EN

The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

FORUMS

SEARCH FORUM

Help - Project1 has invaded my computer

Posted 6/24/2005 11:45 PM
#16567
User avatar

JC003 Member

Date Joined Nov 2016
Total Posts: 4
Hi there,


I don't know how this came onto my computer. Here is my Hijackthis log. What can I do?



Logfile of HijackThis v1.99.1
Scan saved at 4:38:51 PM, on 24/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\OPScan.exe
C:\Documents and Settings\Chan\My Documents\Downloads\Hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ca.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ca.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [AutoUpdate] C:\Program Files\Serials3k\s3k_autoupdate.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - https://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - https://www.nick.com/common/groove/gx/GrooveAX27.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Posted 7/5/2005 9:43 PM
#17083
User avatar

pesko Advanced member

Date Joined Nov 2016
Total Posts: 350
Why did you post you log 2 times?
-Pesko ;)
Better safe than sorry.

Please scan you pc for spyware before before you post you hjt log.
Free antispyware programs: Ad-aware, spybot and more, x-cleaner, MS antispy beta only for windows 2000 and XP
Free antispyware trials: Spysweeper 30 trial, Ewido
Offline antivirus scanner: mwav.exe
Tools: CWShredder, CClean, killbox, sysclean sysclean definionfile,

Help: How to disable/enable system restore, boot in to Safemode , How to Show System Files

[blue]Do not post you log in to another thread, don't send me your hijackthislog as PM[blue]
Posted 8/14/2005 5:09 PM
#18612
User avatar

JC003 Member

Date Joined Nov 2016
Total Posts: 4
Here is a copy of my log. I don't think it was removed as I did a <CTRL>+<ALT>+<DEL> and it still shows up.

What does Project 1 do anyways? I don't see it under other profiles...

Logfile of HijackThis v1.99.1
Scan saved at 10:05:37 AM, on 14/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Serials3k\s3k_autoupdate.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Chan\My Documents\Downloads\Hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ca.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [AutoUpdate] C:\Program Files\Serials3k\s3k_autoupdate.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - https://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - https://www.nick.com/common/groove/gx/GrooveAX27.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe






Posted 8/16/2005 9:22 PM
#18748
User avatar

pesko Advanced member

Date Joined Nov 2016
Total Posts: 350
Boot in to safemode (No network connection)
Start hijackthis
Select this
O4 - HKCU\..\Run: [AutoUpdate] C:\Program Files\Serials3k\s3k_autoupdate.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - https://www.nick.com/common/groove/gx/GrooveAX27.cab
And click fix it
Boot and post a new log
-Pesko ;)
Better safe than sorry.

Please scan you pc for spyware before before you post you hjt log.
Free antispyware programs: Ad-aware, spybot and more, x-cleaner, MS antispy beta only for windows 2000 and XP
Free antispyware trials: Spysweeper 30 trial, Ewido
Offline antivirus scanner: mwav.exe
Tools: CWShredder, CClean, killbox, sysclean sysclean definionfile,

Help: How to disable/enable system restore, boot in to Safemode , How to Show System Files

[blue]Do not post you log in to another thread, don't send me your hijackthislog as PM[blue]
Posted 8/17/2005 2:40 AM
#18764
User avatar

JC003 Member

Date Joined Nov 2016
Total Posts: 4
I think it's gone!!! I did the <CTRL>+<ALT>+<DEL> and the project 1 isn't showing up anymore....

But just to confirm, here is my log...

Logfile of HijackThis v1.99.1
Scan saved at 7:38:35 PM, on 16/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chan\My Documents\Downloads\Hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ca.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - https://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



Posted 8/17/2005 3:22 PM
#18788
User avatar

iviyst Member

Date Joined Nov 2016
Total Posts: 2
[code]Overview

Summary
Changes port on which NetBus runs.
Category
RAT : A Remote Administration Tool, or RAT, is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a ""client"" in the attacker's machine, and a ""server"" in the victim's machine. Examples include Back Orifice, NetBus, SubSeven, and Hack'a'tack. What happens when a server is installed in a victim's machine depends on the capabilities of the trojan, the interests of the attacker, and whether or not control of the server is ever gained by another attacker -- who might have entirely different interests. Infections by remote administration Trojans on Windows machines are becoming as frequent as viruses. One common vector is through File and Print Sharing, when home users inadvertently open up their system to the rest of the world. If an attacker has access to the hard-drive, he/she can place the trojan in the startup folder. This will run the trojan the next time the user logs in. Another common vector is when the attacker simply e-mails the trojan to the user along with a social engineering hack that convinces the user to run it against their better judgment.


Origins

Author
Cybernetic cowb0y[/code]
User image
Posted 8/18/2005 9:44 PM
#18844
User avatar

pesko Advanced member

Date Joined Nov 2016
Total Posts: 350
Looks clean to me.

You should install some antispyware software on your machine (adaware and spybot as a minimum, microsoft antispy and some of the other programs you find on the download site to spybot).

remember to run windows update one a month.

Enjoy spywarefree surfing.
-Pesko ;)
Better safe than sorry.

Please scan you pc for spyware before before you post you hjt log.
Free antispyware programs: Ad-aware, spybot and more, x-cleaner, MS antispy beta only for windows 2000 and XP
Free antispyware trials: Spysweeper 30 trial, Ewido
Offline antivirus scanner: mwav.exe
Tools: CWShredder, CClean, killbox, sysclean sysclean definionfile,

Help: How to disable/enable system restore, boot in to Safemode , How to Show System Files

[blue]Do not post you log in to another thread, don't send me your hijackthislog as PM[blue]
Posted 9/15/2005 12:49 AM
#19625
User avatar

samir1 Member

Date Joined Nov 2016
Total Posts: 1
I have a similar problem, please let me know if you can help me out as well. Here's my logfile:


Logfile of HijackThis v1.99.1
Scan saved at 8:36:57 PM, on 9/14/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\spool\drivers\w32x86\hpzstatn.exe
C:\WINNT\system32\niSvcLoc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\restore.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\WebDrive\wdservice.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nipalsm.exe
C:\WINNT\system32\nipalsm.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\pctspk.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINNT\system32\hphmon03.exe
C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevldstat.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\vidctrl\vidctrl.exe
C:\WINNT\etb\pokapoka66.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Dell TrueMobile 1150\Client Manager\cmdel.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AIM95\aim.exe
C:\Documents and Settings\neo\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://www.ampmsearch.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.vt.edu
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.vt.edu
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINNT\hpfsched.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [BurnQuick Queue] C:\WINNT\BQTray.exe
O4 - HKLM\..\Run: [xcgkguqy] C:\WINNT\wkjufdar.exe
O4 - HKLM\..\Run: [Antivirus] C:\WINNT\b.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ntbirgig] C:\WINNT\system32\pirhmjr.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINNT\system32\hphmon03.exe
O4 - HKLM\..\Run: [mnkj] C:\WINNT\mnkj.exe
O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [Hkdxi] C:\Program Files\Kwgqkw\Yners.exe
O4 - HKLM\..\Run: [NIDAQmxDriverStatus] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevldstat.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\28.tmp
O4 - HKLM\..\Run: [exe.] C:\WINNT\exe..exe
O4 - HKLM\..\Run: [51=L] C:\WINNT\exe..exe
O4 - HKLM\..\Run: [vidctrl] C:\WINNT\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [System service66] C:\WINNT\etb\pokapoka66.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPN\BottomLine\bline.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: TrueMobile 1150 Client Manager.lnk = C:\Program Files\Dell TrueMobile 1150\Client Manager\cmdel.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: https://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - https://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - https://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125964002804
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - https://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6us.cab
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Printer Status Server (hpzstatn) - Hewlett-Packard Company - C:\WINNT\System32\spool\drivers\w32x86\hpzstatn.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p1b\webserver\bin\win32\matlabserver.exe
O23 - Service: Mouse Synchronization (mousesync) - Unknown owner - C:\WINNT\system32\mousesync.exe (file missing)
O23 - Service: nidevldu - National Instruments Corporation - C:\WINNT\system32\nipalsm.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINNT\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINNT\system32\niSvcLoc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINNT\system32\HPHipm09.exe
O23 - Service: restore - Unknown owner - C:\WINNT\restore.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\WebDrive\wdservice.exe
Posted 1/27/2007 9:56 PM
#42398
User avatar

MaxHardcore420666777 Member

Date Joined Nov 2016
Total Posts: 1
I've been noticing "Project1" under applications in my task manager as well. What is that? Dang it.
Posted 7/21/2008 4:04 PM
#63845
User avatar

Guzgan Member

Date Joined Nov 2016
Total Posts: 1
I have a similar problem, please help me. Here's my logfile:





Logfile of HijackThis v1.99.1
Scan saved at 18:45:49, on 21.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TMeter\trafmonitor.exe
C:\Program Files\VistaDriveIcon\VistaDrv.exe
C:\Program Files\Punto Switcher\ps.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
C:\Program Files\uTorrent\utorrent.exe
C:\WINDOWS\system32\explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Download Master\dmaster.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.kornet.ru/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: ConnectionServices module - {6D7B211A-88EA-490c-BAB9-3600D8D7C503} - C:\Program Files\ConnectionServices\ConnectionServices.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: BitAccelerator module - {92860A02-4D69-48c1-82D7-EF6B2C609502} - C:\Program Files\BitAccelerator\BitAccelerator.dll (file missing)
O2 - BHO: IE 4.x-6.x BHO for Download Master - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - C:\PROGRA~1\DOWNLO~1\dmiehlp.dll
O2 - BHO: RGWIE Class - {D4D5806E-EA2C-45b2-972D-8BE237697B87} - RGWIE.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: DM Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} - C:\Program Files\Download Master\dmbar.dll
O4 - HKLM\..\Run: [trafMonitor] C:\Program Files\TMeter\trafmonitor.exe /logon /admin
O4 - HKLM\..\Run: [Microsoft Windows Explorer] C:\WINDOWS\system32\explorer.exe
O4 - HKLM\..\Run: [ALCalendar] yes
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [VistaIcon] C:\Program Files\VistaDriveIcon\VistaDrv.exe
O4 - HKCU\..\Run: [Punto Switcher] C:\Program Files\Punto Switcher\ps.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Добавить в Анти-Баннер - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Закачать ВСЕ при помощи Download Master - C:\Program Files\Download Master\dmieall.htm
O8 - Extra context menu item: Закачать при помощи Download Master - C:\Program Files\Download Master\dmie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Cтатистика защиты веб-трафика - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files\Download Master\dmaster.exe
O9 - Extra 'Tools' menuitem: &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files\Download Master\dmaster.exe
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{32DFAA2F-0B8D-4753-8228-F617DCB33652}: NameServer = 78.24.52.129,78.24.54.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{32DFAA2F-0B8D-4753-8228-F617DCB33652}: NameServer = 78.24.52.129,78.24.54.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{32DFAA2F-0B8D-4753-8228-F617DCB33652}: NameServer = 78.24.52.129,78.24.54.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS\system32\rserver30\RServer3.exe" /service (file missing)
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: NST ToolTipFixer (TTFixerService) - NeoSmart Technologies - C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe















Also I download Silent Runners and run this is the log file:



"Silent Runners.vbs", revision 58, https://www.silentrunners.org/Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"VistaIcon" = "C:\Program Files\VistaDriveIcon\VistaDrv.exe" [null data]
"Punto Switcher" = "C:\Program Files\Punto Switcher\ps.exe" ["Punto.Ru"]
"LClock" = "C:\Program Files\LClock\LClock.exe" [null data]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"FlashPlayerUpdate" = "C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"TrafMonitor" = "C:\Program Files\TMeter\trafmonitor.exe /logon /admin" [null data]
"Microsoft Windows Explorer" = "C:\WINDOWS\system32\explorer.exe" ["Microsoft® Windows®"]
"ALCalendar" = "yes" [file not found]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"
"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{00C6482D-C502-44C8-8409-FCE54AD9C208}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SnagIt Toolbar Loader"
\InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll" ["TechSmith Corporation"]
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found]
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = "IEVkbdBHO"
-> {HKLM...CLSID} = "IEVkbdBHO Class"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll" ["Kaspersky Lab"]
{6D7B211A-88EA-490c-BAB9-3600D8D7C503}\(Default) = "ConnectionServices module"
-> {HKLM...CLSID} = "ConnectionServices Class"
\InProcServer32\(Default) = "C:\Program Files\ConnectionServices\ConnectionServices.dll" [file not found]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll" ["Sun Microsystems, Inc."]
{92860A02-4D69-48c1-82D7-EF6B2C609502}\(Default) = "BitAccelerator module"
-> {HKLM...CLSID} = "BitAccelerator Class"
\InProcServer32\(Default) = "C:\Program Files\BitAccelerator\BitAccelerator.dll" [file not found]
{9961627E-4059-41B4-8E0E-A7D6B3854ADF}\(Default) = (no title provided)
-> {HKLM...CLSID} = "IE 4.x-6.x BHO for Download Master"
\InProcServer32\(Default) = "C:\PROGRA~1\DOWNLO~1\dmiehlp.dll" ["WestByte"]
{D4D5806E-EA2C-45b2-972D-8BE237697B87}\(Default) = (no title provided)
-> {HKLM...CLSID} = "RGWIE Class"
\InProcServer32\(Default) = "RGWIE.dll" [empty string]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{00022613-0000-0000-C000-000000000046}" = "Окно свойств файла мультимедиа"
-> {HKLM...CLSID} = "Окно свойств файла мультимедиа"
\InProcServer32\(Default) = "mmsys.cpl" ["Корпорация Майкрософт"]
"{176d6597-26d3-11d1-b350-080036a75b03}" = "Управление сканером ICM"
-> {HKLM...CLSID} = "Управление сканером ICM"
\InProcServer32\(Default) = "icmui.dll" ["Корпорация Майкрософт"]
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}" = "Свойства безопасности NTFS"
-> {HKLM...CLSID} = "Расширение оболочки безопасности"
\InProcServer32\(Default) = "rshx32.dll" ["Корпорация Майкрософт"]
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}" = "Свойства документа OLE"
-> {HKLM...CLSID} = "Свойства документа OLE"
\InProcServer32\(Default) = "docprop.dll" ["Корпорация Майкрософт"]
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" = "Расширения оболочки, обеспечивающие доступ к ресурсам"
-> {HKLM...CLSID} = "Расширения оболочки, обеспечивающие доступ к ресурсам"
\InProcServer32\(Default) = "ntshrui.dll" ["Корпорация Майкрософт"]
"{41E300E0-78B6-11ce-849B-444553540000}" = "PlusPack CPL Extension"
-> {HKLM...CLSID} = "Расширение CPL PlusPack"
\InProcServer32\(Default) = "C:\WINDOWS\system32\themeui.dll" ["Корпорация Майкрософт"]
"{42071712-76d4-11d1-8b24-00a0c9068ff3}" = "Расширение CPL для видеоадаптера"
-> {HKLM...CLSID} = "Расширение CPL для видеоадаптера"
\InProcServer32\(Default) = "deskadp.dll" ["Корпорация Майкрософт"]
"{42071713-76d4-11d1-8b24-00a0c9068ff3}" = "Расширение CPL для видеомонитора"
-> {HKLM...CLSID} = "Расширение CPL для видеомонитора"
\InProcServer32\(Default) = "deskmon.dll" ["Корпорация Майкрософт"]
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Расширение CPL панорамирования дисплея"
-> {HKLM...CLSID} = "Расширение CPL панорамирования дисплея"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{4E40F770-369C-11d0-8922-00A024AB2DBB}" = "Свойства безопасности DS"
-> {HKLM...CLSID} = "Расширение оболочки безопасности"
\InProcServer32\(Default) = "dssec.dll" ["Корпорация Майкрософт"]
"{56117100-C0CD-101B-81E2-00AA004AE837}" = "Обработчик фрагментов"
-> {HKLM...CLSID} = "Обработчик фрагментов"
\InProcServer32\(Default) = "shscrap.dll" ["Корпорация Майкрософт"]
"{59099400-57FF-11CE-BD94-0020AF85B590}" = "Программа копирования дисков"
-> {HKLM...CLSID} = "Программа копирования дисков"
\InProcServer32\(Default) = "diskcopy.dll" ["Корпорация Майкрософт"]
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}" = "Расширения оболочки для сетевых объектов Microsoft Windows"
-> {HKLM...CLSID} = "Расширения оболочки для сетевых объектов Microsoft Windows"
\InProcServer32\(Default) = "ntlanui2.dll" ["Корпорация Майкрософт"]
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}" = "Управление монитором ICM"
-> {HKLM...CLSID} = "Управление монитором ICM"
\InProcServer32\(Default) = "C:\WINDOWS\System32\icmui.dll" ["Корпорация Майкрософт"]
"{675F097E-4C4D-11D0-B6C1-0800091AA605}" = "Управление принтером ICM"
-> {HKLM...CLSID} = "Управление принтером ICM"
\InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" ["Корпорация Майкрософт"]
"{77597368-7b15-11d0-a0c2-080036af3f03}" = "Расширение оболочки Web Printer"
-> {HKLM...CLSID} = "Расширение оболочки Web Printer"
\InProcServer32\(Default) = "printui.dll" ["Корпорация Майкрософт"]
"{7988B573-EC89-11cf-9C00-00AA00A14F56}" = "Disk Quota UI"
-> {HKLM...CLSID} = "Microsoft Disk Quota UI"
\InProcServer32\(Default) = "dskquoui.dll" ["Корпорация Майкрософт"]
"{85BBD920-42A0-1069-A2E4-08002B30309D}" = "Портфель"
-> {HKLM...CLSID} = "Портфель"
\InProcServer32\(Default) = "syncui.dll" ["Корпорация Майкрософт"]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Расширение значка HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{BD84B380-8CA2-1069-AB1D-08000948F534}" = "Fonts"
-> {HKLM...CLSID} = "Fonts"
\InProcServer32\(Default) = "fontext.dll" ["Корпорация Майкрософт"]
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" = "Профиль ICC"
-> {HKLM...CLSID} = "Профиль ICC"
\InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" ["Корпорация Майкрософт"]
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}" = "Свойства безопасности принтеров"
-> {HKLM...CLSID} = "Расширение оболочки безопасности"
\InProcServer32\(Default) = "rshx32.dll" ["Корпорация Майкрософт"]
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" = "Расширения оболочки, обеспечивающие доступ к ресурсам"
-> {HKLM...CLSID} = "Расширения оболочки, обеспечивающие доступ к ресурсам"
\InProcServer32\(Default) = "ntshrui.dll" ["Корпорация Майкрософт"]
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}" = "Display TroubleShoot CPL Extension"
-> {HKLM...CLSID} = "Display TroubleShoot CPL Extension"
\InProcServer32\(Default) = "deskperf.dll" ["Корпорация Майкрософт"]
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}" = "Расширение Crypto PKO"
-> {HKLM...CLSID} = "CryptPKO Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" ["Корпорация Майкрософт"]
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}" = "Расширение шифрованной подписи"
-> {HKLM...CLSID} = "CryptSig Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" ["Корпорация Майкрософт"]
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}" = "Сетевые подключения"
-> {HKLM...CLSID} = "Сетевые подключения"
\InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" ["Корпорация Майкрософт"]
"{992CFFA0-F557-101A-88EC-00DD010CCC48}" = "Сетевые подключения"
-> {HKLM...CLSID} = "Сетевые подключения"
\InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" ["Корпорация Майкрософт"]
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}" = "&Сканеры и камеры"
-> {HKLM...CLSID} = "&Сканеры и камеры"
\InProcServer32\(Default) = "wiashext.dll" ["Корпорация Майкрософт"]
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}" = "&Сканеры и камеры"
-> {HKLM...CLSID} = "&Сканеры и камеры"
\InProcServer32\(Default) = "wiashext.dll" ["Корпорация Майкрософт"]
"{905667aa-acd6-11d2-8080-00805f6596d2}" = "&Сканеры и камеры"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "wiashext.dll" ["Корпорация Майкрософт"]
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}" = "&Сканеры и камеры"
-> {HKLM...CLSID} = "&Сканеры и камеры"
\InProcServer32\(Default) = "wiashext.dll" ["Корпорация Майкрософт"]
"{83bbcbf3-b28a-4919-a5aa-73027445d672}" = "&Сканеры и камеры"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "wiashext.dll" ["Корпорация Майкрософт"]
"{F0152790-D56E-4445-850E-4F3117DB740C}" = "Remote Sessions CPL Extension"
-> {HKLM...CLSID} = "Remote Sessions CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\remotepg.dll" ["Корпорация Майкрософт"]
"{8A56567E-A333-4843-B6E1-C3A262E41D8C}" = "HashTab Property Page"
-> {HKLM...CLSID} = "HashPage Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\HashTab32.dll" ["Beeblebrox.org"]
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Icon Handler"
-> {HKLM...CLSID} = "Scheduling UI icon handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mstask.dll" ["Корпорация Майкрософт"]
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Shell Extension"
-> {HKLM...CLSID} = "Scheduling UI property sheet handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mstask.dll" ["Корпорация Майкрософт"]
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}" = "Назначенные задания"
-> {HKLM...CLSID} = "Назначенные задания"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mstask.dll" ["Корпорация Майкрософт"]
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}" = "Set Program Access and Defaults"
-> {HKLM...CLSID} = "Set Program Access and Defaults"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" ["Корпорация Майкрософт"]
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}" = "Поиск"
-> {HKLM...CLSID} = "Поиск"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" ["Корпорация Майкрософт"]
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}" = "Справка и поддержка"
-> {HKLM...CLSID} = "Справка и поддержка"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" ["Корпорация Майкрософт"]
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" = "Справка и поддержка"
-> {HKLM...CLSID} = "Безопасность Windows"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" ["Корпорация Майкрософт"]
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" = "Запуск программы..."
-> {HKLM...CLSID} = "Запуск программы..."
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" ["Корпорация Майкрософт"]
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}" = "Интернет"
-> {HKLM...CLSID} = "Интернет"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" ["Корпорация Майкрософт"]
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}" = "Электронная почта"
-> {HKLM...CLSID} = "Электронная почта"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" ["Корпорация Майкрософт"]
"{D20EA4E1-3957-11d2-A40B-0C5020524152}" = "Fonts"
-> {HKLM...CLSID} = "Fonts"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" ["Корпорация Майкрософт"]
"{D20EA4E1-3957-11d2-A40B-0C5020524153}" = "Администрирование"
-> {HKLM...CLSID} = "Администрирование"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" ["Корпорация Майкрософт"]
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}" = "Audio Media Properties Handler"
-> {HKLM...CLSID} = "Audio Media Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" ["Корпорация Майкрософт"]
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}" = "Video Media Properties Handler"
-> {HKLM...CLSID} = "Video Media Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" ["Корпорация Майкрософт"]
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}" = "Wav Properties Handler"
-> {HKLM...CLSID} = "Wav Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" ["Корпорация Майкрософт"]
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}" = "Avi Properties Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" ["Корпорация Майкрософт"]
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}" = "Midi Properties Handler"
-> {HKLM...CLSID} = "Midi Properties Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" ["Корпорация Майкрософт"]
"{c5a40261-cd64-4ccf-84cb-c394da41d590}" = "Video Thumbnail Extractor"
-> {HKLM...CLSID} = "Video Thumbnail Extractor"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" ["Корпорация Майкрософт"]
"{5E6AB780-7743-11CF-A12B-00AA004AE837}" = "Панель инструментов Microsoft Internet"
-> {HKLM...CLSID} = "Панель инструментов Microsoft Internet"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}" = "Состояние загрузки"
-> {HKLM...CLSID} = "Состояние загрузки"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}" = "Расширенная папка оболочки"
-> {HKLM...CLSID} = "Расширенная папка оболочки"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{6413BA2C-B461-11d1-A18A-080036B11A03}" = "Расширенная папка оболочки 2"
-> {HKLM...CLSID} = "Расширенная папка оболочки 2"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}" = "BandProxy"
-> {HKLM...CLSID} = "BandProxy"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}" = "Microsoft BrowserBand"
-> {HKLM...CLSID} = "Microsoft BrowserBand"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" = "Поиск на панели"
-> {HKLM...CLSID} = "Поиск на панели"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}" = "Утилита параметров дерева реестра"
-> {HKLM...CLSID} = "Утилита параметров дерева реестра"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}" = "&Адрес"
-> {HKLM...CLSID} = "&Адрес"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{A08C11D2-A228-11d0-825B-00AA005B4383}" = "EditBox адреса"
-> {HKLM...CLSID} = "EditBox адреса"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{00BB2763-6A77-11D0-A535-00C04FD7D062}" = "Shell Microsoft AutoComplete"
-> {HKLM...CLSID} = "Shell Microsoft AutoComplete"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{6756A641-DE71-11d0-831B-00AA005B4383}" = "Список автозаполнения MRU"
-> {HKLM...CLSID} = "Список автозаполнения MRU"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" = "Особый список автозаполнения MRU"
-> {HKLM...CLSID} = "Особый список автозаполнения MRU"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{7e653215-fa25-46bd-a339-34a2790f3cb7}" = "Доступный"
-> {HKLM...CLSID} = "Доступный"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{acf35015-526e-4230-9596-becbe19f0ac9}" = "Всплывающая панель зв. дорожки"
-> {HKLM...CLSID} = "Всплывающая панель зв. дорожки"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{00BB2764-6A77-11D0-A535-00C04FD7D062}" = "Список автозаполнения журнала (Microsoft)"
-> {HKLM...CLSID} = "Список автозаполнения журнала (Microsoft)"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{03C036F1-A186-11D0-824A-00AA005B4383}" = "Список автозаполнения папки оболочки (Microsoft)"
-> {HKLM...CLSID} = "Список автозаполнения папки оболочки (Microsoft)"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{00BB2765-6A77-11D0-A535-00C04FD7D062}" = "Контейнер списка множественных автозаполнений (Microsoft)"
-> {HKLM...CLSID} = "Контейнер списка множественных автозаполнений (Microsoft)"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" = "Меню сайта панелей оболочки"
-> {HKLM...CLSID} = "Меню сайта панелей оболочки"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" = "DeskBarApp оболочки"
-> {HKLM...CLSID} = "DeskBarApp оболочки"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" = "DeskBar оболочки"
-> {HKLM...CLSID} = "DeskBar оболочки"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" = "Rebar BandSite оболочки"
-> {HKLM...CLSID} = "Rebar BandSite оболочки"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" = "Помощь пользователю"
-> {HKLM...CLSID} = "Помощь пользователю"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" = "Глобальные параметры папки"
-> {HKLM...CLSID} = "Глобальные параметры папки"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}" = "Favorites Band"
-> {HKLM...CLSID} = "Favorites Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" ["Корпорация Майкрософт"]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" ["Корпорация Майкрософт"]
"{0A89A860-D7B1-11CE-8350-444553540000}" = "Shell Automation Inproc Service"
-> {HKLM...CLSID} = "Shell Automation Inproc Service"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" ["Корпорация Майкрософт"]
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}" = "Microsoft Browser Architecture"
-> {HKLM...CLSID} = "Microsoft Browser Architecture"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" ["Корпорация Майкрософт"]
"{131A6951-7F78-11D0-A979-00C04FD705A2}" = "ISFBand OC"
-> {HKLM...CLSID} = "ISFBand OC"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" ["Корпорация Майкрософт"]
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}" = "Search Assistant OC"
-> {HKLM...CLSID} = "Search Assistant OC"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" ["Корпорация Майкрософт"]
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}" = "Полоса Explorer"
-> {HKLM...CLSID} = "Полоса Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" ["Корпорация Майкрософт"]
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\sendmail.dll" ["Корпорация Майкрософт"]
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\sendmail.dll" ["Корпорация Майкрософт"]
"{352EC2B7-8B9A-11D1-B8AE-006008059382}" = "Диспетчер приложений оболочки"
-> {HKLM...CLSID} = "Диспетчер приложений оболочки"
\InProcServer32\(Default) = "C:\WINDOWS\system32\appwiz.cpl" ["Корпорация Майкрософт"]
"{0B124F8F-91F0-11D1-B8B5-006008059382}" = "Перечислитель установленных приложений"
-> {HKLM...CLSID} = "Перечислитель установленных приложений"
\InProcServer32\(Default) = "C:\WINDOWS\system32\appwiz.cpl" ["Корпорация Майкрософт"]
"{CFCCC7A0-A282-11D1-9082-006008059382}" = "Darwin App Publisher"
-> {HKLM...CLSID} = "Darwin App Publisher"
\InProcServer32\(Default) = "C:\WINDOWS\system32\appwiz.cpl" ["Корпорация Майкрософт"]
"{e84fda7c-1d6a-45f6-b725-cb260c236066}" = "Shell Image Verbs"
-> {HKLM...CLSID} = "Shell Image Verbs"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" ["Корпорация Майкрософт"]
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}" = "Shell Image Data Factory"
-> {HKLM...CLSID} = "Shell Image Data Factory"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" ["Корпорация Майкрософт"]
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}" = "GDI+ средство извлечения эскизов файлов"
-> {HKLM...CLSID} = "GDI+ средство извлечения эскизов файлов"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" ["Корпорация Майкрософт"]
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}" = "Обработчик эскизов итоговых сведений (DOCFILES)"
-> {HKLM...CLSID} = "Обработчик эскизов итоговых сведений (DOCFILES)"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" ["Корпорация Майкрософт"]
"{EAB841A0-9550-11cf-8C16-00805F1408F3}" = "Извлечение эскизов HTML"
-> {HKLM...CLSID} = "Извлечение эскизов HTML"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" ["Корпорация Майкрософт"]
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}" = "Shell Image Property Handler"
-> {HKLM...CLSID} = "Shell Image Property Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" ["Корпорация Майкрософт"]
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}" = "Мастер веб-публикаций"
-> {HKLM...CLSID} = "Мастер веб-публикаций"
\InProcServer32\(Default) = "C:\WINDOWS\system32\netplwiz.dll" ["Корпорация Майкрософт"]
"{add36aa8-751a-4579-a266-d66f5202ccbb}" = "Заказ отпечатков через Интернет"
-> {HKLM...CLSID} = "Заказ отпечатков через Интернет"
\InProcServer32\(Default) = "C:\WINDOWS\system32\netplwiz.dll" ["Корпорация Майкрософт"]
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}" = "Объект мастера веб-публикаций"
-> {HKLM...CLSID} = "Объект мастера веб-публикаций"
\InProcServer32\(Default) = "C:\WINDOWS\system32\netplwiz.dll" ["Корпорация Майкрософт"]
"{58f1f272-9240-4f51-b6d4-fd63d1618591}" = "Мастер получения цифрового паспорта"
-> {HKLM...CLSID} = "Мастер получения цифрового паспорта"
\InProcServer32\(Default) = "C:\WINDOWS\system32\netplwiz.dll" ["Корпорация Майкрософт"]
"{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}" = "Сжатая ZIP-папка"
-> {HKLM...CLSID} = "CompressedFolder"
\InProcServer32\(Default) = "C:\WINDOWS\system32\zipfldr.dll" ["Корпорация Майкрософт"]
"{BD472F60-27FA-11cf-B8B4-444553540000}" = "Compressed (zipped) Folder Right Drag Handler"
-> {HKLM...CLSID} = "Compressed (zipped) Folder Right Drag Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\zipfldr.dll" ["Корпорация Майкрософт"]
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}" = "Compressed (zipped) Folder SendTo Target"
-> {HKLM...CLSID} = "Compressed (zipped) Folder SendTo Target"
\InProcServer32\(Default) = "C:\WINDOWS\system32\zipfldr.dll" ["Корпорация Майкрософт"]
"{63da6ec0-2e98-11cf-8d82-444553540000}" = "FTP Folders Webview"
-> {HKLM...CLSID} = "Microsoft FTP Folder"
\InProcServer32\(Default) = "C:\WINDOWS\system32\msieftp.dll" ["Корпорация Майкрософт"]
"{883373C3-BF89-11D1-BE35-080036B11A03}" = "Microsoft DocProp Shell Ext"
-> {HKLM...CLSID} = "Microsoft DocProp Shell Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" ["Корпорация Майкрософт"]
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}" = "Microsoft DocProp Inplace Edit Box Control"
-> {HKLM...CLSID} = "Microsoft DocProp Inplace Edit Box Control"
\InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" ["Корпорация Майкрософт"]
"{8EE97210-FD1F-4B19-91DA-67914005F020}" = "Microsoft DocProp Inplace ML Edit Box Control"
-> {HKLM...CLSID} = "Microsoft DocProp Inplace ML Edit Box Control"
\InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" ["Корпорация Майкрософт"]
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}" = "Microsoft DocProp Inplace Droplist Combo Control"
-> {HKLM...CLSID} = "Microsoft DocProp Inplace Droplist Combo Control"
\InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" ["Корпорация Майкрософт"]
"{6A205B57-2567-4A2C-B881-F787FAB579A3}" = "Microsoft DocProp Inplace Calendar Control"
-> {HKLM...CLSID} = "Microsoft DocProp Inplace Calendar Control"
\InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" ["Корпорация Майкрософт"]
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}" = "Microsoft DocProp Inplace Time Control"
-> {HKLM...CLSID} = "Microsoft DocProp Inplace Time Control"
\InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" ["Корпорация Майкрософт"]
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}" = "Directory Query UI"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\dsquery.dll" ["Корпорация Майкрософт"]
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}" = "Shell properties for a DS object"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\dsquery.dll" ["Корпорация Майкрософт"]
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}" = "Directory Object Find"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\dsquery.dll" ["Корпорация Майкрософт"]
"{F020E586-5264-11d1-A532-0000F8757D7E}" = "Directory Start/Search Find"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\dsquery.dll" ["Корпорация Майкрософт"]
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}" = "Directory Property UI"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\dsuiext.dll" ["Корпорация Майкрософт"]
"{62AE1F9A-126A-11D0-A14B-0800361B1103}" = "Directory Context Menu Verbs"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\dsuiext.dll" ["Корпорация Майкрософт"]
"{ECF03A33-103D-11d2-854D-006008059367}" = "MyDocs Copy Hook"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\mydocs.dll" ["Корпорация Майкрософт"]
"{ECF03A32-103D-11d2-854D-006008059367}" = "MyDocs Drop Target"
-> {HKLM...CLSID} = "MyDocs Drop Target"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mydocs.dll" ["Корпорация Майкрософт"]
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}" = "MyDocs Properties"
-> {HKLM...CLSID} = "MyDocs menu and properties"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mydocs.dll" ["Корпорация Майкрософт"]
"{750fdf0e-2a26-11d1-a3ea-080036587f03}" = "Offline Files Menu"
-> {HKLM...CLSID} = "Offline Files Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" ["Корпорация Майкрософт"]
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}" = "Offline Files Folder Options"
-> {HKLM...CLSID} = "Offline Files Folder Options"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" ["Корпорация Майкрософт"]
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}" = "Папка автономных файлов"
-> {HKLM...CLSID} = "Папка автономных файлов"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" ["Корпорация Майкрософт"]
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}" = "DfsShell"
-> {HKLM...CLSID} = "DfsShell Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfsshlex.dll" ["Корпорация Майкрософт"]
"{60fd46de-f830-4894-a628-6fa81bc0190d}" = "%DESC_PublishDropTarget%"
-> {HKLM...CLSID} = "Конечный объект мастера печати фотографий"
\InProcServer32\(Default) = "C:\WINDOWS\system32\photowiz.dll" ["Корпорация Майкрософт"]
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}" = ".CAB file viewer"
-> {HKLM...CLSID} = "CAB-файл"
\InProcServer32\(Default) = "cabview.dll" ["Корпорация Майкрософт"]
"{32714800-2E5F-11d0-8B85-00AA0044F941}" = "&Людей..."
-> {HKLM...CLSID} = "&Людей..."
\InProcServer32\(Default) = "C:\Program Files\Outlook Express\wabfind.dll" ["Корпорация Майкрософт"]
"{19F500E0-9964-11cf-B63D-08002B317C03}" = "Desktop Icon Layout"
-> {HKLM...CLSID} = "Desktop Icon Layout"
\InProcServer32\(Default) = "Layout.dll" ["Microsoft"]
"{13311DA7-1D24-40e5-AE07-7E3750F5DE3C}" = "Right Click Image Converter Extension"
-> {HKLM...CLSID} = "Right Click Image Converter Extension"
\InProcServer32\(Default) = "C:\Program Files\Kristanix\Right Click Image Converter\extRCIC.dll" [null data]
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = "SnagIt"
-> {HKLM...CLSID} = "SnagIt"
\InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll" ["TechSmith Corporation"]
"{CF74B903-3389-469c-B3B6-0204D204FCBD}" = "SnagIt Shell Extension"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
"{AD392E40-428C-459F-961E-9B147782D099}" = "UltraISO"
-> {HKLM...CLSID} = "UIContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]
"{A5C2457A-87BC-324E-8124-0025DC10AA03}" = "KillCopy"
-> {HKLM...CLSID} = "KillCopy"
\InProcServer32\(Default) = "C:\Program Files\KillSoft\KillCopy\killcopy.dll" ["Killer{R}"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Cтатистика защиты веб-трафика"
-> {HKLM...CLSID} = "Cтатистика защиты веб-трафика"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
<<!>> "{438755C2-A8BA-11D1-B96B-00A0C90312E1}" = "Предзагрузчик Browseui"
-> {HKLM...CLSID} = "Предзагрузчик Browseui"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]
<<!>> "{8C7461EF-2B13-11d2-BE35-3078302C2030}" = "Демон кэша категорий компонентов"
-> {HKLM...CLSID} = "Демон кэша категорий компонентов"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" ["Корпорация Майкрософт"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshserviceobj.dll" [MS]
"PostBootReminder" = "{7849596a-48ea-486e-8937-a2a3009f31a9}"
-> {HKLM...CLSID} = "Объект PostBootReminder"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" ["Корпорация Майкрософт"]
"CDBurn" = "{fbeb8a05-beee-4442-804e-409d6c4515e9}"
-> {HKLM...CLSID} = "Папка для прожигания CD"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" ["Корпорация Майкрософт"]
"SysTray" = "{35CEC8A3-2BE6-11D2-8773-92E220524153}"
-> {HKLM...CLSID} = "SysTray"
\InProcServer32\(Default) = "C:\WINDOWS\system32\stobject.dll" ["Корпорация Майкрософт"]

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\
<<!>> ("msapsspc.dll" ["Корпорация Майкрософт (Microsoft Corp.)"], "digest.dll" ["Корпорация Майкрософт"], "msnsspc.dll" ["Корпорация Майкрософт"]) "SecurityProviders" = "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/webviewhtml\CLSID = "{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
-> {HKLM...CLSID} = "WebView MIME Filter"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" ["Корпорация Майкрософт"]
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{0D2E74C4-3C34-11d2-A27E-00C04FC30871}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" ["Корпорация Майкрософт"]
{24F14F01-7B1C-11d1-838f-0000F80461CF}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" ["Корпорация Майкрософт"]
{24F14F02-7B1C-11d1-838f-0000F80461CF}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" ["Корпорация Майкрософт"]
{66742402-F9B9-11D1-A202-0000F81FEDEE}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" ["Корпорация Майкрософт"]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"]
KillCopy\(Default) = "{A5C2457A-87BC-324E-8124-0025DC10AA03}"
-> {HKLM...CLSID} = "KillCopy"
\InProcServer32\(Default) = "C:\Program Files\KillSoft\KillCopy\killcopy.dll" ["Killer{R}"]
Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}"
-> {HKLM...CLSID} = "Offline Files Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" ["Корпорация Майкрософт"]
Open With\(Default) = "{09799AFB-AD67-11d1-ABCD-00C04FC30936}"
-> {HKLM...CLSID} = "Open With Context Menu Handler"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" ["Корпорация Майкрософт"]
Open With EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"
-> {HKLM...CLSID} = "Контекстное меню шифрования"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" ["Корпорация Майкрософт"]
Path2Clipboard\(Default) = "{8e3e0f0a-0fcc-11ce-bcb0-b3fd0e25381f}"
-> {HKLM...CLSID} = "Copy Path to Clipboard"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Path2Clipboard.dll" ["VD"]
Right Click Image Converter\(Default) = "{13311DA7-1D24-40e5-AE07-7E3750F5DE3C}"
-> {HKLM...CLSID} = "Right Click Image Converter Extension"
\InProcServer32\(Default) = "C:\Program Files\Kristanix\Right Click Image Converter\extRCIC.dll" [null data]
SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"
-> {HKLM...CLSID} = "Контекстное меню шифрования"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" ["Корпорация Майкрософт"]
Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}"
-> {HKLM...CLSID} = "Offline Files Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" ["Корпорация Майкрософт"]
Path2Clipboard\(Default) = "{8e3e0f0a-0fcc-11ce-bcb0-b3fd0e25381f}"
-> {HKLM...CLSID} = "Copy Path to Clipboard"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Path2Clipboard.dll" ["VD"]
Sharing\(Default) = "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
-> {HKLM...CLSID} = "Расширения оболочки, обеспечивающие доступ к ресурсам"
\InProcServer32\(Default) = "ntshrui.dll" ["Корпорация Майкрософт"]
SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll" ["TechSmith Corporation"]
UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"
-> {HKLM...CLSID} = "UIContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
IconLayout\(Default) = "{19F500E0-9964-11cf-B63D-08002B317C03}"
-> {HKLM...CLSID} = "Desktop Icon Layout"
\InProcServer32\(Default) = "Layout.dll" ["Microsoft"]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ShellEx.dll" ["Kaspersky Lab"]
KillCopy\(Default) = "{A5C2457A-87BC-324E-8124-0025DC10AA03}"
-> {HKLM...CLSID} = "KillCopy"
\InProcServer32\(Default) = "C:\Program Files\KillSoft\KillCopy\killcopy.dll" ["Killer{R}"]
UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}"
-> {HKLM...CLSID} = "UIContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
Send To\(Default) = "{7BA4C740-9E81-11CF-99D3-00AA004AE837}"
-> {HKLM...CLSID} = "Microsoft SendTo Service"
\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" ["Корпорация Майкрософт"]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\

"SaveZoneInformation" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoSharedDocuments" = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Remove Shared Documents from My Computer}

"NoLowDiskSpaceChecks" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoRecentDocsMenu" = (REG_BINARY) hex:01 00 00 00
{unrecognized setting}

"NoSMConfigurePrograms" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoClose" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"NoInternetOpenWith" = (REG_DWORD) dword:0x00000001
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

ACDSee100AcquirePicturesOnArrival\
"Provider" = "ACDSee 10 Photo Manager"
"InvokeProgID" = "ACDSee 10.0.AutoPlayHandlerAcquire"
"InvokeVerb" = "Acquire"
HKLM\SOFTWARE\Classes\ACDSee 10.0.AutoPlayHandlerAcquire\shell\Acquire\command\(Default) = ""C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" /detect:%1" ["ACD Systems"]

ACDSee100AcquireVideoFilesOnArrival\
"Provider" = "ACDSee 10 Photo Manager"
"InvokeProgID" = "ACDSee 10.0.AutoPlayHandlerAcquire"
"InvokeVerb" = "Acquire"
HKLM\SOFTWARE\Classes\ACDSee 10.0.AutoPlayHandlerAcquire\shell\Acquire\command\(Default) = ""C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" /detect:%1" ["ACD Systems"]

ACDSee100PlayVideoFilesOnArrival\
"Provider" = "ACDSee 10 Photo Manager"
"InvokeProgID" = "ACDSee 10.0.AutoPlayHandler"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\ACDSee 10.0.AutoPlayHandler\shell\Open\command\(Default) = ""C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1"" ["ACD Systems"]

ACDSee100ShowPicturesOnArrival\
"Provider" = "ACDSee 10 Photo Manager"
"InvokeProgID" = "ACDSee 10.0.AutoPlayHandler"
"InvokeVerb" = "Open"
HKLM\SOFTWARE\Classes\ACDSee 10.0.AutoPlayHandler\shell\Open\command\(Default) = ""C:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1"" ["ACD Systems"]

BSplayerCDDA\
"Provider" = "BSplayer multimedia player"
"InvokeProgID" = "BSP.plist"
"InvokeVerb" = "play"
HKCU\Software\Classes\BSP.plist\shell\play\command\(Default) = "C:\Program Files\Webteh\BSplayerPro\bsplayer.exe "%L"" ["Webteh"]

BSplayerDVD\
"Provider" = "BSplayer multimedia player"
"InvokeProgID" = "BSP.plist"
"InvokeVerb" = "play"
HKCU\Software\Classes\BSP.plist\shell\play\command\(Default) = "C:\Program Files\Webteh\BSplayerPro\bsplayer.exe "%L"" ["Webteh"]

MPCPlayCDAudioOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayCDAudio"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]

MPCPlayDVDMovieOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayDVDMovie"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]

MPCPlayMusicFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayMusicFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]

MPCPlayVideoFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayVideoFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

NeroAutoPlay2AudioToNeroDigital\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_AudioToNeroDigital"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_AudioToNeroDigital\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracksND /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2CopyCD\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2RipCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_RipCD"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_RipCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracks /Drive:%L" ["Ahead Software AG"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" ["Корпорация Майкрософт"]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" ["Корпорация Майкрософт"]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll ["Корпорация Майкрософт"], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{0E1230F8-EA50-42A9-983C-D22ABC2EED3C}"
-> {HKLM...CLSID} = "DM Bar"
\InProcServer32\(Default) = "C:\Program Files\Download Master\dmbar.dll" ["WestByte Software"]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = (no title provided)
-> {HKLM...CLSID} = "SnagIt"
\InProcServer32\(Default) = "C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll" ["TechSmith Corporation"]
"{0E1230F8-EA50-42A9-983C-D22ABC2EED3C}" = "DM Bar"
-> {HKLM...CLSID} = "DM Bar"
\InProcServer32\(Default) = "C:\Program Files\Download Master\dmbar.dll" ["WestByte Software"]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Cтатистика защиты веб-трафика"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Справочные материалы"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_04"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_04"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll" ["Sun Microsystems, Inc."]

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Cтатистика защиты веб-трафика"

{8DAE90AD-4583-4977-9DD4-4360F7A45C74}\
"ButtonText" = "Download Master"
"MenuText" = "&Download Master"
"Exec" = "C:\Program Files\Download Master\dmaster.exe" ["WestByte"]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Справочные материалы"

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

DHCP-клиент, Dhcp, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\dhcpcsvc.dll" ["Корпорация Майкрософт"]}
Kaspersky Internet Security, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r" ["Kaspersky Lab"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
NST ToolTipFixer, TTFixerService, ""C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe"" [null data]
Plug and Play, PlugPlay, "C:\WINDOWS\system32\services.exe" ["Корпорация Майкрософт"]
Беспроводная настройка, WZCSVC, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wzcsvc.dll" ["Корпорация Майкрософт"]}
Вторичный вход в систему, seclogon, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\seclogon.dll" ["Корпорация Майкрософт"]}
Диспетчер логических дисков, dmserver, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\dmserver.dll" ["Корпорация Майкрософт"]}
Журнал событий, Eventlog, "C:\WINDOWS\system32\services.exe" ["Корпорация Майкрософт"]
Инструментарий управления Windows, winmgmt, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wbem\WMIsvc.dll" ["Корпорация Майкрософт"]}
Определение оборудования оболочки, ShellHWDetection, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" ["Корпорация Майкрософт"]}
Планировщик заданий, Schedule, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\schedsvc.dll" ["Корпорация Майкрософт"]}
Сетевые подключения, Netman, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\netman.dll" ["Корпорация Майкрософт"]}
Служба времени Windows, W32Time, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\w32time.dll" ["Корпорация Майкрософт"]}
Служба загрузки изображений (WIA), stisvc, "C:\WINDOWS\system32\svchost.exe -k imgsvc" {"C:\WINDOWS\system32\wiaservc.dll" ["Корпорация Майкрософт"]}
Служба сетевого расположения (NLA), Nla, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\mswsock.dll" ["Корпорация Майкрософт"]}
Службы терминалов, TermService, "C:\WINDOWS\System32\svchost -k DComLaunch" {"C:\WINDOWS\System32\termsrv.dll" ["Корпорация Майкрософт"]}
Телефония, TapiSrv, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\tapisrv.dll" ["Корпорация Майкрософт"]}
Темы, Themes, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" ["Корпорация Майкрософт"]}


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
BJ Language Monitor\Driver = "cnbjmon.dll" ["Корпорация Майкрософт"]
Local Port\Driver = "localspl.dll" ["Корпорация Майкрософт"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Standard TCP/IP Port\Driver = "tcpmon.dll" ["Корпорация Майкрософт"]


---------- (launch time: 2008-07-21 18:48:16)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 98 seconds, including 18 seconds for message boxes)





:sad: Please HELP!
Post a reply
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, August 8, 2022, 10:21 PM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
31 Guest(s), 0 Registered Member(s) are currently online.