Wyskakują mi okna z przeglądarek. W Ewido wykryto jakieś trojany i chyba zostały usunięte.
Daje logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:49, on 2008-12-04
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Gadu-Gadu222\gg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Documents and Settings\Kamil1987\Dane aplikacji\gadcom\gadcom.exe
C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Utorrent\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Kamil1987\Pulpit\czyszczenie\HijackThis.exe
C:\Documents and Settings\Kamil1987\Kamil1987.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [f8692592] rundll32.exe "C:\WINDOWS\system32\ipbogwrl.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu222\gg.exe" /tray
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\Utorrent\utorrent.exe"
O4 - HKCU\..\Run: [Kamil1987] C:\Documents and Settings\Kamil1987\Kamil1987.exe /i
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Kamil1987\Dane aplikacji\gadcom\gadcom.exe" 61A847B5BBF72813349838466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Budzik.lnk = C:\Program Files\Budzik\budzik.exe
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: yqtfmg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
--
End of file - 9631 bytes
"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
"DAEMON Tools Pro Agent" = ""C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"" ["DT Soft Ltd."]
"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"" [MS]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu222\gg.exe" /tray" ["Gadu-Gadu S.A."]
"µTorrent" = ""C:\Program Files\Utorrent\utorrent.exe"" [null data]
"Kamil1987" = "C:\Documents and Settings\Kamil1987\Kamil1987.exe /i" [null data]
"gadcom" = ""C:\Documents and Settings\Kamil1987\Dane aplikacji\gadcom\gadcom.exe" 61A847B5BBF72813349838466188719AB689201522886B092CBD44BD8689220221DD3257" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"SNPSTD2" = "C:\WINDOWS\vsnpstd2.exe" [empty string]
"GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS]
"amd_dc_opt" = ""C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"" [null data]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"InCD" = "C:\Program Files\Nero\Nero 7\InCD\InCD.exe" ["Nero AG"]
"OpwareSE2" = ""C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"" ["ScanSoft, Inc."]
"OPSE reminder" = ""C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"" ["ScanSoft, Inc."]
"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"RaidTool" = "C:\Program Files\VIA\RAID\raid_tool.exe" ["VIA Technologies"]
"Onet.pl AutoUpdate" = "C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr" [file not found]
"StartCCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"" [null data]
"DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"]
"PWRISOVM.EXE" = "C:\Program Files\PowerISO\PWRISOVM.EXE" ["PowerISO Computing, Inc."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"f8692592" = "rundll32.exe "C:\WINDOWS\system32\ipbogwrl.dll",b" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\geBrpPhg.dll" [MS]
{6ff7366b-ad1b-4adc-af8e-3edcb9a7c19f}\(Default) = "{f91c7a9b-cde3-e8fa-cda4-b1dab6637ff6}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\yqtfmg.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
{C4195BDA-20F0-4229-BD40-3F1F13173481}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\efcBtsSl.dll" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [empty string]
"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
-> {HKLM...CLSID} = "Urządzenie przenośne"
\InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\Wcesview.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
<> "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}" = "*o*h ****" (unwritable string)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\geBrpPhg.dll" [MS]
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<> "Authentication Packages" = "msv1_0"|"C:\WINDOWS\system32\efcBtsSl"
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS]
<> geBrpPhg\DLLName = "geBrpPhg.dll" [MS]
<> WinCtrl32\DLLName = "WinCtrl32.dll" [null data]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "P:\My Pictures\DSC00001.jpg"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Kamil1987\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\GPhotos.scr" ["Google Inc."]
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
CanonMPN200PictureOnArrival\
"Provider" = "MP Navigator Ver2.0"
"InvokeProgID" = "MPNavigator200.AutoplayHandler"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\MPNavigator200.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Canon\MP Navigator 2.0\mpn20.exe /AUTOPLAY %1" ["CANON INC."]
FunMultiMediaHandler\
"Provider" = "MultiMedia Manager"
"ProgID" = "FUNBOX.Autoplay"
HKLM\SOFTWARE\Classes\FUNBOX.Autoplay\CLSID\(Default) = "{DF866F1F-10DF-4694-94A9-7F526FC8800A}"
-> {HKLM...CLSID} = "FUNBOX Autoplay Sample 2"
\LocalServer32\(Default) = "C:\Program Files\Samsung\Samsung PC Studio 3\Share_autoplay.exe" ["TODO: < **** >" (unwritable string)]
iviWinDVD9CDAUDIOEventHandler\
"Provider" = "Corel WinDVD 9"
"InvokeProgID" = "ivi.WinDVD9MediaFile"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\ivi.WinDVD9MediaFile\shell\play\command\(Default) = ""C:\Program Files\Corel\DVD9\WinDVD.exe" %1" ["Corel Corporation"]
iviWinDVD9DVDEventHandler\
"Provider" = "Corel WinDVD 9"
"InvokeProgID" = "ivi.WinDVD9MediaFile"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\ivi.WinDVD9MediaFile\shell\play\command\(Default) = ""C:\Program Files\Corel\DVD9\WinDVD.exe" %1" ["Corel Corporation"]
iviWinDVD9VideoCDHandler\
"Provider" = "Corel WinDVD 9"
"InvokeProgID" = "ivi.WinDVD9MediaFile"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\ivi.WinDVD9MediaFile\shell\play\command\(Default) = ""C:\Program Files\Corel\DVD9\WinDVD.exe" %1" ["Corel Corporation"]
NeroAutoPlay7CDAudio\
"Provider" = "Nero Express Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]
NeroAutoPlay7CopyCD\
"Provider" = "Nero Express Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:DiscCopy" ["Nero AG"]
NeroAutoPlay7DataDisc\
"Provider" = "Nero Express Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]
NeroAutoPlay7LaunchNeroStartSmart\
"Provider" = "Nero StartSmart Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]
NeroAutoPlay7PlayAudioCD\
"Provider" = "Nero ShowTime Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]
NeroAutoPlay7PlayDVD\
"Provider" = "Nero ShowTime Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]
NeroAutoPlay7TranscodeVideo\
"Provider" = "Nero Recode Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]
NeroAutoPlay7VideoCapture\
"Provider" = "Nero Vision Essentials"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
NeroAutoPlay7ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer Essentials"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]
PDVDPlayCDAudioOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "AudioCD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%L"" ["CyberLink Corp."]
PDVDPlayDVDMovieOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]
PDVDPlayVCDMovieOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "VCD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]
Picasa2ImportPicturesOnArrival\
"Provider" = "Picasa3"
"InvokeProgID" = "picasa2.autoplay"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files\Google\Picasa3\Picasa3.exe "%1"" ["Google Inc."]
RPCDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.CDBurn.6"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]
RPDeviceOnArrival\
"Provider" = "RealPlayer"
"ProgID" = "RealPlayer.HWEventHandler"
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
-> {HKLM...CLSID} = "RealNetworks Scheduler"
\LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]
RPPlayCDAudioOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AudioCD.6"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]
RPPlayDVDMovieOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVD.6"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]
RPPlayMediaOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AutoPlay.6"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]
WinampMTPHandler\
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
Startup items in "Kamil1987" & "All Users" startup folders:
-----------------------------------------------------------
C:\Documents and Settings\Kamil1987\Menu Start\Programy\Autostart
"Budzik" -> shortcut to: "C:\Program Files\Budzik\budzik.exe" ["BLITZ-ART"]
"Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007" -> shortcut to: "C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr" [MS]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"PC Alert 4" -> shortcut to: "C:\Program Files\MSI\PC Alert 4\PCAlert4.exe" ["MICRO-STAR INT'L CO., LTD."]
Enabled Scheduled Tasks:
------------------------
"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]
"rgwmbuca" -> launches: "C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\tuvUOFXo.dll",d" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 35
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"
-> {HKLM...CLSID} = "Winamp Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC"]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" = "Winamp Toolbar"
-> {HKLM...CLSID} = "Winamp Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC"]
"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"
-> {HKLM...CLSID} = "Easy-WebPrint"
\InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]
HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "Wyślij do programu OneNote"
"MenuText" = "Wyślij &do programu OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Utwórz Ulubione dla urządzenia przenośnego..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
InCD Helper, InCDsrv, "C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe" ["Nero AG"]
IviRegMgr, IviRegMgr, "C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe" ["InterVideo"]
NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"]
PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data]
Protexis Licensing V2, PSI_SVC_2, ""C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"" ["Protexis Inc."]
SecuROM User Access Service (V7), UserAccess7, "C:\WINDOWS\system32\UAService7.exe" ["Sony DADC Austria AG."]
Usługa Pomocnik IPv6, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor MP450\Driver = "CNMLM7I.DLL" ["CANON INC."]
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]
---------- (launch time: 2008-12-04 20:46:07)
<>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 56 seconds.
---------- (total run time: 89 seconds)