KOD
Logfile of HijackThis v1.99.1
Scan saved at 21:05:23, on 2007-07-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira Premium Security Suite\avfwsvc.exe
C:\Program Files\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira Premium Security Suite\avesvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Avira Premium Security Suite\avmailc.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Avira Premium Security Suite\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\AGNIES~1\USTAWI~1\Temp\RtkBtMnt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\WScript.exe
C:\Documents and Settings\Agnieszka\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (file missing)
O2 - BHO: Lexmark Pasek narzędzi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: Lexmark Pasek narzędzi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent
O4 - HKLM…\Run: [LaunchApp] Alaunch
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [skyTel] SkyTel.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM…\Run: [ADMTray.exe] “C:\Acer\Empowering Technology\admtray.exe”
O4 - HKLM…\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM…\Run: [iMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM…\Run: [PCMService] “C:\Program Files\Acer\Acer Arcade\PCMService.exe”
O4 - HKLM…\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM…\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM…\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon
O4 - HKLM…\Run: [FlashGet] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
O4 - HKLM…\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL,S
O4 - HKLM…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira Premium Security Suite\avgnt.exe” /min
O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKCU…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKCU…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi … p=ZRfox000
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider ‘avsda.dll’ missing
O17 - HKLM\System\CCS\Services\Tcpip…{94E99028-E549-4220-8CB4-E40AE6BF0C16}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avesvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
KOD
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS]
“swg” = “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [“Google Inc.”]
“MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS]
“Twoje TVN24” = “(empty string)” [file not found]
“MyWebSearch Email Plugin” = “C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe” [file not found]
“DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”]
“Odkurzacz-MCD” = “C:\Program Files\Odkurzacz\odk_mcd.exe” [“Franmo Software”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“igfxtray” = “C:\WINDOWS\system32\igfxtray.exe” [“Intel Corporation”]
“igfxhkcmd” = “C:\WINDOWS\system32\hkcmd.exe” [“Intel Corporation”]
“igfxpers” = “C:\WINDOWS\system32\igfxpers.exe” [“Intel Corporation”]
“BluetoothAuthenticationAgent” = “rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent” [MS]
“LaunchApp” = “Alaunch” [“Acer Inc.”]
“RTHDCPL” = “RTHDCPL.EXE” [“Realtek Semiconductor Corp.”]
“SkyTel” = “SkyTel.EXE” [“Realtek Semiconductor Corp.”]
“Alcmtr” = “ALCMTR.EXE” [“Realtek Semiconductor Corp.”]
“AzMixerSel” = “C:\Program Files\Realtek\InstallShield\AzMixerSel.exe” [“Realtek Semiconductor Corp.”]
“SynTPEnh” = “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [“Synaptics, Inc.”]
“ntiMUI” = “C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe” [null data]
“(Default)” = “(empty string)” [file not found]
“ADMTray.exe” = ““C:\Acer\Empowering Technology\admtray.exe”” [“Avocent Inc.”]
“eDataSecurity Loader” = “C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe” [“HiTRUST”]
“IMJPMIG8.1” = ““C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32” [MS]
“MSPY2002” = “C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC” [null data]
“PHIME2002ASync” = “C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC” [MS]
“PHIME2002A” = “C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName” [MS]
“PCMService” = ““C:\Program Files\Acer\Acer Arcade\PCMService.exe”” [“CyberLink Corp.”]
“ePower_DMC” = “C:\Acer\Empowering Technology\ePower\ePower_DMC.exe” [“Acer Incorporated”]
“Acer ePower Management” = “C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot” [“Acer Value Labs, Taiwan”]
“LManager” = “C:\PROGRA~1\LAUNCH~1\LManager.exe” [“Dritek System Inc.”]
“eRecoveryService” = “C:\Acer\Empowering Technology\eRecovery\Monitor.exe” [“acer Inc.”]
“SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”]
“FlashGet” = “C:\Program Files\FlashGet\FlashGet.exe /min” [“FlashGet.com”]
“WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data]
“Adobe Photo Downloader” = ““C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”” [“Adobe Systems Incorporated”]
“My Web Search Bar” = “rundll32 C:\PROGRA~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL,S” [MS]
“MyWebSearch Email Plugin” = “C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe” [file not found]
“avgnt” = ““C:\Program Files\Avira Premium Security Suite\avgnt.exe” /min” [“Avira GmbH”]
“GrooveMonitor” = ““C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”” [MS]
“PCSuiteTrayApplication” = “C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup” [“Nokia”]
“Adobe Reader Speed Launcher” = ““C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”” [“Adobe Systems Incorporated”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{00A6FAF1-072E-44cf-8957-5838F569A31D}(Default) = (no title provided)
-> {HKLM…CLSID} = “MyWebSearch Search Assistant BHO”
\InProcServer32(Default) = “C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL” [file not found]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “Adobe PDF Reader Link Helper”
\InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]
{07B18EA1-A523-4961-B6BB-170DE4475CCA}(Default) = “mwsBar BHO”
-> {HKLM…CLSID} = “mwsBar BHO”
\InProcServer32(Default) = “C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL” [file not found]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0}(Default) = (no title provided)
-> {HKLM…CLSID} = “Lexmark Pasek narzędzi”
\InProcServer32(Default) = “C:\Program Files\Lexmark Toolbar\toolband.dll” [null data]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}(Default) = “flashget urlcatch”
-> {HKLM…CLSID} = “FGCatchUrl”
\InProcServer32(Default) = “C:\Program Files\FlashGet\jccatch.dll” [“www.flashget.com”]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}(Default) = (no title provided)
-> {HKLM…CLSID} = “Groove GFS Browser Helper”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)
-> {HKLM…CLSID} = “Google Toolbar Helper”
\InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}(Default) = (no title provided)
-> {HKLM…CLSID} = “Google Toolbar Notifier BHO”
\InProcServer32(Default) = “C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll” [“Google Inc.”]
{F156768E-81EF-470C-9057-481BA8380DBA}(Default) = (no title provided)
-> {HKLM…CLSID} = “FlashGet GetFlash Class”
\InProcServer32(Default) = “C:\Program Files\FlashGet\getflash.dll” [“www.flashget.com”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]
“{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll” [“Synaptics, Inc.”]
“{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0}” = “EPM-PO Shell Extension”
-> {HKLM…CLSID} = “EPM-PO Shell Extensions”
\InProcServer32(Default) = “epm-po.dll” [“Acer Labs USA”]
“{23F0DC38-DC86-49D6-81EC-40C54A204212}” = “ZEN Nano Plus Media Explorer”
-> {HKLM…CLSID} = “ZEN Nano Plus Media Explorer”
\InProcServer32(Default) = “C:\Program Files\Creative\Creative ZEN Nano Plus\ZEN Nano Plus Media Explorer\CTMvnsu.dll” [“Creative Technology Ltd”]
“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”
-> {HKLM…CLSID} = “Portable Media Devices Menu”
\InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
“{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
“{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
“{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
“{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
“{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” = “Shell Extension for Malware scanning”
-> {HKLM…CLSID} = “Shell Extension for Malware scanning”
\InProcServer32(Default) = “C:\Program Files\Avira Premium Security Suite\shlext.dll” [“Avira GmbH”]
“{72853161-30C5-4D22-B7F9-0BBC1D38A37E}” = “Groove GFS Browser Helper”
-> {HKLM…CLSID} = “Groove GFS Browser Helper”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}” = “Groove GFS Explorer Bar”
-> {HKLM…CLSID} = “Groove Folder Synchronization”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{A449600E-1DC6-4232-B948-9BD794D62056}” = “Groove GFS Stub Icon Handler”
-> {HKLM…CLSID} = “Groove GFS Stub Icon Handler”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}” = “Groove GFS Stub Execution Hook”
-> {HKLM…CLSID} = “Groove GFS Stub Execution Hook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{6C467336-8281-4E60-8204-430CED96822D}” = “Groove GFS Context Menu Handler”
-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{387E725D-DC16-4D76-B310-2C93ED4752A0}” = “Groove XML Icon Handler”
-> {HKLM…CLSID} = “Groove XML Icon Handler”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{16F3DD56-1AF5-4347-846D-7C10C4192619}” = “Groove Explorer Icon Overlay 3 (GFS Folder)”
-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 3 (GFS Folder)”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}” = “Groove Explorer Icon Overlay 2 (GFS Stub)”
-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 2 (GFS Stub)”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}” = “Groove Explorer Icon Overlay 4 (GFS Unread Mark)”
-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 4 (GFS Unread Mark)”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{99FD978C-D287-4F50-827F-B2C658EDA8E7}” = “Groove Explorer Icon Overlay 1 (GFS Unread Stub)”
-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 1 (GFS Unread Stub)”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{920E6DB1-9907-4370-B3A0-BAFC03D81399}” = “Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)”
-> {HKLM…CLSID} = “Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler”
-> {HKLM…CLSID} = “Outlook File Icon Extension”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL” [MS]
“{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler”
-> {HKLM…CLSID} = “Microsoft Office Outlook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL” [MS]
“{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}” = “Microsoft Office OneNote Namespace Extension for Windows Desktop Search”
-> {HKLM…CLSID} = “Microsoft Office OneNote Namespace Extension for Windows Desktop Search”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL” [MS]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office12\msohevi.dll” [MS]
“{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}” = “Microsoft Office Metadata Handler”
-> {HKLM…CLSID} = “Microsoft Office Metadata Handler”
\InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS]
“{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}” = “Microsoft Office Thumbnail Handler”
-> {HKLM…CLSID} = “Microsoft Office Thumbnail Handler”
\InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS]
“{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “Nokia Phone Browser”
-> {HKLM…CLSID} = “Nokia Phone Browser”
\InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<> “{B5A7F190-DDA6-4420-B3BA-52453494E6CD}” = “Groove GFS Stub Execution Hook”
-> {HKLM…CLSID} = “Groove GFS Stub Execution Hook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> igfxcui\DLLName = “igfxdev.dll” [“Intel Corporation”]
HKLM\Software\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = “{807563E5-5146-11D5-A672-00B0D022E945}”
-> {HKLM…CLSID} = “Microsoft Office InfoPath XML Mime Filter”
\InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL” [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.1.0\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”
-> {HKLM…CLSID} = “PDF Shell Extension”
\InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
EDSshellExt(Default) = “{29FF7AB0-BE34-4992-A30B-53A9D86EE239}”
-> {HKLM…CLSID} = “eDSshlExt Class”
\InProcServer32(Default) = “C:\WINDOWS\system32\eDSshellExt.dll” [“HiTRUST”]
Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}”
-> {HKLM…CLSID} = “Shell Extension for Malware scanning”
\InProcServer32(Default) = “C:\Program Files\Avira Premium Security Suite\shlext.dll” [“Avira GmbH”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}”
-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
EDSshellExt(Default) = “{29FF7AB0-BE34-4992-A30B-53A9D86EE239}”
-> {HKLM…CLSID} = “eDSshlExt Class”
\InProcServer32(Default) = “C:\WINDOWS\system32\eDSshellExt.dll” [“HiTRUST”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}”
-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}”
-> {HKLM…CLSID} = “Shell Extension for Malware scanning”
\InProcServer32(Default) = “C:\Program Files\Avira Premium Security Suite\shlext.dll” [“Avira GmbH”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}”
-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
XXX Groove GFS Context Menu Handler XXX(Default) = “{6C467336-8281-4E60-8204-430CED96822D}”
-> {HKLM…CLSID} = “Groove GFS Context Menu Handler”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
Group Policies {policy setting}:
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\Documents and Settings\Agnieszka\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Active Desktop web content (hidden if disabled):
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
“FriendlyName” = “”
“Source” = “file:///C:/DOCUME~1/AGNIES~1/USTAWI~1/Temp/msoclip1/01/clip_image002.jpg”
“SubscribedURL” = “file:///C:/DOCUME~1/AGNIES~1/USTAWI~1/Temp/msoclip1/01/clip_image002.jpg”
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
“SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS]
Startup items in “Agnieszka” & “All Users” startup folders:
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
“Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\system32\wshbth.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000004\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
avsda.dll [“Avira GmbH”], 01 - 02, 26
%SystemRoot%\system32\mswsock.dll [MS], 03 - 23
%SystemRoot%\system32\rsvpsp.dll [MS], 24 - 25
Toolbars, Explorer Bars, Extensions:
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”
-> {HKLM…CLSID} = “&Google”
\InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”]
“{07B18EA9-A523-4961-B6BB-170DE4475CCA}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL” [file not found]
“{1017A80C-6F09-4548-A84D-EDD6AC9525F0}”
-> {HKLM…CLSID} = “Lexmark Pasek narzędzi”
\InProcServer32(Default) = “C:\Program Files\Lexmark Toolbar\toolband.dll” [null data]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
“{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}” = (no title provided)
-> {HKLM…CLSID} = “Acer eDataSecurity Management”
\InProcServer32(Default) = “C:\WINDOWS\system32\eDStoolbar.dll” [“HiTRUST”]
“{E0E899AB-F487-11D5-8D29-0050BA6940E3}” = “FlashGet”
-> {HKLM…CLSID} = “FlashGet”
\InProcServer32(Default) = “C:\Program Files\FlashGet\fgiebar.dll” [“Amaze Soft”]
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided)
-> {HKLM…CLSID} = “&Google”
\InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”]
“{07B18EA9-A523-4961-B6BB-170DE4475CCA}” = (no title provided)
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL” [file not found]
“{1017A80C-6F09-4548-A84D-EDD6AC9525F0}” = (no title provided)
-> {HKLM…CLSID} = “Lexmark Pasek narzędzi”
\InProcServer32(Default) = “C:\Program Files\Lexmark Toolbar\toolband.dll” [null data]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}(Default) = (title not found)
Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [MS]
HKLM\Software\Classes\CLSID{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}(Default) = “Groove Folder Synchronization”
Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL” [MS]
HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Poszukaj”
Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL” [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
“ButtonText” = “Wyślij do programu OneNote”
“MenuText” = “Wyślij &do programu OneNote”
“CLSIDExtension” = “{48E73304-E1D6-4330-914C-F5F514E3486C}”
-> {HKLM…CLSID} = “Send to OneNote from Internet Explorer button”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll” [MS]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
“ButtonText” = “Research”
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
“ButtonText” = “FlashGet”
“MenuText” = “FlashGet”
“Exec” = “C:\Program Files\FlashGet\FlashGet.exe” [“FlashGet.com”]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
“ButtonText” = “Messenger”
“MenuText” = “Windows Messenger”
“Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS]
Miscellaneous IE Hijack Points
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<> “{00A6FAF6-072E-44cf-8957-5838F569A31D}” = (no title provided)
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL” [file not found]
Running Services (Display Name, Service Name, Path {Service DLL}):
AdminWorks Agent X6, AWService, ““C:\Acer\Empowering Technology\admServ.exe”” [“Avocent Inc.”]
Avira Premium Security Suite Firewall, AntiVirFirewallService, “C:\Program Files\Avira Premium Security Suite\avfwsvc.exe” [“Avira GmbH”]
Avira Premium Security Suite Guard, AntiVirService, ““C:\Program Files\Avira Premium Security Suite\avguard.exe”” [“Avira GmbH”]
Avira Premium Security Suite MailGuard, AntiVirMailService, ““C:\Program Files\Avira Premium Security Suite\avmailc.exe”” [“Avira GmbH”]
Avira Premium Security Suite MailGuard helper service, AVEService, ““C:\Program Files\Avira Premium Security Suite\avesvc.exe”” [“Avira GmbH”]
Avira Premium Security Suite Scheduler, AntiVirScheduler, ““C:\Program Files\Avira Premium Security Suite\sched.exe”” [“Avira GmbH”]
Bluetooth Support Service, BthServ, “C:\WINDOWS\system32\svchost.exe -k bthsvcs” {“C:\WINDOWS\System32\bthserv.dll” [MS]}
CyberLink Background Capture Service (CBCS), CLCapSvc, ““C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe”” [empty string]
CyberLink Media Library Service, CyberLink Media Library Service, ““C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe”” [“Cyberlink”]
Cyberlink RichVideo Service(CRVS), RichVideo, ““C:\Program Files\CyberLink\Shared Files\RichVideo.exe”” [empty string]
CyberLink Task Scheduler (CTS), CLSched, ““C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe”” [empty string]
LightScribeService Direct Disc Labeling Service, LightScribeService, ““C:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”]
ServiceLayer, ServiceLayer, ““C:\Program Files\PC Connectivity Solution\ServiceLayer.exe”” [“Nokia.”]
Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS]
Print Monitors:
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Fax Lexmark 5400 Series Port\Driver = “lxctpmon.dll” [empty string]
Microsoft Shared Fax Monitor\Driver = “FXSMON.DLL” [MS]
Send To Microsoft OneNote Monitor\Driver = “msonpmon.dll” [MS]
<>: Suspicious data at a malware launch point.
<>: Suspicious data at a browser hijack point.
-
This report excludes default entries except where indicated.
-
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
- To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer “No” at the
first message box and “Yes” at the second message box.
---------- (total run time: 74 seconds, including 6 seconds for message boxes)