Witam mam problem z kompem, tzn. strasznie sie zamulil ostatnio i to wcale nie chodzi o miejsce na dysku bo mam go jeszcze sporo. Od wczoraj kiedy wlaczylam kompa otwieranie zajmuje okolo 1,5 h nie mowiac o obsludze jakiegokolwiek programu, nawet zamykanie systemu trwa bardzo dlugo( wczesniej nie mialam tego typu problemow). Probowalam skanowac dysk programem avast, ale niestety nic nie wykryl (choc w dwoch momentach stana na okolo godzine). Obecnie uruchamiam kompa w systemie awaryjnym i jest ok . Jak myslicie co jest z moim kompem? prosze o szybka pomoc. Pozdrawiam
Przygotuj loga z programów HijackThis oraz Silent Runners. Instrukcję jak to zrobić znajdziesz TUTAJ a informację odnośnie sposobu umieszczania logów na forumTUTAJ
ok dzieki
zrobilam ja napisales, wkleilam loga na wklejto.pl i wyslalam ale nie mam zielonego pojecia co dalej…
Pozdrawiam Basia2113
Daj tutaj linki do logów, które wysłałaś. #-o
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:59:06, on 2009-06-08
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\ania\AppData\Local\Temp\Rar$EX00.529\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM…\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKCU…\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [Orb] “C:\Program Files\Winamp Remote\bin\OrbTray.exe” /background
O4 - HKCU…\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU “C:\Windows\TEMP\E_SF76C.tmp” /EF “HKCU”
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [cmkms] “c:\users\ania\appdata\local\cmkms.exe” cmkms
O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU…\Run: [Wru] C:\Program Files\Wru\Wru.exe
O4 - HKUS\S-1-5-19…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘USŁUGA SIECIOWA’)
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/ … 586-jc.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Usługa Google Update (gupdate1c9d49759044cb0) (gupdate1c9d49759044cb0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
–
End of file - 6956 bytes
– Dodane 08.06.2009 (Pn) 18:41 –
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:09, on 2009-06-08
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\ania\AppData\Local\Temp\Rar$EX00.630\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM…\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKCU…\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [Orb] “C:\Program Files\Winamp Remote\bin\OrbTray.exe” /background
O4 - HKCU…\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU “C:\Windows\TEMP\E_SF76C.tmp” /EF “HKCU”
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [cmkms] “c:\users\ania\appdata\local\cmkms.exe” cmkms
O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU…\Run: [Wru] C:\Program Files\Wru\Wru.exe
O4 - HKUS\S-1-5-19…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘USŁUGA SIECIOWA’)
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/ … 586-jc.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Usługa Google Update (gupdate1c9d49759044cb0) (gupdate1c9d49759044cb0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
–
End of file - 7028 bytes
– Dodane 08.06.2009 (Pn) 18:46 –
“Silent Runners.vbs”, revision 59, http://www.silentrunners.org/
Operating System: Windows Vista
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“Sidebar” = “C:\Program Files\Windows Sidebar\sidebar.exe /autoRun” [MS]
“swg” = “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [“Google Inc.”]
“Orb” = ““C:\Program Files\Winamp Remote\bin\OrbTray.exe” /background” [“Orb Networks”]
“EPSON SX100 Series” = “C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU “C:\Windows\TEMP\E_SF76C.tmp” /EF “HKCU”” [“SEIKO EPSON CORPORATION”]
“Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”]
“Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”]
“cmkms” = ““c:\users\ania\appdata\local\cmkms.exe” cmkms” [file not found]
“ehTray.exe” = “C:\Windows\ehome\ehTray.exe” [MS]
“Wru” = “C:\Program Files\Wru\Wru.exe” [“Lavorate Sp.z.o.o.”]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
“Windows Defender” = “C:\Program Files\Windows Defender\MSASCui.exe -hide”
“NvCplDaemon” = “RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup” [MS]
“NvMediaCenter” = “RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit” [MS]
“GrooveMonitor” = ““C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”” [MS]
“PAC7302_Monitor” = “C:\Windows\PixArt\PAC7302\Monitor.exe” [“PixArt Imaging Incorporation”]
“SunJavaUpdateSched” = ““C:\Program Files\Java\jre6\bin\jusched.exe”” [“Sun Microsystems, Inc.”]
“WinampAgent” = ““C:\Program Files\Winamp\winampa.exe”” [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx” [empty string]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}(Default) = “Skype add-on (mastermind)”
-> {HKLM…CLSID} = “Skype add-on (mastermind)”
\InProcServer32(Default) = “C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll” [“Skype Technologies S.A.”]
{37B85A21-692B-4205-9CAD-2626E4993404}(Default) = “My Global Search Bar BHO”
-> {HKLM…CLSID} = “My Global Search Bar BHO”
\InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL” [“My Global Search”]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}(Default) = (no title provided)
-> {HKLM…CLSID} = “Groove GFS Browser Helper”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6}(Default) = (no title provided)
-> {HKLM…CLSID} = “Easy Photo Print”
\InProcServer32(Default) = “C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll” [“SEIKO EPSON CORPORATION / CyCom Technology Corp.”]
{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)
-> {HKLM…CLSID} = “Google Toolbar Helper”
\InProcServer32(Default) = “C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll” [“Google Inc.”]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}(Default) = (no title provided)
-> {HKLM…CLSID} = “Google Toolbar Notifier BHO”
\InProcServer32(Default) = “C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll” [“Google Inc.”]
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}(Default) = “Google Dictionary Compression sdch”
-> {HKLM…CLSID} = “Google Dictionary Compression sdch”
\InProcServer32(Default) = “C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll” [“Google Inc.”]
{DBC80044-A445-435b-BC74-9C25C1C588A9}(Default) = (no title provided)
-> {HKLM…CLSID} = “Java Plug-In 2 SSV Helper”
\InProcServer32(Default) = “C:\Program Files\Java\jre6\bin\jp2ssv.dll” [“Sun Microsystems, Inc.”]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{00020d75-0000-0000-c000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler”
-> {HKLM…CLSID} = “Microsoft Office Outlook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL” [MS]
“{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class”
-> {HKLM…CLSID} = “DesktopContext Class”
\InProcServer32(Default) = “C:\Windows\system32\nvcpl.dll” [“NVIDIA Corporation”]
“{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper”
-> {HKLM…CLSID} = “NVIDIA CPL Extension”
\InProcServer32(Default) = “C:\Windows\system32\nvcpl.dll” [“NVIDIA Corporation”]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
“{72853161-30C5-4D22-B7F9-0BBC1D38A37E}” = “Groove GFS Browser Helper”
-> {HKLM…CLSID} = “Groove GFS Browser Helper”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}” = “Groove GFS Explorer Bar”
-> {HKLM…CLSID} = “Groove Folder Synchronization”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{A449600E-1DC6-4232-B948-9BD794D62056}” = “Groove GFS Stub Icon Handler”
-> {HKLM…CLSID} = “Groove GFS Stub Icon Handler”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}” = “Groove GFS Stub Execution Hook”
-> {HKLM…CLSID} = “Groove GFS Stub Execution Hook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{6C467336-8281-4E60-8204-430CED96822D}” = “Groove GFS Context Menu Handler”
-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{387E725D-DC16-4D76-B310-2C93ED4752A0}” = “Groove XML Icon Handler”
-> {HKLM…CLSID} = “Groove XML Icon Handler”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{16F3DD56-1AF5-4347-846D-7C10C4192619}” = “Groove Explorer Icon Overlay 3 (GFS Folder)”
-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 3 (GFS Folder)”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}” = “Groove Explorer Icon Overlay 2 (GFS Stub)”
-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 2 (GFS Stub)”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}” = “Groove Explorer Icon Overlay 4 (GFS Unread Mark)”
-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 4 (GFS Unread Mark)”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{99FD978C-D287-4F50-827F-B2C658EDA8E7}” = “Groove Explorer Icon Overlay 1 (GFS Unread Stub)”
-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 1 (GFS Unread Stub)”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{920E6DB1-9907-4370-B3A0-BAFC03D81399}” = “Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)”
-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler”
-> {HKLM…CLSID} = “Outlook File Icon Extension”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL” [MS]
“{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}” = “Microsoft Office OneNote Namespace Extension for Windows Desktop Search”
-> {HKLM…CLSID} = “Microsoft Office OneNote Namespace Extension for Windows Desktop Search”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL” [MS]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office12\msohevi.dll” [MS]
“{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}” = “Microsoft Office Metadata Handler”
-> {HKLM…CLSID} = “Microsoft Office Metadata Handler”
\InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS]
“{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}” = “Microsoft Office Thumbnail Handler”
-> {HKLM…CLSID} = “Microsoft Office Thumbnail Handler”
\InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<> “{B5A7F190-DDA6-4420-B3BA-52453494E6CD}” = “Groove GFS Stub Execution Hook”
-> {HKLM…CLSID} = “Groove GFS Stub Execution Hook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = “{807563E5-5146-11D5-A672-00B0D022E945}”
-> {HKLM…CLSID} = “Microsoft Office InfoPath XML Mime Filter”
\InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL” [MS]
<> x-sdch\CLSID = “{B1759355-3EEC-4C1E-B0F1-B719FE26E377}”
-> {HKLM…CLSID} = “Google Dictionary Compression filter”
\InProcServer32(Default) = “C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll” [“Google Inc.”]
HKLM\SOFTWARE\Classes*\shellex\ContextMenuHandlers\
EPP(Default) = “{3F3B81BE-529B-40b9-8189-6666B241ADFA}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Epson Software\Easy Photo Print\EPPShell.dll” [“SEIKO EPSON CORPORATION”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}”
-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}”
-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}”
-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}”
-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
“ConsentPromptBehaviorAdmin” = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
“ConsentPromptBehaviorUser” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}
“EnableInstallerDetection” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}
“EnableLUA” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}
“EnableSecureUIAPaths” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}
“EnableVirtualization” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}
“PromptOnSecureDesktop” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}
“shutdownwithoutlogon” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
“FilterAdministratorToken” = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}
“EnableUIADesktopToggle” = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\Users\ania\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp”
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
“SCRNSAVE.EXE” = “C:\Windows\system32\logon.scr” [MS]
Windows Portable Device AutoPlay Handlers
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
VLCPlayCDAudioOnArrival\
“Provider” = “VideoLAN VLC media player”
“InvokeProgID” = “VLC.CDAudio”
“InvokeVerb” = “play”
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command(Default) = “C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1” [“VideoLAN Team”]
VLCPlayDVDMovieOnArrival\
“Provider” = “VideoLAN VLC media player”
“InvokeProgID” = “VLC.DVDMovie”
“InvokeVerb” = “play”
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command(Default) = “C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1” [“VideoLAN Team”]
WIA_{73883B71-FD30-48C7-B9D4-D74BAEE0DBF2}\
“Provider” = “ABBYY FineReader 6.0 Sprint”
“CLSID” = “{A55803CC-4D53-404c-8557-FD63DBA95D24}”
“InitCmdLine” = “/WiaCmd;C:\Program Files\ABBYY FineReader 6.0 Sprint\Sprint.exe /StiDevice:%1 /StiEvent:%2;”
-> {HKLM…CLSID} = “WPDShextAutoplay”
\LocalServer32(Default) = “C:\Windows\system32\WPDShextAutoplay.exe” [MS]
WinampMTPHandler\
“Provider” = “Winamp”
“ProgID” = “Shell.HWEventHandlerShellExecute”
“InitCmdLine” = “C:\Program Files\Winamp\winamp.exe”
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID(Default) = “{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}”
-> {HKLM…CLSID} = “Shell Execute Hardware Event Handler”
\LocalServer32(Default) = “C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}” [MS]
WinampPlayMediaOnArrival\
“Provider” = “Winamp”
“InvokeProgID” = “Winamp.File”
“InvokeVerb” = “Play”
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command(Default) = "“C:\Program Files\Winamp\winamp.exe” “%1"” [“Nullsoft”]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = “{46986115-84D6-459c-8F95-52DD653E532E}”
-> {HKLM…CLSID} = (no title provided)
\LocalServer32(Default) = ““C:\Program Files\Winamp\winamp.exe”” [“Nullsoft”]
Non-disabled Scheduled Tasks:
C:\Windows\System32\Tasks
“GoogleUpdateTaskMachine” -> launches: “C:\Program Files\Google\Update\GoogleUpdate.exe /c” [“Google Inc.”]
“User_Feed_Synchronization-{A8FE8AAE-1AED-4D35-B530-BFFE0C035F95}” -> (HIDDEN!) launches: “C:\Windows\system32\msfeedssync.exe sync” [MS]
“{21AAF35F-DB64-49CD-97ED-0663CD9297AD}” -> launches: “C:\Windows\system32\pcalua.exe -a F:\Launch.exe -d F:” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
“AD RMS Rights Policy Template Management (Manual)” -> launches: “{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}”
-> {HKLM…CLSID} = “AD RMS Rights Policy Template Management (Manual) Task Handler”
\InProcServer32(Default) = “C:\Windows\system32\msdrm.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
“UninstallDeviceTask” -> launches: “BthUdTask.exe $(Arg0)” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
“SystemTask” -> launches: “{58fb76b9-ac85-4e55-ac04-427593b1d060}”
-> {HKLM…CLSID} = “Certificate Services Client Task Handler”
\InProcServer32(Default) = “C:\Windows\system32\dimsjob.dll” [MS]
“UserTask” -> launches: “{58fb76b9-ac85-4e55-ac04-427593b1d060}”
-> {HKLM…CLSID} = “Certificate Services Client Task Handler”
\InProcServer32(Default) = “C:\Windows\system32\dimsjob.dll” [MS]
“UserTask-Roam” -> launches: “{58fb76b9-ac85-4e55-ac04-427593b1d060}”
-> {HKLM…CLSID} = “Certificate Services Client Task Handler”
\InProcServer32(Default) = “C:\Windows\system32\dimsjob.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
“Consolidator” -> launches: “%SystemRoot%\System32\wsqmcons.exe” [MS]
“OptinNotification” -> launches: “%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
“ScheduledDefrag” -> launches: “%windir%\system32\defrag.exe -c -i” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic
“Microsoft-Windows-DiskDiagnosticDataCollector” -> (HIDDEN!) launches: “%windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
“ehDRMInit” -> launches: “%SystemRoot%\ehome\ehPrivJob.exe /DRMInit” [MS]
“mcupdate” -> launches: “%SystemRoot%\ehome\mcupdate $(Arg0) -gc” [MS]
“OCURActivate” -> launches: “%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate” [MS]
“OCURDiscovery” -> launches: “%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery” [MS]
“UpdateRecordPath” -> launches: “%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
“HotStart” -> launches: “{06DA0625-9701-43da-BFD7-FBEEA2180A1E}”
-> {HKLM…CLSID} = “HotStart User Agent”
\InProcServer32(Default) = “C:\Windows\System32\HotStartUserAgent.dll” [MS]
“TMM” -> launches: “{35EF4182-F900-4632-B072-8639E4478A61}”
-> {HKLM…CLSID} = “Transient Multi-Monitor Manager”
\InProcServer32(Default) = “C:\Windows\System32\TMM.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
“LPRemove” -> launches: “%windir%\system32\lpremove.exe” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
“SystemSoundsService” -> launches: “{2DEA658F-54C1-4227-AF9B-260AB5FC3543}”
-> {HKLM…CLSID} = “Microsoft PlaySoundService Class”
\InProcServer32(Default) = “C:\Windows\System32\PlaySndSrv.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection
“NAPStatus UI” -> launches: “{f09878a1-4652-4292-aa63-8c7d4fd7648f}”
-> {HKLM…CLSID} = “Nap ITask Handler Implementation”
\InProcServer32(Default) = “C:\Windows\System32\QAgent.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RAC
“RACAgent” -> (HIDDEN!) launches: “%windir%\system32\RacAgent.exe” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
“RemoteAssistanceTask” -> (HIDDEN!) launches: “%windir%\system32\RAServer.exe /offerraupdate” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Shell
“CrawlStartPages” -> launches: “{51653423-e62d-4ff7-894a-dabb2b8e21e2}”
-> {HKLM…CLSID} = “CrawlStartPages Task Handler”
\InProcServer32(Default) = “C:\Windows\System32\srchadmin.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
“GadgetManager” -> launches: “{FF87090D-4A9A-4f47-879B-29A80C355D61}”
-> {HKLM…CLSID} = “GadgetsManager Class”
\InProcServer32(Default) = “C:\Windows\System32\AuxiliaryDisplayServices.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
“SR” -> launches: “%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
“IpAddressConflict1” -> launches: “rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem” [MS]
“IpAddressConflict2” -> launches: “rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
“MsCtfMonitor” -> (HIDDEN!) launches: “{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}”
-> {HKLM…CLSID} = “MsCtfMonitor task handler”
\InProcServer32(Default) = “C:\Windows\system32\MsCtfMonitor.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
“UPnPHostConfig” -> launches: “sc.exe config upnphost start= auto” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
“ResolutionHost” -> (HIDDEN!) launches: “{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}”
-> {HKLM…CLSID} = “DiagnosticInfrastructureCustomHandler”
\InProcServer32(Default) = “C:\Windows\System32\wdi.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
“QueueReporting” -> launches: “%windir%\system32\wermgr.exe -queuereporting” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Wired
“GatherWiredInfo” -> launches: “%windir%\system32\gatherWiredInfo.vbs” [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\Wireless
“GatherWirelessInfo” -> launches: “%windir%\system32\gatherWirelessInfo.vbs” [null data]
C:\Windows\System32\Tasks\Microsoft\Windows Defender
“MP Scheduled Scan” -> (HIDDEN!) launches: “c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges” [MS]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\system32\NLAapi.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\system32\napinsp.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\system32\pnrpnsp.dll” [MS]
000000000004\LibraryPath = “%SystemRoot%\system32\pnrpnsp.dll” [MS]
000000000005\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000006\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 18
Toolbars, Explorer Bars, Extensions:
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”
-> {HKLM…CLSID} = “Google Toolbar”
\InProcServer32(Default) = “C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll” [“Google Inc.”]
“{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}”
-> {HKLM…CLSID} = “BearShare MediaBar”
\InProcServer32(Default) = “C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll” [“BearShare”]
“{37B85A29-692B-4205-9CAD-2626E4993404}”
-> {HKLM…CLSID} = “My Global Search Bar”
\InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL” [“My Global Search”]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
“{9421DD08-935F-4701-A9CA-22DF90AC4EA6}” = “EPTBL”
-> {HKLM…CLSID} = “Easy Photo Print”
\InProcServer32(Default) = “C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll” [“SEIKO EPSON CORPORATION / CyCom Technology Corp.”]
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided)
-> {HKLM…CLSID} = “Google Toolbar”
\InProcServer32(Default) = “C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll” [“Google Inc.”]
“{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}” = (no title provided)
-> {HKLM…CLSID} = “BearShare MediaBar”
\InProcServer32(Default) = “C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll” [“BearShare”]
“{37B85A29-692B-4205-9CAD-2626E4993404}” = (no title provided)
-> {HKLM…CLSID} = “My Global Search Bar”
\InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL” [“My Global Search”]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}(Default) = “Groove Folder Synchronization”
Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
HKLM\SOFTWARE\Classes\CLSID{E16DC1FE-7C34-43F2-B754-F3AD12DDF97C}(Default) = “Google Find Bar”
Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32(Default) = “C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll” [“Google Inc.”]
HKLM\SOFTWARE\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Poszukaj”
Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL” [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
“ButtonText” = “Wyślij do programu OneNote”
“MenuText” = “Wyślij &do programu OneNote”
“CLSIDExtension” = “{48E73304-E1D6-4330-914C-F5F514E3486C}”
-> {HKLM…CLSID} = “Send to OneNote from Internet Explorer button”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll” [MS]
{77BF5300-1474-4EC7-9980-D32B190E9B07}\
“ButtonText” = “Skype”
“CLSIDExtension” = “{77BF5300-1474-4EC7-9980-D32B190E9B07}”
-> {HKLM…CLSID} = “Skype add-on (button)”
\InProcServer32(Default) = “C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll” [“Skype Technologies S.A.”]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
“ButtonText” = “Research”
All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}):
Agent ochrony dostępu do sieci, napagent, “C:\Windows\System32\svchost.exe -k NetworkService” {“C:\Windows\system32\qagentRT.dll” [MS]}
Aplikacja systemowa modelu COM+, COMSysApp, “C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}” [MS]
Autokonfiguracja sieci WLAN, Wlansvc, “C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted” {“C:\Windows\System32\wlansvc.dll” [MS]}
Automatyczna konfiguracja sieci przewodowej, dot3svc, “C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted” {“C:\Windows\System32\dot3svc.dll” [MS]}
Dostęp do urządzeń interfejsu HID, hidserv, “C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted” {“C:\Windows\system32\hidserv.dll” [MS]}
Dysk wirtualny, vds, “C:\Windows\System32\vds.exe” [MS]
Dzienniki wydajności i &alerty, pla, “C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork” {“C:\Windows\system32\pla.dll” [MS]}
Google Software Updater, gusvc, ““C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe”” [“Google”]
Grupowanie sieci równorzędnej, p2psvc, “C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted” {“C:\Windows\system32\p2psvc.dll” [MS]}
Host usługi diagnostyki, WdiServiceHost, “C:\Windows\System32\svchost.exe -k wdisvc” {“C:\Windows\system32\wdi.dll” [MS]}
Instalator Windows, msiserver, “C:\Windows\system32\msiexec /V” [MS]
Izolacja klucza CNG, KeyIso, “C:\Windows\system32\lsass.exe” [MS]
Karta inteligentna, SCardSvr, “C:\Windows\system32\svchost.exe -k LocalService” {“C:\Windows\System32\SCardSvr.dll” [MS]}
Kolektor zdarzeń systemu Windows, Wecsvc, “C:\Windows\system32\svchost.exe -k NetworkService” {“C:\Windows\system32\wecsvc.dll” [MS]}
Kolory w systemie Windows, WcsPlugInService, “C:\Windows\system32\svchost.exe -k wcssvc” {“C:\Windows\System32\WcsPlugInService.dll” [MS]}
Konfiguracja usług terminalowych, SessionEnv, “C:\Windows\System32\svchost.exe -k netsvcs” {“C:\Windows\system32\sessenv.dll” [MS]}
Kontrola rodzicielska, WPCSvc, “C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted” {“C:\Windows\System32\wpcsvc.dll” [MS]}
Koordynator transakcji rozproszonych, MSDTC, “C:\Windows\System32\msdtc.exe” [MS]
Kopia zapasowa systemu Windows, SDRSVC, “C:\Windows\system32\svchost.exe -k SDRSVC” {“C:\Windows\System32\SDRSVC.dll” [MS]}
Lokalizator usługi zdalnego wywołania procedury (RPC), RpcLocator, “C:\Windows\system32\locator.exe” [MS]
Mapowanie z odnajdywaniem topologii warstwy łącza, lltdsvc, “C:\Windows\System32\svchost.exe -k LocalService” {“C:\Windows\System32\lltdsvc.dll” [MS]}
Menedżer autopołączenia dostępu zdalnego, RasAuto, “C:\Windows\system32\svchost.exe -k netsvcs” {“C:\Windows\System32\rasauto.dll” [MS]}
Menedżer tożsamości sieci równorzędnej, p2pimsvc, “C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted” {“C:\Windows\system32\p2psvc.dll” [MS]}
Microsoft .NET Framework NGEN v2.0.50727_X86, clr_optimization_v2.0.50727_32, “C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe” [MS]
Microsoft Office Diagnostics Service, odserv, ““C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE”” [MS]
Microsoft Office Groove Audit Service, Microsoft Office Groove Audit Service, ““C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe”” [MS]
Moduł wyliczający magistrali PnP-X IP, IPBusEnum, “C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted” {“C:\Windows\system32\ipbusenum.dll” [MS]}
NetLogon, Netlogon, “C:\Windows\system32\lsass.exe” [MS]
NVIDIA Display Driver Service, nvsvc, “C:\Windows\system32\nvvsvc.exe” [“NVIDIA Corporation”]
Office Source Engine, ose, ““C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE”” [MS]
Pomoc techniczna panelu sterowania Raporty i rozwiązania problemów, wercplsupport, “C:\Windows\System32\svchost.exe -k netsvcs” {“C:\Windows\System32\wercplsupport.dll” [MS]}
Połącz teraz w systemie Windows — Rejestrator konfiguracji, wcncsvc, “C:\Windows\System32\svchost.exe -k LocalService” {“C:\Windows\System32\wcncsvc.dll” [MS]}
Propagacja certyfikatu, CertPropSvc, “C:\Windows\system32\svchost.exe -k netsvcs” {“C:\Windows\System32\certprop.dll” [MS]}
Protokół PNRP (Peer Name Resolution Protocol), PNRPsvc, “C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted” {“C:\Windows\system32\p2psvc.dll” [MS]}
Protokół uwierzytelniania rozszerzonego (EAP), EapHost, “C:\Windows\System32\svchost.exe -k netsvcs” {“C:\Windows\System32\eapsvc.dll” [MS]}
Przeglądarka komputera, Browser, “C:\Windows\System32\svchost.exe -k netsvcs” {“C:\Windows\System32\browser.dll” [MS]}
Quality Windows Audio Video Experience, QWAVE, “C:\Windows\system32\svchost.exe -k LocalService” {“C:\Windows\system32\qwave.dll” [MS]}
Rejestr zdalny, RemoteRegistry, “C:\Windows\system32\svchost.exe -k regsvc” {“C:\Windows\system32\regsvc.dll” [MS]}
Replikacja systemu plików DFS, DFSR, “C:\Windows\system32\DFSR.exe” [MS]
SNMP Trap, SNMPTRAP, “C:\Windows\System32\snmptrap.exe” [MS]
Uruchamianie usług w programie Windows Media Center, ehstart, “C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork” {“C:\Windows\ehome\ehstart.dll” [MS]}
Usługa bramy warstwy aplikacji, ALG, “C:\Windows\System32\alg.exe” [MS]
Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0, FontCache3.0.0.0, “C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe” [MS]
Usługa Google Update (gupdate1c9d49759044cb0), gupdate1c9d49759044cb0, ““C:\Program Files\Google\Update\GoogleUpdate.exe” /svc” [“Google Inc.”]
Usługa inicjatora iSCSI firmy Microsoft, MSiSCSI, “C:\Windows\system32\svchost.exe -k netsvcs” {“C:\Windows\system32\iscsiexe.dll” [MS]}
Usługa Odbiornik Windows Media Center, ehRecvr, “C:\Windows\ehome\ehRecvr.exe” [MS]
Usługa Planowanie nagrywania, ehSched, “C:\Windows\ehome\ehsched.exe” [MS]
Usługa powiadamiania SL UI, SLUINotify, “C:\Windows\system32\svchost.exe -k LocalService” {“C:\Windows\system32\SLUINotify.dll” [MS]}
Usługa Protokół SSTP, SstpSvc, “C:\Windows\system32\svchost.exe -k LocalService” {“C:\Windows\system32\sstpsvc.dll” [MS]}
Usługa publikowania nazw komputerów PNRP, PNRPAutoReg, “C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted” {“C:\Windows\system32\p2psvc.dll” [MS]}
Usługa udostępniania w sieci programu Windows Media Player, WMPNetworkSvc, ““C:\Program Files\Windows Media Player\wmpnetwk.exe”” [MS]
Usługi podstawowe modułu TPM, TBS, “C:\Windows\System32\svchost.exe -k LocalService” {“C:\Windows\System32\tbssvc.dll” [MS]}
Windows CardSpace, idsvc, ““C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe”” [MS]
Windows Driver Foundation — User-mode Driver Framework, wudfsvc, “C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted” {“C:\Windows\System32\WUDFSvc.dll” [MS]}
Windows Image Acquisition (WIA), stisvc, “C:\Windows\system32\svchost.exe -k imgsvc” {“C:\Windows\System32\wiaservc.dll” [MS]}
WMI Performance Adapter, wmiApSrv, “C:\Windows\system32\wbem\WmiApSrv.exe” [MS]
Wykrywanie usług interakcyjnych, UI0Detect, “C:\Windows\system32\UI0Detect.exe” [MS]
Zarządzanie kluczami i certyfikatami kondycji, hkmsvc, “C:\Windows\System32\svchost.exe -k netsvcs” {“C:\Windows\system32\kmsvc.dll” [MS]}
Zasady usuwania karty inteligentnej, SCPolicySvc, “C:\Windows\system32\svchost.exe -k netsvcs” {“C:\Windows\System32\certprop.dll” [MS]}
Zdalne zarządzanie systemem Windows (WS-Management), WinRM, “C:\Windows\System32\svchost.exe -k NetworkService” {“C:\Windows\system32\WsmSvc.dll” [MS]}
Print Monitors:
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
EPSON SX100 Series 32MonitorBE\Driver = “E_FLBEDE.DLL” [“SEIKO EPSON CORPORATION”]
Send To Microsoft OneNote Monitor\Driver = “msonpmon.dll” [MS]
---------- (launch time: 2009-06-08 18:44:19)
<>: Suspicious data at a malware launch point.
-
This report excludes default entries except where indicated.
-
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
- To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer “No” at the
first message box and “Yes” at the second message box.
---------- (total run time: 36 seconds, including 5 seconds for message boxes)
Nie same logi, tylko linki do tych które wkleiłaś na wklejto.pl 
Dlaczego zrobiłaś dwa logi w takim krótkim czasie :?:
Jeden raz starczy.
Fix w HiJackThis: ( Do a system scan only - zaznaczasz pola przy podanych niżej wpisach - Fix checked )
Pobierz Combofix, ale nie uruchamiaj.
Podczas pobierania i skanowania Combofixem należy wyłączyć wszelkie antywirusy i firewalle.
Otwórz Notatnik i wklej do niego:
Folder::
C:\Program Files\MyGlobalSearch
Plik zapisz jako CFScript.txt , najlepiej w tym samym folderze co Combofix.exe
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę Combofix.exe
Powinno się rozpocząć usuwanie.
Potem dajesz log z usuwania Combofix.
Logi wklejasz na wklej.org, a w poście dajesz tylko link.
“Silent Runners.vbs”, revision 59, http://www.silentrunners.org/
Operating System: Windows Vista
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“Sidebar” = “C:\Program Files\Windows Sidebar\sidebar.exe /autoRun” [MS]
“swg” = “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [“Google Inc.”]
“Orb” = ““C:\Program Files\Winamp Remote\bin\OrbTray.exe” /background” [“Orb Networks”]
“EPSON SX100 Series” = “C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU “C:\Windows\TEMP\E_SF76C.tmp” /EF “HKCU”” [“SEIKO EPSON CORPORATION”]
“Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”]
“Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”]
“cmkms” = ““c:\users\ania\appdata\local\cmkms.exe” cmkms” [file not found]
“ehTray.exe” = “C:\Windows\ehome\ehTray.exe” [MS]
“Wru” = “C:\Program Files\Wru\Wru.exe” [“Lavorate Sp.z.o.o.”]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
“Windows Defender” = “C:\Program Files\Windows Defender\MSASCui.exe -hide”
“NvCplDaemon” = “RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup” [MS]
“NvMediaCenter” = “RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit” [MS]
“GrooveMonitor” = ““C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”” [MS]
“PAC7302_Monitor” = “C:\Windows\PixArt\PAC7302\Monitor.exe” [“PixArt Imaging Incorporation”]
“SunJavaUpdateSched” = ““C:\Program Files\Java\jre6\bin\jusched.exe”” [“Sun Microsystems, Inc.”]
“WinampAgent” = ““C:\Program Files\Winamp\winampa.exe”” [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx” [empty string]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}(Default) = “Skype add-on (mastermind)”
-> {HKLM…CLSID} = “Skype add-on (mastermind)”
\InProcServer32(Default) = “C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll” [“Skype Technologies S.A.”]
{37B85A21-692B-4205-9CAD-2626E4993404}(Default) = “My Global Search Bar BHO”
-> {HKLM…CLSID} = “My Global Search Bar BHO”
\InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL” [“My Global Search”]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}(Default) = (no title provided)
-> {HKLM…CLSID} = “Groove GFS Browser Helper”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6}(Default) = (no title provided)
-> {HKLM…CLSID} = “Easy Photo Print”
\InProcServer32(Default) = “C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll” [“SEIKO EPSON CORPORATION / CyCom Technology Corp.”]
{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)
-> {HKLM…CLSID} = “Google Toolbar Helper”
\InProcServer32(Default) = “C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll” [“Google Inc.”]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}(Default) = (no title provided)
-> {HKLM…CLSID} = “Google Toolbar Notifier BHO”
\InProcServer32(Default) = “C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll” [“Google Inc.”]
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}(Default) = “Google Dictionary Compression sdch”
-> {HKLM…CLSID} = “Google Dictionary Compression sdch”
\InProcServer32(Default) = “C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll” [“Google Inc.”]
{DBC80044-A445-435b-BC74-9C25C1C588A9}(Default) = (no title provided)
-> {HKLM…CLSID} = “Java Plug-In 2 SSV Helper”
\InProcServer32(Default) = “C:\Program Files\Java\jre6\bin\jp2ssv.dll” [“Sun Microsystems, Inc.”]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{00020d75-0000-0000-c000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler”
-> {HKLM…CLSID} = “Microsoft Office Outlook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL” [MS]
“{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class”
-> {HKLM…CLSID} = “DesktopContext Class”
\InProcServer32(Default) = “C:\Windows\system32\nvcpl.dll” [“NVIDIA Corporation”]
“{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper”
-> {HKLM…CLSID} = “NVIDIA CPL Extension”
\InProcServer32(Default) = “C:\Windows\system32\nvcpl.dll” [“NVIDIA Corporation”]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
“{72853161-30C5-4D22-B7F9-0BBC1D38A37E}” = “Groove GFS Browser Helper”
-> {HKLM…CLSID} = “Groove GFS Browser Helper”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}” = “Groove GFS Explorer Bar”
-> {HKLM…CLSID} = “Groove Folder Synchronization”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{A449600E-1DC6-4232-B948-9BD794D62056}” = “Groove GFS Stub Icon Handler”
-> {HKLM…CLSID} = “Groove GFS Stub Icon Handler”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}” = “Groove GFS Stub Execution Hook”
-> {HKLM…CLSID} = “Groove GFS Stub Execution Hook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{6C467336-8281-4E60-8204-430CED96822D}” = “Groove GFS Context Menu Handler”
-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{387E725D-DC16-4D76-B310-2C93ED4752A0}” = “Groove XML Icon Handler”
-> {HKLM…CLSID} = “Groove XML Icon Handler”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{16F3DD56-1AF5-4347-846D-7C10C4192619}” = “Groove Explorer Icon Overlay 3 (GFS Folder)”
-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 3 (GFS Folder)”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}” = “Groove Explorer Icon Overlay 2 (GFS Stub)”
-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 2 (GFS Stub)”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}” = “Groove Explorer Icon Overlay 4 (GFS Unread Mark)”
-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 4 (GFS Unread Mark)”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{99FD978C-D287-4F50-827F-B2C658EDA8E7}” = “Groove Explorer Icon Overlay 1 (GFS Unread Stub)”
-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 1 (GFS Unread Stub)”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{920E6DB1-9907-4370-B3A0-BAFC03D81399}” = “Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)”
-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler”
-> {HKLM…CLSID} = “Outlook File Icon Extension”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL” [MS]
“{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}” = “Microsoft Office OneNote Namespace Extension for Windows Desktop Search”
-> {HKLM…CLSID} = “Microsoft Office OneNote Namespace Extension for Windows Desktop Search”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL” [MS]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office12\msohevi.dll” [MS]
“{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}” = “Microsoft Office Metadata Handler”
-> {HKLM…CLSID} = “Microsoft Office Metadata Handler”
\InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS]
“{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}” = “Microsoft Office Thumbnail Handler”
-> {HKLM…CLSID} = “Microsoft Office Thumbnail Handler”
\InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<> “{B5A7F190-DDA6-4420-B3BA-52453494E6CD}” = “Groove GFS Stub Execution Hook”
-> {HKLM…CLSID} = “Groove GFS Stub Execution Hook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = “{807563E5-5146-11D5-A672-00B0D022E945}”
-> {HKLM…CLSID} = “Microsoft Office InfoPath XML Mime Filter”
\InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL” [MS]
<> x-sdch\CLSID = “{B1759355-3EEC-4C1E-B0F1-B719FE26E377}”
-> {HKLM…CLSID} = “Google Dictionary Compression filter”
\InProcServer32(Default) = “C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll” [“Google Inc.”]
HKLM\SOFTWARE\Classes*\shellex\ContextMenuHandlers\
EPP(Default) = “{3F3B81BE-529B-40b9-8189-6666B241ADFA}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Epson Software\Easy Photo Print\EPPShell.dll” [“SEIKO EPSON CORPORATION”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}”
-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}”
-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}”
-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}”
-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
“ConsentPromptBehaviorAdmin” = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
“ConsentPromptBehaviorUser” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}
“EnableInstallerDetection” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}
“EnableLUA” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}
“EnableSecureUIAPaths” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}
“EnableVirtualization” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}
“PromptOnSecureDesktop” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}
“shutdownwithoutlogon” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
“FilterAdministratorToken” = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}
“EnableUIADesktopToggle” = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\Users\ania\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp”
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
“SCRNSAVE.EXE” = “C:\Windows\system32\logon.scr” [MS]
Windows Portable Device AutoPlay Handlers
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
VLCPlayCDAudioOnArrival\
“Provider” = “VideoLAN VLC media player”
“InvokeProgID” = “VLC.CDAudio”
“InvokeVerb” = “play”
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command(Default) = “C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1” [“VideoLAN Team”]
VLCPlayDVDMovieOnArrival\
“Provider” = “VideoLAN VLC media player”
“InvokeProgID” = “VLC.DVDMovie”
“InvokeVerb” = “play”
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command(Default) = “C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1” [“VideoLAN Team”]
WIA_{73883B71-FD30-48C7-B9D4-D74BAEE0DBF2}\
“Provider” = “ABBYY FineReader 6.0 Sprint”
“CLSID” = “{A55803CC-4D53-404c-8557-FD63DBA95D24}”
“InitCmdLine” = “/WiaCmd;C:\Program Files\ABBYY FineReader 6.0 Sprint\Sprint.exe /StiDevice:%1 /StiEvent:%2;”
-> {HKLM…CLSID} = “WPDShextAutoplay”
\LocalServer32(Default) = “C:\Windows\system32\WPDShextAutoplay.exe” [MS]
WinampMTPHandler\
“Provider” = “Winamp”
“ProgID” = “Shell.HWEventHandlerShellExecute”
“InitCmdLine” = “C:\Program Files\Winamp\winamp.exe”
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID(Default) = “{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}”
-> {HKLM…CLSID} = “Shell Execute Hardware Event Handler”
\LocalServer32(Default) = “C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}” [MS]
WinampPlayMediaOnArrival\
“Provider” = “Winamp”
“InvokeProgID” = “Winamp.File”
“InvokeVerb” = “Play”
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command(Default) = "“C:\Program Files\Winamp\winamp.exe” “%1"” [“Nullsoft”]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = “{46986115-84D6-459c-8F95-52DD653E532E}”
-> {HKLM…CLSID} = (no title provided)
\LocalServer32(Default) = ““C:\Program Files\Winamp\winamp.exe”” [“Nullsoft”]
Non-disabled Scheduled Tasks:
C:\Windows\System32\Tasks
“GoogleUpdateTaskMachine” -> launches: “C:\Program Files\Google\Update\GoogleUpdate.exe /c” [“Google Inc.”]
“User_Feed_Synchronization-{A8FE8AAE-1AED-4D35-B530-BFFE0C035F95}” -> (HIDDEN!) launches: “C:\Windows\system32\msfeedssync.exe sync” [MS]
“{21AAF35F-DB64-49CD-97ED-0663CD9297AD}” -> launches: “C:\Windows\system32\pcalua.exe -a F:\Launch.exe -d F:” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
“AD RMS Rights Policy Template Management (Manual)” -> launches: “{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}”
-> {HKLM…CLSID} = “AD RMS Rights Policy Template Management (Manual) Task Handler”
\InProcServer32(Default) = “C:\Windows\system32\msdrm.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
“UninstallDeviceTask” -> launches: “BthUdTask.exe $(Arg0)” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
“SystemTask” -> launches: “{58fb76b9-ac85-4e55-ac04-427593b1d060}”
-> {HKLM…CLSID} = “Certificate Services Client Task Handler”
\InProcServer32(Default) = “C:\Windows\system32\dimsjob.dll” [MS]
“UserTask” -> launches: “{58fb76b9-ac85-4e55-ac04-427593b1d060}”
-> {HKLM…CLSID} = “Certificate Services Client Task Handler”
\InProcServer32(Default) = “C:\Windows\system32\dimsjob.dll” [MS]
“UserTask-Roam” -> launches: “{58fb76b9-ac85-4e55-ac04-427593b1d060}”
-> {HKLM…CLSID} = “Certificate Services Client Task Handler”
\InProcServer32(Default) = “C:\Windows\system32\dimsjob.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
“Consolidator” -> launches: “%SystemRoot%\System32\wsqmcons.exe” [MS]
“OptinNotification” -> launches: “%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
“ScheduledDefrag” -> launches: “%windir%\system32\defrag.exe -c -i” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic
“Microsoft-Windows-DiskDiagnosticDataCollector” -> (HIDDEN!) launches: “%windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
“ehDRMInit” -> launches: “%SystemRoot%\ehome\ehPrivJob.exe /DRMInit” [MS]
“mcupdate” -> launches: “%SystemRoot%\ehome\mcupdate $(Arg0) -gc” [MS]
“OCURActivate” -> launches: “%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate” [MS]
“OCURDiscovery” -> launches: “%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery” [MS]
“UpdateRecordPath” -> launches: “%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
“HotStart” -> launches: “{06DA0625-9701-43da-BFD7-FBEEA2180A1E}”
-> {HKLM…CLSID} = “HotStart User Agent”
\InProcServer32(Default) = “C:\Windows\System32\HotStartUserAgent.dll” [MS]
“TMM” -> launches: “{35EF4182-F900-4632-B072-8639E4478A61}”
-> {HKLM…CLSID} = “Transient Multi-Monitor Manager”
\InProcServer32(Default) = “C:\Windows\System32\TMM.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
“LPRemove” -> launches: “%windir%\system32\lpremove.exe” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
“SystemSoundsService” -> launches: “{2DEA658F-54C1-4227-AF9B-260AB5FC3543}”
-> {HKLM…CLSID} = “Microsoft PlaySoundService Class”
\InProcServer32(Default) = “C:\Windows\System32\PlaySndSrv.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection
“NAPStatus UI” -> launches: “{f09878a1-4652-4292-aa63-8c7d4fd7648f}”
-> {HKLM…CLSID} = “Nap ITask Handler Implementation”
\InProcServer32(Default) = “C:\Windows\System32\QAgent.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RAC
“RACAgent” -> (HIDDEN!) launches: “%windir%\system32\RacAgent.exe” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
“RemoteAssistanceTask” -> (HIDDEN!) launches: “%windir%\system32\RAServer.exe /offerraupdate” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Shell
“CrawlStartPages” -> launches: “{51653423-e62d-4ff7-894a-dabb2b8e21e2}”
-> {HKLM…CLSID} = “CrawlStartPages Task Handler”
\InProcServer32(Default) = “C:\Windows\System32\srchadmin.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
“GadgetManager” -> launches: “{FF87090D-4A9A-4f47-879B-29A80C355D61}”
-> {HKLM…CLSID} = “GadgetsManager Class”
\InProcServer32(Default) = “C:\Windows\System32\AuxiliaryDisplayServices.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
“SR” -> launches: “%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
“IpAddressConflict1” -> launches: “rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem” [MS]
“IpAddressConflict2” -> launches: “rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
“MsCtfMonitor” -> (HIDDEN!) launches: “{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}”
-> {HKLM…CLSID} = “MsCtfMonitor task handler”
\InProcServer32(Default) = “C:\Windows\system32\MsCtfMonitor.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
“UPnPHostConfig” -> launches: “sc.exe config upnphost start= auto” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
“ResolutionHost” -> (HIDDEN!) launches: “{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}”
-> {HKLM…CLSID} = “DiagnosticInfrastructureCustomHandler”
\InProcServer32(Default) = “C:\Windows\System32\wdi.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
“QueueReporting” -> launches: “%windir%\system32\wermgr.exe -queuereporting” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Wired
“GatherWiredInfo” -> launches: “%windir%\system32\gatherWiredInfo.vbs” [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\Wireless
“GatherWirelessInfo” -> launches: “%windir%\system32\gatherWirelessInfo.vbs” [null data]
C:\Windows\System32\Tasks\Microsoft\Windows Defender
“MP Scheduled Scan” -> (HIDDEN!) launches: “c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges” [MS]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\system32\NLAapi.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\system32\napinsp.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\system32\pnrpnsp.dll” [MS]
000000000004\LibraryPath = “%SystemRoot%\system32\pnrpnsp.dll” [MS]
000000000005\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000006\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 18
Toolbars, Explorer Bars, Extensions:
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”
-> {HKLM…CLSID} = “Google Toolbar”
\InProcServer32(Default) = “C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll” [“Google Inc.”]
“{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}”
-> {HKLM…CLSID} = “BearShare MediaBar”
\InProcServer32(Default) = “C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll” [“BearShare”]
“{37B85A29-692B-4205-9CAD-2626E4993404}”
-> {HKLM…CLSID} = “My Global Search Bar”
\InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL” [“My Global Search”]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
“{9421DD08-935F-4701-A9CA-22DF90AC4EA6}” = “EPTBL”
-> {HKLM…CLSID} = “Easy Photo Print”
\InProcServer32(Default) = “C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll” [“SEIKO EPSON CORPORATION / CyCom Technology Corp.”]
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided)
-> {HKLM…CLSID} = “Google Toolbar”
\InProcServer32(Default) = “C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll” [“Google Inc.”]
“{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}” = (no title provided)
-> {HKLM…CLSID} = “BearShare MediaBar”
\InProcServer32(Default) = “C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll” [“BearShare”]
“{37B85A29-692B-4205-9CAD-2626E4993404}” = (no title provided)
-> {HKLM…CLSID} = “My Global Search Bar”
\InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL” [“My Global Search”]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}(Default) = “Groove Folder Synchronization”
Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
HKLM\SOFTWARE\Classes\CLSID{E16DC1FE-7C34-43F2-B754-F3AD12DDF97C}(Default) = “Google Find Bar”
Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32(Default) = “C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll” [“Google Inc.”]
HKLM\SOFTWARE\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Poszukaj”
Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL” [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
“ButtonText” = “Wyślij do programu OneNote”
“MenuText” = “Wyślij &do programu OneNote”
“CLSIDExtension” = “{48E73304-E1D6-4330-914C-F5F514E3486C}”
-> {HKLM…CLSID} = “Send to OneNote from Internet Explorer button”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll” [MS]
{77BF5300-1474-4EC7-9980-D32B190E9B07}\
“ButtonText” = “Skype”
“CLSIDExtension” = “{77BF5300-1474-4EC7-9980-D32B190E9B07}”
-> {HKLM…CLSID} = “Skype add-on (button)”
\InProcServer32(Default) = “C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll” [“Skype Technologies S.A.”]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
“ButtonText” = “Research”
All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}):
Agent ochrony dostępu do sieci, napagent, “C:\Windows\System32\svchost.exe -k NetworkService” {“C:\Windows\system32\qagentRT.dll” [MS]}
Aplikacja systemowa modelu COM+, COMSysApp, “C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}” [MS]
Autokonfiguracja sieci WLAN, Wlansvc, “C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted” {“C:\Windows\System32\wlansvc.dll” [MS]}
Automatyczna konfiguracja sieci przewodowej, dot3svc, “C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted” {“C:\Windows\System32\dot3svc.dll” [MS]}
Dostęp do urządzeń interfejsu HID, hidserv, “C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted” {“C:\Windows\system32\hidserv.dll” [MS]}
Dysk wirtualny, vds, “C:\Windows\System32\vds.exe” [MS]
Dzienniki wydajności i &alerty, pla, “C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork” {“C:\Windows\system32\pla.dll” [MS]}
Google Software Updater, gusvc, ““C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe”” [“Google”]
Grupowanie sieci równorzędnej, p2psvc, “C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted” {“C:\Windows\system32\p2psvc.dll” [MS]}
Host usługi diagnostyki, WdiServiceHost, “C:\Windows\System32\svchost.exe -k wdisvc” {“C:\Windows\system32\wdi.dll” [MS]}
Instalator Windows, msiserver, “C:\Windows\system32\msiexec /V” [MS]
Izolacja klucza CNG, KeyIso, “C:\Windows\system32\lsass.exe” [MS]
Karta inteligentna, SCardSvr, “C:\Windows\system32\svchost.exe -k LocalService” {“C:\Windows\System32\SCardSvr.dll” [MS]}
Kolektor zdarzeń systemu Windows, Wecsvc, “C:\Windows\system32\svchost.exe -k NetworkService” {“C:\Windows\system32\wecsvc.dll” [MS]}
Kolory w systemie Windows, WcsPlugInService, “C:\Windows\system32\svchost.exe -k wcssvc” {“C:\Windows\System32\WcsPlugInService.dll” [MS]}
Konfiguracja usług terminalowych, SessionEnv, “C:\Windows\System32\svchost.exe -k netsvcs” {“C:\Windows\system32\sessenv.dll” [MS]}
Kontrola rodzicielska, WPCSvc, “C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted” {“C:\Windows\System32\wpcsvc.dll” [MS]}
Koordynator transakcji rozproszonych, MSDTC, “C:\Windows\System32\msdtc.exe” [MS]
Kopia zapasowa systemu Windows, SDRSVC, “C:\Windows\system32\svchost.exe -k SDRSVC” {“C:\Windows\System32\SDRSVC.dll” [MS]}
Lokalizator usługi zdalnego wywołania procedury (RPC), RpcLocator, “C:\Windows\system32\locator.exe” [MS]
Mapowanie z odnajdywaniem topologii warstwy łącza, lltdsvc, “C:\Windows\System32\svchost.exe -k LocalService” {“C:\Windows\System32\lltdsvc.dll” [MS]}
Menedżer autopołączenia dostępu zdalnego, RasAuto, “C:\Windows\system32\svchost.exe -k netsvcs” {“C:\Windows\System32\rasauto.dll” [MS]}
Menedżer tożsamości sieci równorzędnej, p2pimsvc, “C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted” {“C:\Windows\system32\p2psvc.dll” [MS]}
Microsoft .NET Framework NGEN v2.0.50727_X86, clr_optimization_v2.0.50727_32, “C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe” [MS]
Microsoft Office Diagnostics Service, odserv, ““C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE”” [MS]
Microsoft Office Groove Audit Service, Microsoft Office Groove Audit Service, ““C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe”” [MS]
Moduł wyliczający magistrali PnP-X IP, IPBusEnum, “C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted” {“C:\Windows\system32\ipbusenum.dll” [MS]}
NetLogon, Netlogon, “C:\Windows\system32\lsass.exe” [MS]
NVIDIA Display Driver Service, nvsvc, “C:\Windows\system32\nvvsvc.exe” [“NVIDIA Corporation”]
Office Source Engine, ose, ““C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE”” [MS]
Pomoc techniczna panelu sterowania Raporty i rozwiązania problemów, wercplsupport, “C:\Windows\System32\svchost.exe -k netsvcs” {“C:\Windows\System32\wercplsupport.dll” [MS]}
Połącz teraz w systemie Windows — Rejestrator konfiguracji, wcncsvc, “C:\Windows\System32\svchost.exe -k LocalService” {“C:\Windows\System32\wcncsvc.dll” [MS]}
– Dodane 08.06.2009 (Pn) 19:59 –
sorki i dzieki