Zawieszanie się komputera po starcie systemu


(Gardons) #1

Tak jak w temacie komputer po ukazaniu sie pulpitu chodzi tak jak powinien a za 5 min zawiesza sie i nic nie moge zrobić kombinacją klawiczy ctr-alt-delete włanczam menager użadzen i tutaj zazwyczaj najwiecej ciagnie bo ok 99 % procesora usługa svchost.exe a czasami tak sie zawiesi ze nawet nie włancza się menager użadzeń prosze o pomoc! !!

oto logi

Logfile of HijackThis v1.99.1

Scan saved at 15:49:43, on 2007-05-25

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Winamp.k\winamp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\mozilla.org\Mozilla\mozilla.exe

C:\WINDOWS\System32\WScript.exe

C:\Documents and Settings\user\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: Shell=explorer.exe 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Eksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Pobierz z BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} - http://www.mks.com.pl/skaner/SkanerOnline.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]

"GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS]

"LXCFCATS" = "rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  - {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)

  - {HKLM...CLSID} = "Groove GFS Browser Helper"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  - {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  - {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  - {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

  - {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

  - {HKLM...CLSID} = "iTunes"

                   \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  - {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

  - {HKLM...CLSID} = "Shell Search Band"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.DLL" [MS]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

  - {HKLM...CLSID} = "Portable Media Devices"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  - {HKLM...CLSID} = "Portable Media Devices Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"

  - {HKLM...CLSID} = "IE Microsoft AutoComplete"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.DLL" [MS]

"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"

  - {HKLM...CLSID} = "ShellLink for Application References"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]

"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"

  - {HKLM...CLSID} = "Shell Icon Handler for Application References"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"

  - {HKLM...CLSID} = "Groove GFS Browser Helper"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"

  - {HKLM...CLSID} = "Groove Folder Synchronization"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"

  - {HKLM...CLSID} = "Groove GFS Stub Icon Handler"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"

  - {HKLM...CLSID} = "Groove GFS Stub Execution Hook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"

  - {HKLM...CLSID} = "Groove GFS Context Menu Handler"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"

  - {HKLM...CLSID} = "Groove XML Icon Handler"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"

  - {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"

  - {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"

  - {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"

  - {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"

  - {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]

"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

  - {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

  - {HKLM...CLSID} = "Microsoft Office Metadata Handler"

                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

  - {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{AD392E40-428C-459F-961E-9B147782D099}" = "UltraISO"

  - {HKLM...CLSID} = "UIContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]

"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"

  - {HKLM...CLSID} = "PowerISO"

                   \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"

  - {HKLM...CLSID} = "Groove GFS Stub Execution Hook"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]


HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"

  - {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"

                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]


HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

  - {HKLM...CLSID} = "PDF Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  - {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

  - {HKLM...CLSID} = "PowerISO"

                   \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  - {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

  - {HKLM...CLSID} = "Groove GFS Context Menu Handler"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

  - {HKLM...CLSID} = "PowerISO"

                   \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"

  - {HKLM...CLSID} = "UIContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  - {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

  - {HKLM...CLSID} = "Groove GFS Context Menu Handler"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  - {HKLM...CLSID} = "avast"

                   \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

  - {HKLM...CLSID} = "PowerISO"

                   \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"

  - {HKLM...CLSID} = "UIContextMenu Class"

                   \InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  - {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"

  - {HKLM...CLSID} = "Groove GFS Context Menu Handler"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is enabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"


Active Desktop web content:


HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\

"FriendlyName" = ""

"Source" = ""

"SubscribedURL" = ""



Enabled Screen Saver:

---------------------


HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssflwbox.scr" [MS]



Startup items in "user" "All Users" startup folders:

------------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Adobe Gamma Loader" - shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]



Enabled Scheduled Tasks:

------------------------


"1-Click Maintenance" - launches: "C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" [file not found]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{4D5C8C2A-D075-11D0-B416-00C04FB90376}"

  - {HKLM...CLSID} = "Pasek poleceń Microsoft"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.DLL" [MS]


Explorer Bars


Dormant Explorer Bars in "View, Explorer Bar" menu


HKLM\Software\Classes\CLSID\{21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = "Shell Search Band"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.DLL" [MS]


HKLM\Software\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]


HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "Badanie"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{2670000A-7350-4F3C-8081-5663EE0C6C49}\

"ButtonText" = "Wyślij do programu OneNote"

"MenuText" = "Wyślij do programu OneNote"

"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"

  - {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"

                   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]


{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"



Miscellaneous IE Hijack Points

------------------------------


C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")


Added lines (compared with English-language version):

[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=iepver=6ar=msnhome


Missing lines (compared with English-language version):

[Strings]: 1 line


HKLM\Software\Microsoft\Internet Explorer\AboutURLs\

HIJACK WARNING! "TuneUp" = "file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css" [file not found]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

730 Series Port\Driver = "lxcflmpm.DLL" [" "]

hpzlnt04\Driver = "hpzlnt04.dll" ["HP"]

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 119 seconds.

+ The search for all Registry CLSIDs containing dormant Explorer Bars

  took 36 seconds.

---------- (total run time: 872 seconds)

(Gutek) #2

usuń wpis HJT

Poczytaj Wywoływanie BSODa (Blue Screen of Death) - http://forum.centrumxp.pl/Default.aspx?g=posts&t=108100 oraz