wklejto.pl

Dodane przez: ~soq (2009-02-03 10:38) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
288.
289.
290.
291.
292.
293.
294.
295.
296.
297.
298.
299.
300.
301.
302.
303.
304.
305.
306.
307.
308.
309.
310.
311.
312.
313.
314.
315.
316.
317.
318.
319.
320.
321.
322.
323.
324.
325.
326.
327.
328.
329.
330.
331.
332.
333.
334.
335.
336.
337.
338.
339.
340.
341.
342.
343.
344.
345.
346.
347.
348.
349.
350.
351.
352.
353.
354.
355.
356.
357.
358.
\"Silent Runners.vbs\", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by \"{++}\"
 
 
Startup items buried in registry:
---------------------------------
 
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\ {++}
\"ctfmon.exe\" = \"C:\\WINDOWS\\system32\\ctfmon.exe\" [MS]
\"swg\" = \"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\" [\"Google Inc.\"]
\"PC Suite Tray\" = \"\"C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PCSuite.exe\" -onlytray\" [\"Nokia\"]
 
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\ {++}
\"VTTimer\" = \"VTTimer.exe\" [\"S3 Graphics, Inc.\"]
\"VTTrayp\" = \"VTtrayp.exe\" [\"S3 Graphics Co., Ltd.\"]
\"avast!\" = \"C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe\" [\"ALWIL Software\"]
\"UserFaultCheck\" = \"C:\\WINDOWS\\system32\\dumprep 0 -u\"
 
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\\(Default) = (no title provided)
  -> {HKLM...CLSID} = \"AcroIEHlprObj Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Adobe\\Acrobat 7.0\\ActiveX\\AcroIEHelper.dll\" [\"Adobe Systems Incorporated\"]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\\(Default) = (no title provided)
  -> {HKLM...CLSID} = \"IeCatch5 Class\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\FlashGet\\jccatch.dll\" [\"FlashGet\"]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\\(Default) = (no title provided)
  -> {HKLM...CLSID} = \"Groove GFS Browser Helper\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\GRA8E1~1.DLL\" [MS]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\\(Default) = (no title provided)
  -> {HKLM...CLSID} = \"SSVHelper Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\ssv.dll\" [\"Sun Microsystems, Inc.\"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\\(Default) = (no title provided)
  -> {HKLM...CLSID} = \"Google Toolbar Helper\"
                   \\InProcServer32\\(Default) = \"c:\\program files\\google\\googletoolbar2.dll\" [\"Google Inc.\"]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\\(Default) = (no title provided)
  -> {HKLM...CLSID} = \"Google Toolbar Notifier BHO\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Google\\GoogleToolbarNotifier\\3.1.807.1746\\swg.dll\" [\"Google Inc.\"]
 
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\
\"{42071714-76d4-11d1-8b24-00a0c9068ff3}\" = \"Rozszerzenie CPL kadrowania wyświetlania\"
  -> {HKLM...CLSID} = \"Rozszerzenie CPL kadrowania wyświetlania\"
                   \\InProcServer32\\(Default) = \"deskpan.dll\" [file not found]
\"{88895560-9AA2-1069-930E-00AA0030EBC8}\" = \"Rozszerzenie ikony HyperTerminalu\"
  -> {HKLM...CLSID} = \"HyperTerminal Icon Ext\"
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\hticons.dll\" [\"Hilgraeve, Inc.\"]
\"{B41DB860-8EE4-11D2-9906-E49FADC173CA}\" = \"WinRAR shell extension\"
  -> {HKLM...CLSID} = \"WinRAR\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\WinRAR\\rarext.dll\" [null data]
\"{472083B0-C522-11CF-8763-00608CC02F24}\" = \"avast\"
  -> {HKLM...CLSID} = \"avast\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Alwil Software\\Avast4\\ashShell.dll\" [\"ALWIL Software\"]
\"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\" = \"Groove GFS Browser Helper\"
  -> {HKLM...CLSID} = \"Groove GFS Browser Helper\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\GRA8E1~1.DLL\" [MS]
\"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\" = \"Groove GFS Explorer Bar\"
  -> {HKLM...CLSID} = \"Groove Folder Synchronization\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\GRA8E1~1.DLL\" [MS]
\"{A449600E-1DC6-4232-B948-9BD794D62056}\" = \"Groove GFS Stub Icon Handler\"
  -> {HKLM...CLSID} = \"Groove GFS Stub Icon Handler\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\GRA8E1~1.DLL\" [MS]
\"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\" = \"Groove GFS Stub Execution Hook\"
  -> {HKLM...CLSID} = \"Groove GFS Stub Execution Hook\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\GRA8E1~1.DLL\" [MS]
\"{6C467336-8281-4E60-8204-430CED96822D}\" = \"Groove GFS Context Menu Handler\"
  -> {HKLM...CLSID} = \"Groove GFS Context Menu Handler\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\GRA8E1~1.DLL\" [MS]
\"{387E725D-DC16-4D76-B310-2C93ED4752A0}\" = \"Groove XML Icon Handler\"
  -> {HKLM...CLSID} = \"Groove XML Icon Handler\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\GRA8E1~1.DLL\" [MS]
\"{16F3DD56-1AF5-4347-846D-7C10C4192619}\" = \"Groove Explorer Icon Overlay 3 (GFS Folder)\"
  -> {HKLM...CLSID} = \"Groove Explorer Icon Overlay 3 (GFS Folder)\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\GRA8E1~1.DLL\" [MS]
\"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}\" = \"Groove Explorer Icon Overlay 2 (GFS Stub)\"
  -> {HKLM...CLSID} = \"Groove Explorer Icon Overlay 2 (GFS Stub)\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\GRA8E1~1.DLL\" [MS]
\"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}\" = \"Groove Explorer Icon Overlay 4 (GFS Unread Mark)\"
  -> {HKLM...CLSID} = \"Groove Explorer Icon Overlay 4 (GFS Unread Mark)\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\GRA8E1~1.DLL\" [MS]
\"{99FD978C-D287-4F50-827F-B2C658EDA8E7}\" = \"Groove Explorer Icon Overlay 1 (GFS Unread Stub)\"
  -> {HKLM...CLSID} = \"Groove Explorer Icon Overlay 1 (GFS Unread Stub)\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\GRA8E1~1.DLL\" [MS]
\"{920E6DB1-9907-4370-B3A0-BAFC03D81399}\" = \"Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\"
  -> {HKLM...CLSID} = \"Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\GRA8E1~1.DLL\" [MS]
\"{0006F045-0000-0000-C000-000000000046}\" = \"Microsoft Office Outlook Custom Icon Handler\"
  -> {HKLM...CLSID} = \"Outlook File Icon Extension\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\OLKFSTUB.DLL\" [MS]
\"{00020D75-0000-0000-C000-000000000046}\" = \"Microsoft Office Outlook Desktop Icon Handler\"
  -> {HKLM...CLSID} = \"Microsoft Office Outlook\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\MLSHEXT.DLL\" [MS]
\"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}\" = \"Microsoft Office OneNote Namespace Extension for Windows Desktop Search\"
  -> {HKLM...CLSID} = \"Microsoft Office OneNote Namespace Extension for Windows Desktop Search\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\ONFILTER.DLL\" [MS]
\"{42042206-2D85-11D3-8CFF-005004838597}\" = \"Microsoft Office HTML Icon Handler\"
  -> {HKLM...CLSID} = (no title provided)
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\msohevi.dll\" [MS]
\"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\" = \"Microsoft Office Metadata Handler\"
  -> {HKLM...CLSID} = \"Microsoft Office Metadata Handler\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12\\msoshext.dll\" [MS]
\"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}\" = \"Microsoft Office Thumbnail Handler\"
  -> {HKLM...CLSID} = \"Microsoft Office Thumbnail Handler\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12\\msoshext.dll\" [MS]
\"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\" = \"PowerISO\"
  -> {HKLM...CLSID} = \"PowerISO\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\PowerISO\\PWRISOSH.DLL\" [\"PowerISO Computing, Inc.\"]
\"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}\" = \"Nokia Phone Browser\"
  -> {HKLM...CLSID} = \"Nokia Phone Browser\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Nokia\\Nokia PC Suite 6\\phonebrowser.dll\" [\"Nokia\"]
 
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellExecuteHooks\\
<<!>> \"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\" = \"Groove GFS Stub Execution Hook\"
  -> {HKLM...CLSID} = \"Groove GFS Stub Execution Hook\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\GRA8E1~1.DLL\" [MS]
 
HKLM\\System\\CurrentControlSet\\Control\\Session Manager\\
<<!>> \"BootExecute\" = \"autocheck autochk *\"|\"lsdelete\" [null data]
 
HKLM\\Software\\Classes\\PROTOCOLS\\Filter\\
<<!>> text/xml\\CLSID = \"{807563E5-5146-11D5-A672-00B0D022E945}\"
  -> {HKLM...CLSID} = \"Microsoft Office InfoPath XML Mime Filter\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12\\MSOXMLMF.DLL\" [MS]
 
HKLM\\Software\\Classes\\Folder\\shellex\\ColumnHandlers\\
{F9DB5320-233E-11D1-9F84-707F02C10627}\\(Default) = \"PDF Column Info\"
  -> {HKLM...CLSID} = \"PDF Shell Extension\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Adobe\\Acrobat 7.0\\ActiveX\\PDFShell.dll\" [\"Adobe Systems, Inc.\"]
 
HKLM\\Software\\Classes\\*\\shellex\\ContextMenuHandlers\\
avast\\(Default) = \"{472083B0-C522-11CF-8763-00608CC02F24}\"
  -> {HKLM...CLSID} = \"avast\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Alwil Software\\Avast4\\ashShell.dll\" [\"ALWIL Software\"]
LavasoftShellExt\\(Default) = \"{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}\"
  -> {HKLM...CLSID} = \"Lavasoft Shell Extension\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Lavasoft\\Ad-Aware\\ShellExt.dll\" [null data]
PowerISO\\(Default) = \"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\"
  -> {HKLM...CLSID} = \"PowerISO\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\PowerISO\\PWRISOSH.DLL\" [\"PowerISO Computing, Inc.\"]
WinRAR\\(Default) = \"{B41DB860-8EE4-11D2-9906-E49FADC173CA}\"
  -> {HKLM...CLSID} = \"WinRAR\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\WinRAR\\rarext.dll\" [null data]
XXX Groove GFS Context Menu Handler XXX\\(Default) = \"{6C467336-8281-4E60-8204-430CED96822D}\"
  -> {HKLM...CLSID} = \"Groove GFS Context Menu Handler\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\GRA8E1~1.DLL\" [MS]
 
HKLM\\Software\\Classes\\Directory\\shellex\\ContextMenuHandlers\\
PowerISO\\(Default) = \"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\"
  -> {HKLM...CLSID} = \"PowerISO\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\PowerISO\\PWRISOSH.DLL\" [\"PowerISO Computing, Inc.\"]
WinRAR\\(Default) = \"{B41DB860-8EE4-11D2-9906-E49FADC173CA}\"
  -> {HKLM...CLSID} = \"WinRAR\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\WinRAR\\rarext.dll\" [null data]
XXX Groove GFS Context Menu Handler XXX\\(Default) = \"{6C467336-8281-4E60-8204-430CED96822D}\"
  -> {HKLM...CLSID} = \"Groove GFS Context Menu Handler\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\GRA8E1~1.DLL\" [MS]
 
HKLM\\Software\\Classes\\Folder\\shellex\\ContextMenuHandlers\\
avast\\(Default) = \"{472083B0-C522-11CF-8763-00608CC02F24}\"
  -> {HKLM...CLSID} = \"avast\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Alwil Software\\Avast4\\ashShell.dll\" [\"ALWIL Software\"]
LavasoftShellExt\\(Default) = \"{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}\"
  -> {HKLM...CLSID} = \"Lavasoft Shell Extension\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Lavasoft\\Ad-Aware\\ShellExt.dll\" [null data]
PowerISO\\(Default) = \"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}\"
  -> {HKLM...CLSID} = \"PowerISO\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\PowerISO\\PWRISOSH.DLL\" [\"PowerISO Computing, Inc.\"]
WinRAR\\(Default) = \"{B41DB860-8EE4-11D2-9906-E49FADC173CA}\"
  -> {HKLM...CLSID} = \"WinRAR\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\WinRAR\\rarext.dll\" [null data]
XXX Groove GFS Context Menu Handler XXX\\(Default) = \"{6C467336-8281-4E60-8204-430CED96822D}\"
  -> {HKLM...CLSID} = \"Groove GFS Context Menu Handler\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\GRA8E1~1.DLL\" [MS]
 
HKLM\\Software\\Classes\\AllFilesystemObjects\\shellex\\ContextMenuHandlers\\
XXX Groove GFS Context Menu Handler XXX\\(Default) = \"{6C467336-8281-4E60-8204-430CED96822D}\"
  -> {HKLM...CLSID} = \"Groove GFS Context Menu Handler\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\GRA8E1~1.DLL\" [MS]
 
 
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
 
Note: detected settings may not have any effect.
 
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\
 
\"disableregistrytools\" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
 
HKCU\\Software\\Policies\\Microsoft\\Windows\\System\\
 
\"DisableCMD\" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Disable the command prompt}
 
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\
 
\"shutdownwithoutlogon\" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
 
\"undockwithoutlogon\" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
 
\"DisableRegistryTools\" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
 
 
Active Desktop and Wallpaper:
-----------------------------
 
Active Desktop may be disabled at this entry:
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState
 
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\\Software\\Microsoft\\Internet Explorer\\Desktop\\General\\
\"Wallpaper\" = \"C:\\WINDOWS\\system32\\config\\systemprofile\\Ustawienia lokalne\\Dane aplikacji\\Microsoft\\Wallpaper1.bmp\"
 
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\\Control Panel\\Desktop\\
\"Wallpaper\" = \"C:\\Documents and Settings\\soq\\Ustawienia lokalne\\Dane aplikacji\\Microsoft\\Wallpaper1.bmp\"
 
 
Enabled Scheduled Tasks:
------------------------
 
\"1-Click Maintenance\" -> launches: \"C:\\Program Files\\TuneUp Utilities 2006\\SystemOptimizer.exe /schedulestart\" [file not found]
\"Ad-Aware Update (Weekly)\" -> launches: \"C:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-AwareAdmin.exe update all silent\" [\"Lavasoft\"]
 
 
Winsock2 Service Provider DLLs:
-------------------------------
 
Namespace Service Providers
 
HKLM\\System\\CurrentControlSet\\Services\\Winsock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\ {++}
000000000001\\LibraryPath = \"%SystemRoot%\\System32\\mswsock.dll\" [MS]
000000000002\\LibraryPath = \"%SystemRoot%\\System32\\winrnr.dll\" [MS]
000000000003\\LibraryPath = \"%SystemRoot%\\System32\\mswsock.dll\" [MS]
 
Transport Service Providers
 
HKLM\\System\\CurrentControlSet\\Services\\Winsock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\ {++}
0000000000##\\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\\system32\\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\\system32\\rsvpsp.dll [MS], 04 - 05
 
 
Toolbars, Explorer Bars, Extensions:
------------------------------------
 
Toolbars
 
HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser\\
\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}\"
  -> {HKLM...CLSID} = \"&Google\"
                   \\InProcServer32\\(Default) = \"c:\\program files\\google\\googletoolbar2.dll\" [\"Google Inc.\"]
 
HKLM\\Software\\Microsoft\\Internet Explorer\\Toolbar\\
\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}\" = (no title provided)
  -> {HKLM...CLSID} = \"&Google\"
                   \\InProcServer32\\(Default) = \"c:\\program files\\google\\googletoolbar2.dll\" [\"Google Inc.\"]
 
Explorer Bars
 
HKLM\\Software\\Microsoft\\Internet Explorer\\Explorer Bars\\
 
HKLM\\Software\\Classes\\CLSID\\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\\(Default) = \"Groove Folder Synchronization\"
Implemented Categories\\{00021493-0000-0000-C000-000000000046}\\ [vertical bar]
InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\GRA8E1~1.DLL\" [MS]
 
HKLM\\Software\\Classes\\CLSID\\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\\(Default) = \"&Poszukaj\"
Implemented Categories\\{00021493-0000-0000-C000-000000000046}\\ [vertical bar]
InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\REFIEBAR.DLL\" [MS]
 
Extensions (Tools menu items, main toolbar menu buttons)
 
HKLM\\Software\\Microsoft\\Internet Explorer\\Extensions\\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\\
\"MenuText\" = \"Sun Java Console\"
\"CLSIDExtension\" = \"{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\"
  -> {HKCU...CLSID} = \"Java Plug-in 1.6.0_07\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\ssv.dll\" [\"Sun Microsystems, Inc.\"]
  -> {HKLM...CLSID} = \"Java Plug-in 1.6.0_07\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\npjpi160_07.dll\" [\"Sun Microsystems, Inc.\"]
 
{2670000A-7350-4F3C-8081-5663EE0C6C49}\\
\"ButtonText\" = \"Wyślij do programu OneNote\"
\"MenuText\" = \"Wyślij &do programu OneNote\"
\"CLSIDExtension\" = \"{48E73304-E1D6-4330-914C-F5F514E3486C}\"
  -> {HKLM...CLSID} = \"Send to OneNote from Internet Explorer button\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll\" [MS]
 
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\\
\"ButtonText\" = \"Research\"
 
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\\
\"ButtonText\" = \"FlashGet\"
\"MenuText\" = \"&FlashGet\"
\"Exec\" = \"C:\\PROGRA~1\\FlashGet\\flashget.exe\" [\"FlashGet.com\"]
 
{FB5F1910-F110-11D2-BB9E-00C04F795683}\\
\"ButtonText\" = \"Messenger\"
\"MenuText\" = \"Windows Messenger\"
\"Exec\" = \"C:\\Program Files\\Messenger\\msmsgs.exe\" [MS]
 
 
Miscellaneous IE Hijack Points
------------------------------
 
C:\\WINDOWS\\INF\\IERESET.INF (used to \"Reset Web Settings\")
 
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.google.pl
 
Missing lines (compared with English-language version):
[Strings]: 1 line
 
HKLM\\Software\\Microsoft\\Internet Explorer\\AboutURLs\\
<<H>> \"TuneUp\" = \"file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css\" [file not found]
 
 
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
 
avast! Antivirus, avast! Antivirus, \"\"C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe\"\" [\"ALWIL Software\"]
avast! iAVS4 Control Service, aswUpdSv, \"\"C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe\"\" [\"ALWIL Software\"]
avast! Mail Scanner, avast! Mail Scanner, \"\"C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe\" /service\" [\"ALWIL Software\"]
avast! Web Scanner, avast! Web Scanner, \"\"C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe\" /service\" [\"ALWIL Software\"]
Lavasoft Ad-Aware Service, Lavasoft Ad-Aware Service, \"\"C:\\Program Files\\Lavasoft\\Ad-Aware\\AAWService.exe\"\" [\"Lavasoft\"]
LightScribeService Direct Disc Labeling Service, LightScribeService, \"\"C:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe\"\" [\"Hewlett-Packard Company\"]
SecuROM User Access Service (V7), UserAccess7, \"C:\\WINDOWS\\system32\\UAService7.exe\" [null data]
ServiceLayer, ServiceLayer, \"\"C:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe\"\" [\"Nokia.\"]
Sygate Personal Firewall, SmcService, \"C:\\Program Files\\Sygate\\SPF\\smc.exe\" [\"Sygate Technologies, Inc.\"]
 
 
Print Monitors:
---------------
 
HKLM\\System\\CurrentControlSet\\Control\\Print\\Monitors\\
Monitor języka PJL\\Driver = \"PJLMON.DLL\" [MS]
Send To Microsoft OneNote Monitor\\Driver = \"msonpmon.dll\" [MS]
 
 
----------
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
 
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer \"No\" at the
  first message box and \"Yes\" at the second message box.
---------- (total run time: 111 seconds, including 13 seconds for message boxes)
 
Wygenerowano w 0.137s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!