wklejto.pl

Dodane przez: mihas7f (2010-11-04 14:55) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
288.
289.
290.
291.
292.
293.
294.
295.
296.
297.
298.
299.
300.
301.
302.
303.
304.
305.
306.
307.
308.
309.
310.
311.
312.
313.
314.
315.
316.
317.
318.
319.
320.
321.
322.
323.
324.
325.
326.
327.
328.
329.
330.
331.
332.
333.
334.
335.
336.
337.
338.
339.
340.
341.
342.
343.
344.
345.
346.
347.
348.
349.
350.
351.
352.
353.
354.
355.
356.
357.
358.
359.
360.
361.
362.
363.
364.
365.
366.
367.
368.
369.
370.
371.
372.
373.
374.
375.
376.
377.
378.
379.
380.
381.
382.
383.
384.
385.
386.
387.
388.
389.
390.
391.
392.
393.
394.
395.
396.
397.
398.
399.
400.
401.
402.
403.
404.
405.
406.
407.
408.
409.
410.
411.
412.
413.
414.
415.
416.
417.
418.
419.
420.
421.
422.
423.
424.
425.
426.
427.
428.
429.
430.
431.
432.
433.
434.
435.
436.
437.
438.
439.
440.
441.
442.
443.
444.
445.
446.
447.
448.
449.
450.
451.
452.
453.
454.
455.
456.
457.
458.
459.
460.
461.
462.
463.
464.
465.
466.
467.
468.
469.
470.
471.
472.
473.
474.
475.
476.
477.
478.
479.
480.
481.
482.
483.
484.
485.
486.
487.
488.
489.
490.
491.
492.
493.
494.
495.
496.
497.
498.
499.
500.
501.
502.
503.
504.
505.
506.
507.
508.
509.
510.
511.
512.
513.
514.
515.
516.
517.
518.
519.
520.
521.
522.
523.
524.
525.
526.
527.
528.
529.
530.
531.
532.
533.
534.
535.
536.
537.
538.
539.
540.
541.
542.
543.
544.
545.
546.
547.
548.
549.
550.
551.
552.
553.
554.
555.
556.
557.
558.
559.
560.
561.
562.
563.
564.
565.
566.
567.
568.
569.
570.
571.
572.
573.
574.
575.
576.
577.
578.
579.
580.
581.
582.
583.
584.
585.
586.
587.
588.
589.
590.
591.
592.
593.
594.
595.
596.
597.
598.
599.
600.
601.
602.
603.
604.
605.
606.
607.
608.
609.
610.
611.
612.
613.
614.
615.
616.
617.
618.
619.
620.
621.
622.
623.
624.
625.
626.
627.
628.
629.
630.
631.
632.
633.
634.
635.
636.
637.
638.
639.
640.
641.
642.
643.
644.
645.
646.
647.
648.
649.
650.
651.
652.
653.
654.
655.
656.
657.
658.
659.
660.
661.
662.
663.
664.
665.
666.
667.
668.
669.
670.
671.
672.
673.
674.
675.
676.
677.
678.
679.
680.
681.
682.
683.
684.
685.
686.
687.
688.
689.
690.
691.
692.
693.
694.
695.
696.
697.
698.
699.
700.
701.
702.
703.
704.
705.
706.
707.
708.
709.
710.
711.
712.
\"Silent Runners.vbs\", revision 63, http://www.silentrunners.org/
Operating System: Windows Vista SP1
Output limited to non-default values, except where indicated by \"{++}\"
 
 
Startup items buried in registry:
---------------------------------
 
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\ {++}
\"OfficeSyncProcess\" = \"C:\\Program Files\\Microsoft Office\\Office14\\MSOSYNC.EXE\" [file not found]
\"RoboForm\" = \"\"C:\\Program Files\\Siber Systems\\AI RoboForm\\RoboTaskBarIcon.exe\"\" [\"Siber Systems\"]
\"Google Update\" = \"\"C:\\Users\\marta.CAPTIMAX\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c\" [\"Google Inc.\"]
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\ {++}
\"Windows Defender\" = \"C:\\Program Files\\Windows Defender\\MSASCui.exe -hide\"
\"IgfxTray\" = \"C:\\Windows\\system32\\igfxtray.exe\" [\"Intel Corporation\"]
\"HotKeysCmds\" = \"C:\\Windows\\system32\\hkcmd.exe\" [\"Intel Corporation\"]
\"Persistence\" = \"C:\\Windows\\system32\\igfxpers.exe\" [\"Intel Corporation\"]
\"SoundMAXPnP\" = \"C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe\" [\"Analog Devices, Inc.\"]
\"picon\" = \"\"C:\\Program Files\\Common Files\\Intel\\Privacy Icon\\PrivacyIconClient.exe\" -startup\" [null data]
\"PDF Complete\" = \"C:\\Program Files\\PDF Complete\\pdfsty.exe\" [\"PDF Complete Inc\"]
\"accrdsub\" = \"\"C:\\Program Files\\ActivIdentity\\ActivClient\\accrdsub.exe\"\" [\"ActivIdentity\"]
\"PTHOSTTR\" = \"C:\\Program Files\\Hewlett-Packard\\HP ProtectTools Security Manager\\PTHOSTTR.EXE /Start\" [\"Hewlett-Packard Development Company, L.P.\"]
\"CognizanceTS\" = \"rundll32.exe C:\\PROGRA~1\\HEWLET~1\\IAM\\Bin\\ASTSVCC.dll,RegisterModule\" [MS]
\"SetRefresh\" = \"C:\\Program Files\\HP\\SetRefresh\\SetRefresh.exe\" [\"Hewlett-Packard Company\"]
\"MagicRotation\" = \"C:\\Program Files\\MagicRotation\\MagicPvt.exe\" [\"Samsung Electronics, Inc.\"]
\"QuickTime Task\" = \"\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime\" [\"Apple Inc.\"]
\"iTunesHelper\" = \"\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"\" [\"Apple Inc.\"]
\"StartintY\" = \"\"C:\\Program Files\\intY\\cmgrwin32.exe\" 1713931326\" [\"intY Ltd.\"]
\"GrooveMonitor\" = \"\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\"\" [MS]
\"TrayMin900\" = \"C:\\windows\\System32\\Drivers\\Tray900.exe\" [\"Philips\"]
\"PCTools FGuard\" = \"C:\\Program Files\\PC Tools Security\\BDT\\FGuard.exe\" [\"Threat Expert Ltd.\"]
\"AVG_TRAY\" = \"C:\\Program Files\\AVG\\AVG10\\avgtray.exe\" [\"AVG Technologies CZ, s.r.o.\"]
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\ {++}
\"ST Recovery Launcher\" = \"C:\\windows\\SMINST\\launcher.exe\"
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\
 
{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\\(Default) = \"Browser Defender BHO\"
  -> {HKLM...CLSID} = \"PC Tools Browser Guard BHO\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\PC Tools Security\\BDT\\PCTBrowserDefender.dll\" [\"Threat Expert Ltd.\"]
 
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\\(Default) = \"flashget urlcatch\"
  -> {HKLM...CLSID} = \"FGCatchUrl\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\FlashGet\\jccatch.dll\" [\"www.flashget.com\"]
 
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\\(Default) = \"WormRadar.com IESiteBlocker.NavFilter\"
  -> {HKLM...CLSID} = \"AVG Safe Search\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\AVG\\AVG10\\avgssie.dll\" [\"AVG Technologies CZ, s.r.o.\"]
 
{724d43a9-0d85-11d4-9908-00400523e39a}\\(Default) = \"RoboForm\"
  -> {HKLM...CLSID} = (no title provided)
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Siber Systems\\AI RoboForm\\roboform.dll\" [\"Siber Systems Inc.\"]
 
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\\(Default) = (no title provided)
  -> {HKLM...CLSID} = \"Groove GFS Browser Helper\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\\(Default) = (no title provided)
  -> {HKLM...CLSID} = \"SSVHelper Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\ssv.dll\" [\"Sun Microsystems, Inc.\"]
 
{bf00e119-21a3-4fd1-b178-3b8537e75c92}\\(Default) = \"MegaIEMn\"
  -> {HKLM...CLSID} = \"IeMonitorBho Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Megaupload\\Mega Manager\\MegaIEMn.dll\" [\"Megaupload Limited\"]
 
{DF21F1DB-80C6-11D3-9483-B03D0EC10000}\\(Default) = \"Credential Manager for HP ProtectTools\"
  -> {HKLM...CLSID} = \"Credential Manager for HP ProtectTools\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Hewlett-Packard\\IAM\\Bin\\ItIEAddIn.dll\" [\"Bioscrypt Inc.\"]
 
{F156768E-81EF-470C-9057-481BA8380DBA}\\(Default) = (no title provided)
  -> {HKLM...CLSID} = \"FlashGet GetFlash Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\FlashGet\\getflash.dll\" [\"www.flashget.com\"]
 
{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\\(Default) = \"IEPluginBHO\"
  -> {HKLM...CLSID} = \"IEPluginBHO Class\"
                   \\InProcServer32\\(Default) = \"C:\\Users\\marta.CAPTIMAX\\AppData\\Roaming\\Gadu-Gadu 10\\_userdata\\ggbho.2.dll\" [\"GG Network S.A.\"]
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers\\
 
Groove Explorer Icon Overlay 1 (GFS Unread Stub)\\(Default) = \"{99FD978C-D287-4F50-827F-B2C658EDA8E7}\"
  -> {HKLM...CLSID} = \"Groove Explorer Icon Overlay 1 (GFS Unread Stub)\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
Groove Explorer Icon Overlay 2 (GFS Stub)\\(Default) = \"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\"
  -> {HKLM...CLSID} = \"Groove Explorer Icon Overlay 2 (GFS Stub)\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\\(Default) = \"{920E6DB1-9907-4370-B3A0-BAFC03D81399}\"
  -> {HKLM...CLSID} = \"Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
Groove Explorer Icon Overlay 3 (GFS Folder)\\(Default) = \"{16F3DD56-1AF5-4347-846D-7C10C4192619}\"
  -> {HKLM...CLSID} = \"Groove Explorer Icon Overlay 3 (GFS Folder)\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
Groove Explorer Icon Overlay 4 (GFS Unread Mark)\\(Default) = \"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\"
  -> {HKLM...CLSID} = \"Groove Explorer Icon Overlay 4 (GFS Unread Mark)\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\
 
\"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}\" = \"ShellViewRTF\"
  -> {HKLM...CLSID} = \"ShellViewRTF\"
                   \\InProcServer32\\(Default) = \"C:\\Windows\\System32\\ShellvRTF.dll\" [\"XSS\"]
 
\"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}\" = \"iTunes\"
  -> {HKLM...CLSID} = \"iTunes\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\iTunes\\iTunesMiniPlayer.dll\" [\"Apple Inc.\"]
 
\"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\" = \"Groove GFS Browser Helper\"
  -> {HKLM...CLSID} = \"Groove GFS Browser Helper\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
\"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\" = \"Groove GFS Explorer Bar\"
  -> {HKLM...CLSID} = \"Groove Folder Synchronization\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
\"{A449600E-1DC6-4232-B948-9BD794D62056}\" = \"Groove GFS Stub Icon Handler\"
  -> {HKLM...CLSID} = \"Groove GFS Stub Icon Handler\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
\"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\" = \"Groove GFS Stub Execution Hook\"
  -> {HKLM...CLSID} = \"Groove GFS Stub Execution Hook\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
\"{6C467336-8281-4E60-8204-430CED96822D}\" = \"Groove GFS Context Menu Handler\"
  -> {HKLM...CLSID} = \"Groove GFS Context Menu Handler\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
\"{387E725D-DC16-4D76-B310-2C93ED4752A0}\" = \"Groove XML Icon Handler\"
  -> {HKLM...CLSID} = \"Groove XML Icon Handler\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
\"{16F3DD56-1AF5-4347-846D-7C10C4192619}\" = \"Groove Explorer Icon Overlay 3 (GFS Folder)\"
  -> {HKLM...CLSID} = \"Groove Explorer Icon Overlay 3 (GFS Folder)\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
\"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\" = \"Groove Explorer Icon Overlay 2 (GFS Stub)\"
  -> {HKLM...CLSID} = \"Groove Explorer Icon Overlay 2 (GFS Stub)\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
\"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\" = \"Groove Explorer Icon Overlay 4 (GFS Unread Mark)\"
  -> {HKLM...CLSID} = \"Groove Explorer Icon Overlay 4 (GFS Unread Mark)\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
\"{99FD978C-D287-4F50-827F-B2C658EDA8E7}\" = \"Groove Explorer Icon Overlay 1 (GFS Unread Stub)\"
  -> {HKLM...CLSID} = \"Groove Explorer Icon Overlay 1 (GFS Unread Stub)\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
\"{920E6DB1-9907-4370-B3A0-BAFC03D81399}\" = \"Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\"
  -> {HKLM...CLSID} = \"Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
\"{0006F045-0000-0000-C000-000000000046}\" = \"Microsoft Office Outlook Custom Icon Handler\"
  -> {HKLM...CLSID} = \"Outlook File Icon Extension\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~1\\Office12\\OLKFSTUB.DLL\" [MS]
 
\"{00020D75-0000-0000-C000-000000000046}\" = \"Microsoft Office Outlook Desktop Icon Handler\"
  -> {HKLM...CLSID} = \"Microsoft Office Outlook\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~1\\Office12\\MLSHEXT.DLL\" [MS]
 
\"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}\" = \"Microsoft Office OneNote Namespace Extension for Windows Desktop Search\"
  -> {HKLM...CLSID} = \"Microsoft Office OneNote Namespace Extension for Windows Desktop Search\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~1\\Office12\\ONFILTER.DLL\" [MS]
 
\"{42042206-2D85-11D3-8CFF-005004838597}\" = \"Microsoft Office HTML Icon Handler\"
  -> {HKLM...CLSID} = (no title provided)
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\msohevi.dll\" [MS]
 
\"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\" = \"Microsoft Office Metadata Handler\"
  -> {HKLM...CLSID} = \"Microsoft Office Metadata Handler\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12\\msoshext.dll\" [MS]
 
\"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}\" = \"Microsoft Office Thumbnail Handler\"
  -> {HKLM...CLSID} = \"Microsoft Office Thumbnail Handler\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12\\msoshext.dll\" [MS]
 
\"{B41DB860-8EE4-11D2-9906-E49FADC173CA}\" = \"WinRAR shell extension\"
  -> {HKLM...CLSID} = \"WinRAR\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\WinRAR\\rarext.dll\" [\"Alexander Roshal\"]
 
\"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}\" = \"AVG Shell Extension\"
  -> {HKLM...CLSID} = \"AVG Shell Extension Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\AVG\\AVG10\\avgse.dll\" [\"AVG Technologies CZ, s.r.o.\"]
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellExecuteHooks\\
 
<<!>> \"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\" = \"Groove GFS Stub Execution Hook\"
  -> {HKLM...CLSID} = \"Groove GFS Stub Execution Hook\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\
<<!>> \"AppInit_DLLs\" = \"APSHook.dll\" [\"Bioscrypt Inc.\"]
 
HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\
<<!>> \"Notification Packages\" = \"scecli\"|\"ASWLNPkg\"
 
HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\
<<!>> \"BootExecute\" = \"autocheck autochk *\"|\"C:\\PROGRA~1\\AVG\\AVG10\\avgchsvx.exe /sync\" [\"AVG Technologies CZ, s.r.o.\"]|\"C:\\PROGRA~1\\AVG\\AVG10\\avgrsx.exe /sync /restart\" [\"AVG Technologies CZ, s.r.o.\"]
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Authentication\\Credential Provider Filters\\
 
{122E7126-21DB-4F27-8D82-8E44B1C0DC56}\\(Default) = \"Cognizance Filter\"
  -> {HKLM...CLSID} = \"ProviderFilter Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Hewlett-Packard\\IAM\\Bin\\TrayIcon.dll\" [\"Bioscrypt Inc.\"]
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Authentication\\Credential Providers\\
 
{F13E50B9-7749-4416-B7CE-7C5BCBC8C449}\\(Default) = \"Cognizance Provider\"
  -> {HKLM...CLSID} = \"CredProvider Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Hewlett-Packard\\IAM\\Bin\\TrayIcon.dll\" [\"Bioscrypt Inc.\"]
 
{FF7F8C71-EA51-48E6-9038-E0A96BE4AC43}\\(Default) = \"Cognizance Pass-Through Provider\"
  -> {HKLM...CLSID} = \"PswCredProvider Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Hewlett-Packard\\IAM\\Bin\\TrayIcon.dll\" [\"Bioscrypt Inc.\"]
 
HKLM\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\
 
<<!>> text/xml\\CLSID = \"{807563E5-5146-11D5-A672-00B0D022E945}\"
  -> {HKLM...CLSID} = \"Microsoft Office InfoPath XML Mime Filter\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12\\MSOXMLMF.DLL\" [MS]
 
HKLM\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\
 
<<!>> grooveLocalGWS\\CLSID = \"{88FED34C-F0CA-4636-A375-3CB6248B04CD}\"
  -> {HKLM...CLSID} = \"Local Groove Web Services Protocol\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveSystemServices.dll\" [MS]
 
<<!>> linkscanner\\CLSID = \"{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\"
  -> {HKLM...CLSID} = \"XPLPPFilter Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\AVG\\AVG10\\avgpp.dll\" [\"AVG Technologies CZ, s.r.o.\"]
 
<<!>> ms-help\\CLSID = \"{314111c7-a502-11d2-bbca-00c04f8ec294}\"
  -> {HKLM...CLSID} = \"HxProtocol Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll\" [MS]
 
<<!>> myrm\\CLSID = \"{4D034FC3-013F-4b95-B544-44D49ABE3E76}\"
  -> {HKLM...CLSID} = \"MyRmProtocol Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myRmProt4.9.0.387.dll\" [file not found]
 
<<!>> skype4com\\CLSID = \"{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\"
  -> {HKLM...CLSID} = \"IEProtocolHandler Class\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\COMMON~1\\Skype\\SKYPE4~1.DLL\" [\"Skype Technologies\"]
 
HKLM\\SOFTWARE\\Classes\\*\\shellex\\ContextMenuHandlers\\
 
AVG9 Shell Extension\\(Default) = \"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}\"
  -> {HKLM...CLSID} = \"AVG Shell Extension Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\AVG\\AVG10\\avgse.dll\" [\"AVG Technologies CZ, s.r.o.\"]
 
WinRAR\\(Default) = \"{B41DB860-8EE4-11D2-9906-E49FADC173CA}\"
  -> {HKLM...CLSID} = \"WinRAR\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\WinRAR\\rarext.dll\" [\"Alexander Roshal\"]
 
XXX Groove GFS Context Menu Handler XXX\\(Default) = \"{6C467336-8281-4E60-8204-430CED96822D}\"
  -> {HKLM...CLSID} = \"Groove GFS Context Menu Handler\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
HKLM\\SOFTWARE\\Classes\\AllFilesystemObjects\\shellex\\ContextMenuHandlers\\
 
MBAMShlExt\\(Default) = \"{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\"
  -> {HKLM...CLSID} = \"MBAMShlExt Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamext.dll\" [\"Malwarebytes Corporation\"]
 
XXX Groove GFS Context Menu Handler XXX\\(Default) = \"{6C467336-8281-4E60-8204-430CED96822D}\"
  -> {HKLM...CLSID} = \"Groove GFS Context Menu Handler\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
HKLM\\SOFTWARE\\Classes\\Directory\\shellex\\ContextMenuHandlers\\
 
ScanNow\\(Default) = \"{CA1DA95C-2F2D-440C-95AE-AD9EC22F6A63}\"
  -> {HKLM...CLSID} = \"ShellExt Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\McAfee\\Managed VirusScan\\VScan\\mvsshext.dll\" [file not found]
 
SetAsScanDestShellExt\\(Default) = \"{A05984FF-804F-4599-9814-304312F63239}\"
  -> {HKLM...CLSID} = \"Ot4SetAsScanDestShellExt Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Visioneer\\OneTouch 4.0\\Links\\SetAsScanDestShellExt.dll\" [\"Visioneer Inc.\"]
 
WinRAR\\(Default) = \"{B41DB860-8EE4-11D2-9906-E49FADC173CA}\"
  -> {HKLM...CLSID} = \"WinRAR\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\WinRAR\\rarext.dll\" [\"Alexander Roshal\"]
 
XXX Groove GFS Context Menu Handler XXX\\(Default) = \"{6C467336-8281-4E60-8204-430CED96822D}\"
  -> {HKLM...CLSID} = \"Groove GFS Context Menu Handler\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
HKLM\\SOFTWARE\\Classes\\Directory\\shellex\\DragDropHandlers\\
 
WinRAR\\(Default) = \"{B41DB860-8EE4-11D2-9906-E49FADC173CA}\"
  -> {HKLM...CLSID} = \"WinRAR\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\WinRAR\\rarext.dll\" [\"Alexander Roshal\"]
 
HKLM\\SOFTWARE\\Classes\\Directory\\Background\\shellex\\ContextMenuHandlers\\
 
igfxcui\\(Default) = \"{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}\"
  -> {HKLM...CLSID} = \"GraphicsShellExt Class\"
                   \\InProcServer32\\(Default) = \"C:\\Windows\\system32\\igfxpph.dll\" [\"Intel Corporation\"]
 
SimpleBkgndExtension\\(Default) = \"{9E5E1445-6CEA-4761-8E45-AA19F654571E}\"
  -> {HKLM...CLSID} = \"BkgndCtxMenuExt Class\"
                   \\InProcServer32\\(Default) = \"C:\\Windows\\System32\\mpvthook.dll\" [\"Samsung Electronics, Inc.\"]
 
XXX Groove GFS Context Menu Handler XXX\\(Default) = \"{6C467336-8281-4E60-8204-430CED96822D}\"
  -> {HKLM...CLSID} = \"Groove GFS Context Menu Handler\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
HKLM\\SOFTWARE\\Classes\\Folder\\shellex\\ContextMenuHandlers\\
 
AVG9 Shell Extension\\(Default) = \"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}\"
  -> {HKLM...CLSID} = \"AVG Shell Extension Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\AVG\\AVG10\\avgse.dll\" [\"AVG Technologies CZ, s.r.o.\"]
 
MBAMShlExt\\(Default) = \"{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\"
  -> {HKLM...CLSID} = \"MBAMShlExt Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Malwarebytes\' Anti-Malware\\mbamext.dll\" [\"Malwarebytes Corporation\"]
 
WinRAR\\(Default) = \"{B41DB860-8EE4-11D2-9906-E49FADC173CA}\"
  -> {HKLM...CLSID} = \"WinRAR\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\WinRAR\\rarext.dll\" [\"Alexander Roshal\"]
 
XXX Groove GFS Context Menu Handler XXX\\(Default) = \"{6C467336-8281-4E60-8204-430CED96822D}\"
  -> {HKLM...CLSID} = \"Groove GFS Context Menu Handler\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
HKLM\\SOFTWARE\\Classes\\Folder\\shellex\\DragDropHandlers\\
 
WinRAR\\(Default) = \"{B41DB860-8EE4-11D2-9906-E49FADC173CA}\"
  -> {HKLM...CLSID} = \"WinRAR\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\WinRAR\\rarext.dll\" [\"Alexander Roshal\"]
 
 
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
 
Note: detected settings may not have any effect.
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\
 
\"NoWelcomeScreen\" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
 
 
Active Desktop and Wallpaper:
-----------------------------
 
Active Desktop may be disabled at this entry:
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState
 
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\\Software\\Microsoft\\Internet Explorer\\Desktop\\General\\
\"Wallpaper\" = \"C:\\windows\\Web\\Wallpaper\\img24.jpg\"
 
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\\Control Panel\\Desktop\\
\"Wallpaper\" = \"C:\\windows\\Web\\Wallpaper\\img24.jpg\"
 
 
Windows Portable Device AutoPlay Handlers
-----------------------------------------
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoplayHandlers\\Handlers\\
 
iTunesBurnCDOnArrival\\
\"Provider\" = \"iTunes\"
\"InvokeProgID\" = \"iTunes.BurnCD\"
\"InvokeVerb\" = \"burn\"
HKLM\\SOFTWARE\\Classes\\iTunes.BurnCD\\shell\\burn\\command\\(Default) = \"\"C:\\Program Files\\iTunes\\iTunes.exe\" /AutoPlayBurn \"%L\"\" [\"Apple Inc.\"]
 
iTunesImportSongsOnArrival\\
\"Provider\" = \"iTunes\"
\"InvokeProgID\" = \"iTunes.ImportSongsOnCD\"
\"InvokeVerb\" = \"import\"
HKLM\\SOFTWARE\\Classes\\iTunes.ImportSongsOnCD\\shell\\import\\command\\(Default) = \"\"C:\\Program Files\\iTunes\\iTunes.exe\" /AutoPlayImportSongs \"%L\"\" [\"Apple Inc.\"]
 
iTunesPlaySongsOnArrival\\
\"Provider\" = \"iTunes\"
\"InvokeProgID\" = \"iTunes.PlaySongsOnCD\"
\"InvokeVerb\" = \"play\"
HKLM\\SOFTWARE\\Classes\\iTunes.PlaySongsOnCD\\shell\\play\\command\\(Default) = \"\"C:\\Program Files\\iTunes\\iTunes.exe\" /playCD \"%L\"\" [\"Apple Inc.\"]
 
iTunesShowSongsOnArrival\\
\"Provider\" = \"iTunes\"
\"InvokeProgID\" = \"iTunes.ShowSongsOnCD\"
\"InvokeVerb\" = \"showsongs\"
HKLM\\SOFTWARE\\Classes\\iTunes.ShowSongsOnCD\\shell\\showsongs\\command\\(Default) = \"\"C:\\Program Files\\iTunes\\iTunes.exe\" /AutoPlayShowSongs \"%L\"\" [\"Apple Inc.\"]
 
IviDVDEventHandler\\
\"Provider\" = \"InterVideo WinDVD\"
\"InvokeProgID\" = \"Ivi.MediaFile\"
\"InvokeVerb\" = \"play\"
HKLM\\SOFTWARE\\Classes\\Ivi.MediaFile\\shell\\play\\command\\(Default) = \"\"C:\\Program Files\\InterVideo\\WinDVD\\WinDVD.exe\" %1\" [\"InterVideo Inc.\"]
 
IviVideoCDHandler\\
\"Provider\" = \"InterVideo WinDVD\"
\"InvokeProgID\" = \"Ivi.MediaFile\"
\"InvokeVerb\" = \"play\"
HKLM\\SOFTWARE\\Classes\\Ivi.MediaFile\\shell\\play\\command\\(Default) = \"\"C:\\Program Files\\InterVideo\\WinDVD\\WinDVD.exe\" %1\" [\"InterVideo Inc.\"]
 
MPCPlayCDAudioOnArrival\\
\"Provider\" = \"Media Player Classic\"
\"InvokeProgID\" = \"MediaPlayerClassic.Autorun\"
\"InvokeVerb\" = \"PlayCDAudio\"
HKLM\\SOFTWARE\\Classes\\MediaPlayerClassic.Autorun\\shell\\PlayCDAudio\\command\\(Default) = \"\"C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mpc-hc.exe\" %1 /cd\" [\"MPC-HC Team\"]
 
MPCPlayDVDMovieOnArrival\\
\"Provider\" = \"Media Player Classic\"
\"InvokeProgID\" = \"MediaPlayerClassic.Autorun\"
\"InvokeVerb\" = \"PlayDVDMovie\"
HKLM\\SOFTWARE\\Classes\\MediaPlayerClassic.Autorun\\shell\\PlayDVDMovie\\command\\(Default) = \"\"C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mpc-hc.exe\" %1 /dvd\" [\"MPC-HC Team\"]
 
MPCPlayMusicFilesOnArrival\\
\"Provider\" = \"Media Player Classic\"
\"InvokeProgID\" = \"MediaPlayerClassic.Autorun\"
\"InvokeVerb\" = \"PlayMusicFiles\"
HKLM\\SOFTWARE\\Classes\\MediaPlayerClassic.Autorun\\shell\\PlayMusicFiles\\command\\(Default) = \"\"C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mpc-hc.exe\" %1\" [\"MPC-HC Team\"]
 
MPCPlayVideoFilesOnArrival\\
\"Provider\" = \"Media Player Classic\"
\"InvokeProgID\" = \"MediaPlayerClassic.Autorun\"
\"InvokeVerb\" = \"PlayVideoFiles\"
HKLM\\SOFTWARE\\Classes\\MediaPlayerClassic.Autorun\\shell\\PlayVideoFiles\\command\\(Default) = \"\"C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mpc-hc.exe\" %1\" [\"MPC-HC Team\"]
 
 
Startup items in \"Marta\" & \"All Users\" startup folders:
-------------------------------------------------------
 
C:\\Users\\marta.CAPTIMAX\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup
\"OneNote 2007 Screen Clipper and Launcher\" -> shortcut to: \"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTEM.EXE /tsr\" [MS]
 
 
Windows Sidebar Gadgets:
------------------------
 
C:\\Users\\marta.CAPTIMAX\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini
\"C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CCurrency.Gadget\"
 
 
Non-disabled Scheduled Tasks:
-----------------------------
 
C:\\Windows\\System32\\Tasks
\"Go to RoboForm Install page\" ->  launches: \"C:\\windows\\system32\\rundll32.exe url.dll,FileProtocolHandler \"http://www.roboform.com/test-pass.html?aaa=KICMJJNMLJMMLMNMLMLMCNGMMMKMGMCNLMLMIMGMCNHMJMLMMJCNKMJMJMOJKJKJMJOJNJGMHMJJJNJICMJMCNGMCNGMIMFMIMCNPMCNJMPMPMOMFMJMCNPMCNJMPMPMOMCNNMJNPICMLMFMIJKJKIIJLMFMPMJNHICMIJKJKIIJLMJNBJCMCLOJNILIOJJNKJCMJNNICMJNDJCMKJBJ\"\" [MS]
\"Run RoboForm TaskBar Icon\" ->  launches: \"C:\\Program Files\\Siber Systems\\AI RoboForm\\RoboTaskBarIcon.exe\" [\"Siber Systems\"]
\"{249537ED-16A9-4B72-A30B-033D95855E59}\" ->  launches: \"C:\\Program Files\\Skype\\Phone\\Skype.exe\" [\"Skype Technologies S.A.\"]
 
C:\\Windows\\System32\\Tasks\\Apple
\"AppleSoftwareUpdate\" ->  launches: \"C:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe -task\" [\"Apple Inc.\"]
 
C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Active Directory Rights Management Services Client
\"AD RMS Rights Policy Template Management (Manual)\" ->  launches: \"{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}\"
  -> {HKLM...CLSID} = \"AD RMS Rights Policy Template Management (Manual) Task Handler\"
                   \\InProcServer32\\(Default) = \"C:\\windows\\system32\\msdrm.dll\" [MS]
 
C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Bluetooth
\"UninstallDeviceTask\" ->  launches: \"BthUdTask.exe $(Arg0)\" [MS]
 
C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\CertificateServicesClient
\"SystemTask\" ->  launches: \"{58fb76b9-ac85-4e55-ac04-427593b1d060}\"
  -> {HKLM...CLSID} = \"Certificate Services Client Task Handler\"
                   \\InProcServer32\\(Default) = \"C:\\windows\\system32\\dimsjob.dll\" [MS]
\"UserTask\" ->  launches: \"{58fb76b9-ac85-4e55-ac04-427593b1d060}\"
  -> {HKLM...CLSID} = \"Certificate Services Client Task Handler\"
                   \\InProcServer32\\(Default) = \"C:\\windows\\system32\\dimsjob.dll\" [MS]
\"UserTask-Roam\" ->  launches: \"{58fb76b9-ac85-4e55-ac04-427593b1d060}\"
  -> {HKLM...CLSID} = \"Certificate Services Client Task Handler\"
                   \\InProcServer32\\(Default) = \"C:\\windows\\system32\\dimsjob.dll\" [MS]
 
C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Customer Experience Improvement Program
\"Consolidator\" ->  launches: \"%SystemRoot%\\System32\\wsqmcons.exe\" [MS]
\"OptinNotification\" ->  launches: \"%SystemRoot%\\System32\\wsqmcons.exe -n 0x1C577FA2B69CAD0\" [MS]
 
C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Defrag
\"ScheduledDefrag\" ->  launches: \"%windir%\\system32\\defrag.exe -c -i\" [MS]
 
C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MobilePC
\"HotStart\" ->  launches: \"{06DA0625-9701-43da-BFD7-FBEEA2180A1E}\"
  -> {HKLM...CLSID} = \"HotStart User Agent\"
                   \\InProcServer32\\(Default) = \"C:\\windows\\System32\\HotStartUserAgent.dll\" [MS]
\"TMM\" ->  launches: \"{35EF4182-F900-4632-B072-8639E4478A61}\"
  -> {HKLM...CLSID} = \"Transient Multi-Monitor Manager\"
                   \\InProcServer32\\(Default) = \"C:\\windows\\System32\\TMM.dll\" [MS]
 
C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MUI
\"LPRemove\" ->  launches: \"%windir%\\system32\\lpremove.exe\" [MS]
 
C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Multimedia
\"SystemSoundsService\" ->  launches: \"{2DEA658F-54C1-4227-AF9B-260AB5FC3543}\"
  -> {HKLM...CLSID} = \"Microsoft PlaySoundService Class\"
                   \\InProcServer32\\(Default) = \"C:\\windows\\System32\\PlaySndSrv.dll\" [MS]
 
C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\NetworkAccessProtection
\"NAPStatus UI\" ->  launches: \"{f09878a1-4652-4292-aa63-8c7d4fd7648f}\"
  -> {HKLM...CLSID} = \"Nap ITask Handler Implementation\"
                   \\InProcServer32\\(Default) = \"C:\\windows\\System32\\QAgent.dll\" [MS]
 
C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\PLA\\System
\"ConvertLogEntries\" -> (HIDDEN!) launches: \"%windir%\\system32\\rundll32.exe %windir%\\system32\\pla.dll,PlaConvertLogEntries\" [MS]
 
C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\RAC
\"RACAgent\" -> (HIDDEN!) launches: \"%windir%\\system32\\RacAgent.exe\" [MS]
 
C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\RemoteAssistance
\"RemoteAssistanceTask\" -> (HIDDEN!) launches: \"%windir%\\system32\\RAServer.exe /offerraupdate\" [MS]
 
C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Shell
\"CrawlStartPages\" ->  launches: \"{51653423-e62d-4ff7-894a-dabb2b8e21e2}\"
  -> {HKLM...CLSID} = \"CrawlStartPages Task Handler\"
                   \\InProcServer32\\(Default) = \"C:\\windows\\System32\\srchadmin.dll\" [MS]
 
C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow
\"GadgetManager\" ->  launches: \"{FF87090D-4A9A-4f47-879B-29A80C355D61}\"
  -> {HKLM...CLSID} = \"GadgetsManager Class\"
                   \\InProcServer32\\(Default) = \"C:\\windows\\System32\\AuxiliaryDisplayServices.dll\" [MS]
 
C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SystemRestore
\"SR\" ->  launches: \"%windir%\\system32\\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation\" [MS]
 
C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Tcpip
\"IpAddressConflict1\" ->  launches: \"rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem\" [MS]
\"IpAddressConflict2\" ->  launches: \"rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem\" [MS]
 
C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\TextServicesFramework
\"MsCtfMonitor\" -> (HIDDEN!) launches: \"{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}\"
  -> {HKLM...CLSID} = \"MsCtfMonitor task handler\"
                   \\InProcServer32\\(Default) = \"C:\\windows\\system32\\MsCtfMonitor.dll\" [MS]
 
C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\UPnP
\"UPnPHostConfig\" ->  launches: \"sc.exe config upnphost start= auto\" [MS]
 
C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\WDI
\"ResolutionHost\" -> (HIDDEN!) launches: \"{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}\"
  -> {HKLM...CLSID} = \"DiagnosticInfrastructureCustomHandler\"
                   \\InProcServer32\\(Default) = \"C:\\windows\\System32\\wdi.dll\" [MS]
 
C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Windows Error Reporting
\"QueueReporting\" ->  launches: \"%windir%\\system32\\wermgr.exe -queuereporting\" [MS]
 
C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Wired
\"GatherWiredInfo\" ->  launches: \"%windir%\\system32\\gatherWiredInfo.vbs\" [null data]
 
C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Wireless
\"GatherWirelessInfo\" ->  launches: \"%windir%\\system32\\gatherWirelessInfo.vbs\" [null data]
 
 
Winsock2 Service Provider DLLs:
-------------------------------
 
Namespace Service Providers
 
HKLM\\SYSTEM\\CurrentControlSet\\Services\\Winsock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\ {++}
000000000001\\LibraryPath = \"%SystemRoot%\\system32\\NLAapi.dll\" [MS]
000000000002\\LibraryPath = \"%SystemRoot%\\system32\\napinsp.dll\" [MS]
000000000003\\LibraryPath = \"%SystemRoot%\\system32\\pnrpnsp.dll\" [MS]
000000000004\\LibraryPath = \"%SystemRoot%\\system32\\pnrpnsp.dll\" [MS]
000000000005\\LibraryPath = \"%SystemRoot%\\System32\\mswsock.dll\" [MS]
000000000006\\LibraryPath = \"%SystemRoot%\\System32\\winrnr.dll\" [MS]
000000000007\\LibraryPath = \"C:\\Program Files\\Bonjour\\mdnsNSP.dll\" [\"Apple Inc.\"]
 
Transport Service Providers
 
HKLM\\SYSTEM\\CurrentControlSet\\Services\\Winsock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\ {++}
0000000000##\\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\\Program Files\\Common Files\\PC Tools\\Lsp\\PCTLsp.dll [\"PC Tools Research Pty Ltd.\"], 01 - 06, 17
%SystemRoot%\\system32\\mswsock.dll [MS], 07 - 16, 18 - 29
 
 
Toolbars, Explorer Bars, Extensions:
------------------------------------
 
Toolbars
 
HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser\\
 
\"{724D43A0-0D85-11D4-9908-00400523E39A}\"
  -> {HKLM...CLSID} = \"&RoboForm\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Siber Systems\\AI RoboForm\\roboform.dll\" [\"Siber Systems Inc.\"]
 
HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar\\
\"{724D43A0-0D85-11D4-9908-00400523E39A}\" = (no title provided)
  -> {HKLM...CLSID} = \"&RoboForm\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Siber Systems\\AI RoboForm\\roboform.dll\" [\"Siber Systems Inc.\"]
 
\"{472734EA-242A-422B-ADF8-83D1E48CC825}\" = \"PC Tools Browser Guard\"
  -> {HKLM...CLSID} = \"PC Tools Browser Guard\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\PC Tools Security\\BDT\\PCTBrowserDefender.dll\" [\"Threat Expert Ltd.\"]
 
Explorer Bars
 
HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Explorer Bars\\
 
HKLM\\SOFTWARE\\Classes\\CLSID\\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\\(Default) = \"Groove Folder Synchronization\"
Implemented Categories\\{00021493-0000-0000-C000-000000000046}\\ [vertical bar]
InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll\" [MS]
 
HKLM\\SOFTWARE\\Classes\\CLSID\\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\\(Default) = \"&Research\"
Implemented Categories\\{00021493-0000-0000-C000-000000000046}\\ [vertical bar]
InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~1\\Office12\\REFIEBAR.DLL\" [MS]
 
Extensions (Tools menu items, main toolbar menu buttons)
 
HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Extensions\\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\\
\"MenuText\" = \"Sun Java Console\"
\"CLSIDExtension\" = \"{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\"
  -> {HKCU...CLSID} = \"Java Plug-in 1.6.0_07\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\Java\\JRE16~1.0_0\\bin\\ssv.dll\" [\"Sun Microsystems, Inc.\"]
  -> {HKLM...CLSID} = \"Java Plug-in 1.6.0_07\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\npjpi160_07.dll\" [\"Sun Microsystems, Inc.\"]
 
{2670000A-7350-4F3C-8081-5663EE0C6C49}\\
\"ButtonText\" = \"Send to OneNote\"
\"MenuText\" = \"S&end to OneNote\"
\"CLSIDExtension\" = \"{48E73304-E1D6-4330-914C-F5F514E3486C}\"
  -> {HKLM...CLSID} = \"Send to OneNote from Internet Explorer button\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~1\\Office12\\ONBttnIE.dll\" [MS]
 
{320AF880-6646-11D3-ABEE-C5DBF3571F46}\\
\"ButtonText\" = \"Fill Forms\"
\"MenuText\" = \"Fill Forms\"
\"Script\" = \"file://C:\\Program Files\\Siber Systems\\AI RoboForm\\RoboFormComFillForms.html\" [file not found]
 
{320AF880-6646-11D3-ABEE-C5DBF3571F49}\\
\"ButtonText\" = \"Save\"
\"MenuText\" = \"Save Forms\"
\"Script\" = \"file://C:\\Program Files\\Siber Systems\\AI RoboForm\\RoboFormComSavePass.html\" [file not found]
 
{724D43AA-0D85-11D4-9908-00400523E39A}\\
\"ButtonText\" = \"RoboForm\"
\"MenuText\" = \"RoboForm Toolbar\"
\"Script\" = \"file://C:\\Program Files\\Siber Systems\\AI RoboForm\\RoboFormComShowToolbar.html\" [file not found]
 
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\\
\"ButtonText\" = \"Research\"
 
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\\
\"ButtonText\" = \"FlashGet\"
\"MenuText\" = \"FlashGet\"
\"Exec\" = \"C:\\Program Files\\FlashGet\\FlashGet.exe\" [\"FlashGet.com\"]
 
 
Miscellaneous IE Hijack Points
------------------------------
 
HKCU\\Software\\Microsoft\\Internet Explorer\\URLSearchHooks\\
<<H>> \"{472734EA-242A-422b-ADF8-83D1E48CC825}\" = (no title provided)
  -> {HKLM...CLSID} = \"PC Tools Browser Guard\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\PC Tools Security\\BDT\\PCTBrowserDefender.dll\" [\"Threat Expert Ltd.\"]
 
 
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
 
ActivClient Middleware Service, accoca, \"\"C:\\Program Files\\ActivIdentity\\ActivClient\\accoca.exe\"\" [\"ActivIdentity\"]
Andrea ADI Filters Service, AEADIFilters, \"C:\\windows\\system32\\AEADISRV.EXE\" [\"Andrea Electronics Corporation\"]
Apple Mobile Device, Apple Mobile Device, \"\"C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe\"\" [\"Apple Inc.\"]
AVG WatchDog, avgwd, \"\"C:\\Program Files\\AVG\\AVG10\\avgwdsvc.exe\"\" [\"AVG Technologies CZ, s.r.o.\"]
AVGIDSAgent, AVGIDSAgent, \"\"C:\\Program Files\\AVG\\AVG10\\Identity Protection\\Agent\\Bin\\AVGIDSAgent.exe\"\" [\"AVG Technologies CZ, s.r.o.\"]
Bonjour-tjänst, Bonjour Service, \"\"C:\\Program Files\\Bonjour\\mDNSResponder.exe\"\" [\"Apple Inc.\"]
Browser Defender Update Service, Browser Defender Update Service, \"\"C:\\Program Files\\PC Tools Security\\BDT\\BDTUpdateService.exe\"\" [\"Threat Expert Ltd.\"]
Certificate Propagation, CertPropSvc, \"C:\\windows\\system32\\svchost.exe -k netsvcs\" {\"C:\\windows\\System32\\certprop.dll\" [MS]}
Computer Browser, Browser, \"C:\\windows\\System32\\svchost.exe -k netsvcs\" {\"C:\\windows\\System32\\browser.dll\" [MS]}
Drive Encryption Service, HpFkCryptService, \"\"C:\\Program Files\\Hewlett-Packard\\Drive Encryption\\HpFkCrypt.exe\"\" [\"SafeBoot International\"]
HP ProtectTools Service, HP ProtectTools Service, \"\"C:\\Program Files\\Hewlett-Packard\\HP ProtectTools Security Manager\\PTChangeFilterService.exe\"\" [null data]
hpqwmiex, hpqwmiex, \"\"C:\\Program Files\\Hewlett-Packard\\Shared\\hpqwmiex.exe\"\" [\"Hewlett-Packard Development Company, L.P.\"]
Human Interface Device Access, hidserv, \"C:\\windows\\system32\\svchost.exe -k LocalSystemNetworkRestricted\" {\"C:\\windows\\system32\\hidserv.dll\" [MS]}
Intel(R) Active Management Technology Local Management Service, LMS, \"C:\\Program Files\\Intel\\AMT\\LMS.exe\" [\"Intel Corporation\"]
Intel(R) Active Management Technology User Notification Service, UNS, \"C:\\Program Files\\Common Files\\Intel\\Privacy Icon\\UNS\\UNS.exe\" [\"Intel Corporation\"]
iPod Service, iPod Service, \"\"C:\\Program Files\\iPod\\bin\\iPodService.exe\"\" [\"Apple Inc.\"]
IviRegMgr, IviRegMgr, \"C:\\Program Files\\Common Files\\InterVideo\\RegMgr\\iviRegMgr.exe\" [\"InterVideo\"]
Local Communication Channel, ASChannel, \"C:\\windows\\System32\\svchost.exe -k Cognizance\" {\"C:\\Program Files\\Hewlett-Packard\\IAM\\Bin\\AsChnl.dll\" [\"Bioscrypt Inc.\"]}
Logon Session Broker, ASBroker, \"C:\\windows\\System32\\svchost.exe -k Cognizance\" {\"C:\\Program Files\\Hewlett-Packard\\IAM\\Bin\\ASWLNPkg.dll\" [\"Bioscrypt Inc.\"]}
Netlogon, Netlogon, \"C:\\windows\\system32\\lsass.exe\" [MS]
OneTouch 4.0 Monitor, OneTouch 4.0 Monitor, \"\"C:\\Program Files\\Visioneer\\OneTouch 4.0\\OtService.exe\"\" [\"Visioneer Inc.\"]
PDF Document Manager, pdfcDispatcher, \"C:\\Program Files\\PDF Complete\\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService\" [\"PDF Complete Inc\"]
Smart Card, SCardSvr, \"C:\\windows\\system32\\svchost.exe -k LocalService\" {\"C:\\windows\\System32\\SCardSvr.dll\" [MS]}
Terminal Services Configuration, SessionEnv, \"C:\\windows\\System32\\svchost.exe -k netsvcs\" {\"C:\\windows\\system32\\sessenv.dll\" [MS]}
Terminal Services UserMode Port Redirector, UmRdpService, \"C:\\windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted\" {\"C:\\windows\\System32\\umrdp.dll\" [MS]}
TPM Base Services, TBS, \"C:\\windows\\System32\\svchost.exe -k LocalService\" {\"C:\\windows\\System32\\tbssvc.dll\" [MS]}
Windows Driver Foundation - User-mode Driver Framework, wudfsvc, \"C:\\windows\\system32\\svchost.exe -k LocalSystemNetworkRestricted\" {\"C:\\windows\\System32\\WUDFSvc.dll\" [MS]}
Windows Image Acquisition (WIA), stisvc, \"C:\\windows\\system32\\svchost.exe -k imgsvc\" {\"C:\\windows\\System32\\wiaservc.dll\" [MS]}
 
 
Keyboard Driver Filters:
------------------------
 
HKLM\\SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E96B-E325-11CE-BFC1-08002BE10318}\\
<<!>> \"UpperFilters\" = <<!>> \"PCTCore\" [\"PC Tools\"],<<!>> \"kbdclass\" [MS]
 
 
Print Monitors:
---------------
 
HKLM\\SYSTEM\\CurrentControlSet\\Control\\Print\\Monitors\\
Canon BJ Language Monitor iP4500 series\\Driver = \"CNMLM92.DLL\" [\"CANON INC.\"]
PDFC\\Driver = \"pdfc_port.dll\" [\"PDF Complete, Inc.\"]
Send To Microsoft OneNote Monitor\\Driver = \"msonpmon.dll\" [MS]
 
 
---------- (launch time: 2010-11-04 14:52:25)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
 
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer \"No\" at the
  first message box and \"Yes\" at the second message box.
---------- (total run time: 82 seconds, including 18 seconds for message boxes)
 
Wygenerowano w 0.284s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!