Startup Programs (TOMEK-PC) 2009-03-10 00.08.35.txt

nie jestem pewien czy usunąłem Trojan.Brisv.A!

to jest log z silent runners


" Silent Runners.vbs " , revision 59, http://www.silentrunners.org/
Operating System: Windows Vista
Output limited to non-default values, except where indicated by " {++} "


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
" Sidebar " = " C:\Program Files\Windows Sidebar\sidebar.exe /autoRun " [MS]
" msnmsgr " = " " C:\Program Files\Windows Live\Messenger\msnmsgr.exe " /background " [MS]
" ares " = " " C:\Program Files\Ares\Ares.exe " -h " [file not found]
" BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} " = " " C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe " " [ " Nero AG " ]
" WMPNSCFG " = " C:\Program Files\Windows Media Player\WMPNSCFG.exe " [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
" Windows Defender " = " C:\Program Files\Windows Defender\MSASCui.exe -hide "
" NvCplDaemon " = " RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup " [MS]
" NvMediaCenter " = " RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit " [MS]
" RtHDVCpl " = " RtHDVCpl.exe " [ " Realtek Semiconductor " ]
" ccApp " = " " C:\Program Files\Common Files\Symantec Shared\ccApp.exe " " [ " Symantec Corporation " ]
" osCheck " = " " C:\Program Files\Norton Internet Security\osCheck.exe " " [ " Symantec Corporation " ]
" NeroFilterCheck " = " C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe " [ " Nero AG " ]
" Symantec PIF AlertEng " = " " C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe " /a /m " C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll " " [ " Symantec Corporation " ]
" SunJavaUpdateSched " = " " C:\Program Files\Java\jre6\bin\jusched.exe " " [ " Sun Microsystems, Inc. " ]
" Adobe Reader Speed Launcher " = " " C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe " " [ " Adobe Systems Incorporated " ]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
- & gt; {HKLM...CLSID} = " Adobe PDF Reader Link Helper "
\InProcServer32\(Default) = " C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll " [ " Adobe Systems Incorporated " ]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\(Default) = (no title provided)
- & gt; {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = " C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll " [ " Symantec Corporation " ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
- & gt; {HKLM...CLSID} = " Java(tm) Plug-In SSV Helper "
\InProcServer32\(Default) = " C:\Program Files\Java\jre6\bin\ssv.dll " [ " Sun Microsystems, Inc. " ]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
- & gt; {HKLM...CLSID} = " Pomocnik rejestracji us?ugi Windows Live "
\InProcServer32\(Default) = " C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll " [MS]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)
- & gt; {HKLM...CLSID} = " Windows Live Toolbar Helper "
\InProcServer32\(Default) = " C:\Program Files\Windows Live Toolbar\msntb.dll " [MS]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
- & gt; {HKLM...CLSID} = " Java(tm) Plug-In 2 SSV Helper "
\InProcServer32\(Default) = " C:\Program Files\Java\jre6\bin\jp2ssv.dll " [ " Sun Microsystems, Inc. " ]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
" {00020d75-0000-0000-c000-000000000046} " = " Microsoft Office Outlook Desktop Icon Handler "
- & gt; {HKLM...CLSID} = " Microsoft Office Outlook "
\InProcServer32\(Default) = " C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL " [MS]
" {A70C977A-BF00-412C-90B7-034C51DA2439} " = " NvCpl DesktopContext Class "
- & gt; {HKLM...CLSID} = " DesktopContext Class "
\InProcServer32\(Default) = " C:\Windows\system32\nvcpl.dll " [ " NVIDIA Corporation " ]
" {FFB699E0-306A-11d3-8BD1-00104B6F7516} " = " Play on my TV helper "
- & gt; {HKLM...CLSID} = " NVIDIA CPL Extension "
\InProcServer32\(Default) = " C:\Windows\system32\nvcpl.dll " [ " NVIDIA Corporation " ]
" {0006F045-0000-0000-C000-000000000046} " = " Microsoft Office Outlook Custom Icon Handler "
- & gt; {HKLM...CLSID} = " Outlook File Icon Extension "
\InProcServer32\(Default) = " C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL " [MS]
" {42042206-2D85-11D3-8CFF-005004838597} " = " Microsoft Office HTML Icon Handler "
- & gt; {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = " C:\Program Files\Microsoft Office\Office12\msohevi.dll " [MS]
" {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} " = " Microsoft Office Metadata Handler "
- & gt; {HKLM...CLSID} = " Microsoft Office Metadata Handler "
\InProcServer32\(Default) = " C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll " [MS]
" {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} " = " Microsoft Office Thumbnail Handler "
- & gt; {HKLM...CLSID} = " Microsoft Office Thumbnail Handler "
\InProcServer32\(Default) = " C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll " [MS]
" {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} " = " Messenger Sharing Folders "
- & gt; {HKLM...CLSID} = " Moje foldery udost?pniania "
\InProcServer32\(Default) = " C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll " [MS]
" {0563DB41-F538-4B37-A92D-4659049B7766} " = " WLMD Message Handler "
- & gt; {HKLM...CLSID} = " CLSID_WLMCMimeFilter "
\InProcServer32\(Default) = " C:\Program Files\Windows Live\Mail\mailcomm.dll " [MS]
" {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} " = " NeroCoverEd Live Icons "
- & gt; {HKLM...CLSID} = " NeroCoverEdLiveIcons Class "
\InProcServer32\(Default) = " C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll " [ " Nero AG " ]
" {00F33137-EE26-412F-8D71-F84E4C2C6625} " = (no title provided)
- & gt; {HKLM...CLSID} = " Windows Live Photo Gallery Import Autoplay Shim "
\InProcServer32\(Default) = " C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll " [MS]
" {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} " = " Windows Live Photo Gallery Viewer Drop Target Shim "
- & gt; {HKLM...CLSID} = " Windows Live Photo Gallery Viewer Shim "
\InProcServer32\(Default) = " C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll " [MS]
" {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} " = " Windows Live Photo Gallery Editor Drop Target Shim "
- & gt; {HKLM...CLSID} = " Windows Live Photo Gallery Editor Shim "
\InProcServer32\(Default) = " C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll " [MS]
" {00F30F90-3E96-453B-AFCD-D71989ECC2C7} " = " Windows Live Photo Gallery Autoplay Drop Target Shim "
- & gt; {HKLM...CLSID} = " Windows Live Photo Gallery Viewer Autoplay Shim "
\InProcServer32\(Default) = " C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll " [MS]
" {B41DB860-8EE4-11D2-9906-E49FADC173CA} " = " WinRAR shell extension "
- & gt; {HKLM...CLSID} = " WinRAR "
\InProcServer32\(Default) = " C:\Program Files\WinRAR\rarext.dll " [ " Alexander Roshal " ]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
& lt; & lt; ! & gt; & gt; text/xml\CLSID = " {807563E5-5146-11D5-A672-00B0D022E945} "
- & gt; {HKLM...CLSID} = " Microsoft Office InfoPath XML Mime Filter "
\InProcServer32\(Default) = " C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL " [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = " PDF Column Info "
- & gt; {HKLM...CLSID} = " PDF Shell Extension "
\InProcServer32\(Default) = " C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll " [ " Adobe Systems, Inc. " ]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Cover Designer\(Default) = " {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} "
- & gt; {HKLM...CLSID} = " NeroCoverEdContextMenu Class "
\InProcServer32\(Default) = " C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll " [ " Nero AG " ]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = " {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} "
- & gt; {HKLM...CLSID} = " IEContextMenu Class "
\InProcServer32\(Default) = " C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll " [ " Symantec Corporation " ]
WinRAR\(Default) = " {B41DB860-8EE4-11D2-9906-E49FADC173CA} "
- & gt; {HKLM...CLSID} = " WinRAR "
\InProcServer32\(Default) = " C:\Program Files\WinRAR\rarext.dll " [ " Alexander Roshal " ]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = " {B41DB860-8EE4-11D2-9906-E49FADC173CA} "
- & gt; {HKLM...CLSID} = " WinRAR "
\InProcServer32\(Default) = " C:\Program Files\WinRAR\rarext.dll " [ " Alexander Roshal " ]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = " {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} "
- & gt; {HKLM...CLSID} = " IEContextMenu Class "
\InProcServer32\(Default) = " C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll " [ " Symantec Corporation " ]
WinRAR\(Default) = " {B41DB860-8EE4-11D2-9906-E49FADC173CA} "
- & gt; {HKLM...CLSID} = " WinRAR "
\InProcServer32\(Default) = " C:\Program Files\WinRAR\rarext.dll " [ " Alexander Roshal " ]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

" ConsentPromptBehaviorAdmin " = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

" ConsentPromptBehaviorUser " = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}

" EnableInstallerDetection " = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}

" EnableLUA " = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

" EnableSecureUIAPaths " = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}

" EnableVirtualization " = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}

" PromptOnSecureDesktop " = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}

" shutdownwithoutlogon " = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

" undockwithoutlogon " = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

" FilterAdministratorToken " = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}

" EnableUIADesktopToggle " = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
" Wallpaper " = " C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp "

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
" Wallpaper " = " C:\Users\Tomek\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp "


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
" SCRNSAVE.EXE " = " C:\Windows\system32\logon.scr " [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

MSLivePhotoAcqHWEventHandler\
" Provider " = " @C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10;en-us.1329.0201 "
" ProgID " = " Microsoft.LivePhotoAcqHWEventHandler "
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = " {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F} "
- & gt; {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = " C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe " [MS]

MSLivePhotoAcquireDropHandler\
" Provider " = " @C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10;en-us.1329.0201 "
" InvokeProgID " = " Microsoft.LivePhotoAcqDTShim.1 "
" InvokeVerb " = " open "
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = " {00F33137-EE26-412F-8D71-F84E4C2C6625} "
- & gt; {HKLM...CLSID} = " Windows Live Photo Gallery Import Autoplay Shim "
\InProcServer32\(Default) = " C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll " [MS]

MSLiveShowPicturesOnArrival\
" Provider " = " @C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10;en-us.1329.0201 "
" InvokeProgID " = " Microsoft.Photos.LiveAutoplayShim.1 "
" InvokeVerb " = " open "
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = " {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "
- & gt; {HKLM...CLSID} = " Windows Live Photo Gallery Viewer Autoplay Shim "
\InProcServer32\(Default) = " C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll " [MS]

MSLiveVideoCameraArrivalCaptureWizard\
" Provider " = " @C:\Program Files\Windows Live\Photo Gallery\regres.dll,-10;en-us.1329.0201 "
" ProgID " = " WLXAutoPlayMgr.WLXHWEventHandler "
" InitCmdLine " = " WLXVideoAcquireWizard "
HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = " {9B5C97F6-B3A5-4A6D-8B03-993EC7291A22} "
- & gt; {HKLM...CLSID} = " WLXWEventHandler Class "
\LocalServer32\(Default) = " " C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe " " [MS]

NeroAutoPlay7AudioToNeroDigital\
" Provider " = " Nero Burning ROM "
" InvokeProgID " = " Nero.AutoPlay7 "
" InvokeVerb " = " AudioToNeroDigital_PlayCDAudioOnArrival "
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = " C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L " [ " Nero AG " ]

NeroAutoPlay7CDAudio\
" Provider " = " Nero Express "
" InvokeProgID " = " Nero.AutoPlay7 "
" InvokeVerb " = " CDAudio_HandleCDBurningOnArrival "
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = " C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD " [ " Nero AG " ]

NeroAutoPlay7CopyCD\
" Provider " = " Nero Burning ROM "
" InvokeProgID " = " Nero.AutoPlay7 "
" InvokeVerb " = " CopyCD_PlayMusicFilesOnArrival "
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = " C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L " [ " Nero AG " ]

NeroAutoPlay7DataDisc\
" Provider " = " Nero Express "
" InvokeProgID " = " Nero.AutoPlay7 "
" InvokeVerb " = " DataDisc_HandleCDBurningOnArrival "
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = " C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc " [ " Nero AG " ]

NeroAutoPlay7LaunchNeroStartSmart\
" Provider " = " Nero StartSmart "
" InvokeProgID " = " Nero.AutoPlay7 "
" InvokeVerb " = " LaunchNeroStartSmart_HandleCDBurningOnArrival "
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = " C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay " [ " Nero AG " ]

NeroAutoPlay7RipCD\
" Provider " = " Nero Burning ROM "
" InvokeProgID " = " Nero.AutoPlay7 "
" InvokeVerb " = " RipCD_PlayCDAudioOnArrival "
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = " C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L " [ " Nero AG " ]

NeroAutoPlay7TranscodeVideo\
" Provider " = " Nero Recode "
" InvokeProgID " = " Nero.AutoPlay7 "
" InvokeVerb " = " TranscodeVideo_PlayDVDMovieOnArrival "
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = " C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo " [ " Nero AG " ]

WIA_{BA26D6F7-711D-4B3E-A186-8CEFB0C75A75}\
" Provider " = " MP Navigator Ver3.1 "
" CLSID " = " {A55803CC-4D53-404c-8557-FD63DBA95D24} "
" InitCmdLine " = " /WiaCmd;C:\Program Files\Canon\MP Navigator 3.1\mpn31.exe /StiDevice:%1 /StiEvent:%2; "
- & gt; {HKLM...CLSID} = " WPDShextAutoplay "
\LocalServer32\(Default) = " C:\Windows\system32\WPDShextAutoplay.exe " [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = " %SystemRoot%\system32\NLAapi.dll " [MS]
000000000002\LibraryPath = " %SystemRoot%\system32\napinsp.dll " [MS]
000000000003\LibraryPath = " %SystemRoot%\system32\pnrpnsp.dll " [MS]
000000000004\LibraryPath = " %SystemRoot%\system32\pnrpnsp.dll " [MS]
000000000005\LibraryPath = " %SystemRoot%\System32\mswsock.dll " [MS]
000000000006\LibraryPath = " %SystemRoot%\System32\winrnr.dll " [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 18


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
" {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} "
- & gt; {HKLM...CLSID} = " Windows Live Toolbar "
\InProcServer32\(Default) = " C:\Program Files\Windows Live Toolbar\msntb.dll " [MS]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
" {90222687-F593-4738-B738-FBEE9C7B26DF} " = " NCO Toolbar "
- & gt; {HKLM...CLSID} = " Show Norton Toolbar "
\InProcServer32\(Default) = " C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll " [ " Symantec Corporation " ]
" {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} " = (no title provided)
- & gt; {HKLM...CLSID} = " Windows Live Toolbar "
\InProcServer32\(Default) = " C:\Program Files\Windows Live Toolbar\msntb.dll " [MS]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = " & Poszukaj "
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = " C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL " [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
" ButtonText " = " Wpis w blogu "
" MenuText " = " & Wpis w blogu w Windows Live Writer "
" CLSIDExtension " = " {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "
- & gt; {HKLM...CLSID} = " BlogThisToolbarButton Class "
\InProcServer32\(Default) = " C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll " [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
" ButtonText " = " Research "


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Harmonogram automatycznej us?ugi LiveUpdate, Harmonogram automatycznej us?ugi LiveUpdate, " " C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe " " [ " Symantec Corporation " ]
LiveUpdate Notice Service Ex, LiveUpdate Notice Ex, " " C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe " /h ccCommon " [ " Symantec Corporation " ]
NMIndexingService, NMIndexingService, " " C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe " " [ " Nero AG " ]
NVIDIA Display Driver Service, nvsvc, " C:\Windows\system32\nvvsvc.exe " [ " NVIDIA Corporation " ]
Przegl?darka komputera, Browser, " C:\Windows\System32\svchost.exe -k netsvcs " { " C:\Windows\System32\browser.dll " [MS]}
Symantec AppCore Service, SymAppCore, " " C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe " " [ " Symantec Corporation " ]
Symantec Event Manager, ccEvtMgr, " " C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe " /h ccCommon " [ " Symantec Corporation " ]
Symantec Lic NetConnect service, CLTNetCnService, " " C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe " /h ccCommon " [ " Symantec Corporation " ]
Symantec Settings Manager, ccSetMgr, " " C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe " /h ccCommon " [ " Symantec Corporation " ]
Us?uga Protokó? SSTP, SstpSvc, " C:\Windows\system32\svchost.exe -k LocalService " { " C:\Windows\system32\sstpsvc.dll " [MS]}
Us?uga udost?pniania w sieci programu Windows Media Player, WMPNetworkSvc, " " C:\Program Files\Windows Media Player\wmpnetwk.exe " " [MS]
Windows Driver Foundation — User-mode Driver Framework, wudfsvc, " C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted " { " C:\Windows\System32\WUDFSvc.dll " [MS]}
Windows Image Acquisition (WIA), stisvc, " C:\Windows\system32\svchost.exe -k imgsvc " { " C:\Windows\System32\wiaservc.dll " [MS]}


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor MP140 series\Driver = " CNMLM8R.DLL " [ " CANON INC. " ]


---------- (launch time: 2009-03-10 00:08:35)
& lt; & lt; ! & gt; & gt; : Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer " No " at the
first message box and " Yes " at the second message box.
---------- (total run time: 50 seconds, including 12 seconds for message boxes)


Download file - link to post