wklejto.pl

Dodane przez: ~mati (2008-07-11 10:32) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
288.
289.
290.
291.
292.
293.
294.
295.
296.
297.
298.
299.
300.
301.
302.
303.
304.
305.
306.
307.
308.
309.
310.
311.
312.
313.
314.
315.
316.
317.
318.
319.
320.
321.
322.
323.
324.
325.
326.
327.
328.
329.
330.
331.
332.
333.
334.
335.
336.
337.
338.
339.
340.
341.
342.
343.
344.
345.
346.
347.
348.
349.
350.
351.
352.
353.
354.
355.
356.
357.
358.
359.
360.
361.
362.
363.
364.
365.
366.
367.
368.
369.
370.
371.
372.
373.
\"Silent Runners.vbs\", revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by \"{++}\"
 
 
Startup items buried in registry:
---------------------------------
 
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\ {++}
\"ctfmon.exe\" = \"C:\\WINDOWS\\system32\\ctfmon.exe\" [MS]
\"RTEGPRS\" = \"\"C:\\Program Files\\Common Files\\SmartCom\\RTEGPRS.exe\" tray\" [\"SmartCom\"]
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\
{0124123D-61B4-456f-AF86-78C53A0790C5}\\(Default) = \"G DATA WebFilter Class\"
  -> {HKLM...CLSID} = \"G DATA WebFilter\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\G DATA AntiVirus Trial\\Webfilter\\AvkWebIE.dll\" [null data]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\\(Default) = (no title provided)
  -> {HKLM...CLSID} = \"Yahoo! Toolbar Helper\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll\" [\"Yahoo! Inc.\"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\\(Default) = (no title provided)
  -> {HKLM...CLSID} = \"Adobe PDF Reader Link Helper\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll\" [\"Adobe Systems Incorporated\"]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\\(Default) = \"BitComet ClickCapture\"
  -> {HKLM...CLSID} = \"BitComet Helper\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\BitComet\\tools\\BitCometBHO_1.1.2.7.dll\" [\"BitComet\"]
{53707962-6F74-2D53-2644-206D7942484F}\\(Default) = (no title provided)
  -> {HKLM...CLSID} = \"Spybot-S&D IE Protection\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Spybot - Search & Destroy\\SDHelper.dll\" [\"Safer Networking Limited\"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\\(Default) = (no title provided)
  -> {HKLM...CLSID} = \"SSVHelper Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\ssv.dll\" [\"Sun Microsystems, Inc.\"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\\(Default) = (no title provided)
  -> {HKLM...CLSID} = \"Google Toolbar Helper\"
                   \\InProcServer32\\(Default) = \"c:\\program files\\google\\googletoolbar2.dll\" [\"Google Inc.\"]
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\
\"{42071714-76d4-11d1-8b24-00a0c9068ff3}\" = \"Rozszerzenie CPL kadrowania wyświetlania\"
  -> {HKLM...CLSID} = \"Rozszerzenie CPL kadrowania wyświetlania\"
                   \\InProcServer32\\(Default) = \"deskpan.dll\" [file not found]
\"{88895560-9AA2-1069-930E-00AA0030EBC8}\" = \"Rozszerzenie ikony HyperTerminalu\"
  -> {HKLM...CLSID} = \"HyperTerminal Icon Ext\"
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\hticons.dll\" [\"Hilgraeve, Inc.\"]
\"{2F603045-309F-11CF-9774-0020AFD0CFF6}\" = \"Synaptics Control Panel\"
  -> {HKLM...CLSID} = (no title provided)
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Synaptics\\SynTP\\SynTPCpl.dll\" [\"Synaptics, Inc.\"]
\"{00020D75-0000-0000-C000-000000000046}\" = \"Microsoft Office Outlook Desktop Icon Handler\"
  -> {HKLM...CLSID} = \"Microsoft Office Outlook\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\OFFICE11\\MLSHEXT.DLL\" [MS]
\"{0006F045-0000-0000-C000-000000000046}\" = \"Microsoft Office Outlook Custom Icon Handler\"
  -> {HKLM...CLSID} = \"Rozszerzenie ikon plików programu Outlook\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\OFFICE11\\OLKFSTUB.DLL\" [MS]
\"{42042206-2D85-11D3-8CFF-005004838597}\" = \"Microsoft Office HTML Icon Handler\"
  -> {HKLM...CLSID} = (no title provided)
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\OFFICE11\\msohev.dll\" [MS]
\"{B41DB860-8EE4-11D2-9906-E49FADC173CA}\" = \"WinRAR shell extension\"
  -> {HKLM...CLSID} = \"WinRAR\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\WinRAR\\rarext.dll\" [null data]
\"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\" = \"Microsoft Office Metadata Handler\"
  -> {HKLM...CLSID} = \"Microsoft Office Metadata Handler\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12\\msoshext.dll\" [MS]
\"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}\" = \"Microsoft Office Thumbnail Handler\"
  -> {HKLM...CLSID} = \"Microsoft Office Thumbnail Handler\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12\\msoshext.dll\" [MS]
\"{23170F69-40C1-278A-1000-000100020000}\" = \"7-Zip Shell Extension\"
  -> {HKLM...CLSID} = \"7-Zip Shell Extension\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\7-Zip\\7-zip.dll\" [\"Igor Pavlov\"]
\"{5E2121EE-0310-11D4-8D3B-444553540000}\" = \"AshAv extension\"
  -> {HKLM...CLSID} = \"AshAvShell Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Ashampoo\\Ashampoo AntiVirus\\ashavshell.dll\" [\"Ashampoo GmbH\"]
\"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}\" = \"iTunes\"
  -> {HKLM...CLSID} = \"iTunes\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\iTunes\\iTunesMiniPlayer.dll\" [\"Apple Computer, Inc.\"]
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad\\
\"WPDShServiceObj\" = \"{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\"
  -> {HKLM...CLSID} = \"WPDShServiceObj Class\"
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\WPDShServiceObj.dll\" [MS]
 
HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\
<<!>> igfxcui\\DLLName = \"igfxdev.dll\" [\"Intel Corporation\"]
 
HKLM\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\
<<!>> text/xml\\CLSID = \"{807553E5-5146-11D5-A672-00B0D022E945}\"
  -> {HKLM...CLSID} = (no title provided)
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE11\\MSOXMLMF.DLL\" [MS]
 
HKLM\\SOFTWARE\\Classes\\Folder\\shellex\\ColumnHandlers\\
{F9DB5320-233E-11D1-9F84-707F02C10627}\\(Default) = \"PDF Column Info\"
  -> {HKLM...CLSID} = \"PDF Shell Extension\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.dll\" [\"Adobe Systems, Inc.\"]
 
HKLM\\SOFTWARE\\Classes\\*\\shellex\\ContextMenuHandlers\\
7-Zip\\(Default) = \"{23170F69-40C1-278A-1000-000100020000}\"
  -> {HKLM...CLSID} = \"7-Zip Shell Extension\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\7-Zip\\7-zip.dll\" [\"Igor Pavlov\"]
AVK9CM\\(Default) = \"{CAF4C320-32F5-11D3-A222-004095200FF2}\"
  -> {HKLM...CLSID} = \"AVK9ContextMenue\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\G DATA AntiVirus Trial\\AVK\\ShellExt.dll\" [\"G DATA Software AG\"]
WinRAR\\(Default) = \"{B41DB860-8EE4-11D2-9906-E49FADC173CA}\"
  -> {HKLM...CLSID} = \"WinRAR\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\WinRAR\\rarext.dll\" [null data]
 
HKLM\\SOFTWARE\\Classes\\Directory\\shellex\\ContextMenuHandlers\\
7-Zip\\(Default) = \"{23170F69-40C1-278A-1000-000100020000}\"
  -> {HKLM...CLSID} = \"7-Zip Shell Extension\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\7-Zip\\7-zip.dll\" [\"Igor Pavlov\"]
WinRAR\\(Default) = \"{B41DB860-8EE4-11D2-9906-E49FADC173CA}\"
  -> {HKLM...CLSID} = \"WinRAR\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\WinRAR\\rarext.dll\" [null data]
 
HKLM\\SOFTWARE\\Classes\\Folder\\shellex\\ContextMenuHandlers\\
AVK9CM\\(Default) = \"{CAF4C320-32F5-11D3-A222-004095200FF2}\"
  -> {HKLM...CLSID} = \"AVK9ContextMenue\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\G DATA AntiVirus Trial\\AVK\\ShellExt.dll\" [\"G DATA Software AG\"]
WinRAR\\(Default) = \"{B41DB860-8EE4-11D2-9906-E49FADC173CA}\"
  -> {HKLM...CLSID} = \"WinRAR\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\WinRAR\\rarext.dll\" [null data]
 
 
Default executables:
--------------------
 
<<!>> HKLM\\SOFTWARE\\Classes\\.com\\(Default) = \"ComFile\"
 
 
Group Policies {policy setting}:
--------------------------------
 
Note: detected settings may not have any effect.
 
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\
 
\"NoDrives\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\
 
\"NoDrives\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\
 
\"HideLegacyLogonScripts\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"HideLogoffScripts\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"RunLogonScriptSync\" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
 
\"RunStartupScriptSync\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"HideStartupScripts\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\
 
\"shutdownwithoutlogon\" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
 
\"undockwithoutlogon\" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}
 
\"DisableRegistryTools\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"HideLegacyLogonScripts\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"HideLogoffScripts\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"RunLogonScriptSync\" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
 
\"RunStartupScriptSync\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"HideStartupScripts\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
 
Active Desktop and Wallpaper:
-----------------------------
 
Active Desktop may be disabled at this entry:
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState
 
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\\Software\\Microsoft\\Internet Explorer\\Desktop\\General\\
\"Wallpaper\" = \"C:\\WINDOWS\\system32\\config\\systemprofile\\Ustawienia lokalne\\Dane aplikacji\\Microsoft\\Wallpaper1.bmp\"
 
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\\Control Panel\\Desktop\\
\"Wallpaper\" = \"C:\\Documents and Settings\\wini\\Ustawienia lokalne\\Dane aplikacji\\Microsoft\\Wallpaper1.bmp\"
 
 
Windows Portable Device AutoPlay Handlers
-----------------------------------------
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoplayHandlers\\Handlers\\
 
HPUnloadAutoplay\\
\"Provider\" = \"Przesyłanie HP i Szybki wydruk\"
\"InvokeProgID\" = \"HpqUnApl.Autoplay\"
\"InvokeVerb\" = \"Play\"
HKLM\\SOFTWARE\\Classes\\HpqUnApl.Autoplay\\shell\\Play\\DropTarget\\CLSID = \"{E1A1C814-FD09-4c9d-BB4A-0394B836A1F0}\"
  -> {HKLM...CLSID} = (no title provided)
                   \\LocalServer32\\(Default) = \"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqUnApl.exe\" [\"Hewlett-Packard\"]
 
iTunesBurnCDOnArrival\\
\"Provider\" = \"iTunes\"
\"InvokeProgID\" = \"iTunes.BurnCD\"
\"InvokeVerb\" = \"burn\"
HKLM\\SOFTWARE\\Classes\\iTunes.BurnCD\\shell\\burn\\command\\(Default) = \"\"C:\\Program Files\\iTunes\\iTunes.exe\" /AutoPlayBurn \"%L\"\" [\"Apple Computer, Inc.\"]
 
iTunesImportSongsOnArrival\\
\"Provider\" = \"iTunes\"
\"InvokeProgID\" = \"iTunes.ImportSongsOnCD\"
\"InvokeVerb\" = \"import\"
HKLM\\SOFTWARE\\Classes\\iTunes.ImportSongsOnCD\\shell\\import\\command\\(Default) = \"\"C:\\Program Files\\iTunes\\iTunes.exe\" /AutoPlayImportSongs \"%L\"\" [\"Apple Computer, Inc.\"]
 
iTunesPlaySongsOnArrival\\
\"Provider\" = \"iTunes\"
\"InvokeProgID\" = \"iTunes.PlaySongsOnCD\"
\"InvokeVerb\" = \"play\"
HKLM\\SOFTWARE\\Classes\\iTunes.PlaySongsOnCD\\shell\\play\\command\\(Default) = \"\"C:\\Program Files\\iTunes\\iTunes.exe\" /playCD \"%L\"\" [\"Apple Computer, Inc.\"]
 
iTunesShowSongsOnArrival\\
\"Provider\" = \"iTunes\"
\"InvokeProgID\" = \"iTunes.ShowSongsOnCD\"
\"InvokeVerb\" = \"showsongs\"
HKLM\\SOFTWARE\\Classes\\iTunes.ShowSongsOnCD\\shell\\showsongs\\command\\(Default) = \"\"C:\\Program Files\\iTunes\\iTunes.exe\" /AutoPlayShowSongs \"%L\"\" [\"Apple Computer, Inc.\"]
 
MPCPlayCDAudioOnArrival\\
\"Provider\" = \"Media Player Classi\"
\"InvokeProgID\" = \"MPC.CDAudio\"
\"InvokeVerb\" = \"play\"
HKLM\\SOFTWARE\\Classes\\MPC.CDAudio\\shell\\play\\command\\(Default) = \"\"C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe\" %L /cd\" [\"Gabest\"]
 
MPCPlayDVDMovieOnArrival\\
\"Provider\" = \"Media Player Classic\"
\"InvokeProgID\" = \"MPC.DVDMovie\"
\"InvokeVerb\" = \"play\"
HKLM\\SOFTWARE\\Classes\\MPC.DVDMovie\\shell\\play\\command\\(Default) = \"\"C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe\" %L /dvd\" [\"Gabest\"]
 
MSPlayCDAudioOnArrival\\
\"Provider\" = \"ALLPlayer\"
\"InvokeProgID\" = \"AllPlayerFile\"
\"InvokeVerb\" = \"play\"
HKLM\\SOFTWARE\\Classes\\AllPlayerFile\\shell\\play\\command\\(Default) = \"\"C:\\Program Files\\MarBit\\ALLPlayer\\ALLPlayer.exe\" \"%1\"\" [\"MarBit\"]
 
MSWPDShellNamespaceHandler\\
\"Provider\" = \"@%SystemRoot%\\System32\\WPDShextRes.dll,-501\"
\"CLSID\" = \"{A55803CC-4D53-404c-8557-FD63DBA95D24}\"
\"InitCmdLine\" = \" \"
  -> {HKLM...CLSID} = \"WPDShextAutoplay\"
                   \\LocalServer32\\(Default) = \"C:\\WINDOWS\\system32\\WPDShextAutoplay.exe\" [MS]
 
 
Winsock2 Service Provider DLLs:
-------------------------------
 
Namespace Service Providers
 
HKLM\\SYSTEM\\CurrentControlSet\\Services\\Winsock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\ {++}
000000000001\\LibraryPath = \"%SystemRoot%\\System32\\mswsock.dll\" [MS]
000000000002\\LibraryPath = \"%SystemRoot%\\System32\\winrnr.dll\" [MS]
000000000003\\LibraryPath = \"%SystemRoot%\\System32\\mswsock.dll\" [MS]
000000000004\\LibraryPath = \"%SystemRoot%\\System32\\nwprovau.dll\" [MS]
 
Transport Service Providers
 
HKLM\\SYSTEM\\CurrentControlSet\\Services\\Winsock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\ {++}
0000000000##\\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\\system32\\mswsock.dll [MS], 01 - 03, 06 - 33
%SystemRoot%\\system32\\rsvpsp.dll [MS], 04 - 05
 
 
Toolbars, Explorer Bars, Extensions:
------------------------------------
 
Toolbars
 
HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser\\
\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}\"
  -> {HKLM...CLSID} = \"Yahoo! Toolbar\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll\" [\"Yahoo! Inc.\"]
\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}\"
  -> {HKLM...CLSID} = \"&Google\"
                   \\InProcServer32\\(Default) = \"c:\\program files\\google\\googletoolbar2.dll\" [\"Google Inc.\"]
 
HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar\\
\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}\" = (no title provided)
  -> {HKLM...CLSID} = \"Yahoo! Toolbar\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll\" [\"Yahoo! Inc.\"]
\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}\" = (no title provided)
  -> {HKLM...CLSID} = \"&Google\"
                   \\InProcServer32\\(Default) = \"c:\\program files\\google\\googletoolbar2.dll\" [\"Google Inc.\"]
\"{0124123D-61B4-456F-AF86-78C53A0790C5}\" = \"G DATA WebFilter\"
  -> {HKLM...CLSID} = \"G DATA WebFilter\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\G DATA AntiVirus Trial\\Webfilter\\AvkWebIE.dll\" [null data]
 
Explorer Bars
 
HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Explorer Bars\\
 
HKLM\\SOFTWARE\\Classes\\CLSID\\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\\(Default) = \"&Badanie\"
Implemented Categories\\{00021493-0000-0000-C000-000000000046}\\ [vertical bar]
InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\OFFICE11\\REFIEBAR.DLL\" [MS]
 
Extensions (Tools menu items, main toolbar menu buttons)
 
HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Extensions\\
{3AD14F0C-ED16-4E43-B6D8-661B03F6A1EF}\\
\"ButtonText\" = \"PokerStars\"
\"Exec\" = \"C:\\Program Files\\PokerStars\\PokerStarsUpdate.exe\" [\"PokerStars\"]
 
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\\
\"ButtonText\" = \"Badanie\"
 
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\\
\"MenuText\" = \"Spybot - Search && Destroy Configuration\"
\"CLSIDExtension\" = \"{53707962-6F74-2D53-2644-206D7942484F}\"
  -> {HKLM...CLSID} = \"Spybot-S&D IE Protection\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Spybot - Search & Destroy\\SDHelper.dll\" [\"Safer Networking Limited\"]
 
 
Miscellaneous IE Hijack Points
------------------------------
 
HKCU\\Software\\Microsoft\\Internet Explorer\\URLSearchHooks\\
<<H>> \"{EF99BD32-C1FB-11D2-892F-0090271D4F88}\" = \"*n\" (unwritable string)
  -> {HKLM...CLSID} = \"Yahoo! Toolbar\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll\" [\"Yahoo! Inc.\"]
 
 
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
 
G DATA Scheduler, AVKService, \"C:\\Program Files\\G DATA AntiVirus Trial\\AVK\\AVKService.exe\" [\"G DATA Software AG\"]
Intel(R) Matrix Storage Event Monitor, IAANTMon, \"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaantmon.exe\" [\"Intel Corporation\"]
Machine Debug Manager, MDM, \"\"C:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE\"\" [MS]
Pml Driver HPZ12, Pml Driver HPZ12, \"C:\\WINDOWS\\system32\\HPZipm12.exe\" [\"HP\"]
Usługa Pomocnik IPv6, 6to4, \"C:\\WINDOWS\\system32\\svchost.exe -k netsvcs\" {\"C:\\WINDOWS\\System32\\6to4svc.dll\" [MS]}
 
 
Print Monitors:
---------------
 
HKLM\\SYSTEM\\CurrentControlSet\\Control\\Print\\Monitors\\
Bullzip PDF Print Monitor\\Driver = \"bzpdf.dll\" [\"BullZip\"]
HP Standard TCP/IP Port\\Driver = \"HpTcpMon.dll\" [\"Hewlett Packard\"]
hpzlnt12\\Driver = \"hpzlnt12.dll\" [\"HP\"]
LPR Port\\Driver = \"lprmon.dll\" [MS]
Microsoft Document Imaging Writer Monitor\\Driver = \"mdimon.dll\" [MS]
Microsoft Shared Fax Monitor\\Driver = \"FXSMON.DLL\" [MS]
Monitor języka PJL\\Driver = \"PJLMON.DLL\" [MS]
 
 
---------- (launch time: 2008-07-11 10:38:56)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
 
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 12 seconds.
---------- (total run time: 48 seconds)
 
Wygenerowano w 0.128s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!