VIRY.CZ

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

stahnout, nainstalovat, spustit, pustit sken, nic nemazat, nacpat sem log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzia databázy: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

25.7.2010 12:04:52
mbam-log-2010-07-25 (12-04-52).txt

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 117445
Uplynulý čas: 7 min, 37 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 0

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
(Škodlivé položky neboli zistené)

rana jistoty...

http://www.esagelab.com/files/bootkit_remover.rar

stahnout, rozbalit na plochu, spustit

po spusteni klik pravym mysidlem do okna, zvolit moznost Vybrat vse, CTRL+C a sem do odpovedi CTRL+V (tim mi sem plesknete log)

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

ted to vypada veeeelmi ciste...

Dakujeeem, este skusim restart a dam vedet ci mi to este nejake chyby neukaze...

Takze nic som neurobil, len som klikol na restart pc. Mohol by si mi pomoct odstranit este tieto chybicky?
1. Systém Windows sa vypína.... a zrazu:



No a ked sa zapne, tak naskoci zase tato:



To je vsetko, ostatne funguje ok

ta prvni hlaska se opakuje trvale?

ta druha odkazuje na nejaky neplatny klic...zkousels cistit registry?

No ta prva sa ukazuje vzdy, ale pc stejne vypne. A registre som cistil s ccleanrom, nevim ci to staci.

stahnete RegCleaner

aplikaci nainstalujte a spustte

na zalozce Software kliknete na File a zvolte moznost Save list as txt; vysledny log nekam ulozte; pote postup opakujte i na karte Startup a log opet ulozte, obsah obou vyslednych logu sem vlozte

ok, tak tu su vsetky programy:

RegCleaner 4.3 by Jouni Vuorio
Software registered to the Registry. You should delete every program's entries you know you've had, but don't have anymore
[syntax: Author, Software, Age ]

[Unknown], 7-Zip, New
[Unknown], Alcohol Soft, New
[Unknown], CCleaner, New
[Unknown], Digital Desire v3, New
[Unknown], FLEXlm License Manager, New
[Unknown], ICE Book Reader Professional, New
[Unknown], iColorFolder, New
[Unknown], LogMeIn Hamachi, New
[Unknown], McAfee.com, New
[Unknown], PKR, New
[Unknown], QTAlternative, New
[Unknown], RegisteredApplications, New
[Unknown], standard, New
[Unknown], WinPcap, New
[Unknown], WorldUnlock Codes Calculator, New
[Unknown], Xfire, New
[Unknown], aScAgenda, New
[Unknown], Banner Maker Pro 6, New
[Unknown], Classes.crx, New
[Unknown], CodecPack, New
[Unknown], fastview, New
[Unknown], FileFactory Turbo, New
[Unknown], fv, New
[Unknown], Hitman widecreen, New
[Unknown], h_duff, New
[Unknown], IVIIS, New
[Unknown], Licenses, New
[Unknown], madFlac, New
[Unknown], Malwarebytes' Anti-Malware, New
[Unknown], MediaInfo, New
[Unknown], Monitored, New
[Unknown], Opera Software, New
[Unknown], PxLic, New
[Unknown], SampleView, New
[Unknown], Screamer Radio, New
[Unknown], SDVDC, New
[Unknown], settings, New
[Unknown], Ventrilo, New
[Unknown], Visual Task Tips, New
[Unknown], Wget, New
[Unknown], WinRAR SFX, New
2015, Mohaa, New
7-Zip, Extraction, New
7-Zip, Fm, New
Abbyy, Setup, New
Abbyy, TrigrammsInstaller, New
Abbyy, Engine, New
Abbyy, PDFTransformer, New
ACE Compression Software, ActiveAce, New
Activision, Call Of Duty United Offensive, New
Adobe, CommonFiles, New
Adobe, Iac, New
Adobe, Repair, New
Adobe, SubInstall, New
Adobe, Acrobat Reader, New
Adobe, Adobe Acrobat, New
Adobe, Adobe Gamma, New
Adobe, Alm, New
Adobe, Bridge, New
Adobe, MediaBrowser, New
Adobe, Photoshop, New
Adobe, VanishingPoint, New
Adobe, Acrobat, New
Adobe Systems, Common Install, New
Adobe Systems, Licenses, New
Aerofox, FoxMail, New
Ahead, ImageDrive, New
Ahead, Nero BackItUp, New
Ahead, Nero Fast CD-Burning Plug-in, New
Ahead, Nero PhotoSnap Shared, New
Ahead, Nero SoundTrax, New
Ahead, Nero Toolkit, New
Ahead, Cover Designer, New
Ahead, Nero - Burning Rom, New
Ahead, Nero ShowTime, New
Ahead, Nero StartSmart, New
Ahead, Nero Wave Editor, New
Ahead, NeroCBUI, New
Ahead, NeroVision, New
Ahead, Shared, New
AidemMedia, BlooMooWeb, New
Alcohol Soft, Alcohol 120%, New
Alchemy Lab, Remote Control Pro, New
America Online, IeToolbar, New
Analog Devices, Smwdmif, New
Analog Devices, SoundMAX, New
Analog Devices, IFShare, New
Analog Devices, Smax4, New
Analog Devices, Smax4pnp, New
Andrea Electronics, Driver, New
Andrea Electronics, USBDriver, New
AntiKomar, TForm1, New
AppDataLow, Software, New
Apple Computer, Inc., QuickTime, New
ASProtect, SpecData, New
Auralis, Wsst Screen Savers, New
Avira, AntiVir Desktop, New
AWSoftware, Eac, New
Babylon, Babylon Client, New
BasicScript Program Settings, Msvm, New
Binary Noise, MPlayer, New
BitTorrent, UTorrent, New
Blizzard Entertainment, Warcraft III, New
Blizzard Entertainment, World Of Warcraft, New
Bricomix.net, BricoPack System, New
Broadcom, 802.11_App, New
Broadcom, 802.11, New
C07ft5Y, CoDSP, New
C07ft5Y, WinXP, New
Cddb, Control, New
CEZEO Software, Winpopup NET, New
Codec Tweak Tool, Search Paths, New
Conduit, AppPaths, New
Conduit, Toolbars, New
Conduit, Communicator, New
Conduit, Community Alerts, New
Conduit, Repository, New
Conduit, Toolbar, New
Convar Deutschland GmbH, PC Inspector Task Manager, New
CrystalIdea Software, Uninstall Tool, New
Cyberlink, Common, New
Digital River, SoftwarePassport, New
DivXNetworks, DivX, New
DivXNetworks, DivX PlaybackModule, New
DivXNetworks, DivX Player, New
DivXNetworks, DivX4Windows, New
DivXNetworks, DivXToolbar, New
DivXNetworks, Installer, New
EA Games, Need For Speed Most Wanted, New
Eacademy, Sdc, New
Elecard, MPEG2 Video Decoder, New
Electronic Arts, EA Games, New
Epson, EBPrinter4, New
Epson, EPSON SX110 Series IO_URL, New
Epson, EPSON SX110 Series TS_URL, New
Epson, Printer, New
Epson, Stm3, New
Epsxe, Config, New
Ericsson, MobilePhoneMonitor, New
Eset, Nod, New
Eset, Setup, New
Eset, ESET Security, New
Far, Plugins, New
Far, Colors, New
Far, PluginsCache, New
Far, SavedFolderHistory, New
Far, SavedHistory, New
FDRLab, Save2pc, New
FullCircle, TalkBack, New
Gabest, DVobSub, New
Gabest, Filters, New
Gabest, Media Player Classic, New
Gabest, Vsfilter, New
Gemplus, Cryptography, New
Ghisler, Total Commander, New
Gladiators, Aston, New
Global IP Solutions, VoiceEngine, New
Gnu, Ffdshow, New
Gnu, Ffdshow_audio, New
Gnu, Ffdshow_audio_raw, New
Gnu, Ffdshow_vfw, New
Gnu, Xvid, New
GoldWave, GoldWave, New
Google, CustomSearch, New
Google, NavClient, New
Google, Autoupdate-G001, New
Google, Common, New
Google, CommonSettings, New
Google, GECommonSettings, New
Google, Gmail Notifier, New
Google, Google Desktop, New
Google, Google Earth Plus, New
Google, Update, New
Google, Gmail, New
GSpot Appliance Corp, GSpot, New
Haali, DSMux, New
Haali, Matroska Splitter, New
Haali, Video Renderer, New
HaaliMkx, Input, New
Hewlett-Packard, HP Memories Disc, New
Hewlett-Packard, HPCoreTech, New
Hewlett-Packard, Hpz, New
Hewlett-Packard, Microsoft UAA Bus Driver For HD Audio, New
Hewlett-Packard, Bod, New
Hewlett-Packard, HP Share-to-Web, New
Hewlett-Packard, HPDJ Printing System Config, New
Hewlett-Packard, ScanJet, New
Hpq, {4264742F-0322-4ba5-9657-A798C5C37AD6}, New
Hpq, HP Wireless Assistant, New
Icq, Icq6, New
Icq, Icq6.5, New
Icq, ICQToolBar, New
Infium, Main, New
InstalledOptions, AnalogDevices, New
InstallShield, Driver, New
InstallShield, Update Service, New
Intel, Intel Graphics Accelerator, New
Intel, Psis, New
Intel, Display, New
Intel, Indeo, New
InterActual Technologies, IPlayer, New
InterVideo, WatchDog, New
InterVideo, WinDVD4, New
InterVideo, Common, New
InterVideo, Dvd8, New
Iviis, Guid, New
JavaSoft, Java Plug-in, New
JavaSoft, Java Web Start, New
JavaSoft, Java Runtime Environment, New
JavaSoft, Java Update, New
JavaSoft, Java2D, New
JavaSoft, Prefs, New
JDownloader, Components, New
Jedi-vcl, TipsStartup, New
Jitit Virtual Registry, 0, New
Jpexs, ICQASManager, New
Karlis Blumentals, Easy GIF Animator, New
KernelPro, Advanced Virtual COM Port, New
KLCodecPack, InstalledItems, New
KLCodecPack, InstallSettings, New
Konica Minolta, Msr32_01, New
Konica Minolta, Oem01, New
Konica Minolta, Printer Install, New
L&h, TruVoice, New
Lake, DolbyHph, New
Lake, LakeControl, New
Lingea, Lexicon, New
Local AppWizard-Generated Applications, AutoFwup, New
Local AppWizard-Generated Applications, Wiz Bang Client, New
Lumai, BooruCam2, New
Macromedia, FlashPlayerActiveX, New
Macromedia, FlashPlayerPlugin, New
Macromedia, Shockwave 10, New
Macromedia, FlashPlayer, New
Macromedia, FlashPlayerUpdate, New
Macromedia, Shockwave 8, New
MainConcept, DirectShow, New
MarketPrecision, Setup, New
MasterSoft, SuperDVDCreator, New
Matrox, PowerDesk, New
Michael Facquet, EncFlac, New
Mirabilis, Icq, New
Mlab, Russianracer, New
Monogram, Avcodec, New
Monogram, MONOGRAM AAC Decoder, New
Monte Cristo, Autorun, New
Monte Cristo, City Life, New
Movavi, VideoConverter6, New
Movavi, Movavi Video Converter 6.2, New
Mozilla, Mozilla Firefox, New
Mozilla, Mozilla Firefox 3.6.7, New
Mozilla, Firefox, New
Mozilla.org, Mozilla, New
MozillaPlugins, @adobe.com/FlashPlayer, New
MozillaPlugins, @divx.com/DivX Player Plugin,version=1.0.0, New
MozillaPlugins, @microsoft.com/WPF,version=3.5, New
MozillaPlugins, @real.com/nppl3260;version=6.0.12.449, New
MozillaPlugins, @real.com/nprpjplug;version=6.0.12.448, New
MozillaPlugins, @real.com/nsJSRealPlayerPlugin;version=, New
MozillaPlugins, @videolan.org/vlc,version=1.0.1, New
MozillaPlugins, Yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1, New
MozillaPlugins, @joj.sk/TV_JOJ_Media_Player, New
MozillaPlugins, @tools.google.com/Google Update;version=8, New
Msi, Drivers, New
Musicnotes, Musicnotes, New
Musicnotes, Musicnotes Player, New
MyBabylon_English, Toolbar, New
Net2Phone, CommCenter, New
Net2Phone, N2pcc, New
Netscape, Netscape Navigator, New
NextVideoSoft, Nextsoft Video Converter, New
NextVideoSoft, NextCoverter, New
Nullsoft, Winamp, New
Oak Technology, Omsg, New
Orl, VNCviewer, New
Orl, WinVNC3, New
PageRage, Toolbar, New
Panda Software, Panda Antivirus Platinum, New
Panda Software, Sys Patches, New
Phenomedia, Moorhuhn Piraten, New
Phenomedia, Moorhuhn Remake, New
Phenomedia, Moorhuhn Wanted XXL, New
Piriform, CCleaner, New
PriceGong, Settings, New
Qip, Dhtml, New
Radmin, V3.0, New
RealNetworks, RealJukebox, New
RealNetworks, Setup, New
RealNetworks, Update, New
RealNetworks, Config, New
RealNetworks, Gemini, New
RealNetworks, Preferences, New
RealNetworks, RealMediaSDK, New
RealNetworks, RealPlayer, New
Revenger Inc., CMenuExtender, New
RocketDock, Icons, New
RocketDock, WindowFilters, New
S3r521, Uny89ratbcvum525vtdh, New
Screen-Savers.com, Snowy Scenes Screen Saver, New
SDS Software, Setup2Go, New
Seiko Epson Corporation, USB Display, New
Schlumberger, Smart Cards And Terminals, New
Sibelius Software, Scorch, New
Skype, Installer, New
Skype, Phone, New
Skype, PluginManager, New
Skype, ProtectedStorage, New
Skype, Toolbars, New
Sony Corporation, Yebisu, New
Sony Ericsson, Emma Iii, New
SourceCodeControlProvider, InstalledSCCProviders, New
Spin2, Jbk393, New
Staccato, SCa, New
Swearware, Backup, New
Sysinternals, Handle, New
TCBR Shell, V2.2.6, New
TCBR Shell, V2.3.1, New
Terasoft, Aj1_2007a_sk, New
Terasoft, Bla1_2006a_sk, New
Terasoft, Bla2_2006a_sk, New
Terasoft, Tsruntime, New
Terminal, TmacroForm, New
Terminal, WindowState, New
The Silicon Realms Toolworks, Armadillo, New
Tracker Software, PDF-XChange 3.0 ABBYY, New
TrendMicro, HijackThis, New
TrioDesign, Christmas Living 3D Fireplace Screen Saver, New
Trolltech, Qt, New
Trolltech, OrganizationDefaults, New
UberIcon-v1.0.0, Fx_FlatOut, New
UberIcon-v1.0.0, Fx_iBounce, New
UberIcon-v1.0.0, Fx_iZoom, New
Ulead Systems, Common, New
Unigraphics Solutions, Solid Edge, New
Valve, Half-Life, New
Valve, Steam, New
VB And VBA Program Settings, Aj1_2003, New
VB And VBA Program Settings, Code Calc By CyberGSM, New
VideoLAN, Vlc, New
Virtools, Network, New
Vision Thing, PSEmu Pro, New
Winamp, In_vorbis, New
Winamp, OmBrowser, New
WinRAR, ArcHistory, New
WinRAR, DialogEditHistory, New
WinRAR, FileList, New
WinRAR, Formats, New
WinRAR, General, New
WinRAR, Interface, New
WinRAR, Profiles, New
WinRAR, Setup, New
WinRAR, Viewer, New
Wintertree, Ssce, New
Wmr11, Settings, New
X-avcsd, Workstation, New
Xfire, Exceptions, New
Xing Technology Corp., SharedDlls, New
Zamaan's Software, Pepsi Volume Controller, New
Zenographics, Msr32__4, New
Zoner, Language, New
Zoner, Zoner GIF Animator 5, New
Zsmc, Usbcamera, New
Zsmc, ZSMC USB PC Camera (ZS211), New




Pri spustení:

RegCleaner 4.3 by Jouni Vuorio
These programs are run everytime you start your computer. Try to keep this list as short as possible
[syntax: Program, Filename, Loaded from ]

\\KROENENAMD\EPSON SX110 Series, C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE /FU "C:\DOCUME~1\kroenen2\LOCALS~1\Temp\E_SA90.tmp" /EF "HKCU", HKEY_CU\Run
{0228e555-4f9c-4e35-a3ec-b109a192b4c2}, C:\Program Files\Google\Gmail Notifier\gnotify.exe, HKEY_LM\Run
Avgnt, "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min, HKEY_LM\Run
Broadcom Wireless Manager UI, C:\WINDOWS\system32\WLTRAY.exe, HKEY_LM\Run
Ctfmon.exe, C:\WINDOWS\system32\ctfmon.exe, HKEY_CU\Run
Desktop, N/A, Start Menu
Desktop, N/A, Start Menu (Common User)
Google Update, "C:\Documents And Settings\kroenen2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c, HKEY_CU\Run
Igfxhkcmd, C:\WINDOWS\system32\hkcmd.exe, HKEY_LM\Run
Igfxpers, C:\WINDOWS\system32\igfxpers.exe, HKEY_LM\Run
Igfxtray, C:\WINDOWS\system32\igfxtray.exe, HKEY_LM\Run
RocketDock, N/A, Start Menu
SoundMAXPnP, C:\Program Files\Analog Devices\Core\smax4pnp.exe, HKEY_LM\Run
Start Unlocker Assistant, N/A, Start Menu
TransBar, N/A, Start Menu
UberIcon, "D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe", HKEY_CU\Run
Y'z Shadow, N/A, Start Menu

stahnete Silent Runners


v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"

rozbalte kamkoli, soubor s koncovkou .vbs spustte, v prvnim okne odpovezte ne, ve druhem ano, chvili vydrzte, pote se vam kamsi do stejneho adresare, kde mate silent runner.vbs, vytvori log zhruba v tomto tvaru: Startup Programs (Nazev Pocitace) datum a cas.txt - na vytvoreni tohoto souboru je treba pockat!

tento log sem vlozte...

V pripade nejasnosti ci potizi je k dispozici kompletni navod

"Silent Runners.vbs", revision 61, http://www.silentrunners.org/
Operating System: Windows XP SP3
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"UberIcon" = ""D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"" [null data]
"\\KROENENAMD\EPSON SX110 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE /FU "C:\DOCUME~1\kroenen2\LOCALS~1\Temp\E_SA90.tmp" /EF "HKCU"" ["SEIKO EPSON CORPORATION"]
"Google Update" = ""C:\Documents and Settings\kroenen2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
"Broadcom Wireless Manager UI" = "C:\WINDOWS\system32\WLTRAY.exe" ["Broadcom Corporation"]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = "C:\Program Files\Google\Gmail Notifier\gnotify.exe" ["Google Inc."]
"avgnt" = ""C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min" ["Avira GmbH"]
"SoundMAXPnP" = "C:\Program Files\Analog Devices\Core\smax4pnp.exe" ["Analog Devices, Inc."]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]

{9565115d-c7d6-46d3-bd63-b67b481a4368}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PageRage Toolbar"
\InProcServer32\(Default) = "C:\Program Files\PageRage\tbPag0.dll" ["Conduit Ltd."]

{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\(Default) = "Babylon IE plugin"
-> {HKLM...CLSID} = "Babylon IE plugin"
\InProcServer32\(Default) = "D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll" ["Babylon Ltd."]

{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "myBabylon English Toolbar"
\InProcServer32\(Default) = "C:\Program Files\myBabylon_English\tbmyB0.dll" ["Conduit Ltd."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = "{99FD978C-D287-4F50-827F-B2C658EDA8E7}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = "{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = "{920E6DB1-9907-4370-B3A0-BAFC03D81399}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = "{16F3DD56-1AF5-4347-846D-7C10C4192619}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = "{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}" = "InternetShortcut"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [file not found]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "d:\Program Files\WinRAR\rarext.dll" [null data]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
-> {HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
-> {HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
-> {HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL" [MS]

"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "D:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "d:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

"{4FED14EE-8086-4b0c-A0DE-C27042ED1296}" = "PDFTransformer2ContextMenu"
-> {HKLM...CLSID} = "PDFTransformer2.PDFTContextMenu.1"
\InProcServer32\(Default) = "D:\Program Files\ABBYY PDF Transformer 2.0\PDFTContextMenu.dll" ["ABBYY Software"]

"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]

"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"
-> {HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "D:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
-> {HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Aedebug\
<<!>> "Debugger" = ""D:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\msdev.exe" -p %ld -e %ld" [file not found]
<<!>> "Auto" = "0"

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> grooveLocalGWS\CLSID = "{88FED34C-F0CA-4636-A375-3CB6248B04CD}"
-> {HKLM...CLSID} = "Local Groove Web Services Protocol"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL" [MS]

<<!>> ms-help\CLSID = "{314111c7-a502-11d2-bbca-00c04f8ec294}"
-> {HKLM...CLSID} = "HxProtocol Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll" [MS]

<<!>> skype4com\CLSID = "{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}"
-> {HKLM...CLSID} = "IEProtocolHandler Class"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL" ["Skype Technologies"]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "d:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

PDFTransformer2ContextMenu\(Default) = "{4FED14EE-8086-4b0c-A0DE-C27042ED1296}"
-> {HKLM...CLSID} = "PDFTransformer2.PDFTContextMenu.1"
\InProcServer32\(Default) = "D:\Program Files\ABBYY PDF Transformer 2.0\PDFTContextMenu.dll" ["ABBYY Software"]

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "d:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "D:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "D:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "d:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"
-> {HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "D:\WINDOWS\BricoPacks\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "d:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "d:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "d:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = "{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"
-> {HKLM...CLSID} = "GraphicsShellExt Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\igfxpph.dll" ["Intel Corporation"]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "D:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]

UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "D:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "d:\Program Files\WinRAR\rarext.dll" [null data]

XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
-> {HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "d:\Program Files\WinRAR\rarext.dll" [null data]


Default executables:
--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\kroenen2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "none" [file not found]


IniFileMapping Pointers to .INI Files:
--------------------------------------

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\

system.ini\boot\
<<!>> "Shell" = "USR:Software\Microsoft\Windows NT\CurrentVersion\Winlogon"


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

AlcoholAutoPlayV2.BurnDisc\
"Provider" = "Alcohol 120%"
"InvokeProgID" = "AlcoholAutoPlayV2"
"InvokeVerb" = "BurnDisc"
HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""D:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]

AlcoholAutoPlayV2.ReadDisc\
"Provider" = "Alcohol 120%"
"InvokeProgID" = "AlcoholAutoPlayV2"
"InvokeVerb" = "ReadDisc"
HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\ReadDisc\command\(Default) = ""D:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"]

MPCPlayCDAudioOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayCDAudio"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /cd" ["mpc-hc@Sourceforge"]

MPCPlayDVDMovieOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayDVDMovie"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /dvd" ["mpc-hc@Sourceforge"]

MPCPlayMusicFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayMusicFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1" ["mpc-hc@Sourceforge"]

MPCPlayVideoFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayVideoFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1" ["mpc-hc@Sourceforge"]

NeroAutoPlay2AudioToNeroDigital\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_AudioToNeroDigital"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_AudioToNeroDigital\command\(Default) = "d:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracks /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "d:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2CopyCD\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "d:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "d:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2DVDVideoToNeroDigital\
"Provider" = "Nero Recode"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayDVDMovieOnArrival_DVDVideoToNeroDigital"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayDVDMovieOnArrival_DVDVideoToNeroDigital\command\(Default) = "d:\Program Files\Ahead\Nero Recode\Recode.exe /New:ReAuthorNeroDigital /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "d:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2PlayDVD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayVideoFilesOnArrival_PlayDVD"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayVideoFilesOnArrival_PlayDVD\command\(Default) = "d:\Program Files\Ahead\Nero ShowTime\ShowTime.exe /Play %L" ["Ahead software AG"]

NeroAutoPlay2RipCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_RipCD"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_RipCD\command\(Default) = "d:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracks /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2TranscodeVideo\
"Provider" = "Nero Recode"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayDVDMovieOnArrival_TranscodeVideo"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayDVDMovieOnArrival_TranscodeVideo\command\(Default) = "d:\Program Files\Ahead\Nero Recode\Recode.exe /New:CopyDVDVideo /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2VideoCapture\
"Provider" = "NeroVision Express"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""d:\Program Files\Ahead\NeroVision\NeroVision.exe" /New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay2ViewPhotos\
"Provider" = "Nero PhotoSnap Viewer"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "ShowPicturesOnArrival_ViewPhotos"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\ShowPicturesOnArrival_ViewPhotos\command\(Default) = "d:\Program Files\Ahead\Nero PhotoSnap\PhotoSnapViewer.exe /Drive:%L" ["Ahead Software AG"]

VLCPlayCDAudioOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.CDAudio"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = ""d:\Program Files\VLC\vlc.exe" --started-from-file cdda://%1" ["the VideoLAN Team"]

VLCPlayDVDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.DVDMovie"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = ""d:\Program Files\VLC\vlc.exe" --started-from-file dvd://%1" ["the VideoLAN Team"]

WinampMTPHandler\
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "d:\Program Files\Winamp\winamp.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\
"Provider" = "Winamp"
"InvokeProgID" = "Winamp.File"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""d:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft, Inc."]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = ""d:\Program Files\Winamp\winamp.exe"" ["Nullsoft, Inc."]


Startup items in "kroenen2" & "All Users" startup folders:
----------------------------------------------------------

C:\Documents and Settings\kroenen2\Start Menu\Programs\Startup
"RocketDock" -> shortcut to: "D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [null data]
"Start Unlocker Assistant" -> shortcut to: "D:\Program Files\Unlocker\UnlockerAssistant.exe" [null data]
"TransBar" -> shortcut to: "D:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe /s" ["AKSoftware"]
"Y'z Shadow" -> shortcut to: "D:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe" ["Y'z@Home"]


Enabled Scheduled Tasks:
------------------------

"Edward Maya & Vika Jigulina - Stereo Love (Molella Remix)" -> launches: "D:\MY HP_SOFTWARE\MUSIC\TRANCE-DISCO\Edward Maya & Vika Jigulina - Stereo Love (Molella Remix).mp3" [null data]
"GoogleUpdateTaskUserS-1-5-21-1060284298-329068152-839522115-1003Core" -> launches: "C:\Documents and Settings\kroenen2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskUserS-1-5-21-1060284298-329068152-839522115-1003UA" -> launches: "C:\Documents and Settings\kroenen2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 30
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{9565115D-C7D6-46D3-BD63-B67B481A4368}"
-> {HKLM...CLSID} = "PageRage Toolbar"
\InProcServer32\(Default) = "C:\Program Files\PageRage\tbPag0.dll" ["Conduit Ltd."]

"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"
-> {HKLM...CLSID} = "myBabylon English Toolbar"
\InProcServer32\(Default) = "C:\Program Files\myBabylon_English\tbmyB0.dll" ["Conduit Ltd."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{9565115D-C7D6-46D3-BD63-B67B481A4368}"
-> {HKLM...CLSID} = "PageRage Toolbar"
\InProcServer32\(Default) = "C:\Program Files\PageRage\tbPag0.dll" ["Conduit Ltd."]

"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"
-> {HKLM...CLSID} = "myBabylon English Toolbar"
\InProcServer32\(Default) = "C:\Program Files\myBabylon_English\tbmyB0.dll" ["Conduit Ltd."]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{9565115D-C7D6-46D3-BD63-B67B481A4368}" = "PageRage Toolbar"
-> {HKLM...CLSID} = "PageRage Toolbar"
\InProcServer32\(Default) = "C:\Program Files\PageRage\tbPag0.dll" ["Conduit Ltd."]

"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}" = "myBabylon English Toolbar"
-> {HKLM...CLSID} = "myBabylon English Toolbar"
\InProcServer32\(Default) = "C:\Program Files\myBabylon_English\tbmyB0.dll" ["Conduit Ltd."]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{0F43BFBD-D476-44F4-A408-7F201069726A}\(Default) = "myBabylon English Findbar"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\Program Files\myBabylon_English\tbmyB0.dll" ["Conduit Ltd."]

HKLM\SOFTWARE\Classes\CLSID\{17AA14F6-6093-442D-91C4-CDC2D7F2020A}\(Default) = "PageRage Findbar"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\Program Files\PageRage\tbPag0.dll" ["Conduit Ltd."]

HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = "Groove Folder Synchronization"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL" [MS]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Zdroje informácií"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\
"ButtonText" = "Odoslať do programu OneNote"
"MenuText" = "Od&oslať do programu OneNote"
"CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"
-> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll" [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "D:\Program Files\ICQ6.5\ICQ.exe" ["ICQ, LLC."]

{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}\
"ButtonText" = "Translate this web page with Babylon"
"MenuText" = "Translate this web page with Babylon"
"Script" = "res://D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm" ["Babylon Ltd."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{9565115d-c7d6-46d3-bd63-b67b481a4368}" = (no title provided)
-> {HKLM...CLSID} = "PageRage Toolbar"
\InProcServer32\(Default) = "C:\Program Files\PageRage\tbPag0.dll" ["Conduit Ltd."]
<<H>> "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}" = (no title provided)
-> {HKLM...CLSID} = "myBabylon English Toolbar"
\InProcServer32\(Default) = "C:\Program Files\myBabylon_English\tbmyB0.dll" ["Conduit Ltd."]

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> "Tabs" = "C:\Documents and Settings\All Users\Application Data\ICQ\ICQNewTab\newTab.html" [null data]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
Broadcom Wireless LAN Tray Service, wltrysvc, "C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe" [null data]
EMP_UDSA, EMP_UDSA, "C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe" ["SEIKO EPSON CORPORATION"]
LogMeIn Hamachi 2.0 Tunneling Engine, Hamachi2Svc, ""C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s" ["LogMeIn Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Radmin Server V3, RServer3, ""C:\WINDOWS\system32\rserver30\RServer3.exe" /service" ["Famatech International Corp."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> Hamachi2Svc, "Service"
<<!>> {1a3e09be-1e45-494b-9174-d7385b45bbf5}, (null value)


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
EPSON SX110 Series 32MonitorBE\Driver = "E_FLBFBE.DLL" ["SEIKO EPSON CORPORATION"]
hpzsnt09\Driver = "hpzsnt09.dll" ["HP"]
Ice Monitor M\Driver = "BiMMonNT.dll" ["Black Ice Software"]
MLMON_01\Driver = "MLMON_01.DLL" ["KONICA MINOLTA BUSINESS TECHNOLOGIES, INC."]
PDF-XChange\Driver = "C:\WINDOWS\system32\pxc25pm.dll" ["Tracker Software"]
Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]


---------- (launch time: 2010-07-25 21:23:55)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 297 seconds.
---------- (total run time: 461 seconds)

ja tady nic nevidim