{61cfd09c-8221-46c7-bbd9-ed438b39ddc1}" = "ShrCtxMnu"

   -> {HKLM...CLSID} = "ShrCtxMnu"

                    \InProcServer32\(Default) = "c:\program files\g data software\niszczarka nxg\shrctxmnu.dll" [null data]

 "{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web Anti-Virus"

   -> {HKLM...CLSID} = "Web Anti-Virus"

                    \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll" ["Kaspersky Lab"]

 "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"

   -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

                    \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

 "{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"

   -> {HKLM...CLSID} = "TuneUp Theme Extension"

                    \InProcServer32\(Default) = "C:\WINDOWS\system32\uxtuneup.dll" ["TuneUp Software GmbH"]


 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

 <> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"

   -> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"

                    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]


 HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

 "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

   -> {HKLM...CLSID} = "WPDShServiceObj Class"

                    \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]


 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\

 <> "AppInit_DLLs" = ""C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"" ["Kaspersky Lab"]


 HKLM\System\CurrentControlSet\Control\Session Manager\

 <> "BootExecute" = "autocheck autochk *"|"smrgdf C:\Documents and Settings\Administrator\Dane aplikacji\iolo\" [null data]


 <> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]


 HKLM\Software\Classes\PROTOCOLS\Filter\

 <> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"

   -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"

                    \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]


 HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

 {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

   -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

                    \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

 {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"

   -> {HKLM...CLSID} = (no title provided)

                    \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.4\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

 {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

   -> {HKLM...CLSID} = "PDF Shell Extension"

                    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


 HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

 Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

   -> {HKLM...CLSID} = (no title provided)

                    \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll" ["Kaspersky Lab"]

 ShrCtxMnu\(Default) = "{61cfd09c-8221-46c7-bbd9-ed438b39ddc1}"

   -> {HKLM...CLSID} = "ShrCtxMnu"

                    \InProcServer32\(Default) = "c:\program files\g data software\niszczarka nxg\shrctxmnu.dll" [null data]

 TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"

   -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

                    \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

   -> {HKLM...CLSID} = "WinRAR"

                    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

   -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

                    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]


 HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

 ShrCtxMnu\(Default) = "{61cfd09c-8221-46c7-bbd9-ed438b39ddc1}"

   -> {HKLM...CLSID} = "ShrCtxMnu"

                    \InProcServer32\(Default) = "c:\program files\g data software\niszczarka nxg\shrctxmnu.dll" [null data]

 TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"

   -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"

                    \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]

 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

   -> {HKLM...CLSID} = "WinRAR"

                    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

   -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

                    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]


 HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

 Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

   -> {HKLM...CLSID} = (no title provided)

                    \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll" ["Kaspersky Lab"]

 ShrCtxMnu\(Default) = "{61cfd09c-8221-46c7-bbd9-ed438b39ddc1}"

   -> {HKLM...CLSID} = "ShrCtxMnu"

                    \InProcServer32\(Default) = "c:\program files\g data software\niszczarka nxg\shrctxmnu.dll" [null data]

 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

   -> {HKLM...CLSID} = "WinRAR"

                    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

   -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

                    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]


 HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

 XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

   -> {HKLM...CLSID} = "Groove GFS Context Menu Handler"

                    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]



 Default executables:

 --------------------


 <> HKLM\Software\Classes\htafile\shell\open\command\(Default) = "NOTEPAD.EXE %1" [MS]


 <> HKLM\Software\Classes\scrfile\shell\open\command\(Default) = "NOTEPAD.EXE %1" [MS]



 Group Policies {GPedit.msc branch and setting}:

 -----------------------------------------------


 Note: detected settings may not have any effect.


 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\


 "NoSaveSettings" = (REG_DWORD) hex:0x00000000

 {User Configuration|Administrative Templates|Desktop|

 Don't save settings at exit}


 "ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001

 {unrecognized setting}


 "NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001

 {unrecognized setting}


 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\


 "NoRemoteRecursiveEvents" = (REG_DWORD) hex:0x00000001

 {unrecognized setting}


 "ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001

 {unrecognized setting}


 "LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000000

 {unrecognized setting}


 "NoResolveSearch" = (REG_DWORD) hex:0x00000001

 {unrecognized setting}


 "ClassicShell" = (REG_DWORD) hex:0x00000000

 {unrecognized setting}


 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


 "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

 Shutdown: Allow system to be shut down without having to log on}


 "undockwithoutlogon" = (REG_DWORD) hex:0x00000001

 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

 Devices: Allow undock without having to log on}


 "NoInternetOpenWith" = (REG_DWORD) hex:0x00000001

 {unrecognized setting}



 Active Desktop and Wallpaper:

 -----------------------------


 Active Desktop may be disabled at this entry:

 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


 Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

 HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

 "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


 Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

 HKCU\Control Panel\Desktop\

 "Wallpaper" = "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



 Enabled Screen Saver:

 ---------------------


 HKCU\Control Panel\Desktop\

 "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]



 Enabled Scheduled Tasks:

 ------------------------


 "1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]

 "1-Klick-Wartung" -> launches: "C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]



 Winsock2 Service Provider DLLs:

 -------------------------------


 Namespace Service Providers


 HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


 Transport Service Providers


 HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

 %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11

 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



 Toolbars, Explorer Bars, Extensions:

 ------------------------------------


 Toolbars


 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

 "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

   -> {HKLM...CLSID} = "&Google"

                    \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]


 HKLM\Software\Microsoft\Internet Explorer\Toolbar\

 "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

   -> {HKLM...CLSID} = "&Google"

                    \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

 "{D2F8F919-690B-4EA2-9FA7-A203D1E04F75}" = (no title provided)

   -> {HKLM...CLSID} = "StylerToolBar"

                    \InProcServer32\(Default) = "C:\Program Files\Styler\TB\StylerTB.dll" ["StyleFantasist"]


 Explorer Bars


 HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\


 HKLM\Software\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"

 Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

 InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]


 HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Web Anti-Virus"

 Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

 InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll" ["Kaspersky Lab"]


 HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"

 Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

 InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]


 Extensions (Tools menu items, main toolbar menu buttons)


 HKLM\Software\Microsoft\Internet Explorer\Extensions\

 {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\

 "ButtonText" = "Web Anti-Virus"


 {2670000A-7350-4F3C-8081-5663EE0C6C49}\

 "ButtonText" = "Wyślij do programu OneNote"

 "MenuText" = "Wyślij &do programu OneNote"

 "CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"

   -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"

                    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]


 {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\

 "ButtonText" = "Spyware Doctor"

 "CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"

   -> {HKLM...CLSID} = "PCTools Browser Monitor"

                    \InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]


 {92780B25-18CC-41C8-B9BE-3C9C571A8263}\

 "ButtonText" = "Research"



 Miscellaneous IE Hijack Points

 ------------------------------


 HKLM\Software\Microsoft\Internet Explorer\AboutURLs\

 <> "TuneUp" = "file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css" [file not found]



 Running Services (Display Name, Service Name, Path {Service DLL}):

 ------------------------------------------------------------------


 CachemanXP, CachemanXPService, "C:\Program Files\CachemanXP\CachemanXP.exe" ["OuterTechnologies"]

 Kaspersky Internet Security 6.0, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r" ["Kaspersky Lab"]

 NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]



 Print Monitors:

 ---------------


 HKLM\System\CurrentControlSet\Control\Print\Monitors\

 Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]



 ----------

 <>: Suspicious data at a malware launch point.

 <>: Suspicious data at a browser hijack point.


 + This report excludes default entries except where indicated.

 + To see *everywhere* the script checks and *everything* it finds,

   launch it from a command prompt or a shortcut with the -all parameter.

 + To search all directories of local fixed drives for DESKTOP.INI

   DLL launch points, use the -supp parameter or answer "No" at the

   first message box and "Yes" at the second message box.

 ---------- (total run time: 48 seconds)
#2

Powód wolnego zamykania systemu podaliśmy już w poprzednich Twoich wątkach, które założyłeś w tym dziale. Dla przypomnienia podam go i tym razem. Otóż wolne zamykanie systemu powoduje aktywny sterownik NVIDII. Spróbuj go wyłączyć i sprawdzić jak wtedy będzie zachowywał się system. W tym celu wybierz start => uruchom => wpisz services.msc i kliknij OK => zatrzymaj i (ewentualnie) wyłącz usługę o nazwie NVIDIA Display Driver Service.

Co do logów. Znasz to?

jeśli nie znasz to usuwasz (folder ręcznie w trybie awaryjnym, a wpis w hjt).

Użyj ATF Cleaner i przeczyść Current User Temp oraz All Users Temp.

Zastosuj Unhookexec.inf. Prawy klawisz myszki na link => zapisz element docelowy jako => wskaż gdzie chcesz zapisać (np. na pulpit) => po pobraniu prawy klawisz myszki na plik => instaluj.

Spyware Doctor jest programem wątpliwej reputacji dlatego proponuję go usunąć. Sposób usunięcia jest podany tutaj:

http://forum.dobreprogramy.pl/viewtopic … 332#791332

#3

To jest chyba od Vista Transformation Pack 6.0.

To co do usługi z Nvidi to ją wywalam :-o

A SpywareDoctor wywalam i wstawiam za niego SpyBota :wink: