24.10.2008, 00:00
Witam.
Podczas ostatniego skanowania Avira wykryła jakiś hidden object, poniżej wycinek z loga:
Starting search for hidden objects.
HKEY_LOCAL_MACHINESoftwareMicrosoftWBEMCIMOMautorecover mofs
[INFO] The registry entry is invisible.
''744353'' objects were checked, ''1'' hidden objects were found.
Proszę o sprawdzenie logów i z góry dziękuję za pomoc.
Log z HiJackThis -
Log z Silent Runners -
Podczas ostatniego skanowania Avira wykryła jakiś hidden object, poniżej wycinek z loga:
Starting search for hidden objects.
HKEY_LOCAL_MACHINESoftwareMicrosoftWBEMCIMOMautorecover mofs
[INFO] The registry entry is invisible.
''744353'' objects were checked, ''1'' hidden objects were found.
Proszę o sprawdzenie logów i z góry dziękuję za pomoc.
Log z HiJackThis -
Kod:
Logfile of HijackThis v1.99.1
Scan saved at 00:02:51, on 2008-10-24
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Running processes:
c:Program FilesBioscryptVeriSoftBinAsGHost.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesMotorolaSMSERIALsm56hlpr.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:WINDOWSRtHDVCpl.exe
C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe
C:Program FilesHPQuickPlayQPService.exe
C:Program FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe
C:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
C:Program FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe
C:Program FilesJavajre1.6.0_07binjusched.exe
C:Program FilesAdobeReader 8.0Readerreader_sl.exe
C:WINDOWSSystem32rundll32.exe
C:Program FilesLogitechGaming SoftwareLWEMon.exe
C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe
C:WINDOWSehomeehtray.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesCopernic Desktop Search 2DesktopSearchService.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:Windowsehomeehmsas.exe
C:WINDOWSSystem32rundll32.exe
C:Program FilesCommon FilesLogishrdKHAL2KHALMNPR.EXE
C:Program FilesWIDCOMMBluetooth SoftwareBtStackServer.exe
C:Windowssystem32wbemunsecapp.exe
C:Program FilesHewlett-PackardSharedHpqToaster.exe
C:Program FilesSkypePlugin ManagerskypePM.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program FilesMozilla FirefoxFireFox 3.0firefox.exe
C:Windowssystem32SearchFilterHost.exe
C:UsersShinigamiDesktopDownloadHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:Program FilesOrbitdownloaderorbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:Program FilesBioscryptVeriSoftBinItIEAddIn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:Program FilesOrbitdownloaderGrabPro.dll
O3 - Toolbar: Copernic Desktop Search - Home - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:Program FilesCopernic Desktop Search 2DesktopSearchBand300000081.dll
O4 - HKLM..Run: [SMSERIAL] C:Program FilesMotorolaSMSERIALsm56hlpr.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..Run: [IAAnotif] C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe
O4 - HKLM..Run: [QPService] "C:Program FilesHPQuickPlayQPService.exe"
O4 - HKLM..Run: [QlbCtrl] %ProgramFiles%Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
O4 - HKLM..Run: [HP Health Check Scheduler] C:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
O4 - HKLM..Run: [hpWirelessAssistant] %ProgramFiles%Hewlett-PackardHP Wireless AssistantHPWAMain.exe
O4 - HKLM..Run: [WAWifiMessage] %ProgramFiles%Hewlett-PackardHP Wireless AssistantWiFiMsg.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe"
O4 - HKLM..Run: [CognizanceTS] rundll32.exe c:PROGRA~1BIOSCR~1VeriSoftBinASTSVCC.dll,RegisterModule
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [SynTPStart] C:Program FilesSynapticsSynTPSynTPStart.exe
O4 - HKLM..Run: [NvSvc] RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM..Run: [Start WingMan Profiler] C:Program FilesLogitechGaming SoftwareLWEMon.exe /noui
O4 - HKLM..Run: [avgnt] "C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [Copernic Desktop Search - Home] "C:Program FilesCopernic Desktop Search 2DesktopSearchService.exe" /tray
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:Program FilesLogitechSetPointSetPoint.exe
O8 - Extra context menu item: &Download by Orbit - res://C:Program FilesOrbitdownloaderorbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:Program FilesOrbitdownloaderorbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:Program FilesOrbitdownloaderorbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:Program FilesOrbitdownloaderorbitmxt.dll/202
O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~2.0_0binssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~2.0_0binssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra ''Tools'' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra ''Tools'' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32nlaapi.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32napinsp.dll
O10 - Unknown file in Winsock LSP: c:program filesbonjourmdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:Program FilesHPQuickPlayKernelTVCLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:Program FilesHPQuickPlayKernelTVCLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4Qlb.exe
O23 - Service: DiskMagik Service (DiskMgkS) - RoseCity Software - C:Program FilesDiskMagikDiskMgkS.exe
O23 - Service: @%SystemRoot%ehomeehstart.dll,-101 (ehstart) - Unknown owner - %windir%system32svchost.exe (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%system32svchost.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardSharedhpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:Program FilesIntelIntel Matrix Storage ManagerIAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:Program FilesCommon FilesLogishrdBluetoothLBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: @%SystemRoot%system32qwave.dll,-1 (QWAVE) - Unknown owner - %windir%system32svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe
O23 - Service: @%SystemRoot%system32seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%system32svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:Program FilesCommon FilesSureThing Sharedstllssvr.exe
O23 - Service: @%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%Windows Media Playerwmpnetwk.exe (file missing)Log z Silent Runners -
Kod:
"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows Vista
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"ehTray.exe" = "C:WindowsehomeehTray.exe" [MS]
"Skype" = ""C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"Copernic Desktop Search - Home" = ""C:Program FilesCopernic Desktop Search 2DesktopSearchService.exe" /tray" ["Copernic Inc."]
"SpybotSD TeaTimer" = "C:Program FilesSpybot - Search & DestroyTeaTimer.exe" ["Safer Networking Limited"]
HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"SMSERIAL" = "C:Program FilesMotorolaSMSERIALsm56hlpr.exe" ["Motorola Inc."]
"SynTPEnh" = "C:Program FilesSynapticsSynTPSynTPEnh.exe" ["Synaptics, Inc."]
"RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"]
"IAAnotif" = "C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe" ["Intel Corporation"]
"QPService" = ""C:Program FilesHPQuickPlayQPService.exe"" ["CyberLink Corp."]
"QlbCtrl" = "C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start"
"HP Health Check Scheduler" = "C:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe" [null data]
"hpWirelessAssistant" = "C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe"
"WAWifiMessage" = "C:Program FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe"
"SunJavaUpdateSched" = ""C:Program FilesJavajre1.6.0_07binjusched.exe"" ["Sun Microsystems, Inc."]
"CognizanceTS" = "rundll32.exe c:PROGRA~1BIOSCR~1VeriSoftBinASTSVCC.dll,RegisterModule" [MS]
"Adobe Reader Speed Launcher" = ""C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"" ["Adobe Systems Incorporated"]
"SynTPStart" = "C:Program FilesSynapticsSynTPSynTPStart.exe" ["Synaptics, Inc."]
"NvSvc" = "RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit" [MS]
"Kernel and Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech, Inc."]
"Start WingMan Profiler" = "C:Program FilesLogitechGaming SoftwareLWEMon.exe /noui" ["Logitech Inc."]
"avgnt" = ""C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe" /min" ["Avira GmbH"]
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{000123B4-9B42-4900-B3F7-F4B073EFC214}(Default) = "btorbit.com"
-> {HKLM...CLSID} = "Octh Class"
InProcServer32(Default) = "C:Program FilesOrbitdownloaderorbitcth.dll" ["Orbitdownloader.com"]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
InProcServer32(Default) = "C:Program FilesYahoo!CompanionInstallscpnyt.dll" ["Yahoo! Inc."]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}(Default) = "Skype add-on (mastermind)"
-> {HKLM...CLSID} = "Skype add-on (mastermind)"
InProcServer32(Default) = "C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll" ["Skype Technologies S.A."]
{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
InProcServer32(Default) = "C:PROGRA~1SPYBOT~1SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
InProcServer32(Default) = "C:Program FilesJavajre1.6.0_07binssv.dll" ["Sun Microsystems, Inc."]
{DF21F1DB-80C6-11D3-9483-B03D0EC10000}(Default) = (no title provided)
-> {HKLM...CLSID} = "VeriSoft Access Manager"
InProcServer32(Default) = "c:Program FilesBioscryptVeriSoftBinItIEAddIn.dll" ["Bioscrypt Inc."]
HKLMSOFTWAREMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
InProcServer32(Default) = "C:Windowssystem32nvcpl.dll" ["NVIDIA Corporation"]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesSynapticsSynTPSynTPCpl.dll" ["Synaptics, Inc."]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "ShellViewRTF"
-> {HKLM...CLSID} = "ShellViewRTF"
InProcServer32(Default) = "C:WindowsSystem32ShellvRTF.dll" ["XSS"]
"{7842554E-6BED-11D2-8CDB-B05550C10000}" = "Monitor"
-> {HKLM...CLSID} = "Monitor Class"
InProcServer32(Default) = "C:Windowssystem32btncopy.dll" ["Broadcom Corporation."]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "C:Program FilesAviraAntiVir PersonalEdition Classicshlext.dll" ["Avira GmbH"]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
InProcServer32(Default) = "C:Program Files7-Zip7-zip.dll" ["Igor Pavlov"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
InProcServer32(Default) = "C:Windowssystem32nvcpl.dll" ["NVIDIA Corporation"]
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.69 Context Menu Shell Extension"
-> {HKLM...CLSID} = "WinAceContext Menu Extension"
InProcServer32(Default) = "C:Program FilesWinAcearcext.dll" ["e-merge GmbH"]
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.69 DragDrop Shell Extension"
-> {HKLM...CLSID} = "WinAceDrag-Drop Extension"
InProcServer32(Default) = "C:Program FilesWinAcearcext.dll" ["e-merge GmbH"]
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.69 Context Menu Shell Extension"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
InProcServer32(Default) = "C:Program FilesWinAcearcext.dll" ["e-merge GmbH"]
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.69 Property Sheet Shell Extension"
-> {HKLM...CLSID} = "WinAceProperty Sheet Extension"
InProcServer32(Default) = "C:Program FilesWinAcearcext.dll" ["e-merge GmbH"]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = ""C:Program FilesOpenOffice.org 2.4programshlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = ""C:Program FilesOpenOffice.org 2.4programshlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = ""C:Program FilesOpenOffice.org 2.4programshlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = ""C:Program FilesOpenOffice.org 2.4programshlxthdl.dll"" ["Sun Microsystems, Inc."]
"{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension"
-> {HKLM...CLSID} = "KbLogiExt Class"
InProcServer32(Default) = "C:Program FilesLogitechSetPointkbcplext.dll" ["Logitech, Inc."]
"{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension"
-> {HKLM...CLSID} = "LogiExt Class"
InProcServer32(Default) = "C:Program FilesLogitechSetPointmcplext.dll" ["Logitech, Inc."]
HKLMSOFTWAREClassesFoldershellexColumnHandlers
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = ""C:Program FilesOpenOffice.org 2.4programshlxthdl.dll"" ["Sun Microsystems, Inc."]
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
InProcServer32(Default) = "C:Program FilesCommon FilesAdobeAcrobatActiveXPDFShell.dll" ["Adobe Systems, Inc."]
HKLMSOFTWAREClasses*shellexContextMenuHandlers
7-Zip(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
InProcServer32(Default) = "C:Program Files7-Zip7-zip.dll" ["Igor Pavlov"]
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "C:Program FilesAviraAntiVir PersonalEdition Classicshlext.dll" ["Avira GmbH"]
ZFAdd(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
InProcServer32(Default) = "C:Program FilesWinAcearcext.dll" ["e-merge GmbH"]
HKLMSOFTWAREClassesDirectoryshellexContextMenuHandlers
7-Zip(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
InProcServer32(Default) = "C:Program Files7-Zip7-zip.dll" ["Igor Pavlov"]
ZFAdd(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
InProcServer32(Default) = "C:Program FilesWinAcearcext.dll" ["e-merge GmbH"]
HKLMSOFTWAREClassesFoldershellexContextMenuHandlers
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "C:Program FilesAviraAntiVir PersonalEdition Classicshlext.dll" ["Avira GmbH"]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
HKCUSoftwarePoliciesMicrosoftWindowsSystem
"DisableCMD" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to the command prompt}
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem
"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}
"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}
"EnableLUA" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}
"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}
"EnableVirtualization" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}
"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}
"EnableUIADesktopToggle" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "C:Windowssystem32configsystemprofileAppDataRoamingMicrosoftWindows Photo GalleryTapeta z Galerii fotografii systemu Windows.jpg"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "C:UsersShinigamiAppDataRoamingMicrosoftWindows Photo GalleryTapeta z Galerii fotografii systemu Windows.jpg"
Enabled Screen Saver:
---------------------
HKCUControl PanelDesktop
"SCRNSAVE.EXE" = "C:Windowssystem32Ribbons.scr" [MS]
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersHandlers
HPAutoplayPSE
"Provider" = "HP Photosmart Essential 2.0"
"InvokeProgID" = "HpqPSApl.Autoplay"
"InvokeVerb" = "Play"
HKLMSOFTWAREClassesHpqPSApl.AutoplayshellPlayDropTargetCLSID = "{A6873065-D632-4615-A3A9-C5F05EE109C1}"
-> {HKLM...CLSID} = (no title provided)
LocalServer32(Default) = "C:Program FilesHPDigital ImagingbinHpqPsApl.exe" ["Hewlett-Packard"]
LightScribeOnArrivalAP
"Provider" = "LightScribe Direct Disc Labeling"
"InvokeProgID" = "LightScribe.AutoPlayHandler"
"InvokeVerb" = "LabelLightScribeDisc"
HKLMSOFTWAREClassesLightScribe.AutoPlayHandlershellLabelLightScribeDisccommand(Default) = "C:Program FilesCommon FilesLightScribeLsLauncher.exe" ["Hewlett-Packard Company"]
MediaCapture9Music
"Provider" = "Media Import"
"InvokeProgID" = "RoxioMediaCapture9"
"InvokeVerb" = "Audio"
HKLMSOFTWAREClassesRoxioMediaCapture9shellAudiocommand(Default) = "C:Program FilesRoxioRoxio MyDVD Basic v9Media Import 9MediaCapture9.exe -audio %L" ["Sonic Solutions"]
MediaCapture9Photos
"Provider" = "Media Import"
"InvokeProgID" = "RoxioMediaCapture9"
"InvokeVerb" = "Photo"
HKLMSOFTWAREClassesRoxioMediaCapture9shellPhotocommand(Default) = "C:Program FilesRoxioRoxio MyDVD Basic v9Media Import 9MediaCapture9.exe -photo %L" ["Sonic Solutions"]
MediaCapture9VideoCamera
"Provider" = "Media Import"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:Program FilesRoxioRoxio MyDVD Basic v9Media Import 9MediaCapture9.exe"
HKLMSOFTWAREClassesShell.HWEventHandlerShellExecuteCLSID(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
LocalServer32(Default) = "C:WindowsSystem32rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
MediaCapture9Videos
"Provider" = "Media Import"
"InvokeProgID" = "RoxioMediaCapture9"
"InvokeVerb" = "Video"
HKLMSOFTWAREClassesRoxioMediaCapture9shellVideocommand(Default) = "C:Program FilesRoxioRoxio MyDVD Basic v9Media Import 9MediaCapture9.exe -video %L" ["Sonic Solutions"]
QuickPlayDCameraArrival
"Provider" = "HP QuickPlay"
"InvokeProgID" = "Picture"
"InvokeVerb" = "PlayWithQuickPlay"
HKLMSOFTWAREClassesPictureshellPlayWithQuickPlayCommand(Default) = ""C:Program FilesHPQuickPlayQP.exe" AUTOPLAY DSC "%L"" ["CyberLink Corp."]
QuickPlayDVArrival
"Provider" = "HP QuickPlay"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:Program FilesHPQuickPlayQP.exe" DV "%L""
HKLMSOFTWAREClassesShell.HWEventHandlerShellExecuteCLSID(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
LocalServer32(Default) = "C:WindowsSystem32rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
QuickPlayMusicFilesArrival
"Provider" = "HP QuickPlay"
"InvokeProgID" = "MusicFiles"
"InvokeVerb" = "PlayWithQuickPlay"
HKLMSOFTWAREClassesMusicFilesshellPlayWithQuickPlayCommand(Default) = ""C:Program FilesHPQuickPlayQP.exe" AUTOPLAY MUSIC "%L"" ["CyberLink Corp."]
QuickPlayPlayCDAudioOnArrival
"Provider" = "HP QuickPlay"
"InvokeProgID" = "AudioCD"
"InvokeVerb" = "PlayWithQuickPlay"
HKLMSOFTWAREClassesAudioCDshellPlayWithQuickPlayCommand(Default) = ""C:Program FilesHPQuickPlayQP.exe" AUTOPLAY CD "%L"" ["CyberLink Corp."]
QuickPlayPlayDVDMovieOnArrival
"Provider" = "HP QuickPlay"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithQuickPlay"
HKLMSOFTWAREClassesDVDshellPlayWithQuickPlayCommand(Default) = ""C:Program FilesHPQuickPlayQP.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]
QuickPlayPlayVideoCDMovieOnArrival
"Provider" = "HP QuickPlay"
"InvokeProgID" = "VCD"
"InvokeVerb" = "PlayWithQuickPlay"
HKLMSOFTWAREClassesVCDshellPlayWithQuickPlayCommand(Default) = ""C:Program FilesHPQuickPlayQP.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]
QuickPlayVideoFilesArrival
"Provider" = "HP QuickPlay"
"InvokeProgID" = "VideoFiles"
"InvokeVerb" = "PlayWithQuickPlay"
HKLMSOFTWAREClassesVideoFilesshellPlayWithQuickPlayCommand(Default) = ""C:Program FilesHPQuickPlayQP.exe" AUTOPLAY VIDEO "%L"" ["CyberLink Corp."]
RoxioSCAudioCDTask33
"Provider" = "Roxio Creator Audio"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "AudioCDTask"
HKLMSOFTWAREClassesRoxio.RoxioCentral33shellAudioCDTaskCommand(Default) = ""C:Program FilesCommon FilesRoxio Shared9.0Roxio Central33MainRoxio_Central33.exe" /Launch {8E376824-EA6C-4CB7-AA05-A30CB84D359B}" [null data]
RoxioSCCopyCD33
"Provider" = "Roxio Creator Copy"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "ExactCopyJob"
HKLMSOFTWAREClassesRoxio.RoxioCentral33shellExactCopyJobCommand(Default) = ""C:Program FilesCommon FilesRoxio Shared9.0Roxio Central33MainRoxio_Central33.exe" /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA}" [null data]
RoxioSCCopyDisc33
"Provider" = "Roxio Creator Copy"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "ExactCopyJob"
HKLMSOFTWAREClassesRoxio.RoxioCentral33shellExactCopyJobCommand(Default) = ""C:Program FilesCommon FilesRoxio Shared9.0Roxio Central33MainRoxio_Central33.exe" /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA}" [null data]
RoxioSCDataProject33
"Provider" = "Roxio Creator Data"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "DataGuide"
HKLMSOFTWAREClassesRoxio.RoxioCentral33shellDataGuideCommand(Default) = ""C:Program FilesCommon FilesRoxio Shared9.0Roxio Central33MainRoxio_Central33.exe" /Launch Data" [null data]
RoxioSCDataTask33
"Provider" = "Roxio Creator Data"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "DataTask"
HKLMSOFTWAREClassesRoxio.RoxioCentral33shellDataTaskCommand(Default) = ""C:Program FilesCommon FilesRoxio Shared9.0Roxio Central33MainRoxio_Central33.exe" /Launch {D085B12D-4D9B-49C2-8323-5053831CBD54}" [null data]
WinampMTPHandler
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:Program FilesWinampwinamp.exe"
HKLMSOFTWAREClassesShell.HWEventHandlerShellExecuteCLSID(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
LocalServer32(Default) = "C:WindowsSystem32rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
WinampPlayMediaOnArrival
"Provider" = "Winamp"
"InvokeProgID" = "Winamp.File"
"InvokeVerb" = "Play"
HKLMSOFTWAREClassesWinamp.FileshellPlaycommand(Default) = ""C:Program FilesWinampwinamp.exe" "%1"" ["Nullsoft"]
HKLMSOFTWAREClassesWinamp.FileshellPlayDropTargetCLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
-> {HKLM...CLSID} = (no title provided)
LocalServer32(Default) = ""C:Program FilesWinampwinamp.exe"" ["Nullsoft"]
DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------
D:DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}InProcServer32(Default) = "C:WindowsSystem32ShellvRTF.dll" ["XSS"]
D:$RECYCLE.BINDESKTOP.INI -- cannot be opened!
D:BOOTDESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}InProcServer32(Default) = "C:WindowsSystem32ShellvRTF.dll" ["XSS"]
D:HPDESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}InProcServer32(Default) = "C:WindowsSystem32ShellvRTF.dll" ["XSS"]
D:preloadDESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}InProcServer32(Default) = "C:WindowsSystem32ShellvRTF.dll" ["XSS"]
D:SOURCESDESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}InProcServer32(Default) = "C:WindowsSystem32ShellvRTF.dll" ["XSS"]
D:ToolsDESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}InProcServer32(Default) = "C:WindowsSystem32ShellvRTF.dll" ["XSS"]
D:WINDOWSDESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {HKLM...CLSID}InProcServer32(Default) = "C:WindowsSystem32ShellvRTF.dll" ["XSS"]
Startup items in "Shinigami" & "All Users" startup folders:
-----------------------------------------------------------
C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
"BTTray" -> shortcut to: "C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe" ["Broadcom Corporation."]
"Logitech SetPoint" -> shortcut to: "C:Program FilesLogitechSetPointSetPoint.exe" ["Logitech, Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLMSYSTEMCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%system32NLAapi.dll" [MS]
000000000002LibraryPath = "%SystemRoot%system32napinsp.dll" [MS]
000000000003LibraryPath = "%SystemRoot%system32pnrpnsp.dll" [MS]
000000000004LibraryPath = "%SystemRoot%system32pnrpnsp.dll" [MS]
000000000005LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000006LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000007LibraryPath = "%SystemRoot%system32wshbth.dll" [MS]
000000000008LibraryPath = "C:Program FilesBonjourmdnsNSP.dll" ["Apple Inc."]
Transport Service Providers
HKLMSYSTEMCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%system32mswsock.dll [MS], 01 - 29
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser
"{968631B6-4729-440D-9BF4-251F5593EC9A}"
-> {HKLM...CLSID} = "Copernic Desktop Search - Home"
InProcServer32(Default) = "C:Program FilesCopernic Desktop Search 2DesktopSearchBand300000081.dll" ["Copernic Inc."]
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"
-> {HKLM...CLSID} = "Grab Pro"
InProcServer32(Default) = "C:Program FilesOrbitdownloaderGrabPro.dll" [null data]
HKLMSOFTWAREMicrosoftInternet ExplorerToolbar
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
InProcServer32(Default) = "C:Program FilesYahoo!CompanionInstallscpnyt.dll" ["Yahoo! Inc."]
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" = (no title provided)
-> {HKLM...CLSID} = "Grab Pro"
InProcServer32(Default) = "C:Program FilesOrbitdownloaderGrabPro.dll" [null data]
"{968631B6-4729-440D-9BF4-251F5593EC9A}" = (no title provided)
-> {HKLM...CLSID} = "Copernic Desktop Search - Home"
InProcServer32(Default) = "C:Program FilesCopernic Desktop Search 2DesktopSearchBand300000081.dll" ["Copernic Inc."]
Explorer Bars
HKLMSOFTWAREMicrosoftInternet ExplorerExplorer Bars
{968631B6-4729-440D-9BF4-251F5593EC9A}(Default) = (no title provided)
-> {HKLM...CLSID} = "Copernic Desktop Search - Home"
InProcServer32(Default) = "C:Program FilesCopernic Desktop Search 2DesktopSearchBand300000081.dll" ["Copernic Inc."]
{9C3FCA1F-99E3-48F2-A7F4-DD3931B2F99A}(Default) = (no title provided)
-> {HKLM...CLSID} = "Copernic Desktop Search - Home"
InProcServer32(Default) = "C:Program FilesCopernic Desktop Search 2DesktopSearchBand300000081.dll" ["Copernic Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLMSOFTWAREMicrosoftInternet ExplorerExtensions
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"
InProcServer32(Default) = "C:PROGRA~1JavaJRE16~2.0_0binssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"
InProcServer32(Default) = "C:Program FilesJavajre1.6.0_07binnpjpi160_07.dll" ["Sun Microsystems, Inc."]
{77BF5300-1474-4EC7-9980-D32B190E9B07}
"ButtonText" = "Skype"
"CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"
-> {HKLM...CLSID} = "Skype add-on (button)"
InProcServer32(Default) = "C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll" ["Skype Technologies S.A."]
{CCA281CA-C863-46EF-9331-5C8D4460577F}
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-12650"
"Script" = "C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm" [null data]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
"MenuText" = "Spybot - Search & Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
InProcServer32(Default) = "C:PROGRA~1SPYBOT~1SDHelper.dll" ["Safer Networking Limited"]
Miscellaneous IE Hijack Points
------------------------------
HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks
<<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
InProcServer32(Default) = "C:Program FilesYahoo!CompanionInstallscpnyt.dll" ["Yahoo! Inc."]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Autokonfiguracja sieci WLAN, Wlansvc, "C:Windowssystem32svchost.exe -k LocalSystemNetworkRestricted" {"C:WindowsSystem32wlansvc.dll" [MS]}
Avira AntiVir Personal - Free Antivirus Guard, AntiVirService, ""C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe"" ["Avira GmbH"]
Avira AntiVir Personal - Free Antivirus Scheduler, AntiVirScheduler, ""C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe"" ["Avira GmbH"]
Bonjour Service, Bonjour Service, ""C:Program FilesBonjourmDNSResponder.exe"" ["Apple Inc."]
CyberLink Background Capture Service (CBCS), CLCapSvc, ""C:Program FilesHPQuickPlayKernelTVCLCapSvc.exe"" [empty string]
CyberLink Task Scheduler (CTS), CLSched, ""C:Program FilesHPQuickPlayKernelTVCLSched.exe"" [empty string]
DiskMagik Service, DiskMgkS, ""C:Program FilesDiskMagikDiskMgkS.exe"" ["RoseCity Software"]
Dostęp do urządzeń interfejsu HID, hidserv, "C:Windowssystem32svchost.exe -k LocalSystemNetworkRestricted" {"C:Windowssystem32hidserv.dll" [MS]}
HP Health Check Service, HP Health Check Service, ""C:Program FilesHewlett-PackardHP Health Checkhphc_service.exe"" [null data]
hpqwmiex, hpqwmiex, "C:Program FilesHewlett-PackardSharedhpqwmiex.exe" ["Hewlett-Packard Development Company, L.P."]
Intel(R) Matrix Storage Event Monitor, IAANTMON, "C:Program FilesIntelIntel Matrix Storage ManagerIAANTMon.exe" ["Intel Corporation"]
Izolacja klucza CNG, KeyIso, "C:Windowssystem32lsass.exe" [MS]
Karta inteligentna, SCardSvr, "C:Windowssystem32svchost.exe -k LocalService" {"C:WindowsSystem32SCardSvr.dll" [MS]}
LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:Program FilesCommon FilesLightScribeLSSrvc.exe"" ["Hewlett-Packard Company"]
Local Communication Channel, ASChannel, "C:WindowsSystem32svchost.exe -k Cognizance" {"c:Program FilesBioscryptVeriSoftBinAsChnl.dll" ["Cognizance Corporation"]}
Logon Session Broker, ASBroker, "C:WindowsSystem32svchost.exe -k Cognizance" {"c:Program FilesBioscryptVeriSoftBinASWLNPkg.dll" ["Cognizance Corporation"]}
Protokół uwierzytelniania rozszerzonego (EAP), EapHost, "C:WindowsSystem32svchost.exe -k netsvcs" {"C:WindowsSystem32eapsvc.dll" [MS]}
Usługa obsługi Bluetooth, BthServ, "C:Windowssystem32svchost.exe -k bthsvcs" {"C:WindowsSystem32bthserv.dll" [MS]}
Usługa Protokół SSTP, SstpSvc, "C:Windowssystem32svchost.exe -k LocalService" {"C:Windowssystem32sstpsvc.dll" [MS]}
Windows Driver Foundation — User-mode Driver Framework, wudfsvc, "C:Windowssystem32svchost.exe -k LocalSystemNetworkRestricted" {"C:WindowsSystem32WUDFSvc.dll" [MS]}
Windows Image Acquisition (WIA), stisvc, "C:Windowssystem32svchost.exe -k imgsvc" {"C:WindowsSystem32wiaservc.dll" [MS]}
---------- (launch time: 2008-10-24 00:03:19)
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 117 seconds.
---------- (total run time: 173 seconds)